0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:18:01 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
r1 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x12, r1, 0x54362000)
openat$cgroup_pressure(r0, &(0x7f0000000380)='io.pressure\x00', 0x2, 0x0)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2, {r0}}, 0x58)

23:18:01 executing program 6:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
getdents(r0, &(0x7f0000000040)=""/79, 0x4f)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:18:01 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:18:01 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:18:01 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1162.542899] loop2: detected capacity change from 0 to 40
[ 1162.546340] loop5: detected capacity change from 0 to 40
[ 1162.550434] FAT-fs (loop7): bogus number of reserved sectors
[ 1162.551395] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1162.561495] FAT-fs (loop5): invalid media value (0x00)
[ 1162.562420] FAT-fs (loop5): Can't find a valid FAT filesystem
23:18:01 executing program 6:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
getdents(r0, &(0x7f0000000040)=""/79, 0x4f)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)

23:18:01 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32, @ANYBLOB="9b000000000000002e2f6669"])

23:18:01 executing program 4:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
r4 = perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0x40, 0x3, 0x1f, 0x0, 0x0, 0xaff, 0x40000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x1, 0x1ff}, 0x1, 0x98, 0x266, 0x2, 0x0, 0x2, 0x2, 0x0, 0x1f, 0x0, 0x80000001}, 0x0, 0x0, r3, 0x3)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r1, 0xf504, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
fallocate(r4, 0x0, 0xfff, 0xc7)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r6 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
write$P9_RREADDIR(r0, &(0x7f0000000280)={0xac, 0x29, 0x2, {0xfffffff9, [{{0x8, 0x1, 0x6}, 0x3ee, 0xc1, 0x7, './file1'}, {{0x10, 0x3, 0x6}, 0x100, 0x7, 0xd, './file1/file0'}, {{0x20}, 0x5, 0xff, 0x7, './file0'}, {{0x1, 0x0, 0x8}, 0x4, 0x7, 0x7, './file1'}, {{0x10, 0x4, 0x3}, 0x8, 0x0, 0x7, './file1'}]}}, 0xac)
fallocate(r6, 0x3c, 0xcb01, 0xfff0000000000)
sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, 0x1, 0x2, 0x601, 0x0, 0x0, {0x0, 0x0, 0x2}, [@CTA_EXPECT_MASTER={0x1c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x3}]}, 0x38}, 0x1, 0x0, 0x0, 0xc000}, 0x24050)
fallocate(r5, 0x0, 0x0, 0x87ffffc)
openat$cgroup_pressure(r1, &(0x7f00000000c0)='cpu.pressure\x00', 0x2, 0x0)

23:18:01 executing program 6:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
getdents(r0, &(0x7f0000000040)=""/79, 0x4f)

23:18:01 executing program 6:
getdents(0xffffffffffffffff, &(0x7f0000000040)=""/79, 0x4f)

23:18:02 executing program 6:
getdents(0xffffffffffffffff, &(0x7f0000000040)=""/79, 0x4f)

23:18:02 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
r1 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x12, r1, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2, {r0}}, 0x58)

23:18:02 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32, @ANYBLOB="9b000000000000002e2f6669"])

23:18:02 executing program 4:
syz_usb_connect(0x4, 0x5fb, &(0x7f0000000280)={{0x12, 0x1, 0x200, 0xe3, 0x1b, 0x6b, 0x40, 0x17cc, 0x4711, 0x3602, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5e9, 0x3, 0x1, 0xcc, 0xc0, 0x21, [{{0x9, 0x4, 0xa5, 0x7, 0xb, 0x16, 0x92, 0x5, 0x0, [], [{{0x9, 0x5, 0xc, 0x10, 0x8, 0x20, 0x0, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x1, 0xdddf}]}}, {{0x9, 0x5, 0x3, 0x10, 0x400, 0x7, 0xd6, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x1, 0x797c}]}}, {{0x9, 0x5, 0x1, 0x6, 0x20, 0x8, 0x4, 0x2, [@generic={0xca, 0x5, "5cd731678b83e89e299daafe0b3622aa096525d794d7ddb3230acf3bdb9281f79b76e8477e68cb06bf911c184d957b7d1fedeca7cb27eb858774712e59f22619d4a89f5919e439f86dc9f16ab5f9789a7667e7409dd122901ad5a99485d3d81fc7256c2011b57c4901fbbcc06588f6a46566e12df3494bb0bd0551077c6e03805742e753f90141bf8fe934277dc4fa203d50941fee1514086b980928041288e6b83ad9e824d27715957811137bd6127b65d54a5f8e73351f047ca5aa224e779ba00c0112bf894082"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x2, 0x7ff}]}}, {{0x9, 0x5, 0x124991b694a377bd, 0x0, 0x20, 0x6, 0x80, 0xd1, [@generic={0x32, 0x8, "64ed9315f1c8a7ca168c759e53dde3ed70184822dc79022075637f2669c141c3df960825085f6834a2018d5095ae290c"}]}}, {{0x9, 0x5, 0xd, 0x0, 0x40, 0xff, 0x9, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x20, 0x8}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x2f, 0x69}]}}, {{0x9, 0x5, 0xd, 0x2, 0x8, 0xe0, 0x9, 0x40, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x20, 0x40}]}}, {{0x9, 0x5, 0x5, 0x8, 0x20, 0x4, 0x80, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x3, 0x8}]}}, {{0x9, 0x5, 0xa, 0x0, 0x40, 0x44, 0xf, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x42, 0x20, 0x2}, @generic={0x40, 0xf, "a03397b9efe2aba9aeab3e1772d26976a5f5a40e042112b843728cb30d3bea220afc472d6baa4ace647214aee23e0bffdd3f92df9c6be0e06d2eec7f4c5f"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x400, 0x9, 0x4, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x3f, 0x1}]}}, {{0x9, 0x5, 0x7, 0x3, 0x20, 0x20, 0x40, 0x3}}, {{0x9, 0x5, 0xe, 0x8, 0x40, 0x3f, 0x0, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0xff, 0xd6}]}}]}}, {{0x9, 0x4, 0x75, 0x9, 0x0, 0x6f, 0x4e, 0xbd, 0x1, [@uac_control={{0xa, 0x24, 0x1, 0x2, 0x3}}, @cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x0, 0xf27, 0x7, 0x1}, [@mdlm_detail={0xef, 0x24, 0x13, 0x7, "32ee2f4d995c574076620f518ec6a6962723b41008c52a7779eccc804287f030c8d8434a402783928fc6eeaf68e7fec25232cef031bc37d0ce738220b4261775c66cca1b2dae5d613eb0983620a96209c6be245f437b470f04fcda3c31fcda6b2f2efd41a14a1c122e15a34a529329597854c6180a01509132f835f788d2bbcc0fbe3081d341ebf9f3ccf3eef877eb7580bba85d0bd52f540f45055def05cfe0550480eefaf7387f8b728d104534536e7b891d3787a6fbbc73b87bde528e4f722958879dbaf28bd6873d9e007b1801e8d4e2e7dfed138a807511181de999253070aa87fde39d5c8b3c7490"}, @ncm={0x6, 0x24, 0x1a, 0x4, 0x2}, @dmm={0x7, 0x24, 0x14, 0x5, 0x2}]}]}}, {{0x9, 0x4, 0x9e, 0x5, 0x8, 0xeb, 0xeb, 0x51, 0x7f, [@uac_as={[@format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x0, 0x4, 0x2, 0x40, "ed9ac9dc"}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x2, 0x6, 0x0, "3c1dd866"}, @as_header={0x7, 0x24, 0x1, 0x3, 0x7f, 0x1}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x1, 0x4, 0x56, 0xff, "a12a512d909e2837b7"}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x8, 0x2, 0x4e, 0x5, "d92a73763de2"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x1, 0x4, 0xec, 0x9, 'V\b', "86"}]}], [{{0x9, 0x5, 0xe, 0x10, 0x40, 0x3f, 0x20, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x3f, 0x100}, @generic={0xfb, 0x21, "467f7c20b227c47508451c769f33327b005be0d3dee5b2423a5a8856d2d1def108483ced5e847eaa29b8d4de22de62b58222a9ea4f439b35d8e7666b23c8f3b225e24fb72ea5d20b9e60ac023e72585983f1cd916cc444d1de2626d75645469de0624fd168203c7d764f8839fc62cc6bf88edd06ec1ff7ca14399eaed6b975b65231de24b1655093382b53f15b06a81861ec47b1a481819adb5b5dd21fc4f33baa4e26a5040984934391969fe898d5815d284a471fe47f4995de24629f8a4499ec1bef67a4e5f2433942083851bfd6f41debe83a699fd40ff9b99515e3943ff78235d52a7b2058bdd5a1ce47cf93e4a7d66decce7ed31da9ec"}]}}, {{0x9, 0x5, 0x78c24a74eddb2df6, 0x1, 0x3ff, 0xd0, 0x3, 0x20, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x1f, 0x5}, @generic={0xce, 0xb, "b0cb0493c9b2fe77a268434ee84589aadc4552deade55edff2101733a951047efeefb22d6cc67a7560eff32d190a60129e6ba4353c6d2eab97534fcb8ea4504f568605cff0ad37edb37dbb6c96568a569529ba040eb206bf06a2615bd9f5dc5434f1ee3fcba70089049cd05d446d3d416af956459eda39e19f59007fc373cb2448ff4b05543690f3b92d85556a445b4bcb39e7ea289dbea772c8b67cdc9a8d15b5f1e681066709ce371fd4d76b3ff038648b6bff1ce79b4e5318f7056c8eedf28f31bce9894678eebb884aae"}]}}, {{0x9, 0x5, 0x7, 0x8, 0x3ff, 0x4, 0x2, 0x1, [@generic={0x54, 0xa, "ab3f9de8ba19d5b2a5cd605403df0a7d1b04f4691cc8a53b60d3d6db9c86214e2ee2d4bbef63c3cc9772b85e8afc6fcbf6fc17ee7c767b47fbbf2b966b541d5e583940a4456e2f4e1eee3feb69340fa4b83e"}]}}, {{0x9, 0x5, 0x4, 0x8, 0x400, 0x92, 0x4, 0x7f}}, {{0x9, 0x5, 0xf, 0x10, 0x20, 0x5, 0xff}}, {{0x9, 0x5, 0xc, 0x0, 0x20, 0x8, 0x37, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x5, 0x8}]}}, {{0x9, 0x5, 0x9, 0x2, 0xddf, 0x3f, 0x6e, 0x8}}, {{0x9, 0x5, 0xa, 0x10, 0x10, 0xfe, 0x7, 0xff}}]}}]}}]}}, &(0x7f0000000c00)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x300, 0xd7, 0x80, 0x0, 0x40, 0xff}, 0x20b, &(0x7f0000000880)={0x5, 0xf, 0x20b, 0x6, [@ss_container_id={0x14, 0x10, 0x4, 0x9, "2558037187aa1f274cf456efc1ec5574"}, @generic={0xd9, 0x10, 0x1, "99380e470df0345a1a26f945f199f4bbc6d41ddb2a1fd4d56411325ff6f9494d3de8b20c123318cb7abcbfb8864005726fadc289d01587c0957e013f24279105b636d203490ecba76a0f99c7f852490eab0a4a2c9c146419be3d5171c8d678f8d4c259d2e2db4a070687f4b947ee6ca742d1f632cd8f950707b192a80c168ceba30876eaaf37c8a3b09be0793fd4191f81082a07538525aaffa6cc76bd17ca20564d59957edc200fdd41b9f89dc7bde6db0f6be592b108d354cfa2fe05c2e9ab6a98ba665329030d533f75a8d5dbe448a53cb4de5f08"}, @ssp_cap={0x10, 0x10, 0xa, 0x4, 0x1, 0x8000, 0xf00f, 0x6, [0xffffff]}, @ptm_cap={0x3}, @generic={0x103, 0x10, 0xb, "d594695c1f162ed6155d08be306774255f1a4af615d1ec528da9da3ef50879d354062a708b510c1f012ee7d55ff4b15a17f79875cec554231ec8c32c43e4e5a40880db6a6f41d5aa6e6909b5a27bc442e680bbe8ce9906ca549dd5b7346e9acaa1e39aa9d708d70de1c8f83ee8ba7ad873f3ae2c11759da29f7dcce3222c695686f611065281b572c3421516926fecf138a815e2eccdd2b76a933caf2c86d6c8d55beba98f7412a948dcbd437f8a3f3d7fb60d5b774e6ca6961ab0b68453c853c82ebb2bb556ed8179f48b64693345273acfbeaebc71b9b90b7a8b0d9c2233c0d9b249ec35ff3dd7cf085d7dc9f2d50112f2c6101e1df44212b81f5655948ff7"}, @ptm_cap={0x3}]}, 0x4, [{0xa5, &(0x7f0000000ac0)=@string={0xa5, 0x3, "54357ee7711fdaeb842512e8d27ae1dda96872ad99099bf7d570a28b3c429a748d7de2d00862ccb2b6558d0dc882b1aa109189d807fcace80849d8e3eeeaafd5d41f4ac2b047dc1df3eb16700fc48a68cfef6002fe706850e21e119f90bd32aa38294b971f0572564cd7b316b37552c597c56809fdb157683d61440936eda7f49ee1c3a55ee8d8623c5acf05dcadbc914e3abb945f243d7a361dd5bd79fcaa0a232933"}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x140a}}, {0x4, &(0x7f0000000b80)=@lang_id={0x4, 0x3, 0x44c}}, {0x4, &(0x7f0000000bc0)=@lang_id={0x4, 0x3, 0x2c09}}]})
r0 = getpgrp(0x0)
setpriority(0x0, r0, 0x0)
r1 = getpgrp(0x0)
setpriority(0x0, r1, 0x0)
syz_open_procfs(r1, &(0x7f0000000000)='net/nf_conntrack\x00')
syz_usb_connect(0x2, 0xa14, &(0x7f0000000c80)={{0x12, 0x1, 0x250, 0x64, 0x17, 0x92, 0x40, 0x856, 0xac26, 0xc889, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa02, 0x3, 0x6, 0x1, 0x30, 0xf3, [{{0x9, 0x4, 0x1c, 0x4, 0xb, 0x1f, 0x6f, 0xbe, 0x6, [], [{{0x9, 0x5, 0xe, 0x8, 0x200, 0x3, 0x8, 0x6}}, {{0x9, 0x5, 0x9, 0x8, 0x3ff, 0x6, 0x37, 0x1, [@generic={0x77, 0x2a, "f4854de13e4216eb4753f9011dc0b21b703751f28755728f26f2607e2cf81e3365e48daffc6807b561aa8537e103898c277e46ab520124a2058272c6c6ad3d68f162b17f35fabad8fb41ca1267a5f0e842cd7d6bbc3539751e8367ffb7437136dae88060b7d9be8b1202745fc1feea9e2241cbeb13"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x1, 0xd212}]}}, {{0x9, 0x5, 0xb, 0x0, 0x600, 0x0, 0x2, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x50, 0x4}]}}, {{0x9, 0x5, 0x6, 0x8, 0x200, 0x7f, 0x4, 0x4, [@generic={0xd6, 0x22, "e95cb6a2e5a72e800432d1f65cbc76057027ec71049cc8f0da9127cf5cbafd5187a54a50d637031ab20cec58da349b3860caa653af9203509fb53a14da6bfb5718e8a487d116e95d295637c560c169822d45fe008753575fb941e19f2bcb9e7256697bbebd3a9eaa591df010798da29f29e9d76103206846d858800a4ca3fc14335466fe0d9e036321796d2ccc47d8b13c2b2b7596d21371a570f4998ea7fa4ad6bd6cebbb4e9cb583201fbe263457fe1f77b2b3db141e1a9eb89b1201d952cd3e96639a1d4f6726e22e6f26b70a516cdf9c3cfb"}]}}, {{0x9, 0x5, 0x2, 0x0, 0x3ff, 0x68, 0x0, 0x8}}, {{0x9, 0x5, 0xc, 0x0, 0x3ff, 0x5, 0x3f, 0x7, [@generic={0xef, 0x22, "98f8a539dad0ec960dfc1efb20ef20918a6da4dd4fcece12420653d9608656529e93cb21ba9d9e3f7c39e81ec82071d8116cbfdb13c7a9bf61bba93e6e0430f780d333aa0f45c66f165249bef5bd6bf1600580507eeda7c62cdac7077a0ccb2543f41ca234e6456e5624e0a3c3ccee59d4cae616844149e3bccbd8f7ce0b50a8c92005a95409bc3ba938030debb14aafdd958956e2dc4bdd19ef5ed40861d06f601b109ba02142618a11478d5f2eb53b56b9e379e9529d01add003704695af62bcbccb82ab36977ba599409fea97a1c0d4adf282f82d42658cb0895e4f04b7b7078b51fb6533c555a9cee543a7"}]}}, {{0x9, 0x5, 0x6, 0x0, 0x3ff, 0x2, 0x3, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x3}, @generic={0x83, 0x22, "6c402ef9e0d3f0ae5137004ae53ebd906135a0a3854632bd58bebb237b0693b38c62b275fd0c4ce2e30c0a2b852d3c9e52939a25a6169faf5338dde13c222b8c57b9e5e22e6f8e29f55ae1a6bc04802a2c4facc45ca25d470fcfae203e20a3f25d406e6a209debd71a85cbbf56244eb723f1e0729321beb27d2fff8bcf1dfd12ba"}]}}, {{0x9, 0x5, 0x2, 0x2, 0x8, 0x81, 0x3, 0x5}}, {{0x9, 0x5, 0x9, 0x0, 0x200, 0x6, 0x1, 0x0, [@generic={0x58, 0x22, "cb160d3892e71f97f2edc6d00c87fb5f1bbcef7306a440d51c85f1eb8a00cc04ba59bb06e531e359f8d8f6b57a422fe0c43fad8318a175c6d2261868053c4c2590290797788f30d25b9e4c0a5c9c3d3045bb8de90b7f"}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x7, 0x4}]}}, {{0x9, 0x5, 0x2, 0x10, 0x40, 0x7a, 0x40, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x3f, 0xfff}, @generic={0x97, 0xa, "e0f7f692f5106914f4f25d8d75c5fbe56f47d0afeebedb12d6838574313f8ba75170bfdcc10aa96382c6a0fa4fffff89e0cfd0733d6490648342d484fd1b4d19b67da1b34215555ddc066974f6b9550b9cc68b362e15c5ebcd1c3e01743ecbe0c06a5b03c1ec2b4f8e173fe0f75ee67bfcd28e2c326f9511c0c9aaccab95d9a3857eb3767573a16940e32321fc6aa1bd0245dc36bd"}]}}, {{0x9, 0x5, 0x2, 0x0, 0x40, 0x9, 0x1, 0x3f}}]}}, {{0x9, 0x4, 0xe4, 0x80, 0xa, 0xff, 0xff, 0xff, 0x7, [@generic={0x2e, 0x23, "22a582c61235f04f420a0ad4cbb3ed460f7293cbd8b6f9a78b8ab77189d964662f6a078f0eee76906b09a330"}, @uac_as], [{{0x9, 0x5, 0xe, 0x0, 0x200, 0x4a, 0x81}}, {{0x9, 0x5, 0x7, 0x0, 0x40, 0x6, 0x5, 0x8e}}, {{0x9, 0x5, 0x8, 0x0, 0x8, 0x0, 0x20, 0x3f, [@generic={0x95, 0x5, "c5d6531e56f7de20dfe6c820c360d6c6efb47498221f9988e17ad54e5480f970291ad6a8ad430463c228f1d0c0857c3608807e4d6bb578230a2fa22960cf203b5ece643b4dc2a84dcb6a7cc364030417c66e0f60b64516492470793ab4339687ecd131e30724bc360fb41a3e7041195ec834d564ec32c0aa42950c708ee877a8de7b3b2d9b689b34db632c7d77e2cd3118e213"}]}}, {{0x9, 0x5, 0xe, 0x0, 0x40, 0xd8, 0x0, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x3b, 0x6}, @generic={0x68, 0x21, "4dad743305e6fb0771fb40aabc06d50c9c43110717d3ed4de0d509966eb818e330125b029c7a4a792f8c63711e21900d27f0ca1615c20b2093c76c64928fea2b066de7ab2dfbab469aef06e59dfbf2bd4ca5389116519705e457ffe1a43244fc9cee4fd0f86f"}]}}, {{0x9, 0x5, 0x0, 0x2, 0x40, 0x6, 0x0, 0x4a, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x5}, @generic={0x1d, 0x21, "e2a72e7abbba06037574fe9079952af56d67ce037134572ccc2075"}]}}, {{0x9, 0x5, 0xf, 0x4, 0x3ff, 0x93, 0x3, 0xfa, [@uac_iso={0x7, 0x25, 0x1, 0x5, 0x9, 0x5a3a}]}}, {{0x9, 0x5, 0x4, 0x0, 0x3ff, 0xff, 0xbe, 0x20, [@generic={0x75, 0x3, "742045bf403f0cbcdfa393fbb2b133956a3b3c074aa11606497db9e9793af1b702d172173648eaf16db95f1e50fed009b0a4fbdfad24e9b97d61531e5723ffb998ae7231a8555d15211e0d9ba59802cc652e892b0d527f5a5d6983a4c2a0fe5039ef8e313d6a5f17122e39b6b7ffdf6a706349"}]}}, {{0x9, 0x5, 0x7, 0x10, 0x8, 0x4, 0x81, 0x55, [@uac_iso={0x7, 0x25, 0x1, 0x100, 0x7, 0x1}]}}, {{0x9, 0x5, 0xf, 0x10, 0x400, 0x1e, 0x5, 0x7f}}, {{0x9, 0x5, 0x0, 0x2, 0x20, 0x4, 0x7f, 0xff, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x3, 0x7}]}}]}}, {{0x9, 0x4, 0xc5, 0x7, 0xb, 0xd6, 0xde, 0x44, 0x7f, [@uac_as={[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0xe3, 0x4, 0xff, 0x4, "a67a4e3e33"}, @format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0xffe0, 0x0, 0xff, "c8b9"}, @format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0x6, 0x4, 0x9, 0x1, "ae"}, @format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x1, 0x0, 0x7f, "3e8c3a"}]}, @uac_as={[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x40, 0x3, 0x0, "985314135b4b"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0xff, 0x3, 0xd1, 0x2, '4', "fefe"}, @format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x8, 0xfffe, 0x4, "889cc8"}]}], [{{0x9, 0x5, 0x4, 0xc, 0x40, 0x2, 0x20, 0x1f}}, {{0x9, 0x5, 0x4, 0x3, 0x20, 0x1, 0x0, 0x5, [@generic={0xfe, 0x23, "a63a633a5f5a8b181e822160bc5133af5fec19df067e198e550324ea85007045d1658e2381380af6a7498cc908fa3f9a0a468ebdac412505a3154a79b6e77cafbe9dbf8a7d5b3cfc4ca8304eea21c7672131397f75e64724d4d0be3a2c542058651ffa35a59c27716a1bfcb08ecb0078f60913150abb3d482b70ea6127b7c62be95be8a68039331ecb5263f1600b9cf9ded11473770138fd14c9434cd111a0cebc6c6762c58ea4e83ef055051a1c600a0f05f1eb538a870a49dc6781df5af17a4aad1c0918ef0c4083883445a03f9ca849fba54bf0db04c1d61509761d1a88cee18e92d67764dd11416136dbfb43f303130e7f6b2d579f79d0f29158"}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x4, 0x2}]}}, {{0x9, 0x5, 0x7, 0x4, 0x8, 0x3d, 0x1, 0x1f, [@generic={0x8c, 0x21, "9e1513dd29e5425363594d1ed9663507ab10a307b322f1afcb3d4bec84a406ce3ef111925d310e7f5f3a9284ff5bf0b11f715751489d5fa8db5aef2ed29d382b3d168abc944a4d9b4dc2801bba1a4accf21212993170a7ba296c18189ca6164aa9ab52c34a2a3ce0415c836e535f7effe2e808628786afad77f11aa50e198c4a917e161ef34cc9f1ea15"}, @generic={0x6b, 0xc, "94f85f04364fa2d0c8c3f2ec1e5c87d1227724038dac4839e0aea2048793c67537fca0b8461e77ce2e28a8d55bc658a362fc33e227acfb0626de2b445316217658c0148ec2c497ad88e68a6869d80083e62b59254ce50b58de793e60a7530beda05e0ed1ee8d05d6aa"}]}}, {{0x9, 0x5, 0xa, 0x8, 0x20, 0x6, 0x2, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x6c, 0x3}]}}, {{0x9, 0x5, 0xd, 0x0, 0x3ff, 0x40, 0x81, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x4, 0x2}]}}, {{0x9, 0x5, 0x7, 0x1, 0x410, 0x0, 0x6, 0x5}}, {{0x9, 0x5, 0x5, 0x4, 0x20, 0x8, 0x7f, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x80, 0x4}, @generic={0x3f, 0xb, "d593bbdbc8ee34e706c8eccc9d9e3efacb030e9699b7618a8727c290fadf4f0e839a50a57474ac7aec3f23ab35304cc71ec8ed9c12c6c1499b184f99da"}]}}, {{0x9, 0x5, 0x9, 0x0, 0x3ff, 0x5, 0x3, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x8, 0x8}, @generic={0x4e, 0x23, "9eec84188a8c3eccfc9bf3370535453513cb225548f229e4b7138f67ef2aef4c8ee055080e5868441368d4a9bc1cf7a162ce0c4a3592cd650dd962a46070edd66131bb4fd7e5ec0cdcd9cbed"}]}}, {{0x9, 0x5, 0xf, 0x10, 0x200, 0x90, 0x6f, 0x1f, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x1, 0x8}]}}, {{0x9, 0x5, 0x0, 0x2, 0x8, 0x7, 0x1}}, {{0x9, 0x5, 0xa, 0x0, 0x20, 0x20, 0x6, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x0, 0xffff}]}}]}}]}}]}}, &(0x7f0000001740)={0xa, &(0x7f00000016c0)={0xa, 0x6, 0x200, 0x7f, 0x5, 0xf6, 0xff, 0x5}, 0x33, &(0x7f0000001700)={0x5, 0xf, 0x33, 0x3, [@ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x8, 0x82, 0x20, 0x2, 0x8}, @ssp_cap={0x20, 0x10, 0xa, 0xe1, 0x5, 0x2e, 0xf00, 0xd08, [0xff000f, 0xffc03f, 0xff0011, 0x3fcf, 0x30]}]}})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
r3 = socket(0x23, 0x5, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={0x48, 0x0, 0x8, 0x3, 0x0, 0x0, {0x2, 0x0, 0x3}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88b5}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x805}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88f5}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}]}, 0x48}, 0x1, 0x0, 0x0, 0x20008000}, 0x8090)
openat$cgroup_pressure(r2, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)

23:18:02 executing program 6:
getdents(0xffffffffffffffff, &(0x7f0000000040)=""/79, 0x4f)

[ 1163.399751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1163.407768] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1179.416323] loop4: detected capacity change from 0 to 40
23:18:18 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:18:18 executing program 6:
r0 = syz_open_procfs(0xffffffffffffffff, 0x0)
getdents(r0, &(0x7f0000000040)=""/79, 0x4f)

23:18:18 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:18:18 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
r1 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2, {r0}}, 0x58)

23:18:18 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c65"])

23:18:18 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:18:18 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1179.430121] FAT-fs (loop7): bogus number of reserved sectors
[ 1179.430519] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1179.432909] loop2: detected capacity change from 0 to 40
23:18:18 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1179.475089] loop5: detected capacity change from 0 to 40
[ 1179.493258] FAT-fs (loop5): bogus number of FAT sectors
[ 1179.493659] FAT-fs (loop5): Can't find a valid FAT filesystem
23:18:18 executing program 6:
r0 = syz_open_procfs(0xffffffffffffffff, 0x0)
getdents(r0, &(0x7f0000000040)=""/79, 0x4f)

23:18:18 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c65"])

23:18:18 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
r1 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2, {r0}}, 0x58)

23:18:18 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:18:18 executing program 6:
r0 = syz_open_procfs(0xffffffffffffffff, 0x0)
getdents(r0, &(0x7f0000000040)=""/79, 0x4f)

[ 1179.786296] kworker/u4:5: attempt to access beyond end of device
[ 1179.786296] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1179.787143] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:18:18 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c65"])

[ 1179.894872] loop4: detected capacity change from 0 to 40
23:18:18 executing program 6:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
getdents(0xffffffffffffffff, &(0x7f0000000040)=""/79, 0x4f)

23:18:19 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c6531"])

23:18:19 executing program 6:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
getdents(0xffffffffffffffff, &(0x7f0000000040)=""/79, 0x4f)

23:18:19 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
r1 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2, {r0}}, 0x58)

23:18:19 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:18:19 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c6531"])

23:18:19 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1180.450816] kworker/u4:5: attempt to access beyond end of device
[ 1180.450816] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1180.453782] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1180.568818] loop7: detected capacity change from 0 to 40
[ 1180.573431] FAT-fs (loop7): bogus number of reserved sectors
[ 1180.574295] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1180.631934] loop5: detected capacity change from 0 to 40
[ 1180.646035] FAT-fs (loop5): bogus number of FAT sectors
[ 1180.646692] FAT-fs (loop5): Can't find a valid FAT filesystem
23:18:34 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:18:34 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:18:34 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:18:34 executing program 6:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
getdents(0xffffffffffffffff, &(0x7f0000000040)=""/79, 0x4f)

23:18:34 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
r1 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x12, r1, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2, {r0}}, 0x58)

23:18:34 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:18:34 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:18:34 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c6531"])

[ 1195.547722] loop7: detected capacity change from 0 to 40
[ 1195.552560] FAT-fs (loop7): bogus number of reserved sectors
[ 1195.553123] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1195.565437] loop5: detected capacity change from 0 to 40
[ 1195.568281] FAT-fs (loop5): bogus number of FAT sectors
[ 1195.568814] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 1195.592819] loop2: detected capacity change from 0 to 40
23:18:34 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYBLOB="9b000000000000002e2f66696c653100"])

[ 1195.626507] loop4: detected capacity change from 0 to 40
23:18:34 executing program 6:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
getdents(r0, 0x0, 0x0)

23:18:34 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
r1 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x12, r1, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2, {r0}}, 0x58)

23:18:34 executing program 6:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
getdents(r0, 0x0, 0x0)

23:18:34 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1195.932063] kworker/u4:5: attempt to access beyond end of device
[ 1195.932063] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1195.932879] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:18:34 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYBLOB="9b000000000000002e2f66696c653100"])

23:18:35 executing program 6:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
getdents(r0, 0x0, 0x0)

[ 1196.132923] loop4: detected capacity change from 0 to 40
23:18:35 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYBLOB="9b000000000000002e2f66696c653100"])

[ 1196.610461] kworker/u4:5: attempt to access beyond end of device
[ 1196.610461] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1196.611628] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:18:50 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
r1 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x12, r1, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2, {r0}}, 0x58)

23:18:50 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:18:50 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

23:18:50 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:18:50 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:18:50 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:18:50 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:18:50 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1211.546575] loop7: detected capacity change from 0 to 40
[ 1211.551427] FAT-fs (loop7): bogus number of reserved sectors
[ 1211.551842] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1211.579691] loop5: detected capacity change from 0 to 40
[ 1211.626459] loop6: detected capacity change from 0 to 40
[ 1211.634136] loop2: detected capacity change from 0 to 40
[ 1211.635244] loop4: detected capacity change from 0 to 40
[ 1211.649007] FAT-fs (loop6): bogus number of reserved sectors
[ 1211.649774] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1211.675531] syz-executor.5: attempt to access beyond end of device
[ 1211.675531] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1211.677206] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:18:50 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1211.878565] kworker/u4:3: attempt to access beyond end of device
[ 1211.878565] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1211.880271] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:18:50 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

23:18:50 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

[ 1211.975932] loop4: detected capacity change from 0 to 40
23:18:50 executing program 6:
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1212.070830] loop5: detected capacity change from 0 to 40
[ 1212.202453] syz-executor.5: attempt to access beyond end of device
[ 1212.202453] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1212.204073] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1212.399661] kworker/u4:6: attempt to access beyond end of device
[ 1212.399661] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1212.402600] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:19:06 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:06 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1227.302343] loop5: detected capacity change from 0 to 40
[ 1227.311024] syz-executor.5: attempt to access beyond end of device
[ 1227.311024] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1227.311868] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:19:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

23:19:06 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:06 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:19:06 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x12, 0xffffffffffffffff, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2, {r0}}, 0x58)

[ 1227.345537] loop2: detected capacity change from 0 to 40
[ 1227.350287] loop7: detected capacity change from 0 to 40
[ 1227.364240] loop4: detected capacity change from 0 to 40
[ 1227.366058] FAT-fs (loop7): bogus number of reserved sectors
[ 1227.366508] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1227.372147] loop6: detected capacity change from 0 to 40
23:19:06 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1227.488146] loop5: detected capacity change from 0 to 40
[ 1227.505636] kworker/u4:3: attempt to access beyond end of device
[ 1227.505636] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1227.506571] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:19:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

[ 1227.615592] loop2: detected capacity change from 0 to 40
[ 1227.649280] syz-executor.6: attempt to access beyond end of device
[ 1227.649280] loop6: rw=2049, sector=76, nr_sectors = 48 limit=40
[ 1227.667211] syz-executor.6: attempt to access beyond end of device
[ 1227.667211] loop6: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1227.668984] Buffer I/O error on dev loop6, logical block 31, lost async page write
[ 1227.700803] kworker/u4:3: attempt to access beyond end of device
[ 1227.700803] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1227.701947] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:19:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:19:06 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x12, 0xffffffffffffffff, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2, {r0}}, 0x58)

[ 1227.763737] loop4: detected capacity change from 0 to 40
23:19:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:19:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1227.890268] kworker/u4:4: attempt to access beyond end of device
[ 1227.890268] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1227.891125] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1227.976758] loop4: detected capacity change from 0 to 40
23:19:06 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1228.097844] loop6: detected capacity change from 0 to 40
[ 1228.125604] kworker/u4:3: attempt to access beyond end of device
[ 1228.125604] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1228.126474] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:19:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1228.190412] syz-executor.6: attempt to access beyond end of device
[ 1228.190412] loop6: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1228.192263] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:19:07 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1228.255205] kworker/u4:4: attempt to access beyond end of device
[ 1228.255205] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1228.256112] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:19:07 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:19:07 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1228.347236] loop2: detected capacity change from 0 to 40
[ 1228.419594] loop4: detected capacity change from 0 to 40
[ 1228.435445] loop6: detected capacity change from 0 to 40
[ 1228.524040] kworker/u4:4: attempt to access beyond end of device
[ 1228.524040] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1228.525541] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1228.560640] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:19:22 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/nfsfs\x00')
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x12, 0xffffffffffffffff, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2, {r0}}, 0x58)

23:19:22 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:22 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:22 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:22 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1243.647248] loop5: detected capacity change from 0 to 40
23:19:22 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656a", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

[ 1243.653559] loop4: detected capacity change from 0 to 40
[ 1243.696608] loop7: detected capacity change from 0 to 40
[ 1243.705919] loop6: detected capacity change from 0 to 40
[ 1243.710120] loop2: detected capacity change from 0 to 40
[ 1243.722555] FAT-fs (loop7): bogus number of reserved sectors
[ 1243.723429] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1243.816041] bio_check_eod: 2 callbacks suppressed
[ 1243.816065] syz-executor.6: attempt to access beyond end of device
[ 1243.816065] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1243.818329] buffer_io_error: 1 callbacks suppressed
[ 1243.818345] Buffer I/O error on dev loop6, logical block 10, lost async page write
23:19:22 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656a", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:19:22 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1244.047672] kworker/u4:9: attempt to access beyond end of device
[ 1244.047672] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1244.049306] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1244.109909] kworker/u4:4: attempt to access beyond end of device
[ 1244.109909] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1244.111743] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1244.169415] loop6: detected capacity change from 0 to 40
[ 1244.230680] syz-executor.6: attempt to access beyond end of device
[ 1244.230680] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1244.232364] Buffer I/O error on dev loop6, logical block 10, lost async page write
23:19:40 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:40 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656a", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:19:40 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:40 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:40 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:19:40 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x12, r0, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

23:19:40 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:40 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1261.293829] loop4: detected capacity change from 0 to 40
[ 1261.299855] loop5: detected capacity change from 0 to 40
[ 1261.303851] loop6: detected capacity change from 0 to 40
[ 1261.309870] loop2: detected capacity change from 0 to 40
[ 1261.347389] loop7: detected capacity change from 0 to 40
[ 1261.403467] FAT-fs (loop7): bogus number of reserved sectors
[ 1261.404334] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1261.428461] syz-executor.6: attempt to access beyond end of device
[ 1261.428461] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1261.430499] Buffer I/O error on dev loop6, logical block 10, lost async page write
23:19:40 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:19:40 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:40 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1261.637240] kworker/u4:2: attempt to access beyond end of device
[ 1261.637240] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1261.638762] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1261.664677] kworker/u4:3: attempt to access beyond end of device
23:19:40 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1261.664677] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1261.666376] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1261.700752] loop6: detected capacity change from 0 to 40
23:19:40 executing program 3:
r0 = socket$inet6(0xa, 0x0, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x12, r0, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

[ 1261.802296] syz-executor.6: attempt to access beyond end of device
[ 1261.802296] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1261.803948] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 1261.846710] loop2: detected capacity change from 0 to 40
[ 1261.852497] loop4: detected capacity change from 0 to 40
23:19:40 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:19:40 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1262.071791] loop6: detected capacity change from 0 to 40
[ 1262.173124] syz-executor.6: attempt to access beyond end of device
[ 1262.173124] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1262.174861] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 1262.181267] kworker/u4:5: attempt to access beyond end of device
[ 1262.181267] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1262.182627] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:19:41 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:41 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:41 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

[ 1262.317159] kworker/u4:5: attempt to access beyond end of device
[ 1262.317159] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1262.318562] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1262.353537] loop2: detected capacity change from 0 to 40
[ 1262.360308] loop6: detected capacity change from 0 to 40
[ 1262.447896] syz-executor.6: attempt to access beyond end of device
[ 1262.447896] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1262.449647] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 1262.509188] kworker/u4:3: attempt to access beyond end of device
[ 1262.509188] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1262.510813] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:19:56 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:19:56 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b649", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:19:56 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:56 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:56 executing program 3:
r0 = socket$inet6(0xa, 0x0, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x12, r0, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

[ 1277.563603] loop2: detected capacity change from 0 to 40
23:19:56 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:56 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1277.565790] loop6: detected capacity change from 0 to 40
23:19:56 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(0x0, &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1277.575341] loop7: detected capacity change from 0 to 40
[ 1277.602615] loop5: detected capacity change from 0 to 40
[ 1277.608038] FAT-fs (loop7): bogus number of reserved sectors
[ 1277.608822] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1277.640708] loop4: detected capacity change from 0 to 40
[ 1277.660696] syz-executor.6: attempt to access beyond end of device
[ 1277.660696] loop6: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1277.661598] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:19:56 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1277.713854] kworker/u4:5: attempt to access beyond end of device
[ 1277.713854] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1277.716016] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:19:56 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1277.744257] syz-executor.5: attempt to access beyond end of device
[ 1277.744257] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1277.745985] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1277.801507] loop2: detected capacity change from 0 to 40
[ 1277.804580] loop6: detected capacity change from 0 to 40
23:19:56 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(0x0, &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:19:56 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b649", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:19:56 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1277.960455] kworker/u4:2: attempt to access beyond end of device
[ 1277.960455] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1277.962337] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:19:56 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b649", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

[ 1278.047133] loop2: detected capacity change from 0 to 40
[ 1278.067814] loop5: detected capacity change from 0 to 40
[ 1278.095113] kworker/u4:5: attempt to access beyond end of device
[ 1278.095113] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
23:19:57 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1278.096577] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:19:57 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

[ 1278.163717] syz-executor.6: attempt to access beyond end of device
[ 1278.163717] loop6: rw=2049, sector=52, nr_sectors = 72 limit=40
[ 1278.164781] syz-executor.6: attempt to access beyond end of device
[ 1278.164781] loop6: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1278.165853] Buffer I/O error on dev loop6, logical block 31, lost async page write
[ 1278.288282] loop4: detected capacity change from 0 to 40
[ 1278.374857] kworker/u4:9: attempt to access beyond end of device
[ 1278.374857] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1278.375801] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1278.408799] syz-executor.5: attempt to access beyond end of device
[ 1278.408799] loop5: rw=2049, sector=84, nr_sectors = 40 limit=40
[ 1278.425742] syz-executor.5: attempt to access beyond end of device
[ 1278.425742] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1278.426603] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:20:11 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:20:11 executing program 3:
r0 = socket$inet6(0xa, 0x0, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x12, r0, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

23:20:11 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1292.334814] loop7: detected capacity change from 0 to 40
[ 1292.338771] loop4: detected capacity change from 0 to 40
[ 1292.340728] loop2: detected capacity change from 0 to 40
[ 1292.346609] FAT-fs (loop7): bogus number of reserved sectors
[ 1292.347153] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1292.349676] loop6: detected capacity change from 0 to 40
23:20:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:20:11 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:20:11 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:20:11 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:20:11 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(0x0, &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1292.389421] loop5: detected capacity change from 0 to 40
23:20:11 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:20:11 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

[ 1292.518885] loop4: detected capacity change from 0 to 40
23:20:11 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b8092", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:20:11 executing program 4:
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1292.676560] syz-executor.6: attempt to access beyond end of device
[ 1292.676560] loop6: rw=2049, sector=68, nr_sectors = 56 limit=40
[ 1292.677535] syz-executor.6: attempt to access beyond end of device
[ 1292.677535] loop6: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1292.678398] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:20:11 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b8092", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

[ 1292.726403] kworker/u4:4: attempt to access beyond end of device
[ 1292.726403] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1292.727983] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:20:11 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:20:11 executing program 4:
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1292.765297] syz-executor.5: attempt to access beyond end of device
[ 1292.765297] loop5: rw=2049, sector=116, nr_sectors = 8 limit=40
[ 1292.766599] syz-executor.5: attempt to access beyond end of device
[ 1292.766599] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1292.767475] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1292.848476] loop2: detected capacity change from 0 to 40
[ 1293.011495] kworker/u4:4: attempt to access beyond end of device
[ 1293.011495] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1293.013080] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:20:24 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

23:20:24 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:20:24 executing program 4:
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:20:24 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b8092", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:20:24 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:20:24 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:20:24 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1305.260624] loop7: detected capacity change from 0 to 40
[ 1305.261829] loop2: detected capacity change from 0 to 40
23:20:24 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

[ 1305.270717] FAT-fs (loop7): bogus number of reserved sectors
[ 1305.271320] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1305.301600] loop6: detected capacity change from 0 to 40
[ 1305.317299] loop5: detected capacity change from 0 to 40
23:20:24 executing program 4:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1305.383597] loop4: detected capacity change from 0 to 40
[ 1305.387750] syz-executor.2: attempt to access beyond end of device
[ 1305.387750] loop2: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1305.389401] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:20:24 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:20:24 executing program 4:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:20:24 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

[ 1305.599233] loop4: detected capacity change from 0 to 40
[ 1305.609046] syz-executor.5: attempt to access beyond end of device
[ 1305.609046] loop5: rw=2049, sector=76, nr_sectors = 48 limit=40
[ 1305.621041] syz-executor.5: attempt to access beyond end of device
[ 1305.621041] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1305.623383] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1305.745495] kworker/u4:2: attempt to access beyond end of device
[ 1305.745495] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1305.747047] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:20:43 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:20:43 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:20:43 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:20:43 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:20:43 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

23:20:43 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

23:20:43 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:20:43 executing program 4:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1324.118466] loop7: detected capacity change from 0 to 40
[ 1324.149313] FAT-fs (loop7): bogus number of reserved sectors
[ 1324.150134] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1324.154263] loop6: detected capacity change from 0 to 40
[ 1324.158909] loop4: detected capacity change from 0 to 40
[ 1324.165404] loop2: detected capacity change from 0 to 40
[ 1324.170409] loop5: detected capacity change from 0 to 40
23:20:43 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:20:43 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1324.408274] syz-executor.5: attempt to access beyond end of device
[ 1324.408274] loop5: rw=2049, sector=84, nr_sectors = 40 limit=40
[ 1324.423247] syz-executor.5: attempt to access beyond end of device
[ 1324.423247] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1324.424833] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1324.433554] syz-executor.2: attempt to access beyond end of device
[ 1324.433554] loop2: rw=2049, sector=84, nr_sectors = 40 limit=40
[ 1324.449285] syz-executor.2: attempt to access beyond end of device
[ 1324.449285] loop2: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1324.451039] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:20:43 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:20:43 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:20:43 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

23:20:43 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1324.576983] kworker/u4:4: attempt to access beyond end of device
[ 1324.576983] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1324.578495] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:20:43 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

[ 1324.617086] loop4: detected capacity change from 0 to 40
[ 1324.691818] loop2: detected capacity change from 0 to 40
[ 1324.697282] loop6: detected capacity change from 0 to 40
[ 1324.713546] loop5: detected capacity change from 0 to 40
[ 1324.934223] syz-executor.5: attempt to access beyond end of device
[ 1324.934223] loop5: rw=2049, sector=92, nr_sectors = 32 limit=40
[ 1324.941582] syz-executor.5: attempt to access beyond end of device
[ 1324.941582] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1324.943203] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1324.975706] syz-executor.2: attempt to access beyond end of device
[ 1324.975706] loop2: rw=2049, sector=68, nr_sectors = 56 limit=40
[ 1324.983359] syz-executor.2: attempt to access beyond end of device
[ 1324.983359] loop2: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1324.985165] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1325.048137] kworker/u4:9: attempt to access beyond end of device
[ 1325.048137] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1325.049821] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:21:01 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:21:01 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:01 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:01 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651", @ANYRES32, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:21:01 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

23:21:01 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:01 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

23:21:01 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1342.701118] loop4: detected capacity change from 0 to 40
[ 1342.701387] loop7: detected capacity change from 0 to 40
[ 1342.706262] loop5: detected capacity change from 0 to 40
[ 1342.707766] loop6: detected capacity change from 0 to 40
[ 1342.711367] loop2: detected capacity change from 0 to 40
[ 1342.718361] FAT-fs (loop7): bogus number of reserved sectors
[ 1342.719475] FAT-fs (loop7): Can't find a valid FAT filesystem
23:21:01 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1342.973764] syz-executor.2: attempt to access beyond end of device
[ 1342.973764] loop2: rw=2049, sector=76, nr_sectors = 48 limit=40
[ 1342.987656] syz-executor.2: attempt to access beyond end of device
[ 1342.987656] loop2: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1342.989346] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1342.998494] syz-executor.5: attempt to access beyond end of device
[ 1342.998494] loop5: rw=2049, sector=84, nr_sectors = 40 limit=40
[ 1343.009038] syz-executor.5: attempt to access beyond end of device
[ 1343.009038] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1343.010852] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:21:01 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:01 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

[ 1343.107378] loop4: detected capacity change from 0 to 40
23:21:02 executing program 0:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

[ 1343.140440] kworker/u4:6: attempt to access beyond end of device
[ 1343.140440] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1343.141979] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:21:02 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

23:21:02 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:02 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:02 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1343.288102] loop6: detected capacity change from 0 to 40
[ 1343.303730] loop2: detected capacity change from 0 to 40
23:21:02 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1343.330061] loop5: detected capacity change from 0 to 40
23:21:02 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1343.517642] syz-executor.2: attempt to access beyond end of device
[ 1343.517642] loop2: rw=2049, sector=84, nr_sectors = 40 limit=40
[ 1343.526918] syz-executor.2: attempt to access beyond end of device
[ 1343.526918] loop2: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1343.528176] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1343.532854] kworker/u4:6: attempt to access beyond end of device
[ 1343.532854] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1343.534472] Buffer I/O error on dev loop6, logical block 31, lost async page write
[ 1343.558238] syz-executor.5: attempt to access beyond end of device
[ 1343.558238] loop5: rw=2049, sector=76, nr_sectors = 48 limit=40
[ 1343.561589] syz-executor.5: attempt to access beyond end of device
[ 1343.561589] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1343.562652] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:21:20 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

23:21:20 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:20 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:20 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:20 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:20 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:21:20 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:20 executing program 3:
socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

[ 1361.234441] loop7: detected capacity change from 0 to 40
[ 1361.243382] FAT-fs (loop7): bogus number of reserved sectors
[ 1361.244462] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1361.271490] loop6: detected capacity change from 0 to 40
[ 1361.275818] loop5: detected capacity change from 0 to 40
[ 1361.277498] loop2: detected capacity change from 0 to 40
[ 1361.481321] syz-executor.2: attempt to access beyond end of device
[ 1361.481321] loop2: rw=2049, sector=100, nr_sectors = 24 limit=40
[ 1361.490460] syz-executor.2: attempt to access beyond end of device
[ 1361.490460] loop2: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1361.492141] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:21:20 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:20 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:21:20 executing program 3:
socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

[ 1361.589525] syz-executor.5: attempt to access beyond end of device
[ 1361.589525] loop5: rw=2049, sector=68, nr_sectors = 56 limit=40
[ 1361.609638] syz-executor.5: attempt to access beyond end of device
[ 1361.609638] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1361.611228] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:21:20 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1361.706662] kworker/u4:9: attempt to access beyond end of device
[ 1361.706662] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1361.708189] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:21:20 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:20 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1361.921058] loop2: detected capacity change from 0 to 40
[ 1361.976911] loop6: detected capacity change from 0 to 40
[ 1362.078830] loop5: detected capacity change from 0 to 40
[ 1362.086395] syz-executor.2: attempt to access beyond end of device
[ 1362.086395] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1362.088004] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 1362.304523] syz-executor.5: attempt to access beyond end of device
[ 1362.304523] loop5: rw=2049, sector=92, nr_sectors = 32 limit=40
[ 1362.306331] syz-executor.5: attempt to access beyond end of device
[ 1362.306331] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1362.307857] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1376.531169] loop6: detected capacity change from 0 to 40
23:21:35 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:35 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:35 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:35 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:35 executing program 3:
socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x54362000)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

23:21:35 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:35 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:35 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1376.565597] loop7: detected capacity change from 0 to 40
[ 1376.568314] FAT-fs (loop7): invalid media value (0x00)
[ 1376.568718] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1376.578269] loop5: detected capacity change from 0 to 40
[ 1376.584227] loop2: detected capacity change from 0 to 40
[ 1376.630304] FAT-fs (loop4): bogus number of reserved sectors
[ 1376.631180] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1376.667024] syz-executor.2: attempt to access beyond end of device
[ 1376.667024] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1376.667880] Buffer I/O error on dev loop2, logical block 10, lost async page write
23:21:35 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1376.789031] syz-executor.5: attempt to access beyond end of device
[ 1376.789031] loop5: rw=2049, sector=108, nr_sectors = 16 limit=40
[ 1376.795096] syz-executor.5: attempt to access beyond end of device
[ 1376.795096] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1376.797203] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:21:35 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:35 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:35 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

[ 1376.893750] loop2: detected capacity change from 0 to 40
[ 1376.985059] FAT-fs (loop4): bogus number of reserved sectors
[ 1376.985859] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1377.032637] syz-executor.2: attempt to access beyond end of device
[ 1377.032637] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1377.034293] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 1377.087135] loop5: detected capacity change from 0 to 40
23:21:36 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(0x0, 0x0)

23:21:36 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1377.210933] syz-executor.5: attempt to access beyond end of device
[ 1377.210933] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1377.211815] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1377.387279] loop2: detected capacity change from 0 to 40
[ 1377.517547] syz-executor.2: attempt to access beyond end of device
[ 1377.517547] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1377.519257] Buffer I/O error on dev loop2, logical block 10, lost async page write
23:21:49 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:49 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:49 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x0, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:49 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:49 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:21:49 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(0x0, 0x0)

23:21:49 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:49 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1390.616462] FAT-fs (loop4): bogus number of reserved sectors
[ 1390.617313] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1390.646657] loop7: detected capacity change from 0 to 40
[ 1390.655058] FAT-fs (loop7): invalid media value (0x00)
[ 1390.655791] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1390.669617] loop2: detected capacity change from 0 to 40
[ 1390.689215] loop6: detected capacity change from 0 to 40
[ 1390.700237] loop5: detected capacity change from 0 to 40
[ 1390.778643] syz-executor.2: attempt to access beyond end of device
[ 1390.778643] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1390.780505] Buffer I/O error on dev loop2, logical block 10, lost async page write
23:21:49 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:21:49 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(0x0, 0x0)

[ 1390.922851] FAT-fs (loop4): bogus number of reserved sectors
[ 1390.923813] FAT-fs (loop4): Can't find a valid FAT filesystem
23:21:49 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1391.054660] syz-executor.5: attempt to access beyond end of device
[ 1391.054660] loop5: rw=2049, sector=76, nr_sectors = 48 limit=40
[ 1391.091736] syz-executor.5: attempt to access beyond end of device
[ 1391.091736] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1391.093677] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:21:50 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

[ 1391.205408] loop2: detected capacity change from 0 to 40
[ 1391.253499] syz-executor.2: attempt to access beyond end of device
[ 1391.253499] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1391.255237] Buffer I/O error on dev loop2, logical block 10, lost async page write
23:21:50 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:50 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:21:50 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1391.404756] loop5: detected capacity change from 0 to 40
[ 1391.467452] loop2: detected capacity change from 0 to 40
[ 1391.566552] FAT-fs (loop4): bogus number of reserved sectors
[ 1391.567411] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1391.629921] syz-executor.2: attempt to access beyond end of device
[ 1391.629921] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1391.631391] Buffer I/O error on dev loop2, logical block 10, lost async page write
23:21:50 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1391.686060] syz-executor.5: attempt to access beyond end of device
[ 1391.686060] loop5: rw=2049, sector=68, nr_sectors = 56 limit=40
[ 1391.689643] syz-executor.5: attempt to access beyond end of device
[ 1391.689643] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1391.690667] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:21:50 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:50 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:50 executing program 6:
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:21:50 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, &(0x7f00000000c0), {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

23:21:50 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1391.802212] loop7: detected capacity change from 0 to 40
[ 1391.810477] FAT-fs (loop7): invalid media value (0x00)
[ 1391.810883] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1391.822556] loop2: detected capacity change from 0 to 40
[ 1391.860839] syz-executor.2: attempt to access beyond end of device
[ 1391.860839] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1391.861833] Buffer I/O error on dev loop2, logical block 10, lost async page write
23:22:06 executing program 0:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:22:06 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:06 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {0x35}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

23:22:06 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:06 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:22:06 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:06 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:06 executing program 6:
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1408.005136] loop7: detected capacity change from 0 to 40
[ 1408.007762] loop2: detected capacity change from 0 to 40
[ 1408.010074] FAT-fs (loop4): bogus number of reserved sectors
[ 1408.010500] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1408.012523] FAT-fs (loop7): invalid media value (0x00)
[ 1408.012928] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1408.015637] loop5: detected capacity change from 0 to 40
[ 1408.057617] syz-executor.2: attempt to access beyond end of device
[ 1408.057617] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1408.058594] Buffer I/O error on dev loop2, logical block 10, lost async page write
23:22:07 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:22:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1408.218453] syz-executor.5: attempt to access beyond end of device
[ 1408.218453] loop5: rw=2049, sector=60, nr_sectors = 64 limit=40
[ 1408.219459] syz-executor.5: attempt to access beyond end of device
[ 1408.219459] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1408.220417] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1408.227781] loop2: detected capacity change from 0 to 40
23:22:07 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1408.245721] loop4: detected capacity change from 0 to 40
[ 1408.260208] FAT-fs (loop4): bogus number of reserved sectors
[ 1408.261083] FAT-fs (loop4): Can't find a valid FAT filesystem
23:22:07 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, &(0x7f0000000100)=""/66, 0x42, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

[ 1408.300641] syz-executor.2: attempt to access beyond end of device
[ 1408.300641] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1408.301487] Buffer I/O error on dev loop2, logical block 10, lost async page write
23:22:07 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:22:07 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1408.388796] loop4: detected capacity change from 0 to 40
[ 1408.421037] FAT-fs (loop4): bogus number of reserved sectors
[ 1408.421854] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1408.490780] loop5: detected capacity change from 0 to 40
[ 1408.575771] loop2: detected capacity change from 0 to 40
23:22:07 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000000180)=""/50, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

[ 1408.656348] syz-executor.5: attempt to access beyond end of device
[ 1408.656348] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1408.658089] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:22:07 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1408.711168] loop4: detected capacity change from 0 to 40
[ 1408.714045] FAT-fs (loop4): bogus number of reserved sectors
[ 1408.714607] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1408.726676] syz-executor.2: attempt to access beyond end of device
[ 1408.726676] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1408.727809] Buffer I/O error on dev loop2, logical block 10, lost async page write
23:22:07 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:07 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:22:07 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1408.914986] loop2: detected capacity change from 0 to 40
[ 1408.928754] loop5: detected capacity change from 0 to 40
[ 1408.938817] loop4: detected capacity change from 0 to 40
[ 1408.946557] FAT-fs (loop4): bogus number of reserved sectors
[ 1408.947060] FAT-fs (loop4): Can't find a valid FAT filesystem
23:22:07 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:07 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x0, 0x0], 0x2}, 0x58)

[ 1409.010978] syz-executor.2: attempt to access beyond end of device
[ 1409.010978] loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1409.011822] Buffer I/O error on dev loop2, logical block 10, lost async page write
[ 1409.165735] loop7: detected capacity change from 0 to 40
[ 1409.192046] FAT-fs (loop7): invalid media value (0x00)
[ 1409.192719] FAT-fs (loop7): Can't find a valid FAT filesystem
23:22:22 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:22 executing program 6:
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1423.476394] loop7: detected capacity change from 0 to 40
23:22:22 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

23:22:22 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:22:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

23:22:22 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:22 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:22 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1423.501709] loop4: detected capacity change from 0 to 40
[ 1423.505591] FAT-fs (loop7): invalid media value (0x00)
[ 1423.506045] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1423.506659] FAT-fs (loop4): bogus number of reserved sectors
[ 1423.507135] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1423.534797] loop5: detected capacity change from 0 to 40
[ 1423.538056] loop2: detected capacity change from 0 to 40
23:22:22 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1423.810259] loop4: detected capacity change from 0 to 40
[ 1423.831175] FAT-fs (loop4): bogus number of reserved sectors
[ 1423.832228] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1423.870361] kworker/u4:5: attempt to access beyond end of device
[ 1423.870361] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1423.872084] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:22:22 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

23:22:22 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1423.969208] loop2: detected capacity change from 0 to 40
23:22:23 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1424.240621] loop4: detected capacity change from 0 to 40
[ 1424.291729] FAT-fs (loop4): bogus number of reserved sectors
[ 1424.292813] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1424.459505] kworker/u4:0: attempt to access beyond end of device
[ 1424.459505] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1424.461048] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:22:37 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:22:37 executing program 6:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:37 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

23:22:37 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

23:22:37 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:37 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:37 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1439.013930] loop5: detected capacity change from 0 to 40
23:22:37 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1439.029822] loop2: detected capacity change from 0 to 40
[ 1439.035401] loop7: detected capacity change from 0 to 40
[ 1439.042402] FAT-fs (loop7): bogus number of FAT sectors
[ 1439.042794] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1439.056999] loop4: detected capacity change from 0 to 40
[ 1439.059405] FAT-fs (loop4): bogus number of reserved sectors
[ 1439.060023] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1439.069648] loop6: detected capacity change from 0 to 40
23:22:38 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:22:38 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1439.274679] loop4: detected capacity change from 0 to 40
[ 1439.278876] FAT-fs (loop4): bogus number of reserved sectors
[ 1439.279389] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1439.499530] kworker/u4:4: attempt to access beyond end of device
[ 1439.499530] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1439.501093] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:22:51 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

[ 1452.447522] loop5: detected capacity change from 0 to 40
23:22:51 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:51 executing program 6:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:51 executing program 3:
socket$inet6(0xa, 0x1, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

23:22:51 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:22:51 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

23:22:51 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:51 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1452.505870] loop7: detected capacity change from 0 to 40
[ 1452.507581] loop4: detected capacity change from 0 to 40
[ 1452.515803] loop6: detected capacity change from 0 to 40
[ 1452.516886] loop2: detected capacity change from 0 to 40
[ 1452.521768] FAT-fs (loop7): bogus number of FAT sectors
[ 1452.522570] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1452.527084] FAT-fs (loop4): bogus number of reserved sectors
[ 1452.527865] FAT-fs (loop4): Can't find a valid FAT filesystem
23:22:51 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

23:22:51 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:22:51 executing program 3:
socket$inet6(0xa, 0x1, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

23:22:51 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:22:51 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1452.885535] kworker/u4:3: attempt to access beyond end of device
[ 1452.885535] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1452.887367] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:22:51 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1452.974134] loop4: detected capacity change from 0 to 40
[ 1452.983330] FAT-fs (loop4): bogus number of reserved sectors
[ 1452.984066] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1453.028224] kworker/u4:5: attempt to access beyond end of device
[ 1453.028224] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1453.029331] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1453.105231] loop5: detected capacity change from 0 to 40
[ 1453.369538] kworker/u4:5: attempt to access beyond end of device
[ 1453.369538] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1453.371033] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:23:07 executing program 6:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:07 executing program 3:
socket$inet6(0xa, 0x1, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

23:23:07 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:07 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:07 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

23:23:07 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

23:23:07 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1468.663103] loop2: detected capacity change from 0 to 40
[ 1468.670256] loop6: detected capacity change from 0 to 40
[ 1468.671057] loop4: detected capacity change from 0 to 40
[ 1468.673459] loop7: detected capacity change from 0 to 40
[ 1468.678071] FAT-fs (loop7): bogus number of FAT sectors
[ 1468.678458] FAT-fs (loop7): Can't find a valid FAT filesystem
[ 1468.697423] FAT-fs (loop4): bogus number of reserved sectors
[ 1468.698337] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1468.761159] loop5: detected capacity change from 0 to 40
23:23:07 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:07 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:07 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:23:07 executing program 3:
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1468.954992] loop4: detected capacity change from 0 to 40
[ 1468.970222] FAT-fs (loop4): invalid media value (0x00)
[ 1468.970586] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1468.986925] kworker/u4:4: attempt to access beyond end of device
[ 1468.986925] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1468.988552] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1469.009857] kworker/u4:8: attempt to access beyond end of device
[ 1469.009857] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1469.010830] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:23:07 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:07 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

23:23:08 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1469.110859] loop2: detected capacity change from 0 to 40
[ 1469.121748] loop5: detected capacity change from 0 to 40
23:23:08 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1469.215428] loop4: detected capacity change from 0 to 40
[ 1469.226563] FAT-fs (loop4): invalid media value (0x00)
[ 1469.226930] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1469.381171] kworker/u4:3: attempt to access beyond end of device
[ 1469.381171] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1469.383035] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1469.412667] kworker/u4:8: attempt to access beyond end of device
[ 1469.412667] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1469.413468] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:23:24 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:24 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:24 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:24 executing program 3:
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

23:23:24 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:23:24 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:24 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0x0)

23:23:24 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1485.685092] loop5: detected capacity change from 0 to 40
[ 1485.697068] loop2: detected capacity change from 0 to 40
[ 1485.709470] loop6: detected capacity change from 0 to 40
[ 1485.715527] loop4: detected capacity change from 0 to 40
[ 1485.718469] loop7: detected capacity change from 0 to 40
[ 1485.728418] FAT-fs (loop4): invalid media value (0x00)
[ 1485.729001] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1485.782528] syz-executor.7: attempt to access beyond end of device
[ 1485.782528] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1485.783774] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:23:24 executing program 3:
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

23:23:24 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:24 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1485.997643] kworker/u4:2: attempt to access beyond end of device
[ 1485.997643] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1485.998934] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1486.018090] loop7: detected capacity change from 0 to 40
23:23:24 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1486.038117] kworker/u4:8: attempt to access beyond end of device
[ 1486.038117] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1486.039105] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:23:24 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0x0)

[ 1486.109017] loop4: detected capacity change from 0 to 40
[ 1486.124681] syz-executor.7: attempt to access beyond end of device
[ 1486.124681] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1486.125676] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1486.130891] FAT-fs (loop4): invalid media value (0x00)
[ 1486.131499] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1486.139757] loop2: detected capacity change from 0 to 40
[ 1486.153258] loop5: detected capacity change from 0 to 40
23:23:25 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:25 executing program 3:
r0 = socket$inet6(0xa, 0x0, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1486.335734] loop7: detected capacity change from 0 to 40
23:23:25 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1486.427762] kworker/u4:4: attempt to access beyond end of device
[ 1486.427762] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1486.428652] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1486.437481] loop4: detected capacity change from 0 to 40
[ 1486.459370] syz-executor.7: attempt to access beyond end of device
[ 1486.459370] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1486.460928] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1486.466442] FAT-fs (loop4): invalid media value (0x00)
[ 1486.467479] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1486.476188] kworker/u4:2: attempt to access beyond end of device
[ 1486.476188] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1486.477207] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:23:40 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0x0)

23:23:40 executing program 3:
r0 = socket$inet6(0xa, 0x0, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

23:23:40 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:23:40 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:40 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:40 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:40 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:40 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1501.834720] loop5: detected capacity change from 0 to 40
[ 1501.839814] loop6: detected capacity change from 0 to 40
[ 1501.840752] loop2: detected capacity change from 0 to 40
[ 1501.855541] loop4: detected capacity change from 0 to 40
[ 1501.866183] loop7: detected capacity change from 0 to 40
[ 1501.873400] FAT-fs (loop4): invalid media value (0x00)
[ 1501.874192] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 1502.017877] syz-executor.5: attempt to access beyond end of device
[ 1502.017877] loop5: rw=2049, sector=116, nr_sectors = 8 limit=40
[ 1502.019087] syz-executor.5: attempt to access beyond end of device
[ 1502.019087] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1502.020242] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:23:41 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1502.077191] kworker/u4:1: attempt to access beyond end of device
[ 1502.077191] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1502.078756] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:23:41 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1502.128501] loop4: detected capacity change from 0 to 40
[ 1502.141261] FAT-fs (loop4): bogus number of FAT sectors
[ 1502.141904] FAT-fs (loop4): Can't find a valid FAT filesystem
23:23:41 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1502.213652] loop5: detected capacity change from 0 to 40
[ 1502.288916] loop4: detected capacity change from 0 to 40
[ 1502.310422] FAT-fs (loop4): bogus number of FAT sectors
[ 1502.311329] FAT-fs (loop4): Can't find a valid FAT filesystem
23:23:41 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1502.437826] loop2: detected capacity change from 0 to 40
[ 1502.567652] syz-executor.5: attempt to access beyond end of device
[ 1502.567652] loop5: rw=2049, sector=68, nr_sectors = 56 limit=40
[ 1502.570798] syz-executor.5: attempt to access beyond end of device
[ 1502.570798] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1502.573107] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:23:41 executing program 3:
r0 = socket$inet6(0xa, 0x0, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

23:23:41 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:23:41 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:41 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1502.842696] loop4: detected capacity change from 0 to 40
[ 1502.862583] loop5: detected capacity change from 0 to 40
[ 1502.885668] FAT-fs (loop4): bogus number of FAT sectors
[ 1502.886850] FAT-fs (loop4): Can't find a valid FAT filesystem
23:23:41 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:41 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1503.033373] syz-executor.5: attempt to access beyond end of device
[ 1503.033373] loop5: rw=2049, sector=116, nr_sectors = 8 limit=40
[ 1503.042430] syz-executor.5: attempt to access beyond end of device
[ 1503.042430] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1503.044134] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1503.065120] kworker/u4:0: attempt to access beyond end of device
23:23:42 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1503.065120] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1503.067314] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1503.083618] loop6: detected capacity change from 0 to 40
23:23:42 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:42 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:23:42 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1503.253285] loop2: detected capacity change from 0 to 40
[ 1503.297899] loop7: detected capacity change from 0 to 40
[ 1503.328544] loop4: detected capacity change from 0 to 40
[ 1503.400216] loop5: detected capacity change from 0 to 40
[ 1503.576238] kworker/u4:1: attempt to access beyond end of device
[ 1503.576238] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1503.578143] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1503.668235] syz-executor.5: attempt to access beyond end of device
[ 1503.668235] loop5: rw=2049, sector=92, nr_sectors = 32 limit=40
[ 1503.671896] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1503.699861] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:23:55 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

23:23:55 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:55 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1516.964523] loop2: detected capacity change from 0 to 40
23:23:55 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:23:55 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:55 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:55 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:55 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1516.985698] loop5: detected capacity change from 0 to 40
[ 1517.029619] loop4: detected capacity change from 0 to 40
[ 1517.039570] loop7: detected capacity change from 0 to 40
[ 1517.152754] bio_check_eod: 2 callbacks suppressed
[ 1517.152780] syz-executor.5: attempt to access beyond end of device
[ 1517.152780] loop5: rw=2049, sector=100, nr_sectors = 24 limit=40
[ 1517.160425] syz-executor.5: attempt to access beyond end of device
[ 1517.160425] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1517.161497] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1517.180852] kworker/u4:4: attempt to access beyond end of device
[ 1517.180852] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
23:23:56 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)

[ 1517.182386] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:23:56 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

23:23:56 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:23:56 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1517.223606] kworker/u4:4: attempt to access beyond end of device
[ 1517.223606] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1517.225332] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1517.259496] loop2: detected capacity change from 0 to 40
[ 1517.268919] loop5: detected capacity change from 0 to 40
[ 1517.407741] syz-executor.5: attempt to access beyond end of device
[ 1517.407741] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1517.409528] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1517.441800] kworker/u4:8: attempt to access beyond end of device
[ 1517.441800] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1517.442293] loop4: detected capacity change from 0 to 40
[ 1517.443408] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:23:56 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)

23:23:56 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1517.534578] kworker/u4:8: attempt to access beyond end of device
[ 1517.534578] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1517.536408] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:23:56 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1517.593254] loop2: detected capacity change from 0 to 40
23:23:56 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1517.796310] loop5: detected capacity change from 0 to 40
[ 1517.806434] loop4: detected capacity change from 0 to 40
[ 1517.974536] kworker/u4:8: attempt to access beyond end of device
[ 1517.974536] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1517.976076] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1518.085673] kworker/u4:8: attempt to access beyond end of device
[ 1518.085673] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1518.087676] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:24:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:24:12 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:12 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:24:12 executing program 3:
socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1533.579263] loop7: detected capacity change from 0 to 40
23:24:12 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:12 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:12 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:12 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1533.607102] loop4: detected capacity change from 0 to 40
[ 1533.637848] loop2: detected capacity change from 0 to 40
[ 1533.665625] loop5: detected capacity change from 0 to 40
23:24:12 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1533.962372] loop4: detected capacity change from 0 to 40
23:24:12 executing program 3:
socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1533.998611] kworker/u4:1: attempt to access beyond end of device
[ 1533.998611] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1534.000302] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:24:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

[ 1534.032463] kworker/u4:1: attempt to access beyond end of device
[ 1534.032463] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1534.033993] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1534.089552] loop2: detected capacity change from 0 to 40
23:24:13 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

23:24:13 executing program 3:
socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[ 1534.233724] loop2: detected capacity change from 0 to 40
[ 1534.263831] loop5: detected capacity change from 0 to 40
23:24:13 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1534.473584] loop4: detected capacity change from 0 to 40
23:24:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

23:24:13 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:13 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:13 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(0x0, 0x0)

[ 1534.672501] loop2: detected capacity change from 0 to 40
[ 1534.679744] kworker/u4:2: attempt to access beyond end of device
[ 1534.679744] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1534.681426] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1534.844842] loop7: detected capacity change from 0 to 40
23:24:28 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:28 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:28 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:28 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:28 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1549.254017] loop5: detected capacity change from 0 to 40
23:24:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:24:28 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(0x0, 0x0)

[ 1549.267307] FAT-fs (loop6): bogus number of reserved sectors
[ 1549.267743] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1549.283837] loop4: detected capacity change from 0 to 40
[ 1549.288437] loop7: detected capacity change from 0 to 40
[ 1549.322165] loop2: detected capacity change from 0 to 40
23:24:28 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
clone3(0x0, 0x0)

23:24:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1549.731548] kworker/u4:1: attempt to access beyond end of device
[ 1549.731548] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
23:24:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1549.733457] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1549.753723] kworker/u4:1: attempt to access beyond end of device
[ 1549.753723] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
23:24:28 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1549.755349] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1549.876596] loop4: detected capacity change from 0 to 40
23:24:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

[ 1549.915645] loop5: detected capacity change from 0 to 40
[ 1549.969845] loop2: detected capacity change from 0 to 40
[ 1550.031861] loop3: detected capacity change from 0 to 40
23:24:29 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:24:29 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:29 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:29 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1550.414079] FAT-fs (loop6): bogus number of reserved sectors
[ 1550.414819] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1550.439309] kworker/u4:1: attempt to access beyond end of device
[ 1550.439309] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
23:24:29 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1550.440793] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1550.451685] loop4: detected capacity change from 0 to 40
[ 1550.476998] kworker/u4:2: attempt to access beyond end of device
[ 1550.476998] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1550.478380] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1550.607500] loop5: detected capacity change from 0 to 40
[ 1550.621525] kworker/u4:0: attempt to access beyond end of device
[ 1550.621525] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1550.623121] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 1550.653195] loop7: detected capacity change from 0 to 40
[ 1550.838518] kworker/u4:0: attempt to access beyond end of device
[ 1550.838518] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1550.840270] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1550.939753] kworker/u4:3: attempt to access beyond end of device
[ 1550.939753] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1550.941215] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1550.974851] kworker/u4:3: attempt to access beyond end of device
[ 1550.974851] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1550.976401] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:24:45 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:45 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:24:45 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:24:45 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:45 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:24:45 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:45 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:45 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1566.636982] FAT-fs (loop6): bogus number of reserved sectors
[ 1566.637436] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1566.740788] loop4: detected capacity change from 0 to 40
[ 1566.745626] loop5: detected capacity change from 0 to 40
[ 1566.746617] loop2: detected capacity change from 0 to 40
[ 1566.751438] loop3: detected capacity change from 0 to 40
[ 1566.756218] loop7: detected capacity change from 0 to 40
[ 1566.977636] syz-executor.5: attempt to access beyond end of device
[ 1566.977636] loop5: rw=2049, sector=68, nr_sectors = 56 limit=40
[ 1566.979531] syz-executor.5: attempt to access beyond end of device
[ 1566.979531] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1566.981240] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:24:45 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1566.999192] kworker/u4:6: attempt to access beyond end of device
[ 1566.999192] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1567.000059] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1567.054149] loop2: detected capacity change from 0 to 40
23:24:46 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1567.065696] kworker/u4:0: attempt to access beyond end of device
[ 1567.065696] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1567.067289] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1567.126326] kworker/u4:6: attempt to access beyond end of device
[ 1567.126326] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1567.127333] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 1567.134142] loop4: detected capacity change from 0 to 40
[ 1567.181632] kworker/u4:0: attempt to access beyond end of device
[ 1567.181632] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1567.183162] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1567.332176] kworker/u4:1: attempt to access beyond end of device
[ 1567.332176] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1567.333649] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1567.487319] kworker/u4:2: attempt to access beyond end of device
[ 1567.487319] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1567.488505] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:24:59 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

23:24:59 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:59 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:24:59 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:59 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:24:59 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:24:59 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1580.355449] loop2: detected capacity change from 0 to 40
[ 1580.358182] loop4: detected capacity change from 0 to 40
[ 1580.370055] loop5: detected capacity change from 0 to 40
[ 1580.374123] FAT-fs (loop6): bogus number of reserved sectors
[ 1580.374571] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1580.396866] loop7: detected capacity change from 0 to 40
[ 1580.399197] loop3: detected capacity change from 0 to 40
[ 1580.521397] syz-executor.5: attempt to access beyond end of device
[ 1580.521397] loop5: rw=2049, sector=108, nr_sectors = 16 limit=40
[ 1580.522419] syz-executor.5: attempt to access beyond end of device
[ 1580.522419] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1580.523480] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:24:59 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1580.551733] kworker/u4:6: attempt to access beyond end of device
[ 1580.551733] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1580.553517] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:24:59 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1580.689575] loop4: detected capacity change from 0 to 40
[ 1580.706720] loop5: detected capacity change from 0 to 40
[ 1580.869815] syz-executor.5: attempt to access beyond end of device
[ 1580.869815] loop5: rw=2049, sector=100, nr_sectors = 24 limit=40
[ 1580.871575] syz-executor.5: attempt to access beyond end of device
[ 1580.871575] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1580.872568] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:24:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1580.922200] kworker/u4:2: attempt to access beyond end of device
[ 1580.922200] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1580.924150] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:24:59 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1580.949599] kworker/u4:6: attempt to access beyond end of device
[ 1580.949599] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1580.951330] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1580.954825] loop2: detected capacity change from 0 to 40
[ 1580.986911] kworker/u4:2: attempt to access beyond end of device
[ 1580.986911] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1580.988565] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:24:59 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:24:59 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1581.075389] loop5: detected capacity change from 0 to 40
[ 1581.123218] loop4: detected capacity change from 0 to 40
[ 1581.156729] kworker/u4:6: attempt to access beyond end of device
23:25:00 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1581.156729] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1581.158739] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1581.179591] loop7: detected capacity change from 0 to 40
[ 1581.190451] kworker/u4:6: attempt to access beyond end of device
[ 1581.190451] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
23:25:00 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1581.192676] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 1581.271675] loop3: detected capacity change from 0 to 40
[ 1581.294380] loop2: detected capacity change from 0 to 40
[ 1581.391262] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1581.426301] Buffer I/O error on dev loop3, logical block 31, lost async page write
23:25:13 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1594.600018] loop2: detected capacity change from 0 to 40
[ 1594.600740] loop5: detected capacity change from 0 to 40
23:25:13 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:25:13 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:25:13 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:25:13 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:25:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:25:13 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:25:13 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1594.635475] loop7: detected capacity change from 0 to 40
[ 1594.656760] loop4: detected capacity change from 0 to 40
[ 1594.691239] loop3: detected capacity change from 0 to 40
[ 1594.701431] FAT-fs (loop6): bogus number of reserved sectors
[ 1594.702282] FAT-fs (loop6): Can't find a valid FAT filesystem
23:25:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1594.802118] bio_check_eod: 6 callbacks suppressed
[ 1594.802132] kworker/u4:2: attempt to access beyond end of device
[ 1594.802132] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1594.803309] buffer_io_error: 3 callbacks suppressed
[ 1594.803317] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1594.863561] syz-executor.5: attempt to access beyond end of device
[ 1594.863561] loop5: rw=2049, sector=108, nr_sectors = 16 limit=40
[ 1594.890010] syz-executor.5: attempt to access beyond end of device
[ 1594.890010] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1594.892337] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1594.953074] kworker/u4:6: attempt to access beyond end of device
[ 1594.953074] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1594.955318] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:25:13 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1594.983618] loop2: detected capacity change from 0 to 40
23:25:14 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:25:14 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1595.157430] kworker/u4:6: attempt to access beyond end of device
[ 1595.157430] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1595.159057] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1595.252796] kworker/u4:6: attempt to access beyond end of device
[ 1595.252796] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
23:25:14 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1595.255176] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 1595.261740] loop7: detected capacity change from 0 to 40
23:25:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1595.437469] loop4: detected capacity change from 0 to 40
[ 1595.443560] loop3: detected capacity change from 0 to 40
[ 1595.503715] loop5: detected capacity change from 0 to 40
[ 1595.694887] loop2: detected capacity change from 0 to 40
[ 1595.764794] syz-executor.5: attempt to access beyond end of device
[ 1595.764794] loop5: rw=2049, sector=84, nr_sectors = 40 limit=40
[ 1595.765847] syz-executor.5: attempt to access beyond end of device
[ 1595.765847] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1595.766840] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1595.853345] kworker/u4:6: attempt to access beyond end of device
[ 1595.853345] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1595.855070] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1595.867819] kworker/u4:3: attempt to access beyond end of device
[ 1595.867819] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1595.870029] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1595.942295] Buffer I/O error on dev loop3, logical block 31, lost async page write
23:25:30 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:25:30 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

[ 1612.023586] loop4: detected capacity change from 0 to 40
23:25:30 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:25:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:25:30 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:25:30 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:25:30 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:25:30 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1612.037192] loop5: detected capacity change from 0 to 40
[ 1612.040236] FAT-fs (loop6): bogus number of reserved sectors
[ 1612.040666] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1612.056411] loop3: detected capacity change from 0 to 40
[ 1612.082556] loop2: detected capacity change from 0 to 40
[ 1612.103795] bio_check_eod: 1 callbacks suppressed
[ 1612.103806] syz-executor.5: attempt to access beyond end of device
[ 1612.103806] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1612.105370] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 1612.108471] loop7: detected capacity change from 0 to 40
23:25:31 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

23:25:31 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1612.202616] kworker/u4:0: attempt to access beyond end of device
23:25:31 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1612.202616] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1612.204515] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:25:31 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1612.257204] loop3: detected capacity change from 0 to 40
[ 1612.270481] loop5: detected capacity change from 0 to 40
[ 1612.332300] syz-executor.5: attempt to access beyond end of device
[ 1612.332300] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1612.333217] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 1612.381611] loop4: detected capacity change from 0 to 40
[ 1612.414718] loop2: detected capacity change from 0 to 40
[ 1612.467015] kworker/u4:3: attempt to access beyond end of device
[ 1612.467015] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1612.468736] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1612.544593] kworker/u4:4: attempt to access beyond end of device
[ 1612.544593] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1612.545495] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1612.669471] kworker/u4:4: attempt to access beyond end of device
[ 1612.669471] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1612.670785] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:25:45 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:25:45 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:25:45 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:25:45 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

23:25:45 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:25:45 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:25:45 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:25:45 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1626.369550] loop5: detected capacity change from 0 to 40
[ 1626.371918] loop7: detected capacity change from 0 to 40
[ 1626.377916] loop3: detected capacity change from 0 to 40
[ 1626.379865] loop6: detected capacity change from 0 to 40
[ 1626.384543] FAT-fs (loop6): bogus number of reserved sectors
[ 1626.385179] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1626.419214] loop4: detected capacity change from 0 to 40
[ 1626.421976] loop2: detected capacity change from 0 to 40
[ 1626.497662] syz-executor.5: attempt to access beyond end of device
[ 1626.497662] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1626.498621] Buffer I/O error on dev loop5, logical block 10, lost async page write
23:25:45 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:25:45 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1626.717151] loop3: detected capacity change from 0 to 40
[ 1626.773333] loop5: detected capacity change from 0 to 40
[ 1626.841384] syz-executor.5: attempt to access beyond end of device
[ 1626.841384] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1626.842259] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 1626.867248] kworker/u4:8: attempt to access beyond end of device
[ 1626.867248] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1626.868835] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:25:45 executing program 2:
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:25:45 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1626.902839] kworker/u4:4: attempt to access beyond end of device
[ 1626.902839] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1626.904322] Buffer I/O error on dev loop3, logical block 31, lost async page write
23:25:45 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:25:45 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:25:45 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1626.932700] kworker/u4:4: attempt to access beyond end of device
[ 1626.932700] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1626.934408] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1626.944455] kworker/u4:4: attempt to access beyond end of device
[ 1626.944455] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1626.946092] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1626.956687] loop5: detected capacity change from 0 to 40
[ 1626.969850] loop3: detected capacity change from 0 to 40
23:25:45 executing program 2:
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1627.040243] syz-executor.5: attempt to access beyond end of device
[ 1627.040243] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1627.041225] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 1627.067585] loop4: detected capacity change from 0 to 40
[ 1627.170870] loop7: detected capacity change from 0 to 40
[ 1627.172319] kworker/u4:4: attempt to access beyond end of device
[ 1627.172319] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1627.173991] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 1627.241749] kworker/u4:8: attempt to access beyond end of device
[ 1627.241749] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1627.243198] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1627.317449] kworker/u4:4: attempt to access beyond end of device
[ 1627.317449] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1627.319732] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:26:00 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:26:00 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:26:00 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:00 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:00 executing program 2:
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:26:00 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:00 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:26:00 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1641.979904] loop6: detected capacity change from 0 to 40
[ 1641.993589] loop4: detected capacity change from 0 to 40
[ 1641.995357] FAT-fs (loop6): bogus number of reserved sectors
[ 1641.995855] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1642.009721] loop5: detected capacity change from 0 to 40
[ 1642.050591] loop7: detected capacity change from 0 to 40
[ 1642.055303] loop3: detected capacity change from 0 to 40
23:26:01 executing program 2:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1642.102632] syz-executor.5: attempt to access beyond end of device
[ 1642.102632] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1642.103803] Buffer I/O error on dev loop5, logical block 10, lost async page write
23:26:01 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1642.318710] loop2: detected capacity change from 0 to 40
[ 1642.325122] kworker/u4:3: attempt to access beyond end of device
[ 1642.325122] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1642.326686] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:26:01 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1642.401821] kworker/u4:4: attempt to access beyond end of device
[ 1642.401821] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1642.403671] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:26:01 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:26:01 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1642.465860] loop7: detected capacity change from 0 to 40
[ 1642.598430] loop4: detected capacity change from 0 to 40
[ 1642.604156] kworker/u4:4: attempt to access beyond end of device
[ 1642.604156] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1642.605715] Buffer I/O error on dev loop3, logical block 31, lost async page write
23:26:01 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1642.610064] loop5: detected capacity change from 0 to 40
23:26:01 executing program 2:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1642.769846] loop2: detected capacity change from 0 to 40
[ 1642.812739] kworker/u4:0: attempt to access beyond end of device
[ 1642.812739] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1642.814251] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:26:01 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1642.838087] syz-executor.5: attempt to access beyond end of device
[ 1642.838087] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1642.840043] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 1642.859993] kworker/u4:2: attempt to access beyond end of device
[ 1642.859993] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1642.861599] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:26:01 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1642.906419] loop3: detected capacity change from 0 to 40
23:26:01 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:01 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1643.013186] loop7: detected capacity change from 0 to 40
[ 1643.026602] loop4: detected capacity change from 0 to 40
23:26:02 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:02 executing program 2:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1643.108799] loop5: detected capacity change from 0 to 40
[ 1643.202340] syz-executor.5: attempt to access beyond end of device
[ 1643.202340] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1643.204094] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 1643.213094] loop6: detected capacity change from 0 to 40
[ 1643.245828] FAT-fs (loop6): bogus number of reserved sectors
[ 1643.247080] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1643.278248] kworker/u4:3: attempt to access beyond end of device
[ 1643.278248] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1643.279753] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1643.326991] loop2: detected capacity change from 0 to 40
[ 1643.467163] kworker/u4:0: attempt to access beyond end of device
[ 1643.467163] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1643.468736] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:26:16 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:16 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:26:16 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:16 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:16 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:16 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:16 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:26:16 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1657.539262] loop6: detected capacity change from 0 to 40
[ 1657.543678] loop7: detected capacity change from 0 to 40
[ 1657.544732] loop4: detected capacity change from 0 to 40
[ 1657.552295] FAT-fs (loop6): bogus number of reserved sectors
[ 1657.552739] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1657.555529] loop3: detected capacity change from 0 to 40
[ 1657.577059] loop5: detected capacity change from 0 to 40
[ 1657.620925] loop2: detected capacity change from 0 to 40
[ 1657.674989] syz-executor.5: attempt to access beyond end of device
[ 1657.674989] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1657.675868] Buffer I/O error on dev loop5, logical block 10, lost async page write
23:26:16 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1657.720260] syz-executor.7: attempt to access beyond end of device
[ 1657.720260] loop7: rw=2049, sector=92, nr_sectors = 32 limit=40
[ 1657.728016] syz-executor.7: attempt to access beyond end of device
[ 1657.728016] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1657.728859] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:26:16 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:26:16 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:16 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x0)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1657.808242] kworker/u4:6: attempt to access beyond end of device
[ 1657.808242] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1657.810023] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1657.811141] loop3: detected capacity change from 0 to 40
23:26:16 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1657.860621] loop2: detected capacity change from 0 to 40
[ 1657.887378] loop5: detected capacity change from 0 to 40
[ 1657.888010] loop4: detected capacity change from 0 to 40
[ 1657.919837] loop7: detected capacity change from 0 to 40
[ 1657.985023] syz-executor.5: attempt to access beyond end of device
[ 1657.985023] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1657.985912] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 1658.102558] syz-executor.7: attempt to access beyond end of device
[ 1658.102558] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1658.104253] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1658.118212] kworker/u4:4: attempt to access beyond end of device
[ 1658.118212] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1658.119921] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:26:29 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:29 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:26:29 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:29 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:26:29 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:26:29 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x0)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:29 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:30 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1671.071470] loop3: detected capacity change from 0 to 40
[ 1671.084088] loop5: detected capacity change from 0 to 40
[ 1671.087110] loop2: detected capacity change from 0 to 40
[ 1671.100615] loop4: detected capacity change from 0 to 40
[ 1671.116256] syz-executor.5: attempt to access beyond end of device
[ 1671.116256] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1671.117202] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 1671.122136] loop7: detected capacity change from 0 to 40
[ 1671.172194] loop6: detected capacity change from 0 to 40
23:26:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1671.183992] FAT-fs (loop6): bogus number of reserved sectors
[ 1671.184504] FAT-fs (loop6): Can't find a valid FAT filesystem
23:26:30 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x0)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1671.239533] syz-executor.7: attempt to access beyond end of device
[ 1671.239533] loop7: rw=2049, sector=108, nr_sectors = 16 limit=40
[ 1671.245887] syz-executor.7: attempt to access beyond end of device
[ 1671.245887] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1671.246869] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1671.303451] loop5: detected capacity change from 0 to 40
23:26:30 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

[ 1671.322357] kworker/u4:0: attempt to access beyond end of device
[ 1671.322357] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1671.323980] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1671.358721] kworker/u4:0: attempt to access beyond end of device
[ 1671.358721] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1671.360439] Buffer I/O error on dev loop3, logical block 31, lost async page write
23:26:30 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:26:30 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:26:30 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1671.486463] loop3: detected capacity change from 0 to 40
[ 1671.489725] loop4: detected capacity change from 0 to 40
[ 1671.509056] syz-executor.5: attempt to access beyond end of device
[ 1671.509056] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1671.510768] Buffer I/O error on dev loop5, logical block 10, lost async page write
23:26:30 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1671.636473] loop5: detected capacity change from 0 to 40
[ 1671.641967] loop7: detected capacity change from 0 to 40
[ 1671.833467] syz-executor.7: attempt to access beyond end of device
[ 1671.833467] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1671.835245] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1671.857673] syz-executor.5: attempt to access beyond end of device
[ 1671.857673] loop5: rw=2049, sector=100, nr_sectors = 24 limit=40
[ 1671.864425] kworker/u4:3: attempt to access beyond end of device
[ 1671.864425] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1671.865266] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 1671.872736] syz-executor.5: attempt to access beyond end of device
[ 1671.872736] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1671.873791] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1671.892922] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:26:45 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:45 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:45 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:26:45 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:45 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

23:26:45 executing program 3:
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:26:45 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:45 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1686.827800] loop7: detected capacity change from 0 to 40
[ 1686.830579] loop5: detected capacity change from 0 to 40
[ 1686.838143] loop6: detected capacity change from 0 to 40
[ 1686.841723] loop4: detected capacity change from 0 to 40
[ 1686.853742] FAT-fs (loop6): bogus number of reserved sectors
[ 1686.854176] FAT-fs (loop6): Can't find a valid FAT filesystem
23:26:45 executing program 3:
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1686.963620] bio_check_eod: 1 callbacks suppressed
23:26:45 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1686.963633] syz-executor.5: attempt to access beyond end of device
[ 1686.963633] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1686.965464] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1687.035277] syz-executor.7: attempt to access beyond end of device
[ 1687.035277] loop7: rw=2049, sector=100, nr_sectors = 24 limit=40
[ 1687.036589] syz-executor.7: attempt to access beyond end of device
[ 1687.036589] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1687.037620] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1687.079379] kworker/u4:2: attempt to access beyond end of device
[ 1687.079379] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1687.080223] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1687.084125] FAT-fs (loop2): bogus number of reserved sectors
[ 1687.084764] FAT-fs (loop2): Can't find a valid FAT filesystem
23:26:46 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

23:26:46 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1687.143834] loop5: detected capacity change from 0 to 40
23:26:46 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:46 executing program 3:
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1687.204917] loop4: detected capacity change from 0 to 40
23:26:46 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1687.217971] loop7: detected capacity change from 0 to 40
[ 1687.263423] FAT-fs (loop2): bogus number of reserved sectors
[ 1687.263917] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1687.330353] syz-executor.5: attempt to access beyond end of device
[ 1687.330353] loop5: rw=2049, sector=108, nr_sectors = 16 limit=40
[ 1687.337324] syz-executor.5: attempt to access beyond end of device
[ 1687.337324] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1687.338209] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:26:46 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1687.397850] syz-executor.7: attempt to access beyond end of device
[ 1687.397850] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1687.398836] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1687.447295] kworker/u4:4: attempt to access beyond end of device
[ 1687.447295] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1687.448196] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1687.456329] FAT-fs (loop2): bogus number of reserved sectors
[ 1687.456883] FAT-fs (loop2): Can't find a valid FAT filesystem
23:26:59 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:59 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1700.405288] loop6: detected capacity change from 0 to 40
23:26:59 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:59 executing program 3:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:26:59 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, 0x0, 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:59 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x0)

23:26:59 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

23:26:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1700.412205] FAT-fs (loop2): bogus number of reserved sectors
[ 1700.412626] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1700.413577] FAT-fs (loop6): bogus number of reserved sectors
[ 1700.414155] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1700.423258] loop5: detected capacity change from 0 to 40
[ 1700.435286] loop7: detected capacity change from 0 to 40
[ 1700.449585] loop3: detected capacity change from 0 to 40
[ 1700.504865] syz-executor.7: attempt to access beyond end of device
[ 1700.504865] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1700.505779] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 1700.524721] loop4: detected capacity change from 0 to 40
[ 1700.567826] syz-executor.5: attempt to access beyond end of device
[ 1700.567826] loop5: rw=2049, sector=100, nr_sectors = 24 limit=40
[ 1700.569005] syz-executor.5: attempt to access beyond end of device
[ 1700.569005] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1700.569861] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:26:59 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1700.625376] loop7: detected capacity change from 0 to 40
23:26:59 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, 0x0, 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1700.690827] syz-executor.7: attempt to access beyond end of device
[ 1700.690827] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1700.691904] Buffer I/O error on dev loop7, logical block 10, lost async page write
23:26:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1700.720695] FAT-fs (loop2): bogus number of reserved sectors
[ 1700.721202] FAT-fs (loop2): Can't find a valid FAT filesystem
23:26:59 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:26:59 executing program 3:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1700.779796] loop5: detected capacity change from 0 to 40
23:26:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1700.836089] loop7: detected capacity change from 0 to 40
23:26:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1700.896264] loop3: detected capacity change from 0 to 40
23:26:59 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

[ 1700.936881] loop2: detected capacity change from 0 to 40
[ 1700.943982] FAT-fs (loop2): bogus number of reserved sectors
[ 1700.944411] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1701.021534] syz-executor.7: attempt to access beyond end of device
[ 1701.021534] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1701.023387] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 1701.118625] kworker/u4:2: attempt to access beyond end of device
[ 1701.118625] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1701.120295] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1701.153287] syz-executor.5: attempt to access beyond end of device
[ 1701.153287] loop5: rw=2049, sector=76, nr_sectors = 48 limit=40
[ 1701.171841] syz-executor.5: attempt to access beyond end of device
[ 1701.171841] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1701.173683] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:27:12 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
r2 = openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32=r2, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:27:12 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:27:12 executing program 3:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:27:12 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x0)

23:27:12 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

23:27:12 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:27:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:27:12 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, 0x0, 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1713.463869] loop6: detected capacity change from 0 to 40
[ 1713.467098] loop2: detected capacity change from 0 to 40
[ 1713.469498] loop5: detected capacity change from 0 to 40
[ 1713.473341] FAT-fs (loop2): bogus number of reserved sectors
[ 1713.473764] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1713.474865] FAT-fs (loop6): bogus number of reserved sectors
[ 1713.475426] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1713.481696] loop4: detected capacity change from 0 to 40
[ 1713.507493] loop7: detected capacity change from 0 to 40
[ 1713.534062] loop3: detected capacity change from 0 to 40
[ 1713.576015] syz-executor.7: attempt to access beyond end of device
[ 1713.576015] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1713.576442] syz-executor.5: attempt to access beyond end of device
[ 1713.576442] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1713.576838] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 1713.578490] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:27:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:27:12 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x0, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:27:12 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:27:12 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

[ 1713.690700] loop2: detected capacity change from 0 to 40
[ 1713.699356] FAT-fs (loop2): bogus number of reserved sectors
[ 1713.699769] FAT-fs (loop2): Can't find a valid FAT filesystem
23:27:12 executing program 0:
mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0)
mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000d40)='./file0\x00', 0x0, 0x1a901c, 0x0)
acct(&(0x7f0000000280)='./file0\x00')
umount2(&(0x7f0000000140)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
statfs(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)=""/136)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10)

23:27:12 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1713.732132] kworker/u4:9: attempt to access beyond end of device
[ 1713.732132] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1713.733707] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:27:12 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x0)

[ 1713.749241] loop5: detected capacity change from 0 to 40
[ 1713.801900] loop3: detected capacity change from 0 to 40
[ 1713.818525] loop7: detected capacity change from 0 to 40
23:27:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1713.847319] Process accounting resumed
[ 1713.867976] loop4: detected capacity change from 0 to 40
[ 1713.901351] syz-executor.7: attempt to access beyond end of device
[ 1713.901351] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1713.902492] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 1713.915264] kworker/u4:9: attempt to access beyond end of device
[ 1713.915264] loop5: rw=1, sector=68, nr_sectors = 40 limit=40
[ 1713.922319] kworker/u4:2: attempt to access beyond end of device
[ 1713.922319] loop5: rw=1, sector=108, nr_sectors = 8 limit=40
[ 1713.931783] loop2: detected capacity change from 0 to 40
[ 1713.940449] kworker/u4:8: attempt to access beyond end of device
[ 1713.940449] loop5: rw=1, sector=116, nr_sectors = 8 limit=40
23:27:12 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

[ 1713.954690] kworker/u4:8: attempt to access beyond end of device
[ 1713.954690] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1713.956616] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1713.961959] syz-executor.5: attempt to access beyond end of device
[ 1713.961959] loop5: rw=2049, sector=108, nr_sectors = 4 limit=40
[ 1713.962919] Buffer I/O error on dev loop5, logical block 27, lost async page write
[ 1713.967000] FAT-fs (loop2): bogus number of reserved sectors
[ 1713.967438] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1713.970310] kworker/u4:8: attempt to access beyond end of device
[ 1713.970310] loop4: rw=1, sector=44, nr_sectors = 8 limit=40
[ 1714.237901] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1729.510025] loop6: detected capacity change from 0 to 40
23:27:28 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x0, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:27:28 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
r2 = openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32=r2, @ANYBLOB="9b000000000000002e2f66696c653100"])
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

23:27:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:27:28 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:27:28 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:27:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
r2 = openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32=r2, @ANYBLOB="9b000000000000002e2f66696c653100"])
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

23:27:28 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

23:27:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1729.513771] loop3: detected capacity change from 0 to 40
[ 1729.517832] FAT-fs (loop6): bogus number of reserved sectors
[ 1729.518253] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1729.525812] loop5: detected capacity change from 0 to 40
[ 1729.578821] loop7: detected capacity change from 0 to 40
[ 1729.587408] loop2: detected capacity change from 0 to 40
[ 1729.593285] loop4: detected capacity change from 0 to 40
[ 1729.629763] FAT-fs (loop2): bogus number of reserved sectors
[ 1729.630926] FAT-fs (loop2): Can't find a valid FAT filesystem
23:27:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1729.754577] bio_check_eod: 2 callbacks suppressed
[ 1729.754605] syz-executor.7: attempt to access beyond end of device
[ 1729.754605] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1729.757278] Buffer I/O error on dev loop7, logical block 10, lost async page write
23:27:28 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0x0)

[ 1729.826378] syz-executor.5: attempt to access beyond end of device
[ 1729.826378] loop5: rw=2049, sector=84, nr_sectors = 40 limit=40
[ 1729.853891] syz-executor.5: attempt to access beyond end of device
[ 1729.853891] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1729.855634] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:27:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:27:28 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc) (fail_nth: 1)

[ 1729.909234] loop3: detected capacity change from 0 to 40
23:27:28 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1729.989655] loop2: detected capacity change from 0 to 40
[ 1730.009784] FAT-fs (loop2): bogus number of reserved sectors
[ 1730.010738] FAT-fs (loop2): Can't find a valid FAT filesystem
23:27:28 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x0, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1730.081310] kworker/u4:2: attempt to access beyond end of device
[ 1730.081310] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1730.082803] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:27:29 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
r2 = openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32=r2, @ANYBLOB="9b000000000000002e2f66696c653100"])
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

[ 1730.109468] loop7: detected capacity change from 0 to 40
[ 1730.117872] FAULT_INJECTION: forcing a failure.
[ 1730.117872] name failslab, interval 1, probability 0, space 0, times 0
[ 1730.119673] CPU: 0 PID: 8838 Comm: syz-executor.0 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1730.120667] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1730.121677] Call Trace:
[ 1730.122012]  <TASK>
[ 1730.122306]  dump_stack_lvl+0x8f/0xb7
[ 1730.122813]  should_fail_ex.cold+0x5/0xa
[ 1730.123349]  ? jbd2__journal_start+0x194/0x8d0
[ 1730.123938]  should_failslab+0x9/0x20
[ 1730.124436]  kmem_cache_alloc+0x5a/0x410
[ 1730.124950]  ? lock_is_held_type+0xdb/0x130
[ 1730.125557]  jbd2__journal_start+0x194/0x8d0
[ 1730.126147]  __ext4_journal_start_sb+0x4a5/0x6b0
[ 1730.126756]  ? ext4_dirty_inode+0xa5/0x130
[ 1730.127302]  ? __pfx_ext4_dirty_inode+0x10/0x10
[ 1730.127901]  ext4_dirty_inode+0xa5/0x130
[ 1730.128432]  __mark_inode_dirty+0x1aa/0xe70
[ 1730.129024]  generic_update_time+0x21b/0x2b0
[ 1730.129606]  file_modified_flags+0x2d4/0x330
[ 1730.130207]  ? __pfx_file_modified_flags+0x10/0x10
[ 1730.130842]  ? __pfx_down_write+0x10/0x10
[ 1730.131375]  ? lock_is_held_type+0xdb/0x130
[ 1730.131967]  ext4_fallocate+0x3e2/0x3eb0
[ 1730.132503]  ? lock_acquire+0x1b6/0x530
[ 1730.133054]  ? __pfx_ext4_fallocate+0x10/0x10
[ 1730.133644]  ? lock_is_held_type+0xdb/0x130
[ 1730.134221]  ? __pfx_ext4_fallocate+0x10/0x10
[ 1730.134802]  vfs_fallocate+0x48d/0xe00
[ 1730.135319]  __x64_sys_fallocate+0xd3/0x140
[ 1730.135866]  do_syscall_64+0x3f/0x90
[ 1730.136352]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1730.137023] RIP: 0033:0x7f28147cab19
[ 1730.137500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1730.139678] RSP: 002b:00007f2811d40188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 1730.140642] RAX: ffffffffffffffda RBX: 00007f28148ddf60 RCX: 00007f28147cab19
[ 1730.141519] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 1730.142399] RBP: 00007f2811d401d0 R08: 0000000000000000 R09: 0000000000000000
[ 1730.143287] R10: 00000000087ffffc R11: 0000000000000246 R12: 0000000000000001
[ 1730.144156] R13: 00007ffcd90ff65f R14: 00007f2811d40300 R15: 0000000000022000
[ 1730.145087]  </TASK>
23:27:29 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:27:29 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0x0)

[ 1730.206469] loop4: detected capacity change from 0 to 40
[ 1730.221431] loop5: detected capacity change from 0 to 40
23:27:29 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1730.295363] syz-executor.7: attempt to access beyond end of device
[ 1730.295363] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1730.297106] Buffer I/O error on dev loop7, logical block 10, lost async page write
23:27:29 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1730.413239] loop2: detected capacity change from 0 to 40
[ 1730.430770] FAT-fs (loop2): bogus number of reserved sectors
[ 1730.431568] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1730.513277] loop7: detected capacity change from 0 to 40
[ 1730.526879] syz-executor.5: attempt to access beyond end of device
[ 1730.526879] loop5: rw=2049, sector=68, nr_sectors = 56 limit=40
[ 1730.531229] syz-executor.5: attempt to access beyond end of device
[ 1730.531229] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1730.532757] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1730.543445] kworker/u4:8: attempt to access beyond end of device
[ 1730.543445] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1730.546645] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1730.593915] syz-executor.7: attempt to access beyond end of device
[ 1730.593915] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1730.595529] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 1745.086733] loop5: detected capacity change from 0 to 40
23:27:44 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc) (fail_nth: 2)

23:27:44 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:27:44 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:27:44 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:27:44 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
r2 = openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32=r2, @ANYBLOB="9b000000000000002e2f66696c653100"])
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

23:27:44 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0x0)

23:27:44 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:27:44 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1745.122863] loop6: detected capacity change from 0 to 40
[ 1745.131950] FAT-fs (loop6): bogus number of reserved sectors
[ 1745.132362] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1745.160330] loop4: detected capacity change from 0 to 40
[ 1745.166595] syz-executor.5: attempt to access beyond end of device
[ 1745.166595] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1745.167520] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1745.172289] loop7: detected capacity change from 0 to 40
[ 1745.197304] loop2: detected capacity change from 0 to 40
[ 1745.222602] FAT-fs (loop2): bogus number of reserved sectors
[ 1745.223491] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1745.231238] syz-executor.7: attempt to access beyond end of device
[ 1745.231238] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1745.232173] Buffer I/O error on dev loop7, logical block 10, lost async page write
23:27:44 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:27:44 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:27:44 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc) (fail_nth: 3)

23:27:44 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:27:44 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1745.377433] loop5: detected capacity change from 0 to 40
[ 1745.443705] loop2: detected capacity change from 0 to 40
[ 1745.448465] loop7: detected capacity change from 0 to 40
[ 1745.453138] FAULT_INJECTION: forcing a failure.
[ 1745.453138] name failslab, interval 1, probability 0, space 0, times 0
[ 1745.454026] CPU: 1 PID: 8889 Comm: syz-executor.0 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1745.454573] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1745.455129] Call Trace:
[ 1745.455308]  <TASK>
[ 1745.455474]  dump_stack_lvl+0x8f/0xb7
[ 1745.455747]  should_fail_ex.cold+0x5/0xa
[ 1745.456045]  ? jbd2__journal_start+0x194/0x8d0
[ 1745.456373]  should_failslab+0x9/0x20
[ 1745.456656]  kmem_cache_alloc+0x5a/0x410
[ 1745.456951]  ? lock_is_held_type+0xdb/0x130
[ 1745.457286]  jbd2__journal_start+0x194/0x8d0
[ 1745.457610]  __ext4_journal_start_sb+0x4a5/0x6b0
[ 1745.457941]  ? ext4_alloc_file_blocks.isra.0+0x2a2/0xbd0
[ 1745.458318]  ? ext4_meta_trans_blocks+0x252/0x310
[ 1745.458663]  ext4_alloc_file_blocks.isra.0+0x2a2/0xbd0
[ 1745.459020]  ? rcu_read_lock_sched_held+0x42/0x80
[ 1745.459367]  ? __mark_inode_dirty+0x249/0xe70
[ 1745.459698]  ? __pfx_ext4_alloc_file_blocks.isra.0+0x10/0x10
[ 1745.460097]  ? __mnt_drop_write_file+0x4e/0xf0
[ 1745.460424]  ? __pfx_file_modified_flags+0x10/0x10
[ 1745.460781]  ? __pfx_down_write+0x10/0x10
[ 1745.461071]  ? lock_is_held_type+0xdb/0x130
[ 1745.461391]  ext4_fallocate+0x437/0x3eb0
[ 1745.461684]  ? lock_acquire+0x1b6/0x530
[ 1745.461980]  ? __pfx_ext4_fallocate+0x10/0x10
[ 1745.462294]  ? lock_is_held_type+0xdb/0x130
[ 1745.462608]  ? __pfx_ext4_fallocate+0x10/0x10
[ 1745.462926]  vfs_fallocate+0x48d/0xe00
[ 1745.463208]  __x64_sys_fallocate+0xd3/0x140
[ 1745.463527]  do_syscall_64+0x3f/0x90
[ 1745.463808]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1745.464181] RIP: 0033:0x7f28147cab19
[ 1745.464457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1745.465729] RSP: 002b:00007f2811d40188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 1745.466302] RAX: ffffffffffffffda RBX: 00007f28148ddf60 RCX: 00007f28147cab19
[ 1745.466777] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 1745.467251] RBP: 00007f2811d401d0 R08: 0000000000000000 R09: 0000000000000000
[ 1745.467717] R10: 00000000087ffffc R11: 0000000000000246 R12: 0000000000000001
[ 1745.468184] R13: 00007ffcd90ff65f R14: 00007f2811d40300 R15: 0000000000022000
[ 1745.468669]  </TASK>
[ 1745.473021] FAT-fs (loop2): bogus number of reserved sectors
[ 1745.473467] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1745.528613] syz-executor.5: attempt to access beyond end of device
[ 1745.528613] loop5: rw=2049, sector=108, nr_sectors = 16 limit=40
[ 1745.531948] syz-executor.7: attempt to access beyond end of device
[ 1745.531948] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1745.532814] Buffer I/O error on dev loop7, logical block 10, lost async page write
23:27:44 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1745.536912] syz-executor.5: attempt to access beyond end of device
[ 1745.536912] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1745.538964] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1745.548465] kworker/u4:2: attempt to access beyond end of device
[ 1745.548465] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1745.549325] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:27:44 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
r2 = openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32=r2, @ANYBLOB="9b000000000000002e2f66696c653100"])

[ 1745.647161] loop4: detected capacity change from 0 to 40
[ 1745.672110] FAT-fs (loop3): bogus number of reserved sectors
[ 1745.673202] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1745.820916] kworker/u4:3: attempt to access beyond end of device
[ 1745.820916] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1745.821963] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:27:58 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:27:58 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
r2 = openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000895a8c3cd199c9e324c71ae0ac17d7122c8a8e033787a7c5af5cf2f3d3aed144fb243f32fe589843490dc0e8b0c48c5bf2c9e16bda9f323a925df1d5e367d6fbfa87096908f5d195ce59e85cc61a44bdabc6c58273f934ce656ab83ccb13d1bb48d66ff6decf72b5602d13459c0ecb6b48e35c607bc1d5c9e22d7d6b3b71a0b7f87f264efaf3b4619f0f2a6200b05d89933f9b3a452736dddc9dd351c55b5ce64fc26d3209b64956161c3c8b5819a860a7481166491c717b809255e11f7651d6", @ANYRES32=r2, @ANYBLOB="9b000000000000002e2f66696c653100"])

23:27:58 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:27:58 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc) (fail_nth: 4)

23:27:58 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:27:58 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:27:58 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x0, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:27:58 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1759.364500] loop2: detected capacity change from 0 to 40
[ 1759.368335] loop5: detected capacity change from 0 to 40
[ 1759.376358] loop7: detected capacity change from 0 to 40
[ 1759.378130] FAT-fs (loop3): bogus number of reserved sectors
[ 1759.378687] loop4: detected capacity change from 0 to 40
[ 1759.378876] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1759.384685] FAT-fs (loop2): bogus number of reserved sectors
[ 1759.385317] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1759.422408] syz-executor.7: attempt to access beyond end of device
[ 1759.422408] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1759.423266] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 1759.435440] loop6: detected capacity change from 0 to 40
23:27:58 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc) (fail_nth: 5)

[ 1759.453743] FAT-fs (loop6): bogus number of reserved sectors
[ 1759.454606] FAT-fs (loop6): Can't find a valid FAT filesystem
23:27:58 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:27:58 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1759.558640] FAULT_INJECTION: forcing a failure.
[ 1759.558640] name failslab, interval 1, probability 0, space 0, times 0
[ 1759.558671] kworker/u4:8: attempt to access beyond end of device
[ 1759.558671] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1759.560172] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1759.561639] CPU: 1 PID: 8925 Comm: syz-executor.0 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1759.562188] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1759.562741] Call Trace:
[ 1759.562924]  <TASK>
[ 1759.563103]  dump_stack_lvl+0x8f/0xb7
[ 1759.563389]  should_fail_ex.cold+0x5/0xa
[ 1759.563695]  should_failslab+0x9/0x20
[ 1759.563970]  __kmem_cache_alloc_node+0x5b/0x400
[ 1759.564305]  ? ext4_find_extent+0xa41/0xd30
[ 1759.564621]  ? __pfx_mark_lock.part.0+0x10/0x10
[ 1759.564955]  ? ext4_find_extent+0xa41/0xd30
[ 1759.565253]  __kmalloc+0x46/0xc0
[ 1759.565517]  ext4_find_extent+0xa41/0xd30
[ 1759.565829]  ext4_ext_map_blocks+0x1c7/0x5d40
[ 1759.566170]  ? __pfx___lock_acquire+0x10/0x10
[ 1759.566500]  ? __pfx___lock_acquire+0x10/0x10
[ 1759.566827]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 1759.567185]  ? lock_acquire+0x1b6/0x530
[ 1759.567483]  ? __pfx_lock_acquire+0x10/0x10
[ 1759.567794]  ? lock_release+0x3b6/0x750
[ 1759.568101]  ? lock_is_held_type+0xdb/0x130
[ 1759.568445]  ? down_write+0x157/0x220
[ 1759.568737]  ? __pfx_down_write+0x10/0x10
[ 1759.569067]  ext4_map_blocks+0x776/0x19e0
[ 1759.569392]  ? __pfx_ext4_map_blocks+0x10/0x10
[ 1759.569742]  ? rcu_read_lock_sched_held+0x42/0x80
[ 1759.570115]  ? jbd2__journal_start+0xf7/0x8d0
[ 1759.570469]  ? __ext4_journal_start_sb+0x4a5/0x6b0
[ 1759.570835]  ? __ext4_journal_start_sb+0x1e0/0x6b0
[ 1759.571202]  ? ext4_alloc_file_blocks.isra.0+0x2a2/0xbd0
[ 1759.571602]  ? ext4_meta_trans_blocks+0x252/0x310
[ 1759.571977]  ext4_alloc_file_blocks.isra.0+0x2df/0xbd0
[ 1759.572369]  ? rcu_read_lock_sched_held+0x42/0x80
[ 1759.572713]  ? __mark_inode_dirty+0x249/0xe70
[ 1759.573061]  ? __pfx_ext4_alloc_file_blocks.isra.0+0x10/0x10
[ 1759.573464]  ? __mnt_drop_write_file+0x4e/0xf0
[ 1759.573813]  ? __pfx_file_modified_flags+0x10/0x10
[ 1759.574160]  ? __pfx_down_write+0x10/0x10
[ 1759.574469]  ? lock_is_held_type+0xdb/0x130
[ 1759.574783]  ext4_fallocate+0x437/0x3eb0
[ 1759.575093]  ? lock_acquire+0x1b6/0x530
[ 1759.575382]  ? __pfx_ext4_fallocate+0x10/0x10
[ 1759.575725]  ? lock_is_held_type+0xdb/0x130
[ 1759.576038]  ? __pfx_ext4_fallocate+0x10/0x10
[ 1759.576358]  vfs_fallocate+0x48d/0xe00
[ 1759.576665]  __x64_sys_fallocate+0xd3/0x140
[ 1759.576966]  do_syscall_64+0x3f/0x90
[ 1759.577253]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1759.577622] RIP: 0033:0x7f28147cab19
[ 1759.577902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1759.579075] RSP: 002b:00007f2811d40188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 1759.579623] RAX: ffffffffffffffda RBX: 00007f28148ddf60 RCX: 00007f28147cab19
[ 1759.580141] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 1759.580654] RBP: 00007f2811d401d0 R08: 0000000000000000 R09: 0000000000000000
[ 1759.581162] R10: 00000000087ffffc R11: 0000000000000246 R12: 0000000000000001
[ 1759.581680] R13: 00007ffcd90ff65f R14: 00007f2811d40300 R15: 0000000000022000
[ 1759.582220]  </TASK>
23:27:58 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)

[ 1759.597695] loop7: detected capacity change from 0 to 40
[ 1759.604529] syz-executor.5: attempt to access beyond end of device
[ 1759.604529] loop5: rw=2049, sector=84, nr_sectors = 40 limit=40
[ 1759.611101] syz-executor.5: attempt to access beyond end of device
[ 1759.611101] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1759.612828] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:27:58 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1759.657380] loop2: detected capacity change from 0 to 40
[ 1759.662557] FAT-fs (loop2): bogus number of reserved sectors
[ 1759.663158] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1759.688450] syz-executor.7: attempt to access beyond end of device
[ 1759.688450] loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 1759.689333] Buffer I/O error on dev loop7, logical block 10, lost async page write
[ 1759.695157] loop4: detected capacity change from 0 to 40
23:27:58 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc) (fail_nth: 6)

23:27:58 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1759.755107] FAT-fs (loop3): bogus number of reserved sectors
[ 1759.755622] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1759.782499] loop5: detected capacity change from 0 to 40
[ 1759.963173] syz-executor.5: attempt to access beyond end of device
[ 1759.963173] loop5: rw=2049, sector=116, nr_sectors = 8 limit=40
[ 1759.977434] kworker/u4:3: attempt to access beyond end of device
[ 1759.977434] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1759.979138] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1759.983775] syz-executor.5: attempt to access beyond end of device
[ 1759.983775] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1759.985984] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1773.812880] loop6: detected capacity change from 0 to 40
23:28:12 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

23:28:12 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x0, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:28:12 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:28:12 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc) (fail_nth: 7)

23:28:12 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:28:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:28:12 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

23:28:12 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1773.841453] loop2: detected capacity change from 0 to 40
[ 1773.842315] loop4: detected capacity change from 0 to 40
[ 1773.845985] loop5: detected capacity change from 0 to 40
[ 1773.846121] FAT-fs (loop3): bogus number of reserved sectors
[ 1773.846757] FAT-fs (loop6): bogus number of reserved sectors
[ 1773.847166] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1773.847843] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1773.849561] FAT-fs (loop2): bogus number of reserved sectors
[ 1773.850135] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1773.855899] loop7: detected capacity change from 0 to 40
23:28:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:28:12 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1773.952358] FAULT_INJECTION: forcing a failure.
[ 1773.952358] name failslab, interval 1, probability 0, space 0, times 0
[ 1773.953168] CPU: 0 PID: 8962 Comm: syz-executor.0 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1773.953750] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1773.954324] Call Trace:
[ 1773.954529]  <TASK>
[ 1773.954716]  dump_stack_lvl+0x8f/0xb7
[ 1773.955031]  should_fail_ex.cold+0x5/0xa
[ 1773.955367]  ? jbd2__journal_start+0x194/0x8d0
[ 1773.955724]  should_failslab+0x9/0x20
[ 1773.956038]  kmem_cache_alloc+0x5a/0x410
[ 1773.956351]  ? lock_is_held_type+0xdb/0x130
[ 1773.956712]  jbd2__journal_start+0x194/0x8d0
[ 1773.957060]  __ext4_journal_start_sb+0x4a5/0x6b0
[ 1773.957426]  ? ext4_alloc_file_blocks.isra.0+0x2a2/0xbd0
[ 1773.957859]  ext4_alloc_file_blocks.isra.0+0x2a2/0xbd0
[ 1773.958267]  ? rcu_read_lock_sched_held+0x42/0x80
[ 1773.958650]  ? __mark_inode_dirty+0x249/0xe70
[ 1773.959021]  ? __pfx_ext4_alloc_file_blocks.isra.0+0x10/0x10
[ 1773.959444]  ? __mnt_drop_write_file+0x4e/0xf0
[ 1773.959805]  ? __pfx_file_modified_flags+0x10/0x10
[ 1773.960197]  ? __pfx_down_write+0x10/0x10
[ 1773.960519]  ? lock_is_held_type+0xdb/0x130
[ 1773.960878]  ext4_fallocate+0x437/0x3eb0
[ 1773.961213]  ? lock_acquire+0x1b6/0x530
[ 1773.961518]  ? __pfx_ext4_fallocate+0x10/0x10
[ 1773.961858]  ? lock_is_held_type+0xdb/0x130
[ 1773.962185]  ? __pfx_ext4_fallocate+0x10/0x10
[ 1773.962527]  vfs_fallocate+0x48d/0xe00
[ 1773.962812]  __x64_sys_fallocate+0xd3/0x140
[ 1773.963120]  do_syscall_64+0x3f/0x90
[ 1773.963400]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1773.963779] RIP: 0033:0x7f28147cab19
[ 1773.964040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1773.965326] RSP: 002b:00007f2811d40188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 1773.965873] RAX: ffffffffffffffda RBX: 00007f28148ddf60 RCX: 00007f28147cab19
[ 1773.966384] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 1773.966890] RBP: 00007f2811d401d0 R08: 0000000000000000 R09: 0000000000000000
[ 1773.967401] R10: 00000000087ffffc R11: 0000000000000246 R12: 0000000000000001
[ 1773.967902] R13: 00007ffcd90ff65f R14: 00007f2811d40300 R15: 0000000000022000
[ 1773.968432]  </TASK>
[ 1774.025309] loop2: detected capacity change from 0 to 40
[ 1774.042277] FAT-fs (loop3): bogus number of reserved sectors
[ 1774.042711] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1774.046324] FAT-fs (loop2): invalid media value (0x00)
[ 1774.046699] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1774.059461] syz-executor.5: attempt to access beyond end of device
[ 1774.059461] loop5: rw=2049, sector=84, nr_sectors = 40 limit=40
[ 1774.070332] syz-executor.5: attempt to access beyond end of device
[ 1774.070332] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1774.072079] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1774.078215] kworker/u4:8: attempt to access beyond end of device
[ 1774.078215] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1774.080000] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:28:13 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

23:28:13 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

[ 1774.146691] loop7: detected capacity change from 0 to 40
[ 1774.148413] kworker/u4:8: attempt to access beyond end of device
[ 1774.148413] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1774.149972] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:28:13 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc) (fail_nth: 8)

23:28:13 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:28:13 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:28:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1774.268389] loop4: detected capacity change from 0 to 40
[ 1774.299154] loop5: detected capacity change from 0 to 40
[ 1774.315243] FAT-fs (loop3): bogus number of reserved sectors
[ 1774.315878] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1774.327585] FAULT_INJECTION: forcing a failure.
[ 1774.327585] name failslab, interval 1, probability 0, space 0, times 0
[ 1774.328623] CPU: 0 PID: 8976 Comm: syz-executor.0 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1774.329245] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1774.329788] Call Trace:
[ 1774.329973]  <TASK>
[ 1774.330139]  dump_stack_lvl+0x8f/0xb7
[ 1774.330414]  should_fail_ex.cold+0x5/0xa
[ 1774.330711]  ? jbd2__journal_start+0x194/0x8d0
[ 1774.331051]  should_failslab+0x9/0x20
[ 1774.331319]  kmem_cache_alloc+0x5a/0x410
[ 1774.331600]  ? lock_is_held_type+0xdb/0x130
[ 1774.331918]  jbd2__journal_start+0x194/0x8d0
[ 1774.332233]  __ext4_journal_start_sb+0x4a5/0x6b0
[ 1774.332569]  ? ext4_alloc_file_blocks.isra.0+0x2a2/0xbd0
[ 1774.332958]  ext4_alloc_file_blocks.isra.0+0x2a2/0xbd0
[ 1774.333302]  ? rcu_read_lock_sched_held+0x42/0x80
[ 1774.333652]  ? __mark_inode_dirty+0x249/0xe70
[ 1774.333989]  ? __pfx_ext4_alloc_file_blocks.isra.0+0x10/0x10
[ 1774.334387]  ? __mnt_drop_write_file+0x4e/0xf0
[ 1774.334715]  ? __pfx_file_modified_flags+0x10/0x10
[ 1774.335067]  ? __pfx_down_write+0x10/0x10
[ 1774.335361]  ? lock_is_held_type+0xdb/0x130
[ 1774.335672]  ext4_fallocate+0x437/0x3eb0
[ 1774.335968]  ? lock_acquire+0x1b6/0x530
[ 1774.336259]  ? __pfx_ext4_fallocate+0x10/0x10
[ 1774.336583]  ? lock_is_held_type+0xdb/0x130
[ 1774.336882]  ? __pfx_ext4_fallocate+0x10/0x10
[ 1774.337221]  vfs_fallocate+0x48d/0xe00
[ 1774.337482]  __x64_sys_fallocate+0xd3/0x140
[ 1774.337822]  do_syscall_64+0x3f/0x90
[ 1774.338102]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1774.338468] RIP: 0033:0x7f28147cab19
[ 1774.338738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1774.339998] RSP: 002b:00007f2811d40188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 1774.340536] RAX: ffffffffffffffda RBX: 00007f28148ddf60 RCX: 00007f28147cab19
[ 1774.341038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 1774.341546] RBP: 00007f2811d401d0 R08: 0000000000000000 R09: 0000000000000000
[ 1774.342052] R10: 00000000087ffffc R11: 0000000000000246 R12: 0000000000000001
[ 1774.342550] R13: 00007ffcd90ff65f R14: 00007f2811d40300 R15: 0000000000022000
[ 1774.343071]  </TASK>
[ 1774.345245] kworker/u4:8: attempt to access beyond end of device
[ 1774.345245] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1774.346826] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1774.520035] syz-executor.5: attempt to access beyond end of device
[ 1774.520035] loop5: rw=2049, sector=100, nr_sectors = 24 limit=40
[ 1774.521010] syz-executor.5: attempt to access beyond end of device
[ 1774.521010] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1774.521808] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1774.581902] kworker/u4:9: attempt to access beyond end of device
[ 1774.581902] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1774.583856] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:28:27 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x0, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:28:27 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

23:28:27 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:28:27 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc) (fail_nth: 9)

23:28:27 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:28:27 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:28:27 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:28:27 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

[ 1788.553863] loop2: detected capacity change from 0 to 40
[ 1788.554846] loop3: detected capacity change from 0 to 40
[ 1788.557648] loop4: detected capacity change from 0 to 40
[ 1788.558511] loop6: detected capacity change from 0 to 40
[ 1788.558692] loop5: detected capacity change from 0 to 40
[ 1788.563568] FAT-fs (loop2): invalid media value (0x00)
[ 1788.563975] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1788.567861] FAULT_INJECTION: forcing a failure.
[ 1788.567861] name failslab, interval 1, probability 0, space 0, times 0
[ 1788.568714] CPU: 0 PID: 9005 Comm: syz-executor.0 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1788.569261] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1788.569822] Call Trace:
[ 1788.570005]  <TASK>
[ 1788.570171]  dump_stack_lvl+0x8f/0xb7
[ 1788.570450]  should_fail_ex.cold+0x5/0xa
[ 1788.570747]  ? jbd2__journal_start+0x194/0x8d0
[ 1788.571082]  should_failslab+0x9/0x20
[ 1788.571356]  kmem_cache_alloc+0x5a/0x410
[ 1788.571642]  ? lock_is_held_type+0xdb/0x130
[ 1788.571954]  jbd2__journal_start+0x194/0x8d0
[ 1788.572273]  __ext4_journal_start_sb+0x4a5/0x6b0
[ 1788.572605]  ? ext4_alloc_file_blocks.isra.0+0x2a2/0xbd0
[ 1788.572980]  ext4_alloc_file_blocks.isra.0+0x2a2/0xbd0
[ 1788.573325]  ? rcu_read_lock_sched_held+0x42/0x80
[ 1788.573671]  ? __mark_inode_dirty+0x249/0xe70
[ 1788.574008]  ? __pfx_ext4_alloc_file_blocks.isra.0+0x10/0x10
[ 1788.574405]  ? __mnt_drop_write_file+0x4e/0xf0
[ 1788.574732]  ? __pfx_file_modified_flags+0x10/0x10
[ 1788.575080]  ? __pfx_down_write+0x10/0x10
[ 1788.575372]  ? lock_is_held_type+0xdb/0x130
[ 1788.575689]  ext4_fallocate+0x437/0x3eb0
[ 1788.575977]  ? lock_acquire+0x1b6/0x530
[ 1788.576273]  ? __pfx_ext4_fallocate+0x10/0x10
[ 1788.576582]  ? lock_is_held_type+0xdb/0x130
[ 1788.576896]  ? __pfx_ext4_fallocate+0x10/0x10
[ 1788.577215]  vfs_fallocate+0x48d/0xe00
[ 1788.577497]  __x64_sys_fallocate+0xd3/0x140
[ 1788.577800]  do_syscall_64+0x3f/0x90
[ 1788.578071]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1788.578434] RIP: 0033:0x7f28147cab19
[ 1788.578698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1788.579019] FAT-fs (loop3): bogus number of reserved sectors
[ 1788.579884] RSP: 002b:00007f2811d40188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 1788.580641] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1788.581134] RAX: ffffffffffffffda RBX: 00007f28148ddf60 RCX: 00007f28147cab19
[ 1788.581148] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 1788.581163] RBP: 00007f2811d401d0 R08: 0000000000000000 R09: 0000000000000000
[ 1788.583303] R10: 00000000087ffffc R11: 0000000000000246 R12: 0000000000000001
[ 1788.583781] R13: 00007ffcd90ff65f R14: 00007f2811d40300 R15: 0000000000022000
[ 1788.584276]  </TASK>
[ 1788.584484] FAT-fs (loop6): invalid media value (0x00)
[ 1788.585192] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1788.595372] loop7: detected capacity change from 0 to 40
23:28:27 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1788.673067] syz-executor.5: attempt to access beyond end of device
[ 1788.673067] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1788.674085] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:28:27 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc) (fail_nth: 10)

[ 1788.706658] loop2: detected capacity change from 0 to 40
[ 1788.719664] FAT-fs (loop2): invalid media value (0x00)
[ 1788.720180] FAT-fs (loop2): Can't find a valid FAT filesystem
23:28:27 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:28:27 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1788.881534] loop3: detected capacity change from 0 to 40
[ 1788.895334] loop5: detected capacity change from 0 to 40
[ 1788.896764] FAT-fs (loop3): bogus number of reserved sectors
[ 1788.897824] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1788.899321] kworker/u4:8: attempt to access beyond end of device
[ 1788.899321] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1788.900948] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:28:27 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:28:27 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)

[ 1788.929060] kworker/u4:8: attempt to access beyond end of device
[ 1788.929060] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1788.930858] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:28:27 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

[ 1788.976399] loop2: detected capacity change from 0 to 40
[ 1788.982808] loop4: detected capacity change from 0 to 40
[ 1788.998535] FAT-fs (loop2): invalid media value (0x00)
[ 1788.999363] FAT-fs (loop2): Can't find a valid FAT filesystem
23:28:28 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc) (fail_nth: 11)

[ 1789.159684] loop7: detected capacity change from 0 to 40
[ 1789.174236] kworker/u4:9: attempt to access beyond end of device
[ 1789.174236] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1789.175796] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1789.196241] FAULT_INJECTION: forcing a failure.
[ 1789.196241] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1789.197249] CPU: 0 PID: 9028 Comm: syz-executor.0 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1789.197850] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1789.198429] Call Trace:
[ 1789.198627]  <TASK>
[ 1789.198811]  dump_stack_lvl+0x8f/0xb7
[ 1789.199125]  should_fail_ex.cold+0x5/0xa
[ 1789.199469]  _copy_to_user+0x30/0x1c0
[ 1789.199793]  simple_read_from_buffer+0xd0/0x170
[ 1789.200180]  proc_fail_nth_read+0x19c/0x230
[ 1789.200531]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1789.200838] syz-executor.5: attempt to access beyond end of device
[ 1789.200838] loop5: rw=2049, sector=76, nr_sectors = 48 limit=40
[ 1789.200895]  ? security_file_permission+0xb5/0xe0
[ 1789.202674]  vfs_read+0x2e1/0x9f0
[ 1789.202970]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1789.203319]  ? __pfx_vfs_read+0x10/0x10
[ 1789.203612]  ? __fget_files+0x270/0x450
[ 1789.203922]  ksys_read+0x12b/0x260
[ 1789.204190]  ? __pfx_ksys_read+0x10/0x10
[ 1789.204488]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1789.204841]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1789.205222]  do_syscall_64+0x3f/0x90
[ 1789.205509]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1789.205907] RIP: 0033:0x7f281477d69c
[ 1789.206181] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 1789.207454] RSP: 002b:00007f2811d40170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1789.207993] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f281477d69c
[ 1789.208508] RDX: 000000000000000f RSI: 00007f2811d401e0 RDI: 0000000000000005
[ 1789.209024] RBP: 00007f2811d401d0 R08: 0000000000000000 R09: 0000000000000000
[ 1789.209532] R10: 00000000087ffffc R11: 0000000000000246 R12: 0000000000000002
[ 1789.210045] R13: 00007ffcd90ff65f R14: 00007f2811d40300 R15: 0000000000022000
[ 1789.210567]  </TASK>
[ 1789.214520] syz-executor.5: attempt to access beyond end of device
[ 1789.214520] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1789.216827] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1789.440510] kworker/u4:6: attempt to access beyond end of device
[ 1789.440510] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1789.442314] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:28:42 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

23:28:42 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:28:42 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:28:42 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:28:42 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:28:42 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:28:42 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1803.750812] loop3: detected capacity change from 0 to 40
23:28:42 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1803.765587] loop5: detected capacity change from 0 to 40
[ 1803.770155] loop7: detected capacity change from 0 to 40
[ 1803.771815] FAT-fs (loop3): bogus number of reserved sectors
[ 1803.772381] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1803.772644] loop4: detected capacity change from 0 to 40
[ 1803.814804] loop2: detected capacity change from 0 to 40
[ 1803.819514] FAT-fs (loop2): invalid media value (0x00)
[ 1803.819997] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1803.821806] loop6: detected capacity change from 0 to 40
[ 1803.836079] FAT-fs (loop6): invalid media value (0x00)
[ 1803.836789] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1803.887519] syz-executor.5: attempt to access beyond end of device
[ 1803.887519] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1803.888433] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:28:42 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x2, 0x0, 0x87ffffc)

23:28:42 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

23:28:42 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1804.007857] kworker/u4:1: attempt to access beyond end of device
[ 1804.007857] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1804.009271] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1804.031763] loop5: detected capacity change from 0 to 40
[ 1804.065497] kworker/u4:5: attempt to access beyond end of device
[ 1804.065497] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1804.066957] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:28:42 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:28:43 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:28:43 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

[ 1804.098506] loop3: detected capacity change from 0 to 40
[ 1804.113738] FAT-fs (loop3): bogus number of reserved sectors
[ 1804.114317] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1804.118768] loop4: detected capacity change from 0 to 40
[ 1804.143120] loop2: detected capacity change from 0 to 40
[ 1804.185856] FAT-fs (loop2): bogus number of FAT sectors
[ 1804.186647] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1804.243836] loop7: detected capacity change from 0 to 40
[ 1804.264368] kworker/u4:1: attempt to access beyond end of device
[ 1804.264368] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1804.265887] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1804.472902] kworker/u4:5: attempt to access beyond end of device
[ 1804.472902] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1804.474408] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1804.488845] kworker/u4:5: attempt to access beyond end of device
[ 1804.488845] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1804.490550] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:28:59 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:28:59 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:28:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:28:59 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1820.421884] loop2: detected capacity change from 0 to 40
23:28:59 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x4, 0x0, 0x87ffffc)

23:28:59 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

23:28:59 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0x0)

23:28:59 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1820.435664] loop4: detected capacity change from 0 to 40
[ 1820.444723] loop5: detected capacity change from 0 to 40
[ 1820.446527] loop7: detected capacity change from 0 to 40
[ 1820.448233] FAT-fs (loop2): bogus number of FAT sectors
[ 1820.448915] FAT-fs (loop2): Can't find a valid FAT filesystem
[ 1820.464408] loop6: detected capacity change from 0 to 40
[ 1820.468278] FAT-fs (loop6): invalid media value (0x00)
[ 1820.468677] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1820.487763] loop3: detected capacity change from 0 to 40
[ 1820.505740] FAT-fs (loop3): bogus number of reserved sectors
[ 1820.506655] FAT-fs (loop3): Can't find a valid FAT filesystem
23:28:59 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x5, 0x0, 0x87ffffc)

23:28:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:28:59 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1820.822746] kworker/u4:7: attempt to access beyond end of device
[ 1820.822746] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1820.824576] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1820.834029] kworker/u4:7: attempt to access beyond end of device
[ 1820.834029] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1820.834591] loop2: detected capacity change from 0 to 40
[ 1820.835527] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1820.854267] kworker/u4:7: attempt to access beyond end of device
23:28:59 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

[ 1820.854267] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1820.856067] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1820.865737] FAT-fs (loop2): bogus number of FAT sectors
[ 1820.866708] FAT-fs (loop2): Can't find a valid FAT filesystem
23:28:59 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1820.920539] loop3: detected capacity change from 0 to 40
23:28:59 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0x0)

[ 1820.960057] FAT-fs (loop3): bogus number of reserved sectors
[ 1820.960864] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1820.967967] loop5: detected capacity change from 0 to 40
[ 1820.974653] loop4: detected capacity change from 0 to 40
23:28:59 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x8, 0x0, 0x87ffffc)

[ 1821.094574] loop7: detected capacity change from 0 to 40
23:29:00 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1821.320280] loop2: detected capacity change from 0 to 40
[ 1821.365312] kworker/u4:5: attempt to access beyond end of device
[ 1821.365312] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1821.366861] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1821.425322] kworker/u4:5: attempt to access beyond end of device
[ 1821.425322] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1821.426812] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1821.496583] kworker/u4:7: attempt to access beyond end of device
[ 1821.496583] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1821.498068] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1821.519390] kworker/u4:7: attempt to access beyond end of device
[ 1821.519390] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1821.520878] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:29:13 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:29:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:29:13 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:29:13 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:29:13 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:29:13 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x10, 0x0, 0x87ffffc)

23:29:13 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

23:29:13 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0x0)

[ 1834.728488] loop2: detected capacity change from 0 to 40
[ 1834.731779] loop3: detected capacity change from 0 to 40
[ 1834.736294] loop6: detected capacity change from 0 to 40
[ 1834.738194] loop5: detected capacity change from 0 to 40
[ 1834.738608] FAT-fs (loop3): bogus number of reserved sectors
[ 1834.739452] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1834.740005] FAT-fs (loop6): invalid media value (0x00)
[ 1834.740367] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1834.799086] loop4: detected capacity change from 0 to 40
[ 1834.803419] loop7: detected capacity change from 0 to 40
23:29:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1834.817731] kworker/u4:6: attempt to access beyond end of device
[ 1834.817731] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1834.819587] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:29:13 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:29:13 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x12, 0x0, 0x87ffffc)

[ 1834.931656] loop2: detected capacity change from 0 to 40
23:29:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1835.004662] kworker/u4:1: attempt to access beyond end of device
[ 1835.004662] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1835.006223] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:29:13 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x78, 0x0, 0x87ffffc)

[ 1835.054548] kworker/u4:6: attempt to access beyond end of device
[ 1835.054548] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
23:29:13 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1835.056496] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1835.071536] loop3: detected capacity change from 0 to 40
[ 1835.109158] FAT-fs (loop3): bogus number of reserved sectors
[ 1835.110084] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1835.121833] loop4: detected capacity change from 0 to 40
[ 1835.130137] loop2: detected capacity change from 0 to 40
[ 1835.247072] kworker/u4:6: attempt to access beyond end of device
[ 1835.247072] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1835.248815] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1835.273560] kworker/u4:6: attempt to access beyond end of device
[ 1835.273560] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1835.275362] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1835.497754] kworker/u4:6: attempt to access beyond end of device
[ 1835.497754] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1835.499772] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:29:28 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0x0)

[ 1849.544828] loop7: detected capacity change from 0 to 40
[ 1849.553911] loop5: detected capacity change from 0 to 40
[ 1849.555033] loop4: detected capacity change from 0 to 40
23:29:28 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xf8, 0x0, 0x87ffffc)

23:29:28 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 1)

23:29:28 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:29:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:29:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:29:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)

23:29:28 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

[ 1849.578530] loop6: detected capacity change from 0 to 40
[ 1849.584494] FAT-fs (loop6): invalid media value (0x00)
[ 1849.584917] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1849.624461] loop2: detected capacity change from 0 to 40
[ 1849.626434] loop3: detected capacity change from 0 to 40
[ 1849.632171] FAT-fs (loop3): bogus number of reserved sectors
[ 1849.632615] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1849.642615] FAULT_INJECTION: forcing a failure.
[ 1849.642615] name failslab, interval 1, probability 0, space 0, times 0
[ 1849.643628] CPU: 0 PID: 9179 Comm: syz-executor.1 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1849.644175] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1849.644731] Call Trace:
[ 1849.644924]  <TASK>
[ 1849.645085]  dump_stack_lvl+0x8f/0xb7
[ 1849.645363]  should_fail_ex.cold+0x5/0xa
[ 1849.645663]  should_failslab+0x9/0x20
[ 1849.645947]  __kmem_cache_alloc_node+0x5b/0x400
[ 1849.646276]  ? alloc_pipe_info+0x109/0x590
[ 1849.646596]  kmalloc_trace+0x26/0x60
[ 1849.646868]  alloc_pipe_info+0x109/0x590
[ 1849.647161]  splice_direct_to_actor+0x6e6/0x8c0
[ 1849.647488]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1849.647823]  ? inode_security+0x105/0x140
[ 1849.648113]  ? avc_policy_seqno+0xd/0x70
[ 1849.648407]  ? selinux_file_permission+0x3a/0x510
[ 1849.648751]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1849.649114]  ? security_file_permission+0xb5/0xe0
[ 1849.649460]  do_splice_direct+0x1bc/0x290
[ 1849.649746]  ? __pfx_do_splice_direct+0x10/0x10
[ 1849.650082]  ? lock_is_held_type+0xdb/0x130
[ 1849.650379]  do_sendfile+0xb1d/0x1280
[ 1849.650689]  ? __pfx_do_sendfile+0x10/0x10
[ 1849.651009]  __x64_sys_sendfile64+0x248/0x2a0
[ 1849.651334]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1849.651685]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1849.652045]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1849.652403]  do_syscall_64+0x3f/0x90
[ 1849.652674]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1849.653050] RIP: 0033:0x7fe38b972b19
[ 1849.653326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1849.654610] RSP: 002b:00007fe388ee8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1849.655162] RAX: ffffffffffffffda RBX: 00007fe38ba85f60 RCX: 00007fe38b972b19
[ 1849.655678] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 1849.656196] RBP: 00007fe388ee81d0 R08: 0000000000000000 R09: 0000000000000000
[ 1849.656694] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001
[ 1849.657210] R13: 00007fff1e8f423f R14: 00007fe388ee8300 R15: 0000000000022000
[ 1849.657740]  </TASK>
23:29:28 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x321, 0x0, 0x87ffffc)

23:29:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1849.767300] kworker/u4:1: attempt to access beyond end of device
[ 1849.767300] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1849.768574] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1849.783982] kworker/u4:0: attempt to access beyond end of device
[ 1849.783982] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1849.785181] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:29:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)

23:29:28 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
openat(r1, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xfffffdef)

23:29:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1849.846353] loop2: detected capacity change from 0 to 40
[ 1849.864693] loop3: detected capacity change from 0 to 40
23:29:28 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 2)

23:29:28 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 1)

[ 1849.876665] FAT-fs (loop3): bogus number of reserved sectors
[ 1849.877146] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1849.882608] kworker/u4:1: attempt to access beyond end of device
[ 1849.882608] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1849.884069] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1849.888302] loop4: detected capacity change from 0 to 40
[ 1849.896222] loop5: detected capacity change from 0 to 40
23:29:28 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x500, 0x0, 0x87ffffc)

23:29:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1849.998529] loop7: detected capacity change from 0 to 40
23:29:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1850.073323] kworker/u4:8: attempt to access beyond end of device
[ 1850.073323] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1850.074481] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:29:29 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0x0)

[ 1850.108092] FAULT_INJECTION: forcing a failure.
[ 1850.108092] name failslab, interval 1, probability 0, space 0, times 0
[ 1850.109144] CPU: 1 PID: 9212 Comm: syz-executor.7 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1850.109857] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1850.110578] Call Trace:
[ 1850.110819]  <TASK>
[ 1850.111034]  dump_stack_lvl+0x8f/0xb7
[ 1850.111225] loop2: detected capacity change from 0 to 40
[ 1850.111398]  should_fail_ex.cold+0x5/0xa
[ 1850.112141]  should_failslab+0x9/0x20
[ 1850.112509]  __kmem_cache_alloc_node+0x5b/0x400
[ 1850.112943]  ? alloc_pipe_info+0x109/0x590
[ 1850.113355]  kmalloc_trace+0x26/0x60
[ 1850.113716]  alloc_pipe_info+0x109/0x590
[ 1850.114109]  splice_direct_to_actor+0x6e6/0x8c0
[ 1850.114611]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1850.115064]  ? inode_security+0x105/0x140
[ 1850.115466]  ? avc_policy_seqno+0xd/0x70
[ 1850.115846]  ? selinux_file_permission+0x3a/0x510
[ 1850.116303]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1850.116776]  ? security_file_permission+0xb5/0xe0
[ 1850.117231]  do_splice_direct+0x1bc/0x290
[ 1850.117658]  ? __pfx_do_splice_direct+0x10/0x10
[ 1850.118212]  ? lock_is_held_type+0xdb/0x130
[ 1850.118762]  do_sendfile+0xb1d/0x1280
[ 1850.119259]  ? __pfx_do_sendfile+0x10/0x10
[ 1850.119800]  __x64_sys_sendfile64+0x248/0x2a0
[ 1850.120327]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1850.120799]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1850.121266]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1850.121765]  do_syscall_64+0x3f/0x90
[ 1850.122118]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1850.122645] RIP: 0033:0x7f2e8887fb19
[ 1850.122985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1850.124621] RSP: 002b:00007f2e85dd4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1850.125298] RAX: ffffffffffffffda RBX: 00007f2e88993020 RCX: 00007f2e8887fb19
[ 1850.125926] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 1850.126567] RBP: 00007f2e85dd41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1850.127196] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001
[ 1850.127832] R13: 00007ffe0fca3fff R14: 00007f2e85dd4300 R15: 0000000000022000
[ 1850.128510]  </TASK>
[ 1850.143416] loop3: detected capacity change from 0 to 40
[ 1850.146412] FAT-fs (loop3): bogus number of reserved sectors
[ 1850.147123] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1850.175294] kworker/u4:1: attempt to access beyond end of device
[ 1850.175294] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1850.176266] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1850.227363] loop5: detected capacity change from 0 to 40
[ 1850.314351] kworker/u4:8: attempt to access beyond end of device
[ 1850.314351] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1850.315340] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1850.363495] kworker/u4:5: attempt to access beyond end of device
[ 1850.363495] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1850.364478] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1864.406984] loop5: detected capacity change from 0 to 40
23:29:43 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 2)

23:29:43 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:29:43 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x1200, 0x0, 0x87ffffc)

23:29:43 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:29:43 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:29:43 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:29:43 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:29:43 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0x0)

[ 1864.411993] loop6: detected capacity change from 0 to 40
[ 1864.418349] FAT-fs (loop6): invalid media value (0x00)
[ 1864.418764] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1864.426498] loop4: detected capacity change from 0 to 40
[ 1864.436340] loop3: detected capacity change from 0 to 40
[ 1864.466320] FAT-fs (loop3): bogus number of reserved sectors
[ 1864.467158] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1864.496894] loop7: detected capacity change from 0 to 40
[ 1864.512695] loop2: detected capacity change from 0 to 40
23:29:43 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x2103, 0x0, 0x87ffffc)

[ 1864.627517] kworker/u4:1: attempt to access beyond end of device
23:29:43 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1864.627517] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1864.629157] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1864.682357] loop4: detected capacity change from 0 to 40
23:29:43 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:29:43 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1864.840229] syz-executor.7: attempt to access beyond end of device
[ 1864.840229] loop7: rw=2049, sector=84, nr_sectors = 40 limit=40
23:29:43 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0x0)

23:29:43 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1864.852458] kworker/u4:5: attempt to access beyond end of device
[ 1864.852458] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1864.854158] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1864.856091] kworker/u4:1: attempt to access beyond end of device
[ 1864.856091] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1864.857597] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1864.862664] syz-executor.7: attempt to access beyond end of device
[ 1864.862664] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1864.864347] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1864.879059] loop3: detected capacity change from 0 to 40
[ 1864.893034] FAT-fs (loop3): invalid media value (0x00)
[ 1864.896706] FAT-fs (loop3): Can't find a valid FAT filesystem
23:29:43 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 3)

[ 1864.963639] loop5: detected capacity change from 0 to 40
[ 1864.981736] loop2: detected capacity change from 0 to 40
[ 1864.984901] loop4: detected capacity change from 0 to 40
[ 1864.988480] loop7: detected capacity change from 0 to 40
[ 1865.070842] FAULT_INJECTION: forcing a failure.
[ 1865.070842] name failslab, interval 1, probability 0, space 0, times 0
[ 1865.071700] CPU: 0 PID: 9263 Comm: syz-executor.7 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1865.072273] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1865.072850] Call Trace:
[ 1865.073041]  <TASK>
[ 1865.073211]  dump_stack_lvl+0x8f/0xb7
[ 1865.073513]  should_fail_ex.cold+0x5/0xa
[ 1865.073823]  should_failslab+0x9/0x20
[ 1865.074112]  __kmem_cache_alloc_node+0x5b/0x400
[ 1865.074459]  ? alloc_pipe_info+0x1e4/0x590
[ 1865.074793]  ? alloc_pipe_info+0x1e4/0x590
[ 1865.075114]  __kmalloc+0x46/0xc0
[ 1865.075373]  alloc_pipe_info+0x1e4/0x590
[ 1865.075683]  splice_direct_to_actor+0x6e6/0x8c0
[ 1865.076032]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1865.076390]  ? inode_security+0x105/0x140
[ 1865.076702]  ? avc_policy_seqno+0xd/0x70
[ 1865.077009]  ? selinux_file_permission+0x3a/0x510
[ 1865.077372]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1865.077746]  ? security_file_permission+0xb5/0xe0
[ 1865.078122]  do_splice_direct+0x1bc/0x290
[ 1865.078430]  ? __pfx_do_splice_direct+0x10/0x10
[ 1865.078796]  ? lock_is_held_type+0xdb/0x130
[ 1865.079128]  do_sendfile+0xb1d/0x1280
[ 1865.079427]  ? __pfx_do_sendfile+0x10/0x10
[ 1865.079756]  __x64_sys_sendfile64+0x248/0x2a0
[ 1865.080077]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1865.080485]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1865.081005]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1865.081388]  do_syscall_64+0x3f/0x90
[ 1865.081668]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1865.082047] RIP: 0033:0x7f2e8887fb19
[ 1865.082317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1865.083573] RSP: 002b:00007f2e85dd4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1865.084109] RAX: ffffffffffffffda RBX: 00007f2e88993020 RCX: 00007f2e8887fb19
[ 1865.084616] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 1865.085128] RBP: 00007f2e85dd41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1865.085630] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001
[ 1865.086130] R13: 00007ffe0fca3fff R14: 00007f2e85dd4300 R15: 0000000000022000
[ 1865.086653]  </TASK>
23:29:44 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x77ff, 0x0, 0x87ffffc)

[ 1865.219129] kworker/u4:1: attempt to access beyond end of device
[ 1865.219129] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1865.221198] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1865.398834] kworker/u4:2: attempt to access beyond end of device
[ 1865.398834] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1865.401054] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1865.404219] kworker/u4:2: attempt to access beyond end of device
[ 1865.404219] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1865.407450] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1880.198739] loop2: detected capacity change from 0 to 40
[ 1880.200257] loop4: detected capacity change from 0 to 40
23:29:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:29:59 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:29:59 executing program 1:
r0 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file2\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000180)=ANY=[@ANYRES16=r0, @ANYRES16])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
lstat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000300))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r3 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/sockcreate\x00', 0x2, 0x0)
fallocate(r3, 0x16, 0xfffffffffffffffd, 0x6)
sendfile(r2, r1, 0x0, 0xfffffdef)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000040)=0x3, 0x4)

23:29:59 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x7800, 0x0, 0x87ffffc)

23:29:59 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:29:59 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:29:59 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 4)

23:29:59 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 1)

[ 1880.206224] loop3: detected capacity change from 0 to 40
[ 1880.212438] FAT-fs (loop3): invalid media value (0x00)
[ 1880.212856] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1880.250085] loop6: detected capacity change from 0 to 40
[ 1880.255796] FAT-fs (loop6): bogus number of FAT sectors
[ 1880.256224] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1880.260668] loop5: detected capacity change from 0 to 40
[ 1880.266707] loop7: detected capacity change from 0 to 40
23:29:59 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:29:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1880.376304] loop3: detected capacity change from 0 to 40
[ 1880.390035] FAULT_INJECTION: forcing a failure.
[ 1880.390035] name failslab, interval 1, probability 0, space 0, times 0
[ 1880.391519] CPU: 0 PID: 9297 Comm: syz-executor.5 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1880.392517] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1880.393518] Call Trace:
[ 1880.393850]  <TASK>
[ 1880.394152]  dump_stack_lvl+0x8f/0xb7
[ 1880.394648]  should_fail_ex.cold+0x5/0xa
[ 1880.395204]  should_failslab+0x9/0x20
[ 1880.395703]  __kmem_cache_alloc_node+0x5b/0x400
[ 1880.396308]  ? alloc_pipe_info+0x109/0x590
[ 1880.396892]  kmalloc_trace+0x26/0x60
[ 1880.397391]  alloc_pipe_info+0x109/0x590
[ 1880.397938]  splice_direct_to_actor+0x6e6/0x8c0
[ 1880.398533]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1880.399174]  ? inode_security+0x105/0x140
[ 1880.399721]  ? avc_policy_seqno+0xd/0x70
[ 1880.400245]  ? selinux_file_permission+0x3a/0x510
[ 1880.400891]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1880.401546]  ? security_file_permission+0xb5/0xe0
[ 1880.402172]  do_splice_direct+0x1bc/0x290
[ 1880.402699]  ? __pfx_do_splice_direct+0x10/0x10
[ 1880.403327]  ? lock_is_held_type+0xdb/0x130
[ 1880.403899]  do_sendfile+0xb1d/0x1280
[ 1880.404429]  ? __pfx_do_sendfile+0x10/0x10
[ 1880.404998]  __x64_sys_sendfile64+0x248/0x2a0
[ 1880.405588]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1880.406220]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1880.406877]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1880.407543]  do_syscall_64+0x3f/0x90
[ 1880.408031]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1880.408688] RIP: 0033:0x7fb3320efb19
[ 1880.409185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1880.411425] RSP: 002b:00007fb32f644188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1880.412353] RAX: ffffffffffffffda RBX: 00007fb332203020 RCX: 00007fb3320efb19
[ 1880.413176] loop2: detected capacity change from 0 to 40
[ 1880.413233] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 1880.414481] RBP: 00007fb32f6441d0 R08: 0000000000000000 R09: 0000000000000000
[ 1880.415374] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001
[ 1880.416238] R13: 00007ffc5996385f R14: 00007fb32f644300 R15: 0000000000022000
[ 1880.417145]  </TASK>
[ 1880.420265] syz-executor.7: attempt to access beyond end of device
[ 1880.420265] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1880.422009] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1880.425066] kworker/u4:6: attempt to access beyond end of device
[ 1880.425066] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1880.425902] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1880.431450] FAT-fs (loop3): invalid media value (0x00)
[ 1880.432238] FAT-fs (loop3): Can't find a valid FAT filesystem
23:29:59 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xf800, 0x0, 0x87ffffc)

23:29:59 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:29:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1880.556309] loop4: detected capacity change from 0 to 40
[ 1880.581748] loop2: detected capacity change from 0 to 40
23:29:59 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:29:59 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 5)

[ 1880.678319] loop3: detected capacity change from 0 to 40
[ 1880.683639] kworker/u4:6: attempt to access beyond end of device
[ 1880.683639] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1880.684641] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:29:59 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 2)

[ 1880.704502] FAT-fs (loop3): invalid media value (0x00)
[ 1880.705537] FAT-fs (loop3): Can't find a valid FAT filesystem
23:29:59 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1880.763453] loop7: detected capacity change from 0 to 40
23:29:59 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xff77, 0x0, 0x87ffffc)

[ 1880.860492] loop5: detected capacity change from 0 to 40
[ 1880.921173] kworker/u4:1: attempt to access beyond end of device
[ 1880.921173] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1880.922717] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1880.963057] FAULT_INJECTION: forcing a failure.
[ 1880.963057] name failslab, interval 1, probability 0, space 0, times 0
[ 1880.963829] CPU: 1 PID: 9317 Comm: syz-executor.7 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1880.964374] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1880.964919] Call Trace:
[ 1880.965107]  <TASK>
[ 1880.965271]  dump_stack_lvl+0x8f/0xb7
[ 1880.965556]  should_fail_ex.cold+0x5/0xa
[ 1880.965861]  should_failslab+0x9/0x20
[ 1880.966147]  __kmem_cache_alloc_node+0x5b/0x400
[ 1880.966492]  ? iter_file_splice_write+0x169/0xcb0
[ 1880.966843]  ? iter_file_splice_write+0x169/0xcb0
[ 1880.967192]  __kmalloc+0x46/0xc0
[ 1880.967447]  iter_file_splice_write+0x169/0xcb0
[ 1880.967779]  ? generic_file_read_iter+0x330/0x550
[ 1880.968141]  ? generic_file_splice_read+0x1bc/0x4d0
[ 1880.968502]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1880.968869]  ? __pfx_generic_file_splice_read+0x10/0x10
[ 1880.969258]  ? inode_security+0x105/0x140
[ 1880.969576]  ? security_file_permission+0xb5/0xe0
[ 1880.969930]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1880.970291]  direct_splice_actor+0x113/0x180
[ 1880.970605]  splice_direct_to_actor+0x33a/0x8c0
[ 1880.970953]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1880.971303]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1880.971665]  ? security_file_permission+0xb5/0xe0
[ 1880.972011]  do_splice_direct+0x1bc/0x290
[ 1880.972310]  ? __pfx_do_splice_direct+0x10/0x10
[ 1880.972649]  ? lock_is_held_type+0xdb/0x130
[ 1880.972967]  do_sendfile+0xb1d/0x1280
[ 1880.973260]  ? __pfx_do_sendfile+0x10/0x10
[ 1880.973583]  __x64_sys_sendfile64+0x248/0x2a0
[ 1880.973905]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1880.974259]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1880.974608]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1880.974989]  do_syscall_64+0x3f/0x90
[ 1880.975262]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1880.975617] RIP: 0033:0x7f2e8887fb19
[ 1880.975881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1880.977079] RSP: 002b:00007f2e85dd4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1880.977600] RAX: ffffffffffffffda RBX: 00007f2e88993020 RCX: 00007f2e8887fb19
[ 1880.978075] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 1880.978550] RBP: 00007f2e85dd41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1880.979039] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001
[ 1880.979508] R13: 00007ffe0fca3fff R14: 00007f2e85dd4300 R15: 0000000000022000
[ 1880.980007]  </TASK>
[ 1880.980286] loop2: detected capacity change from 0 to 40
[ 1881.092685] syz-executor.5: attempt to access beyond end of device
[ 1881.092685] loop5: rw=2049, sector=116, nr_sectors = 8 limit=40
[ 1881.133758] syz-executor.5: attempt to access beyond end of device
[ 1881.133758] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1881.135468] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1881.186852] kworker/u4:2: attempt to access beyond end of device
[ 1881.186852] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1881.188083] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:30:14 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xff7f, 0x0, 0x87ffffc)

23:30:14 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 6)

23:30:14 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:30:14 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:30:14 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:30:14 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='map_files\x00')
r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000380), 0x4080, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f0000001280)=ANY=[@ANYBLOB="010001000000000018000000", @ANYRES32=r2, @ANYBLOB="00000000000000002f2f66696c6530003c87c4db0397cb9288"])
stat(&(0x7f0000000780)='./file0\x00', &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000240)={{0x1, 0x1, 0x18, r2, {r4}}, './file1\x00'})
mount$9p_xen(&(0x7f0000000040), &(0x7f00000000c0)='./file2\x00', &(0x7f0000000180), 0x800000, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=xen,noextend,msize=0x0000000000000000,hash,euid>', @ANYRESDEC=r4, @ANYBLOB="2c736d61636b66738861743d76666174002c00"])
socket$inet_icmp_raw(0x2, 0x3, 0x1)
lstat(&(0x7f00000001c0)='./file2\x00', &(0x7f00000002c0))
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r5, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:30:14 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 3)

23:30:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1895.996775] loop5: detected capacity change from 0 to 40
[ 1896.000134] loop4: detected capacity change from 0 to 40
[ 1896.004245] loop3: detected capacity change from 0 to 40
[ 1896.006371] FAT-fs (loop3): invalid media value (0x00)
[ 1896.006767] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1896.009560] loop2: detected capacity change from 0 to 40
[ 1896.036637] loop7: detected capacity change from 0 to 40
[ 1896.068351] loop6: detected capacity change from 0 to 40
[ 1896.081242] FAULT_INJECTION: forcing a failure.
[ 1896.081242] name failslab, interval 1, probability 0, space 0, times 0
[ 1896.082070] CPU: 1 PID: 9348 Comm: syz-executor.5 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1896.082612] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1896.083176] Call Trace:
[ 1896.083363]  <TASK>
[ 1896.083532]  dump_stack_lvl+0x8f/0xb7
[ 1896.083815]  should_fail_ex.cold+0x5/0xa
[ 1896.084119]  should_failslab+0x9/0x20
[ 1896.084400]  __kmem_cache_alloc_node+0x5b/0x400
[ 1896.084736]  ? alloc_pipe_info+0x1e4/0x590
[ 1896.085056]  ? alloc_pipe_info+0x1e4/0x590
[ 1896.085369]  __kmalloc+0x46/0xc0
[ 1896.085549] FAT-fs (loop6): bogus number of FAT sectors
[ 1896.085618]  alloc_pipe_info+0x1e4/0x590
[ 1896.086341] FAT-fs (loop6): Can't find a valid FAT filesystem
[ 1896.086582]  splice_direct_to_actor+0x6e6/0x8c0
[ 1896.086608]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1896.088011]  ? inode_security+0x105/0x140
[ 1896.088325]  ? avc_policy_seqno+0xd/0x70
[ 1896.088620]  ? selinux_file_permission+0x3a/0x510
[ 1896.088970]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1896.089333]  ? security_file_permission+0xb5/0xe0
[ 1896.089685]  do_splice_direct+0x1bc/0x290
[ 1896.089980]  ? __pfx_do_splice_direct+0x10/0x10
[ 1896.090319]  ? lock_is_held_type+0xdb/0x130
[ 1896.090636]  do_sendfile+0xb1d/0x1280
[ 1896.090931]  ? __pfx_do_sendfile+0x10/0x10
[ 1896.091255]  __x64_sys_sendfile64+0x248/0x2a0
[ 1896.091576]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1896.091922]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1896.092285]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1896.092645]  do_syscall_64+0x3f/0x90
[ 1896.092916]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1896.093277] RIP: 0033:0x7fb3320efb19
[ 1896.093543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1896.094732] RSP: 002b:00007fb32f644188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1896.095253] RAX: ffffffffffffffda RBX: 00007fb332203020 RCX: 00007fb3320efb19
[ 1896.095731] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 1896.096282] RBP: 00007fb32f6441d0 R08: 0000000000000000 R09: 0000000000000000
[ 1896.096871] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001
[ 1896.097346] R13: 00007ffc5996385f R14: 00007fb32f644300 R15: 0000000000022000
[ 1896.097835]  </TASK>
23:30:15 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:30:15 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1896.174120] syz-executor.7: attempt to access beyond end of device
[ 1896.174120] loop7: rw=2049, sector=92, nr_sectors = 32 limit=40
[ 1896.177421] syz-executor.7: attempt to access beyond end of device
[ 1896.177421] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1896.178294] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1896.186495] loop4: detected capacity change from 0 to 40
[ 1896.200871] loop3: detected capacity change from 0 to 40
[ 1896.210053] FAT-fs (loop3): invalid media value (0x00)
[ 1896.210420] FAT-fs (loop3): Can't find a valid FAT filesystem
23:30:15 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:30:15 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 7)

23:30:15 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 4)

[ 1896.281488] kworker/u4:0: attempt to access beyond end of device
[ 1896.281488] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1896.283150] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:30:15 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x78000, 0x0, 0x87ffffc)

[ 1896.320613] loop2: detected capacity change from 0 to 40
[ 1896.363232] loop5: detected capacity change from 0 to 40
[ 1896.463185] loop7: detected capacity change from 0 to 40
[ 1896.474801] syz-executor.5: attempt to access beyond end of device
[ 1896.474801] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1896.476331] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1896.643887] FAULT_INJECTION: forcing a failure.
[ 1896.643887] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 1896.646040] CPU: 0 PID: 9366 Comm: syz-executor.7 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1896.647355] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1896.648557] Call Trace:
[ 1896.648958]  <TASK>
[ 1896.649318]  dump_stack_lvl+0x8f/0xb7
[ 1896.649927]  should_fail_ex.cold+0x5/0xa
[ 1896.650577]  prepare_alloc_pages+0x178/0x500
[ 1896.651313]  __alloc_pages+0x149/0x500
[ 1896.651831]  ? __pfx___alloc_pages+0x10/0x10
[ 1896.652404]  ? __pfx___lock_acquire+0x10/0x10
[ 1896.653015]  alloc_pages+0x1a0/0x260
[ 1896.653500]  filemap_alloc_folio+0x32a/0x410
[ 1896.654079]  ? __filemap_get_folio+0x254/0xc90
[ 1896.654669]  ? __pfx_lock_release+0x10/0x10
[ 1896.655244]  ? __pfx_filemap_alloc_folio+0x10/0x10
[ 1896.655868]  ? xas_descend+0x114/0x3e0
[ 1896.656389]  ? xas_load+0x6a/0x140
[ 1896.656869]  __filemap_get_folio+0x32c/0xc90
[ 1896.657463]  ? __pfx___filemap_get_folio+0x10/0x10
[ 1896.658092]  ? __pfx_fat_get_block+0x10/0x10
[ 1896.658681]  ? __pfx___block_write_begin_int+0x10/0x10
[ 1896.659365]  pagecache_get_page+0x2e/0x130
[ 1896.659914]  ? __pfx_fat_get_block+0x10/0x10
[ 1896.660484]  block_write_begin+0x35/0x450
[ 1896.661019]  ? lock_is_held_type+0xdb/0x130
[ 1896.661588]  cont_write_begin+0x4fe/0x700
[ 1896.662142]  ? __block_commit_write.constprop.0.isra.0+0x261/0x2c0
[ 1896.662930]  ? __pfx_fat_get_block+0x10/0x10
[ 1896.663526]  ? __pfx_cont_write_begin+0x10/0x10
[ 1896.664129]  ? block_write_end+0x53/0x220
[ 1896.664676]  fat_write_begin+0x89/0x180
[ 1896.665191]  ? __pfx_fat_get_block+0x10/0x10
[ 1896.665772]  generic_perform_write+0x25a/0x580
[ 1896.666385]  ? __pfx_generic_perform_write+0x10/0x10
[ 1896.667037]  ? __pfx_fat_update_time+0x10/0x10
[ 1896.667634]  ? __pfx_file_update_time+0x10/0x10
[ 1896.668247]  ? generic_write_checks+0x2c0/0x400
[ 1896.668859]  __generic_file_write_iter+0x308/0x4b0
[ 1896.669492]  ? do_sendfile+0xb1d/0x1280
[ 1896.670014]  ? __x64_sys_sendfile64+0x248/0x2a0
[ 1896.670628]  generic_file_write_iter+0xe7/0x350
[ 1896.671260]  do_iter_readv_writev+0x211/0x3c0
[ 1896.671854]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1896.672510]  ? avc_policy_seqno+0xd/0x70
[ 1896.673049]  ? security_file_permission+0xb5/0xe0
[ 1896.673681]  do_iter_write+0x18b/0x700
[ 1896.674207]  ? lock_is_held_type+0xdb/0x130
[ 1896.674792]  vfs_iter_write+0x74/0xb0
[ 1896.675321]  iter_file_splice_write+0x73e/0xcb0
[ 1896.675946]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1896.676605]  ? __pfx_generic_file_splice_read+0x10/0x10
[ 1896.677293]  ? inode_security+0x105/0x140
[ 1896.677852]  ? security_file_permission+0xb5/0xe0
[ 1896.678487]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1896.679162]  direct_splice_actor+0x113/0x180
[ 1896.679747]  splice_direct_to_actor+0x33a/0x8c0
[ 1896.680356]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1896.681004]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1896.681668]  ? security_file_permission+0xb5/0xe0
[ 1896.682305]  do_splice_direct+0x1bc/0x290
[ 1896.682849]  ? __pfx_do_splice_direct+0x10/0x10
[ 1896.683478]  ? lock_is_held_type+0xdb/0x130
[ 1896.684060]  do_sendfile+0xb1d/0x1280
[ 1896.684590]  ? __pfx_do_sendfile+0x10/0x10
[ 1896.685175]  __x64_sys_sendfile64+0x248/0x2a0
[ 1896.685756]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1896.686380]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1896.687041]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1896.687714]  do_syscall_64+0x3f/0x90
[ 1896.688213]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1896.688880] RIP: 0033:0x7f2e8887fb19
[ 1896.689364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1896.691578] RSP: 002b:00007f2e85dd4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1896.692542] RAX: ffffffffffffffda RBX: 00007f2e88993020 RCX: 00007f2e8887fb19
[ 1896.693426] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 1896.694313] RBP: 00007f2e85dd41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1896.695195] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001
[ 1896.696088] R13: 00007ffe0fca3fff R14: 00007f2e85dd4300 R15: 0000000000022000
[ 1896.697007]  </TASK>
[ 1896.723198] syz-executor.7: attempt to access beyond end of device
[ 1896.723198] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1896.724354] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:30:28 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x4000000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x200000, 0x189)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
openat(r2, &(0x7f00000000c0)='./file0/file0\x00', 0x400, 0x162)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat(r1, &(0x7f0000000000)='./file0\x00', 0x3cab5d981727c56c, 0x11)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r4=>r0, {0x9}}, './file0/file0\x00'})
fallocate(r4, 0x9, 0x6, 0x4)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
sendfile(r2, r1, 0x0, 0xfffffdef)

23:30:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:30:28 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:30:28 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x7f800, 0x0, 0x87ffffc)

23:30:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:30:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

23:30:28 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 5)

23:30:28 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 8)

[ 1909.205408] loop3: detected capacity change from 0 to 40
[ 1909.228432] loop2: detected capacity change from 0 to 40
[ 1909.230437] loop4: detected capacity change from 0 to 40
[ 1909.239211] FAT-fs (loop3): bogus number of FAT sectors
[ 1909.240215] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1909.251892] loop7: detected capacity change from 0 to 40
[ 1909.253813] loop6: detected capacity change from 0 to 40
[ 1909.256111] loop5: detected capacity change from 0 to 40
[ 1909.287063] FAT-fs (loop6): bogus number of FAT sectors
[ 1909.288030] FAT-fs (loop6): Can't find a valid FAT filesystem
23:30:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

23:30:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)=@random={'user.', '\\\\,][^\'*/,+!G-\x00'}, &(0x7f00000001c0)=""/39, 0x27)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:30:28 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x80000, 0x0, 0x87ffffc)

[ 1909.404569] FAULT_INJECTION: forcing a failure.
[ 1909.404569] name failslab, interval 1, probability 0, space 0, times 0
[ 1909.405506] CPU: 1 PID: 9393 Comm: syz-executor.5 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1909.406090] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1909.406678] Call Trace:
[ 1909.406880]  <TASK>
[ 1909.407052]  dump_stack_lvl+0x8f/0xb7
[ 1909.407354]  should_fail_ex.cold+0x5/0xa
[ 1909.407671]  should_failslab+0x9/0x20
[ 1909.407966]  __kmem_cache_alloc_node+0x5b/0x400
[ 1909.408319]  ? iter_file_splice_write+0x169/0xcb0
[ 1909.408691]  ? iter_file_splice_write+0x169/0xcb0
[ 1909.409053]  __kmalloc+0x46/0xc0
23:30:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1909.409318]  iter_file_splice_write+0x169/0xcb0
[ 1909.409751]  ? generic_file_read_iter+0x330/0x550
[ 1909.410132]  ? generic_file_splice_read+0x1bc/0x4d0
[ 1909.410503]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1909.410886]  ? __pfx_generic_file_splice_read+0x10/0x10
[ 1909.411296]  ? inode_security+0x105/0x140
[ 1909.411625]  ? security_file_permission+0xb5/0xe0
[ 1909.411994]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1909.412388]  direct_splice_actor+0x113/0x180
[ 1909.412725]  splice_direct_to_actor+0x33a/0x8c0
[ 1909.413077]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1909.413409]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1909.413790]  ? security_file_permission+0xb5/0xe0
[ 1909.414162]  do_splice_direct+0x1bc/0x290
[ 1909.414471]  ? __pfx_do_splice_direct+0x10/0x10
[ 1909.414825]  ? lock_is_held_type+0xdb/0x130
[ 1909.415123]  do_sendfile+0xb1d/0x1280
[ 1909.415437]  ? __pfx_do_sendfile+0x10/0x10
[ 1909.415769]  __x64_sys_sendfile64+0x248/0x2a0
[ 1909.416106]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1909.416471]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1909.416849]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1909.417236]  do_syscall_64+0x3f/0x90
[ 1909.417520]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1909.417897] RIP: 0033:0x7fb3320efb19
[ 1909.418176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1909.419489] RSP: 002b:00007fb32f644188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1909.419964] RAX: ffffffffffffffda RBX: 00007fb332203020 RCX: 00007fb3320efb19
[ 1909.420476] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 1909.420992] RBP: 00007fb32f6441d0 R08: 0000000000000000 R09: 0000000000000000
[ 1909.421503] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001
[ 1909.422023] R13: 00007ffc5996385f R14: 00007fb32f644300 R15: 0000000000022000
[ 1909.422553]  </TASK>
[ 1909.434071] loop2: detected capacity change from 0 to 40
[ 1909.447471] syz-executor.7: attempt to access beyond end of device
[ 1909.447471] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1909.448525] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1909.463429] loop4: detected capacity change from 0 to 40
[ 1909.527085] loop3: detected capacity change from 0 to 40
[ 1909.542107] FAT-fs (loop3): bogus number of FAT sectors
[ 1909.542827] FAT-fs (loop3): Can't find a valid FAT filesystem
23:30:28 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 9)

23:30:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

[ 1909.670715] loop7: detected capacity change from 0 to 40
[ 1909.701302] kworker/u4:7: attempt to access beyond end of device
[ 1909.701302] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1909.702092] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1909.704871] loop2: detected capacity change from 0 to 40
[ 1909.736224] kworker/u4:7: attempt to access beyond end of device
[ 1909.736224] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1909.737042] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1909.797141] syz-executor.7: attempt to access beyond end of device
[ 1909.797141] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1909.798031] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1925.168036] loop2: detected capacity change from 0 to 40
[ 1925.178005] loop5: detected capacity change from 0 to 40
[ 1925.192493] loop7: detected capacity change from 0 to 40
[ 1925.194303] loop3: detected capacity change from 0 to 40
23:30:44 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 6)

23:30:44 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:30:44 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000040)="040000006405000000000000000101000440002000f801", 0x17, 0x44}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:30:44 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:30:44 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:30:44 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x0)

23:30:44 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 10)

23:30:44 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x780000, 0x0, 0x87ffffc)

[ 1925.215413] loop6: detected capacity change from 0 to 40
[ 1925.221020] FAT-fs (loop3): bogus number of FAT sectors
[ 1925.221794] FAT-fs (loop3): Can't find a valid FAT filesystem
[ 1925.251715] syz-executor.6: attempt to access beyond end of device
[ 1925.251715] loop6: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1925.252717] Buffer I/O error on dev loop6, logical block 31, lost async page write
[ 1925.256779] loop4: detected capacity change from 0 to 40
[ 1925.282733] syz-executor.5: attempt to access beyond end of device
[ 1925.282733] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1925.283744] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1925.289332] syz-executor.7: attempt to access beyond end of device
[ 1925.289332] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1925.290252] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:30:44 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x0)

23:30:44 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:30:44 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 7)

23:30:44 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 11)

23:30:44 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x800000, 0x0, 0x87ffffc)

[ 1925.410093] loop2: detected capacity change from 0 to 40
23:30:44 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1925.451704] loop6: detected capacity change from 0 to 40
[ 1925.488888] loop5: detected capacity change from 0 to 40
23:30:44 executing program 4:
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1925.499450] kworker/u4:8: attempt to access beyond end of device
[ 1925.499450] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1925.500738] syz-executor.6: attempt to access beyond end of device
[ 1925.500738] loop6: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1925.500971] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 1925.501670] Buffer I/O error on dev loop6, logical block 31, lost async page write
[ 1925.511289] loop7: detected capacity change from 0 to 40
[ 1925.513313] loop3: detected capacity change from 0 to 40
23:30:44 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x0)

[ 1925.605249] FAULT_INJECTION: forcing a failure.
[ 1925.605249] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1925.606119] CPU: 1 PID: 9454 Comm: syz-executor.5 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1925.606662] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1925.607221] Call Trace:
[ 1925.607414]  <TASK>
[ 1925.607586]  dump_stack_lvl+0x8f/0xb7
[ 1925.607865]  should_fail_ex.cold+0x5/0xa
[ 1925.608161]  prepare_alloc_pages+0x178/0x500
[ 1925.608487]  __alloc_pages+0x149/0x500
[ 1925.608767]  ? __pfx___alloc_pages+0x10/0x10
[ 1925.609097]  ? __pfx___lock_acquire+0x10/0x10
[ 1925.609437]  alloc_pages+0x1a0/0x260
[ 1925.609711]  filemap_alloc_folio+0x32a/0x410
[ 1925.610039]  ? __filemap_get_folio+0x254/0xc90
[ 1925.610365]  ? __pfx_lock_release+0x10/0x10
[ 1925.610681]  ? __pfx_filemap_alloc_folio+0x10/0x10
[ 1925.611031]  ? xas_descend+0x114/0x3e0
[ 1925.611312]  ? xas_load+0x6a/0x140
[ 1925.611590]  __filemap_get_folio+0x32c/0xc90
[ 1925.611911]  ? __pfx___filemap_get_folio+0x10/0x10
[ 1925.612261]  ? __pfx_fat_get_block+0x10/0x10
[ 1925.612584]  ? __pfx___block_write_begin_int+0x10/0x10
[ 1925.612951]  pagecache_get_page+0x2e/0x130
[ 1925.613254]  ? __pfx_fat_get_block+0x10/0x10
[ 1925.613564]  block_write_begin+0x35/0x450
[ 1925.613853]  ? lock_is_held_type+0xdb/0x130
[ 1925.614179]  cont_write_begin+0x4fe/0x700
[ 1925.614488]  ? __block_commit_write.constprop.0.isra.0+0x261/0x2c0
[ 1925.614932]  ? __pfx_fat_get_block+0x10/0x10
[ 1925.615264]  ? __pfx_cont_write_begin+0x10/0x10
[ 1925.615607]  ? block_write_end+0x53/0x220
[ 1925.615931]  fat_write_begin+0x89/0x180
[ 1925.616227]  ? __pfx_fat_get_block+0x10/0x10
[ 1925.616554]  generic_perform_write+0x25a/0x580
[ 1925.616909]  ? __pfx_generic_perform_write+0x10/0x10
[ 1925.617286]  ? __pfx_fat_update_time+0x10/0x10
[ 1925.617620]  ? __pfx_file_update_time+0x10/0x10
[ 1925.617980]  ? generic_write_checks+0x2c0/0x400
[ 1925.618343]  __generic_file_write_iter+0x308/0x4b0
[ 1925.618708]  ? do_sendfile+0xb1d/0x1280
[ 1925.619124]  ? __x64_sys_sendfile64+0x248/0x2a0
[ 1925.619584]  generic_file_write_iter+0xe7/0x350
[ 1925.619938]  do_iter_readv_writev+0x211/0x3c0
[ 1925.620281]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1925.620653]  ? avc_policy_seqno+0xd/0x70
[ 1925.620970]  ? security_file_permission+0xb5/0xe0
[ 1925.621339]  do_iter_write+0x18b/0x700
[ 1925.621640]  ? lock_is_held_type+0xdb/0x130
[ 1925.621974]  vfs_iter_write+0x74/0xb0
[ 1925.622270]  iter_file_splice_write+0x73e/0xcb0
[ 1925.622629]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1925.623012]  ? __pfx_generic_file_splice_read+0x10/0x10
[ 1925.623404]  ? inode_security+0x105/0x140
[ 1925.623736]  ? security_file_permission+0xb5/0xe0
[ 1925.624099]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1925.624480]  direct_splice_actor+0x113/0x180
[ 1925.624813]  splice_direct_to_actor+0x33a/0x8c0
[ 1925.625170]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1925.625531]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1925.625909]  ? security_file_permission+0xb5/0xe0
[ 1925.626278]  do_splice_direct+0x1bc/0x290
[ 1925.626584]  ? __pfx_do_splice_direct+0x10/0x10
[ 1925.626938]  ? lock_is_held_type+0xdb/0x130
[ 1925.627269]  do_sendfile+0xb1d/0x1280
[ 1925.627576]  ? __pfx_do_sendfile+0x10/0x10
[ 1925.627912]  __x64_sys_sendfile64+0x248/0x2a0
[ 1925.628257]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1925.628620]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1925.629001]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1925.629380]  do_syscall_64+0x3f/0x90
[ 1925.629657]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1925.630041] RIP: 0033:0x7fb3320efb19
[ 1925.630320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1925.631586] RSP: 002b:00007fb32f644188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1925.632128] RAX: ffffffffffffffda RBX: 00007fb332203020 RCX: 00007fb3320efb19
[ 1925.632629] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 1925.633146] RBP: 00007fb32f6441d0 R08: 0000000000000000 R09: 0000000000000000
[ 1925.633654] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000001
[ 1925.634165] R13: 00007ffc5996385f R14: 00007fb32f644300 R15: 0000000000022000
[ 1925.634705]  </TASK>
23:30:44 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1925.648106] syz-executor.5: attempt to access beyond end of device
[ 1925.648106] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1925.649011] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1925.650213] syz-executor.7: attempt to access beyond end of device
[ 1925.650213] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1925.652174] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:30:44 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x800700, 0x0, 0x87ffffc)

[ 1925.694717] kworker/u4:1: attempt to access beyond end of device
[ 1925.694717] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1925.695960] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 1925.733643] loop6: detected capacity change from 0 to 40
[ 1925.762508] syz-executor.6: attempt to access beyond end of device
[ 1925.762508] loop6: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1925.763456] Buffer I/O error on dev loop6, logical block 31, lost async page write
[ 1925.766007] loop2: detected capacity change from 0 to 40
23:31:05 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 12)

23:31:05 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 8)

23:31:05 executing program 1:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
sendfile(r2, r1, 0x0, 0xfffffdef)
openat(r0, &(0x7f0000000000)='./file0\x00', 0x591000, 0x0)

23:31:05 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:31:05 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xf80000, 0x0, 0x87ffffc)

23:31:05 executing program 4:
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:31:05 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:31:05 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1946.218261] loop6: detected capacity change from 0 to 40
[ 1946.221089] loop7: detected capacity change from 0 to 40
[ 1946.235886] loop3: detected capacity change from 0 to 40
[ 1946.236091] loop2: detected capacity change from 0 to 40
[ 1946.242325] loop5: detected capacity change from 0 to 40
[ 1946.263133] FAT-fs (loop2): bogus number of FAT sectors
[ 1946.263978] FAT-fs (loop2): Can't find a valid FAT filesystem
23:31:05 executing program 4:
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:31:05 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xf80700, 0x0, 0x87ffffc)

[ 1946.449110] syz-executor.7: attempt to access beyond end of device
[ 1946.449110] loop7: rw=2049, sector=76, nr_sectors = 48 limit=40
[ 1946.453352] syz-executor.7: attempt to access beyond end of device
[ 1946.453352] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1946.454681] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:31:05 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1946.470092] kworker/u4:2: attempt to access beyond end of device
[ 1946.470092] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1946.471386] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 1946.512289] syz-executor.5: attempt to access beyond end of device
[ 1946.512289] loop5: rw=2049, sector=100, nr_sectors = 24 limit=40
[ 1946.515945] syz-executor.5: attempt to access beyond end of device
[ 1946.515945] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1946.517343] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:31:05 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:31:05 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 13)

[ 1946.627597] loop3: detected capacity change from 0 to 40
[ 1946.639561] loop2: detected capacity change from 0 to 40
[ 1946.662880] FAT-fs (loop2): bogus number of FAT sectors
[ 1946.664122] FAT-fs (loop2): Can't find a valid FAT filesystem
23:31:05 executing program 4:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:31:05 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 9)

[ 1946.735252] loop7: detected capacity change from 0 to 40
[ 1946.769795] loop4: detected capacity change from 0 to 40
23:31:05 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x1000000, 0x0, 0x87ffffc)

[ 1946.867816] kworker/u4:9: attempt to access beyond end of device
[ 1946.867816] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1946.869246] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 1946.893203] FAULT_INJECTION: forcing a failure.
[ 1946.893203] name failslab, interval 1, probability 0, space 0, times 0
[ 1946.894664] CPU: 0 PID: 9509 Comm: syz-executor.7 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1946.895660] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1946.896750] Call Trace:
[ 1946.897078]  <TASK>
[ 1946.897376]  dump_stack_lvl+0x8f/0xb7
[ 1946.897879]  should_fail_ex.cold+0x5/0xa
[ 1946.898430]  should_failslab+0x9/0x20
[ 1946.898925]  __kmem_cache_alloc_node+0x5b/0x400
[ 1946.899513]  ? iter_file_splice_write+0x169/0xcb0
[ 1946.900163]  ? iter_file_splice_write+0x169/0xcb0
[ 1946.900776]  __kmalloc+0x46/0xc0
[ 1946.901236]  iter_file_splice_write+0x169/0xcb0
[ 1946.901828]  ? generic_file_read_iter+0x330/0x550
[ 1946.902467]  ? generic_file_splice_read+0x1bc/0x4d0
[ 1946.903091]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1946.903735]  ? __pfx_generic_file_splice_read+0x10/0x10
[ 1946.904424]  ? inode_security+0x105/0x140
[ 1946.904996]  ? security_file_permission+0xb5/0xe0
[ 1946.905618]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1946.906277]  direct_splice_actor+0x113/0x180
[ 1946.906853]  splice_direct_to_actor+0x33a/0x8c0
[ 1946.907462]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1946.908113]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1946.908774]  ? security_file_permission+0xb5/0xe0
[ 1946.909402]  do_splice_direct+0x1bc/0x290
[ 1946.909937]  ? __pfx_do_splice_direct+0x10/0x10
[ 1946.910544]  ? lock_is_held_type+0xdb/0x130
[ 1946.911116]  do_sendfile+0xb1d/0x1280
[ 1946.911640]  ? __pfx_do_sendfile+0x10/0x10
[ 1946.912222]  __x64_sys_sendfile64+0x248/0x2a0
[ 1946.912828]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1946.913477]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1946.914144]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1946.914825]  do_syscall_64+0x3f/0x90
[ 1946.915329]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1946.916012] RIP: 0033:0x7f2e8887fb19
[ 1946.916502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1946.918777] RSP: 002b:00007f2e85dd4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1946.919744] RAX: ffffffffffffffda RBX: 00007f2e88993020 RCX: 00007f2e8887fb19
[ 1946.920671] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 1946.921577] RBP: 00007f2e85dd41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1946.922480] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002
[ 1946.923392] R13: 00007ffe0fca3fff R14: 00007f2e85dd4300 R15: 0000000000022000
[ 1946.924342]  </TASK>
23:31:05 executing program 4:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:31:05 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1946.943387] loop5: detected capacity change from 0 to 40
[ 1947.053553] loop3: detected capacity change from 0 to 40
[ 1947.072593] kworker/u4:9: attempt to access beyond end of device
[ 1947.072593] loop7: rw=1, sector=116, nr_sectors = 8 limit=40
[ 1947.073847] kworker/u4:9: attempt to access beyond end of device
[ 1947.073847] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1947.075014] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1947.080205] loop4: detected capacity change from 0 to 40
[ 1947.167313] syz-executor.5: attempt to access beyond end of device
[ 1947.167313] loop5: rw=2049, sector=108, nr_sectors = 16 limit=40
[ 1947.184067] syz-executor.5: attempt to access beyond end of device
[ 1947.184067] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1947.185565] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:31:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x2000000, 0x0, 0x87ffffc)

23:31:06 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x82)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x101042, 0x0)
mknodat$null(r0, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x103)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r1, &(0x7f0000000040)='./file1\x00', 0x26000, 0x188)
sendfile(r1, r0, 0x0, 0xfffffdef)
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r0, 0x80286722, &(0x7f0000000000)={&(0x7f0000000240)=""/4096, 0x1000, 0x9, 0x3})

23:31:06 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:31:06 executing program 4:
syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:31:06 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 14)

23:31:06 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1947.323295] loop6: detected capacity change from 0 to 40
[ 1947.328692] loop7: detected capacity change from 0 to 40
23:31:06 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 10)

[ 1947.427074] loop4: detected capacity change from 0 to 40
[ 1947.452326] loop3: detected capacity change from 0 to 40
[ 1947.494105] FAULT_INJECTION: forcing a failure.
[ 1947.494105] name failslab, interval 1, probability 0, space 0, times 0
[ 1947.495417] CPU: 1 PID: 9531 Comm: syz-executor.7 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1947.496127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1947.496856] Call Trace:
[ 1947.497194]  <TASK>
[ 1947.497408]  dump_stack_lvl+0x8f/0xb7
[ 1947.497765]  should_fail_ex.cold+0x5/0xa
[ 1947.498152]  should_failslab+0x9/0x20
[ 1947.498512]  __kmem_cache_alloc_node+0x5b/0x400
[ 1947.498941]  ? iter_file_splice_write+0x169/0xcb0
[ 1947.499394]  ? iter_file_splice_write+0x169/0xcb0
[ 1947.499837]  __kmalloc+0x46/0xc0
[ 1947.500161]  iter_file_splice_write+0x169/0xcb0
[ 1947.500580]  ? generic_file_read_iter+0x330/0x550
[ 1947.501035]  ? generic_file_splice_read+0x1bc/0x4d0
[ 1947.501530]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1947.501995]  ? __pfx_generic_file_splice_read+0x10/0x10
[ 1947.502476]  ? inode_security+0x105/0x140
[ 1947.502878]  ? security_file_permission+0xb5/0xe0
[ 1947.503320]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1947.503804]  direct_splice_actor+0x113/0x180
[ 1947.504250]  splice_direct_to_actor+0x33a/0x8c0
[ 1947.504680]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1947.505172]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1947.505670]  ? security_file_permission+0xb5/0xe0
[ 1947.506158]  do_splice_direct+0x1bc/0x290
[ 1947.506565]  ? __pfx_do_splice_direct+0x10/0x10
[ 1947.507039]  ? lock_is_held_type+0xdb/0x130
[ 1947.507482]  do_sendfile+0xb1d/0x1280
[ 1947.507891]  ? __pfx_do_sendfile+0x10/0x10
[ 1947.508339]  __x64_sys_sendfile64+0x248/0x2a0
[ 1947.508780]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1947.509265]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1947.509764]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1947.510269]  do_syscall_64+0x3f/0x90
[ 1947.510643]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1947.511141] RIP: 0033:0x7f2e8887fb19
[ 1947.511509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1947.513173] RSP: 002b:00007f2e85dd4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1947.513892] RAX: ffffffffffffffda RBX: 00007f2e88993020 RCX: 00007f2e8887fb19
[ 1947.514587] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 1947.515251] RBP: 00007f2e85dd41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1947.515929] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002
[ 1947.516593] R13: 00007ffe0fca3fff R14: 00007f2e85dd4300 R15: 0000000000022000
[ 1947.517275]  </TASK>
23:31:06 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x4000000, 0x0, 0x87ffffc)

[ 1947.542398] loop5: detected capacity change from 0 to 40
[ 1947.758074] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1947.784307] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:31:20 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x101042, 0x88)
rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file1\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4d042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x40, 0x3f, 0x8c, 0xf9, 0x0, 0x80, 0x400, 0xf, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x56, 0x1, @perf_bp={&(0x7f00000000c0)}, 0x1000, 0xd8, 0x9, 0x6, 0x7, 0x800, 0x0, 0x0, 0x9, 0x0, 0xc19f}, 0x0, 0x2, 0xffffffffffffffff, 0x1)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:31:20 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xff77, 0x0, 0x87ffffc)

23:31:20 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x5000000, 0x0, 0x87ffffc)

23:31:20 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1961.683872] loop2: detected capacity change from 0 to 40
[ 1961.693833] loop3: detected capacity change from 0 to 40
23:31:20 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:31:20 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 15)

23:31:20 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 11)

23:31:20 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 1961.709570] loop6: detected capacity change from 0 to 40
[ 1961.712084] loop7: detected capacity change from 0 to 40
[ 1961.714524] loop5: detected capacity change from 0 to 40
[ 1961.783435] loop4: detected capacity change from 0 to 40
23:31:20 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1961.963750] FAULT_INJECTION: forcing a failure.
[ 1961.963750] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1961.965370] CPU: 0 PID: 9567 Comm: syz-executor.7 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1961.966395] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1961.967427] Call Trace:
[ 1961.967764]  <TASK>
[ 1961.968114]  dump_stack_lvl+0x8f/0xb7
[ 1961.968756]  should_fail_ex.cold+0x5/0xa
[ 1961.969317]  prepare_alloc_pages+0x178/0x500
[ 1961.969919]  __alloc_pages+0x149/0x500
[ 1961.970446]  ? __pfx___alloc_pages+0x10/0x10
[ 1961.971037]  ? __pfx___lock_acquire+0x10/0x10
[ 1961.971636]  ? find_held_lock+0x2c/0x110
[ 1961.972219]  alloc_pages+0x1a0/0x260
[ 1961.972727]  filemap_alloc_folio+0x32a/0x410
[ 1961.973309]  ? __filemap_get_folio+0x254/0xc90
[ 1961.973897]  ? __pfx_lock_release+0x10/0x10
[ 1961.974473]  ? __pfx_filemap_alloc_folio+0x10/0x10
[ 1961.975111]  ? xas_descend+0x114/0x3e0
[ 1961.975641]  ? xas_load+0x6a/0x140
[ 1961.976143]  __filemap_get_folio+0x32c/0xc90
[ 1961.976741]  ? __pfx___filemap_get_folio+0x10/0x10
[ 1961.977389]  ? __pfx_fat_get_block+0x10/0x10
[ 1961.977982]  ? __pfx___block_write_begin_int+0x10/0x10
[ 1961.978562] bio_check_eod: 4 callbacks suppressed
[ 1961.978591] syz-executor.5: attempt to access beyond end of device
[ 1961.978591] loop5: rw=2049, sector=68, nr_sectors = 56 limit=40
[ 1961.978662]  pagecache_get_page+0x2e/0x130
[ 1961.981280]  ? __pfx_fat_get_block+0x10/0x10
[ 1961.981701] syz-executor.5: attempt to access beyond end of device
[ 1961.981701] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1961.981845]  block_write_begin+0x35/0x450
[ 1961.983385] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1961.983837]  ? lock_is_held_type+0xdb/0x130
[ 1961.985383]  cont_write_begin+0x4fe/0x700
[ 1961.985936]  ? __block_commit_write.constprop.0.isra.0+0x261/0x2c0
[ 1961.986740]  ? __pfx_fat_get_block+0x10/0x10
[ 1961.987319]  ? __pfx_cont_write_begin+0x10/0x10
[ 1961.987927]  ? block_write_end+0x53/0x220
[ 1961.988504]  fat_write_begin+0x89/0x180
[ 1961.989026]  ? __pfx_fat_get_block+0x10/0x10
[ 1961.989614]  generic_perform_write+0x25a/0x580
[ 1961.990209]  ? __pfx_generic_perform_write+0x10/0x10
[ 1961.990867]  ? __pfx_fat_update_time+0x10/0x10
[ 1961.991464]  ? __pfx_file_update_time+0x10/0x10
[ 1961.992103]  ? generic_write_checks+0x2c0/0x400
[ 1961.992721]  __generic_file_write_iter+0x308/0x4b0
[ 1961.993359]  ? do_sendfile+0xb1d/0x1280
[ 1961.993897]  ? __x64_sys_sendfile64+0x248/0x2a0
[ 1961.994509]  generic_file_write_iter+0xe7/0x350
[ 1961.995139]  do_iter_readv_writev+0x211/0x3c0
[ 1961.995734]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1961.996381]  ? avc_policy_seqno+0xd/0x70
[ 1961.996929]  ? security_file_permission+0xb5/0xe0
[ 1961.997578]  do_iter_write+0x18b/0x700
[ 1961.998104]  ? lock_is_held_type+0xdb/0x130
[ 1961.998696]  vfs_iter_write+0x74/0xb0
[ 1961.999215]  iter_file_splice_write+0x73e/0xcb0
[ 1961.999861]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1962.000513]  ? __pfx_generic_file_splice_read+0x10/0x10
[ 1962.001204]  ? inode_security+0x105/0x140
[ 1962.001774]  ? security_file_permission+0xb5/0xe0
[ 1962.002413]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1962.003090]  direct_splice_actor+0x113/0x180
[ 1962.003671]  splice_direct_to_actor+0x33a/0x8c0
[ 1962.004309]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1962.004960]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1962.005631]  ? security_file_permission+0xb5/0xe0
[ 1962.006269]  do_splice_direct+0x1bc/0x290
[ 1962.006823]  ? __pfx_do_splice_direct+0x10/0x10
[ 1962.007449]  ? lock_is_held_type+0xdb/0x130
[ 1962.008049]  do_sendfile+0xb1d/0x1280
[ 1962.008582]  ? __pfx_do_sendfile+0x10/0x10
[ 1962.009182]  __x64_sys_sendfile64+0x248/0x2a0
[ 1962.009777]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1962.010425]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1962.011084]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1962.011759]  do_syscall_64+0x3f/0x90
[ 1962.012279]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1962.012944] RIP: 0033:0x7f2e8887fb19
[ 1962.013424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1962.015643] RSP: 002b:00007f2e85dd4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1962.016604] RAX: ffffffffffffffda RBX: 00007f2e88993020 RCX: 00007f2e8887fb19
[ 1962.017487] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 1962.018368] RBP: 00007f2e85dd41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1962.019250] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002
[ 1962.020150] R13: 00007ffe0fca3fff R14: 00007f2e85dd4300 R15: 0000000000022000
[ 1962.021066]  </TASK>
23:31:20 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x10000000, 0x0, 0x87ffffc)

23:31:20 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 1962.101680] loop3: detected capacity change from 0 to 40
23:31:21 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 12)

[ 1962.186658] kworker/u4:7: attempt to access beyond end of device
[ 1962.186658] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1962.188277] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 1962.192566] loop4: detected capacity change from 0 to 40
[ 1962.202326] syz-executor.7: attempt to access beyond end of device
[ 1962.202326] loop7: rw=2049, sector=76, nr_sectors = 48 limit=40
[ 1962.204187] syz-executor.7: attempt to access beyond end of device
[ 1962.204187] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1962.206081] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1962.236379] loop5: detected capacity change from 0 to 40
[ 1962.419016] FAULT_INJECTION: forcing a failure.
[ 1962.419016] name failslab, interval 1, probability 0, space 0, times 0
[ 1962.421118] CPU: 0 PID: 9583 Comm: syz-executor.5 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1962.422191] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1962.423178] Call Trace:
[ 1962.423508]  <TASK>
[ 1962.423810]  dump_stack_lvl+0x8f/0xb7
[ 1962.424322]  should_fail_ex.cold+0x5/0xa
[ 1962.424864]  ? fat_cache_add.part.0+0x5b4/0xb50
[ 1962.425459]  should_failslab+0x9/0x20
[ 1962.425961]  kmem_cache_alloc+0x5a/0x410
[ 1962.426500]  fat_cache_add.part.0+0x5b4/0xb50
[ 1962.427106]  fat_get_cluster+0x922/0xd40
[ 1962.427660]  ? __pfx_fat_get_cluster+0x10/0x10
[ 1962.428297]  ? fat_cache_inval_inode+0x1c7/0x290
[ 1962.428938]  fat_free.isra.0+0x393/0x940
[ 1962.429502]  ? __pfx_fat_free.isra.0+0x10/0x10
[ 1962.430147]  ? unmap_mapping_range+0x109/0x280
[ 1962.430727]  ? __pfx_unmap_mapping_range+0x10/0x10
[ 1962.431379]  ? __pfx_unmap_mapping_range+0x10/0x10
[ 1962.432041]  fat_truncate_blocks+0x126/0x1a0
[ 1962.432623]  fat_write_begin+0x13b/0x180
[ 1962.433169]  generic_perform_write+0x25a/0x580
[ 1962.433807]  ? __pfx_generic_perform_write+0x10/0x10
[ 1962.434476]  ? __pfx_fat_update_time+0x10/0x10
[ 1962.435091]  ? __pfx_file_update_time+0x10/0x10
[ 1962.435733]  ? generic_write_checks+0x2c0/0x400
[ 1962.436386]  __generic_file_write_iter+0x308/0x4b0
[ 1962.437041]  ? do_sendfile+0xb1d/0x1280
[ 1962.437589]  ? __x64_sys_sendfile64+0x248/0x2a0
[ 1962.438223]  generic_file_write_iter+0xe7/0x350
[ 1962.438865]  do_iter_readv_writev+0x211/0x3c0
[ 1962.439474]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1962.440139]  ? avc_policy_seqno+0xd/0x70
[ 1962.440706]  ? security_file_permission+0xb5/0xe0
[ 1962.441367]  do_iter_write+0x18b/0x700
[ 1962.441915]  ? lock_is_held_type+0xdb/0x130
[ 1962.442513]  vfs_iter_write+0x74/0xb0
[ 1962.443048]  iter_file_splice_write+0x73e/0xcb0
[ 1962.443705]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1962.444400]  ? __pfx_generic_file_splice_read+0x10/0x10
[ 1962.445105]  ? inode_security+0x105/0x140
[ 1962.445662]  ? security_file_permission+0xb5/0xe0
[ 1962.446291]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1962.446951]  direct_splice_actor+0x113/0x180
[ 1962.447522]  splice_direct_to_actor+0x33a/0x8c0
[ 1962.448140]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1962.448778]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1962.449424]  ? security_file_permission+0xb5/0xe0
[ 1962.450060]  do_splice_direct+0x1bc/0x290
[ 1962.450594]  ? __pfx_do_splice_direct+0x10/0x10
[ 1962.451215]  ? lock_is_held_type+0xdb/0x130
[ 1962.451788]  do_sendfile+0xb1d/0x1280
[ 1962.452333]  ? __pfx_do_sendfile+0x10/0x10
[ 1962.452911]  __x64_sys_sendfile64+0x248/0x2a0
[ 1962.453481]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 1962.454123]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1962.454785]  ? syscall_enter_from_user_mode+0x21/0x50
[ 1962.455475]  do_syscall_64+0x3f/0x90
[ 1962.455996]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1962.456675] RIP: 0033:0x7fb3320efb19
[ 1962.457177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1962.459427] RSP: 002b:00007fb32f644188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1962.460375] RAX: ffffffffffffffda RBX: 00007fb332203020 RCX: 00007fb3320efb19
[ 1962.461287] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 1962.462185] RBP: 00007fb32f6441d0 R08: 0000000000000000 R09: 0000000000000000
[ 1962.463095] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002
[ 1962.464010] R13: 00007ffc5996385f R14: 00007fb32f644300 R15: 0000000000022000
[ 1962.464946]  </TASK>
[ 1962.558094] syz-executor.5: attempt to access beyond end of device
[ 1962.558094] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1962.559691] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:31:35 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xff77, 0x0, 0x87ffffc)

23:31:35 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 16)

23:31:35 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x0, 0x40)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:31:35 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 13)

23:31:35 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x12000000, 0x0, 0x87ffffc)

23:31:35 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:31:35 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:31:35 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1976.510294] loop5: detected capacity change from 0 to 40
[ 1976.513980] loop3: detected capacity change from 0 to 40
[ 1976.516607] loop2: detected capacity change from 0 to 40
[ 1976.538215] loop7: detected capacity change from 0 to 40
[ 1976.552119] loop4: detected capacity change from 0 to 40
[ 1976.555111] loop6: detected capacity change from 0 to 40
23:31:35 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x21030000, 0x0, 0x87ffffc)

[ 1976.621805] syz-executor.5: attempt to access beyond end of device
[ 1976.621805] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1976.622836] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:31:35 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1976.677847] loop3: detected capacity change from 0 to 40
23:31:35 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 14)

23:31:35 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xff77, 0x0, 0x87ffffc)

[ 1976.700621] kworker/u4:9: attempt to access beyond end of device
[ 1976.700621] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1976.702353] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:31:35 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xf4ffffff, 0x0, 0x87ffffc)

[ 1976.766321] loop5: detected capacity change from 0 to 40
[ 1976.775655] loop2: detected capacity change from 0 to 40
23:31:35 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1976.806585] syz-executor.7: attempt to access beyond end of device
[ 1976.806585] loop7: rw=2049, sector=84, nr_sectors = 40 limit=40
[ 1976.825847] syz-executor.7: attempt to access beyond end of device
[ 1976.825847] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1976.827814] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 1976.957582] loop3: detected capacity change from 0 to 40
[ 1977.029873] syz-executor.5: attempt to access beyond end of device
[ 1977.029873] loop5: rw=2049, sector=92, nr_sectors = 32 limit=40
[ 1977.047153] syz-executor.5: attempt to access beyond end of device
[ 1977.047153] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1977.049021] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1977.143649] kworker/u4:3: attempt to access beyond end of device
[ 1977.143649] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 1977.145218] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:31:48 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 17)

23:31:48 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:31:48 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r1, 0x0, 0x1, &(0x7f0000000000)=0xfffffff9, 0x4)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:31:48 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:31:48 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:31:48 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 1)

23:31:48 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 15)

23:31:48 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xfbffffff, 0x0, 0x87ffffc)

[ 1989.694201] loop6: detected capacity change from 0 to 40
[ 1989.696819] loop7: detected capacity change from 0 to 40
[ 1989.704719] loop3: detected capacity change from 0 to 40
[ 1989.743449] loop2: detected capacity change from 0 to 40
[ 1989.753038] loop5: detected capacity change from 0 to 40
23:31:48 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 1989.799861] FAULT_INJECTION: forcing a failure.
[ 1989.799861] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1989.801777] CPU: 1 PID: 9654 Comm: syz-executor.2 Not tainted 6.1.0-rc8-next-20221208 #1
[ 1989.802846] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1989.804113] Call Trace:
[ 1989.804504]  <TASK>
[ 1989.804877]  dump_stack_lvl+0x8f/0xb7
[ 1989.805416]  should_fail_ex.cold+0x5/0xa
[ 1989.806013]  prepare_alloc_pages+0x178/0x500
[ 1989.806630]  __alloc_pages+0x149/0x500
[ 1989.807173]  ? __pfx___alloc_pages+0x10/0x10
[ 1989.807778]  ? __pfx___lock_acquire+0x10/0x10
[ 1989.808440]  alloc_pages+0x1a0/0x260
[ 1989.808968]  filemap_alloc_folio+0x32a/0x410
[ 1989.809570]  ? __filemap_get_folio+0x254/0xc90
[ 1989.810190]  ? __pfx_lock_release+0x10/0x10
[ 1989.810788]  ? __pfx_filemap_alloc_folio+0x10/0x10
[ 1989.811439]  ? xas_start+0x157/0x6a0
[ 1989.811954]  ? xas_load+0x6a/0x140
[ 1989.812472]  __filemap_get_folio+0x32c/0xc90
[ 1989.813077]  ? __pfx___filemap_get_folio+0x10/0x10
[ 1989.813745]  ? register_lock_class+0xbd/0x1890
[ 1989.814384]  pagecache_get_page+0x2e/0x130
[ 1989.814955]  ? __pfx_fat_get_block+0x10/0x10
[ 1989.815551]  block_write_begin+0x35/0x450
[ 1989.816121]  cont_write_begin+0x4fe/0x700
[ 1989.816681]  ? __pfx_fat_get_block+0x10/0x10
[ 1989.817280]  ? __pfx_cont_write_begin+0x10/0x10
[ 1989.817903]  ? __pfx_mark_lock.part.0+0x10/0x10
[ 1989.818539]  ? __lock_acquire+0x164d/0x5e70
[ 1989.819125]  fat_write_begin+0x89/0x180
[ 1989.819651]  ? __pfx_fat_get_block+0x10/0x10
[ 1989.820254]  cont_write_begin+0x2fc/0x700
[ 1989.820816]  ? __pfx_fat_get_block+0x10/0x10
[ 1989.821415]  ? __pfx_cont_write_begin+0x10/0x10
[ 1989.822056]  ? lock_acquire+0x1b6/0x530
[ 1989.822613]  fat_write_begin+0x89/0x180
[ 1989.823143]  ? __pfx_fat_get_block+0x10/0x10
[ 1989.823750]  generic_cont_expand_simple+0x11c/0x200
[ 1989.824453]  ? __pfx_generic_cont_expand_simple+0x10/0x10
[ 1989.825186]  ? down_write+0x157/0x220
[ 1989.825699]  ? __pfx_down_write+0x10/0x10
[ 1989.826255]  fat_cont_expand+0x66/0x240
[ 1989.826820]  fat_fallocate+0x182/0x320
[ 1989.827359]  ? __pfx_fat_fallocate+0x10/0x10
[ 1989.827966]  vfs_fallocate+0x48d/0xe00
[ 1989.828507]  __x64_sys_fallocate+0xd3/0x140
[ 1989.829078]  do_syscall_64+0x3f/0x90
[ 1989.829596]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 1989.830284] RIP: 0033:0x7fbb3612ab19
[ 1989.830770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1989.833075] RSP: 002b:00007fbb336a0188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 1989.834074] RAX: ffffffffffffffda RBX: 00007fbb3623df60 RCX: 00007fbb3612ab19
[ 1989.835004] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 1989.835917] RBP: 00007fbb336a01d0 R08: 0000000000000000 R09: 0000000000000000
[ 1989.836857] R10: 00000000087ffffc R11: 0000000000000246 R12: 0000000000000001
[ 1989.837788] R13: 00007fffd513a5af R14: 00007fbb336a0300 R15: 0000000000022000
[ 1989.838745]  </TASK>
[ 1989.895228] loop3: detected capacity change from 0 to 40
[ 1989.939652] syz-executor.5: attempt to access beyond end of device
[ 1989.939652] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1989.940797] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 1989.957278] syz-executor.7: attempt to access beyond end of device
[ 1989.957278] loop7: rw=2049, sector=68, nr_sectors = 56 limit=40
[ 1989.959534] syz-executor.7: attempt to access beyond end of device
[ 1989.959534] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 1989.961260] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:32:02 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 2)

23:32:02 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x5000940b, &(0x7f0000000240)={{r2}, "c437e63867269b25dbd9697142ffc92f35cb922379281fae22d486e55092784de09d5b2983b6e5cb1cc5cc9babdb72747fbbd619db40333cb69ad6271de7d912b0540318a350acea25ae10d5c4d245d85043eb4b0751e6ada31d5af91cc078bb21d9a501fd20f054d3cc97e7711b8a9eb996adbd8c438d37acdc31879e49ebe3609ae988a77d04d9efdd19c434b02a1718cdb3aa92006e2f827b0d0cfd5ee3eaa37279027acedc011275fe957a1dd46520cf07ec835119b3c910e2a7a519efd2243949e2af816b621d7d405cd21f66b7c05458d539fe8e4b31db89d58b34bf0ccf0542fd3ef04f5a25803aacd2ea328b7dd02607738045f524676e5e0b77c79d5be4667c2664733b8a2940107a8b684cb9a1456343889a52f97c44e72bfb53a7c1ddc63275652384f1be4ba977f00f382fa8b37e8d40c12d4356733b5a6fc50981a27a26f7e159c1d9198d2b034f35af6cc29934d1a9a569755ee9b6664ad28c046ca2b6bfb74c640c3fb5d63a0cf11f33e1edc05894fd47e25837a866b22fa20da20e33a0a6b47b6cad1d7759e0d189c24827c2718e07a3a03940f083e48a7ba4a9f778d534e75efbb52002ca0facccb8c4fde2da8554ada22391cee64094244e54a87c51826a9bd19ca153e8ae8198de802a46b446e3ca979ece41ac78d34a6945ec818c792e25fa687502e785b159b1328a0379bc36d821b62c58d96243bf9c9e079fe9733491114f48e6e7fd804326dfcaaa9796ea082970b17fab90354303812332c5171ad7da7b38a4725f3fc014d17d1e47044d5527519fbe84bd1f441db39820bbf354e4fe9e8a00e6a2e765fd797e3bbb8ea46ec15543dc97cb83f9e653fb015a6cce8042dfd02bb62f79085897901cdede666e3893250568b359d1bd8e0b71773d60190caff3e383d926ae5de4bce973d4e26b1543d43a5e33f381dec661cb121d792c52b10e05c3c8bcdbbe8ff5ffcabbe28b7c56ae3cc242cacda55ec6fb03cada287a390b02e970df4dbbfb1235bfdfba177803233f9dd492e132c708d1c3b81fd3a8b06202f1d78fec181def7f81faa8b0a008747261cb6f54cc2b3404d255be484e1f4ca675adc7648ea48b8af00227fea2f4f6ed00d7cfa57d6fc17a2b02f808866acd839f1247f6985c565d3154634bb36451c3d9326b0ec557cebb0f965e73d661fd72a8b7489d1544bb0ba100e9784b6cfd9677ad40424a64f5a49f2eca2f980165be68ff173c9b2cb73e89f5bfc7fd87c7fb2709d63be51ec905810263572c843d9cf578ec8979700c98b1396ba37080eb4e5249e2a851d80ab4cacd95bc84a36fd88994e2604477fa3275b787ef8b3c68754f9555c1486045b4b7161feeca312ce949b462feaf931f1e900111bc80b1e172b51812edf0c92fb3db735a27c4957a7d206f5d552a5a8a7960ca5cc00ce8a1e6e67c5233951095c4b36958a466c00a3f810d972719ca0d0e8a2603606ce0ed32e709d216b83720dd0d5b9df99a4348de9c826fae25a7b676c00fcd8fa654ab79fc725db13b84dde2d65f795db4286638488a8c1d41505a4778456f7f2a02bad7d4ec76e53b1ce4a57fd692fac79353e593f8f16622150e8c3a8a37f3a04981114f9e431bbdbf5e7c56a4cd9a43352c395a66caeb0c633c1009cf588ba9cc42c15915bd0a3d1291c88c051d6941fb81d1f13aaee021cf13c6426f3c5611c78006a30d8ec9b33f79559f4338cace5b671fa4c99dad58d87d24931d845881ef36959da2851f8cbb04975cf01b1e6c7495644bdcc670d1adb2a387bedf6f6b99cfd9b014f03b1b8c269c97daf7af721bee64afa35710c38a0f5f8095f4d4fa14fdcd824cdb3c86dfc611d9644f7d9a78e2d7a3c7568d12cb6ce0bcc77315fcbe83e5b22e64a2762e797a2fe0e2754009569d508b5f75ce2b035fdd7f101965289ac704b8df584875542c9d378ebe9f76a82f859c500589c7a6d5a7a7d434eebe8154bc639e6ed6e48f3a8f3393bd5d6dcd20249694db77141c8fd0b9ef80fe94f8056bc6759042da1f4ba668432eeda73eeb78a2b2d24ef91e33c8767e69d63f91f97f317df9451773b3f40c9fd5587686e805ba4929f66a7e024b5f0a355295578e287b0483cc21deff26f675b1ddbe8c2c0e892cff909954b6d0c7938b9f57c2e7ad2e851748dc617d701d7a6313da71596e937435b316be9b541fc983ebda903efa04649f71093fc675a084bf0527fe4681e44a8bd0a5fe5612eb21d02f7bea98efb6b44757417e485417ef38aa773ba45410848efd00a7da458ca0ee5ee2f03d19a2bff48564f0b7c8352376d96f671cd59bdff8235684df53a197fa9e8da98f3858b2083daaa4b33045a06e78369d1ed62c12c3168d5a4f495cc33a1108e6c9938148d06055f7f3ef4a16a3a965cd4190f7e4b6e09d22979116e76e30a77e13d7ef88eeef339e9d095b7146fd2a2425f270979f0e53a3ae3d2c003f1fd988d58648d607e854e7d4a618fa4d6a7eceb2f5f26610e70931e7ce7f821f7d2080e541cb936a112261e0bbee31d5862128b4215c0ea6e75ba3a4edad748c2b93e01566fc5d27742c6c5ede8ce998de53f9350798b1bc78ee2ed2e4faf805ae3cbc9be90704d746d43c5b462d0a8e45c4e03674b62686f409e5060733875ad17a51ebb8454c9f1a249d3fb43c3c120a4c469fe171b3827f95c4704dbd091e8bd73ce969b0d866d8e9675e44a31e317281644c568fe6c5d3a98a607ba45b9d2cfb1c4f4d3acf88f18f0789302bd2034368a53755f2f717fb64b4d47200637ccc442dd1f96f502c2c35cabfcf1fd487e4d8d603af27f412b595084544dd8f5f047f7ee18990de6e839e8e33e1d1e95dacedf9ac6c1b244e1b04e3b78d9699f9e163843a796b82a9eb0655d85012ad6fc6bc0bf988f39ee26330552a573a570814181aa7e59f5653bd5a0f97b18c82cd03b17ce5d0b0255391f32fb7bee9c23c2e36e222b10c1c7ede56ed55c95aabd5c43a68cb25150694709a8b0d23d9b8a9e508ab8e64f9cd6f635687562382969a3443d4bf7f2c7a00b5d9c0f25e7ec028ed9b8a41a34610258cbe5c3910d17c0f45891dbeceb33ca80bd73f794966734ead5d1953030bd63d0652f2de786adc0614689f7160d1c9cc8999694d16d01a30e633a6bfd915e67d7beb1c7c0996773dec3460026cd9677383b1141e60671a72148e680f5b623032bc5949388be54c0896a19d550d9b54f5fbdeedd890a40bfb6692b68c2eb5eb85a313f8d301a43a435eafa514325d2163460d9ee6ee3780dd1645cfe3e811e18d1501ce5e85c8805433393d0d187c3f65a761094cc4b1cba2a78b87032ea6b70ea778c7d6d0b8362dbbfde8d714181c03870f3ebcd44b7929f64520a997b87f18b6d27b47fb55af3eca0ebccdea72a0b5cb06fa7403980ec12d15583bbbdc53ef2d21389e7f48179e7be6d091d955028913ba90413409d72b4c022506c5d28b837d483286a654f4b9128d938e092991cb47eb58f911ffc5ae81655458b6ad71e4f127d81e8a52e3257d2dd388308d9865123f5c693a13b40214291ecab3443f405ceb1059c17f988df379dbbf9e412704db46bac5dce7827904b3f1eb8fdc24458403681e0462a84f640bc90c7f25cce6e958e76ad3652007878b819e83828a4e9811cc6d06c2bf65b6ec487e0bdd2396231d47133c152884d3b21ac69df7ebc3033595eb1dad0f778fa037f31e52f4d3138b30556c6ab118903f37614397c10709dce78ecf81ba40e5013ea99c359be3480cfcd381525dc457e5b5a16d41c55e10da9eac0186651173a9fa28ebe12fe5e25dd9f688418545d55d08829ef6d3e0df010f5a9bdfdf9c66b4ce4a1ccc67fb1d085656605ffdd9c1be1cf788d799f521ce427b7ca899f9f15524d38431ae26bdb11a379d4a7ad0c0076e76ce41b224246f796c3ab623fa8c32e7ec7df0ed4b179c6459bf35cd46ea0dcddeca757e2e56ce253230b9ed97e1a42452bd59a9aedfee507eee1f938f830bcba32165a248d205d5f1004aa30c3be88eed78ebf50d00ad2f2dd42035d3f31ffca4e13b0fdff06d56d3f8881dbf2671072862f1ece6a1f00d259029a9750a462d65a909d798e60b5e32faa7ad0fc8355469be64fa0815a8c3d6c64f5ed185b4e427ba7ec3b0e4166a829b01a791fd94f2cd1eaca66cc01926625ecc280c9cfaac29cfa2efd75daa33a9aebe6e4042be351d9abaf95af01dbee4a51408d5e1875d65039ce51ecd994f51ab0f9ec8e77d8c066a298d64fb1c4345148a69c70e4a90e0b0d721db48f6509980b4e9f5b7919948cbd1cac6deb5b0ad7612e16ffdb139acbf09736a944a220baeb3eee0d47e9bd7085c40c51aafc83631f5676ffc35fcdbff2e3d9ad6b70cdad0d24410bc5693fb31b9cbb5882e6f0f05b54db73559b24232b82b52f81006f0ad6dae294dcede9ae60940eb26aa3233ba7b012272175d9705863770ea0a0f128838780d81d452ad8b75f0c1f0ce7631971bae359b49d4d8ec49b39319e215c99985b415bdce33f005dd14e7ce2c2aa798c3867b43185b90c4096fa9a25504440f6d44b7add4eecb7bc47502638e00a01460d7ff807a2078b55bc20337d8ab8d656055eed71f30fa9b9e7f2d2aca6cd1a409d3f5ae9d1ef94830879d3e9ac845cb799cdd7109737cc1dfbc043822ecd8db05fabe53c013373e9fb2aac8ee0f4b8d55ae4823cbfc557926049173eaa0826bab8caf9ff07624aea15262945c2b44decbef58c42109800dad55fb4bf0efaa244ba204172acc613de3def024029baac528afd9ea1d4630321f0343ef5d6ac5267bb398361aada910653797ba4cdd62eca712e3c697691af0ae35165f3a88fd311bc8fb184c7874122dbec2c7c5bf777c3b27e91d2a364dc3e156b340490fe9eace59a834ba73152b14bd045425ff222fb682adec4a41be82b0f0119ab07b946eb9e24efddb3a97d4535c5c0ec1c0fa47c16f9f35d4e3dfddb064d8abfaae71ddc431daa3bc46ea785e4f6444954d08d34c9ad18aa06a3da6ee9d48b665fc2611f48639d81e32421eb1b71aaf6ccb9b974a453c7c89ddadf238faa2c786d2b460962a8fcf8130fff25e45d22ac23b4c920974742d2bf7e04d3b054d7ed8a23fcf4892fda35502b9582e899ef19c8a6f5e0d405a95b173983208aabca5d5af11bca798ad8b23ca0639a58a988e11691878145b8817d1f1b506512b514682830f5853160f19c27369482e490bce6b1559d0752b8451ac48a92ddee346f136d4c52cc9f25d43d06c6905ef344fc44639bd5799f7a6771255591e6c00e4af8658b99d31d8f5c449e14645b921da1ba9c203cde6c664225088c50dc4154d2a84f35815f5f60be80aaccf2891437ebac1c447f692d9efa8d7ac4bc88d451d906e3ce6cb59c7ddeae6312f461697409ebbaa0c9355ab330dc6e9ae0694b41aa9af0cdffb6e4ac6b69c019308b53b317a73143814b58402aeff7ccc9e728c6f9d9794e05565fe22114c253f11d5d843e7461d6db96b25040716d1c4991432c2c0dd74667559cc941aa8e8b138e4b272abb4213d666befbc788879432c3e36fd822e94d4c405c4fb788df6a05658b3c0ae72c762da47acdb31224280179d2995fcbe163aa4727943ae1e0e868d0bcf08488ce19aeddca3dd7b8a019e88093223ad2e0c5f380b322dc024bc65bf5603bb308de94561b0159e8d2e64d2f47ad08015a4a7f41e95e2dfb19bc49bf3cb87dc12eafc70933ddf14351f5770b17e4584c7caabaf16503a0e"})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:32:02 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:32:02 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:32:02 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 18)

23:32:02 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 16)

23:32:02 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:32:02 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xfeffffff, 0x0, 0x87ffffc)

[ 2003.267221] loop7: detected capacity change from 0 to 40
23:32:02 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2003.285477] loop6: detected capacity change from 0 to 40
[ 2003.291165] loop3: detected capacity change from 0 to 40
[ 2003.300890] loop2: detected capacity change from 0 to 40
[ 2003.305206] loop5: detected capacity change from 0 to 40
[ 2003.362490] syz-executor.7: attempt to access beyond end of device
[ 2003.362490] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2003.363494] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:32:02 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

23:32:02 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 19)

[ 2003.493225] loop3: detected capacity change from 0 to 40
23:32:02 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xff770000, 0x0, 0x87ffffc)

23:32:02 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2003.532554] syz-executor.5: attempt to access beyond end of device
[ 2003.532554] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2003.534326] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:32:02 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 3)

[ 2003.560544] kworker/u4:2: attempt to access beyond end of device
[ 2003.560544] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2003.562442] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:32:02 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 17)

23:32:02 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)

[ 2003.637654] loop7: detected capacity change from 0 to 40
[ 2003.663121] FAT-fs (loop4): bogus number of reserved sectors
[ 2003.663571] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2003.695212] loop2: detected capacity change from 0 to 40
23:32:02 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xff7f0000, 0x0, 0x87ffffc)

[ 2003.772821] loop3: detected capacity change from 0 to 40
[ 2003.785844] loop5: detected capacity change from 0 to 40
[ 2003.806043] syz-executor.7: attempt to access beyond end of device
[ 2003.806043] loop7: rw=2049, sector=108, nr_sectors = 16 limit=40
[ 2003.825553] syz-executor.7: attempt to access beyond end of device
[ 2003.825553] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2003.827183] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2003.887292] kworker/u4:2: attempt to access beyond end of device
[ 2003.887292] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2003.888951] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 2004.027868] syz-executor.5: attempt to access beyond end of device
[ 2004.027868] loop5: rw=2049, sector=68, nr_sectors = 56 limit=40
[ 2004.034004] syz-executor.5: attempt to access beyond end of device
[ 2004.034004] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2004.034955] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:32:17 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 18)

23:32:17 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:32:17 executing program 1:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x2000, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r4, 0x0, 0x0, 0x87ffffc)
sendfile(r2, r1, 0x0, 0xfffffdef)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2002, 0x0)
ftruncate(r0, 0x1)
close(r3)

23:32:17 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:32:17 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 4)

23:32:17 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 20)

23:32:17 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

23:32:17 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xfffffff4, 0x0, 0x87ffffc)

[ 2018.248577] loop5: detected capacity change from 0 to 40
[ 2018.276865] loop7: detected capacity change from 0 to 40
[ 2018.280073] loop3: detected capacity change from 0 to 40
[ 2018.283693] loop2: detected capacity change from 0 to 40
[ 2018.293685] FAT-fs (loop4): bogus number of reserved sectors
[ 2018.294843] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2018.300740] loop6: detected capacity change from 0 to 40
23:32:17 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

23:32:17 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2018.528396] syz-executor.5: attempt to access beyond end of device
[ 2018.528396] loop5: rw=2049, sector=76, nr_sectors = 48 limit=40
[ 2018.533451] FAULT_INJECTION: forcing a failure.
[ 2018.533451] name failslab, interval 1, probability 0, space 0, times 0
[ 2018.534559] syz-executor.5: attempt to access beyond end of device
[ 2018.534559] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2018.535084] CPU: 0 PID: 9737 Comm: syz-executor.7 Not tainted 6.1.0-rc8-next-20221208 #1
[ 2018.536473] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 2018.537398] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2018.537418] Call Trace:
[ 2018.537427]  <TASK>
[ 2018.537438]  dump_stack_lvl+0x8f/0xb7
[ 2018.540585]  should_fail_ex.cold+0x5/0xa
[ 2018.541155]  ? fat_cache_add.part.0+0x5b4/0xb50
[ 2018.541776]  should_failslab+0x9/0x20
[ 2018.542291]  kmem_cache_alloc+0x5a/0x410
[ 2018.542845]  fat_cache_add.part.0+0x5b4/0xb50
[ 2018.543466]  fat_get_cluster+0x922/0xd40
[ 2018.544037]  ? __pfx_fat_get_cluster+0x10/0x10
[ 2018.544644]  ? fat_cache_inval_inode+0x1c7/0x290
[ 2018.545289]  fat_free.isra.0+0x393/0x940
[ 2018.545829]  ? __pfx_fat_free.isra.0+0x10/0x10
[ 2018.546433]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 2018.547117]  ? lockdep_hardirqs_on+0x7d/0x100
[ 2018.547702]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 2018.548408]  fat_truncate_blocks+0x126/0x1a0
[ 2018.548986]  fat_write_begin+0x13b/0x180
[ 2018.549517]  generic_perform_write+0x25a/0x580
[ 2018.550122]  ? __pfx_generic_perform_write+0x10/0x10
[ 2018.550763]  ? __pfx_fat_update_time+0x10/0x10
[ 2018.551357]  ? __pfx_file_update_time+0x10/0x10
[ 2018.551972]  ? generic_write_checks+0x2c0/0x400
[ 2018.552585]  __generic_file_write_iter+0x308/0x4b0
[ 2018.553225]  ? do_sendfile+0xb1d/0x1280
[ 2018.553741]  ? __x64_sys_sendfile64+0x248/0x2a0
[ 2018.554345]  generic_file_write_iter+0xe7/0x350
[ 2018.554961]  do_iter_readv_writev+0x211/0x3c0
[ 2018.555550]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 2018.556192]  ? avc_policy_seqno+0xd/0x70
[ 2018.556755]  ? security_file_permission+0xb5/0xe0
[ 2018.557403]  do_iter_write+0x18b/0x700
[ 2018.557924]  ? lock_is_held_type+0xdb/0x130
[ 2018.558508]  vfs_iter_write+0x74/0xb0
[ 2018.559022]  iter_file_splice_write+0x73e/0xcb0
[ 2018.559645]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 2018.560314]  ? __pfx_generic_file_splice_read+0x10/0x10
[ 2018.561006]  ? inode_security+0x105/0x140
[ 2018.561564]  ? security_file_permission+0xb5/0xe0
[ 2018.562200]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 2018.562867]  direct_splice_actor+0x113/0x180
[ 2018.563441]  splice_direct_to_actor+0x33a/0x8c0
[ 2018.564060]  ? __pfx_direct_splice_actor+0x10/0x10
[ 2018.564719]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 2018.565384]  ? security_file_permission+0xb5/0xe0
[ 2018.566022]  do_splice_direct+0x1bc/0x290
[ 2018.566562]  ? __pfx_do_splice_direct+0x10/0x10
[ 2018.567177]  ? lock_is_held_type+0xdb/0x130
[ 2018.567763]  do_sendfile+0xb1d/0x1280
[ 2018.568301]  ? __pfx_do_sendfile+0x10/0x10
[ 2018.568897]  __x64_sys_sendfile64+0x248/0x2a0
[ 2018.569484]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 2018.570133]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2018.570796]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2018.571471]  do_syscall_64+0x3f/0x90
[ 2018.571970]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2018.572624] RIP: 0033:0x7f2e8887fb19
[ 2018.573114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2018.575303] RSP: 002b:00007f2e85dd4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2018.576237] RAX: ffffffffffffffda RBX: 00007f2e88993020 RCX: 00007f2e8887fb19
[ 2018.577125] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 2018.577993] RBP: 00007f2e85dd41d0 R08: 0000000000000000 R09: 0000000000000000
[ 2018.578878] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002
23:32:17 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xfffffffb, 0x0, 0x87ffffc)

[ 2018.579750] R13: 00007ffe0fca3fff R14: 00007f2e85dd4300 R15: 0000000000022000
[ 2018.580867]  </TASK>
[ 2018.658200] loop3: detected capacity change from 0 to 40
23:32:17 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 19)

23:32:17 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 5)

[ 2018.716625] kworker/u4:5: attempt to access beyond end of device
[ 2018.716625] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2018.718615] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 2018.730001] FAT-fs (loop4): bogus number of reserved sectors
[ 2018.730782] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2018.731718] syz-executor.7: attempt to access beyond end of device
[ 2018.731718] loop7: rw=2049, sector=84, nr_sectors = 40 limit=40
[ 2018.735334] syz-executor.7: attempt to access beyond end of device
[ 2018.735334] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2018.737168] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2018.786793] kworker/u4:5: attempt to access beyond end of device
[ 2018.786793] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2018.788633] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:32:17 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:32:17 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 21)

23:32:17 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)

[ 2018.891731] loop5: detected capacity change from 0 to 40
[ 2018.900727] loop2: detected capacity change from 0 to 40
23:32:17 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2018.970099] loop6: detected capacity change from 0 to 40
[ 2018.974254] loop7: detected capacity change from 0 to 40
23:32:17 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xfffffffe, 0x0, 0x87ffffc)

[ 2019.059623] loop3: detected capacity change from 0 to 40
[ 2019.132589] syz-executor.5: attempt to access beyond end of device
[ 2019.132589] loop5: rw=2049, sector=68, nr_sectors = 56 limit=40
[ 2019.139677] syz-executor.7: attempt to access beyond end of device
[ 2019.139677] loop7: rw=2049, sector=108, nr_sectors = 16 limit=40
[ 2019.144716] syz-executor.7: attempt to access beyond end of device
[ 2019.144716] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2019.146364] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2019.148182] syz-executor.5: attempt to access beyond end of device
[ 2019.148182] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2019.149831] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 2019.152212] FAT-fs (loop4): bogus number of reserved sectors
[ 2019.153327] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2019.332273] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 2019.391385] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:32:31 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 20)

23:32:31 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 22)

23:32:31 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x0)

23:32:31 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:32:31 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2032.691452] loop3: detected capacity change from 0 to 40
[ 2032.714281] loop7: detected capacity change from 0 to 40
[ 2032.724838] loop6: detected capacity change from 0 to 40
[ 2032.735645] loop2: detected capacity change from 0 to 40
23:32:31 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 6)

23:32:31 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x8000000000000, 0x0, 0x87ffffc)

23:32:31 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000000)='./file1\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
ioctl$AUTOFS_IOC_CATATONIC(r2, 0x9362, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2032.757254] FAT-fs (loop4): bogus number of reserved sectors
[ 2032.757672] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2032.764133] loop5: detected capacity change from 0 to 40
23:32:31 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x0)

23:32:31 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x78000000000000, 0x0, 0x87ffffc)

[ 2032.949866] loop3: detected capacity change from 0 to 40
[ 2032.959553] bio_check_eod: 2 callbacks suppressed
[ 2032.959576] syz-executor.7: attempt to access beyond end of device
[ 2032.959576] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2032.962140] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2032.983404] FAULT_INJECTION: forcing a failure.
[ 2032.983404] name failslab, interval 1, probability 0, space 0, times 0
[ 2032.985065] CPU: 1 PID: 9795 Comm: syz-executor.5 Not tainted 6.1.0-rc8-next-20221208 #1
[ 2032.986204] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2032.987341] Call Trace:
[ 2032.987717]  <TASK>
[ 2032.988053]  dump_stack_lvl+0x8f/0xb7
[ 2032.988629]  should_fail_ex.cold+0x5/0xa
[ 2032.989251]  ? fat_cache_add.part.0+0x5b4/0xb50
[ 2032.989936]  should_failslab+0x9/0x20
[ 2032.990510]  kmem_cache_alloc+0x5a/0x410
[ 2032.991122]  fat_cache_add.part.0+0x5b4/0xb50
[ 2032.991811]  fat_get_cluster+0x922/0xd40
[ 2032.992440]  ? __pfx_fat_get_cluster+0x10/0x10
[ 2032.993155]  ? fat_cache_inval_inode+0x1c7/0x290
[ 2032.993875]  fat_free.isra.0+0x393/0x940
[ 2032.994503]  ? __pfx_fat_free.isra.0+0x10/0x10
[ 2032.995211]  ? unmap_mapping_range+0x109/0x280
[ 2032.995888]  ? __pfx_unmap_mapping_range+0x10/0x10
[ 2032.996606]  ? __pfx_unmap_mapping_range+0x10/0x10
[ 2032.997357]  fat_truncate_blocks+0x126/0x1a0
[ 2032.998016]  fat_write_begin+0x13b/0x180
[ 2032.998632]  generic_perform_write+0x25a/0x580
[ 2032.999336]  ? __pfx_generic_perform_write+0x10/0x10
[ 2033.000082]  ? __pfx_fat_update_time+0x10/0x10
[ 2033.000770]  ? __pfx_file_update_time+0x10/0x10
[ 2033.001516]  ? generic_write_checks+0x2c0/0x400
[ 2033.002217]  __generic_file_write_iter+0x308/0x4b0
[ 2033.002943]  ? do_sendfile+0xb1d/0x1280
[ 2033.003541]  ? __x64_sys_sendfile64+0x248/0x2a0
[ 2033.004227]  generic_file_write_iter+0xe7/0x350
[ 2033.004966]  do_iter_readv_writev+0x211/0x3c0
[ 2033.005653]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 2033.006404]  ? avc_policy_seqno+0xd/0x70
[ 2033.007034]  ? security_file_permission+0xb5/0xe0
[ 2033.007780]  do_iter_write+0x18b/0x700
[ 2033.008385]  ? lock_is_held_type+0xdb/0x130
[ 2033.009131]  vfs_iter_write+0x74/0xb0
[ 2033.009718]  iter_file_splice_write+0x73e/0xcb0
[ 2033.010446]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 2033.011215]  ? __pfx_generic_file_splice_read+0x10/0x10
[ 2033.011998]  ? inode_security+0x105/0x140
[ 2033.012652]  ? security_file_permission+0xb5/0xe0
[ 2033.013408]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 2033.014174]  direct_splice_actor+0x113/0x180
[ 2033.014848]  splice_direct_to_actor+0x33a/0x8c0
[ 2033.015561]  ? __pfx_direct_splice_actor+0x10/0x10
[ 2033.016310]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 2033.017089]  ? security_file_permission+0xb5/0xe0
[ 2033.017845]  do_splice_direct+0x1bc/0x290
[ 2033.018495]  ? __pfx_do_splice_direct+0x10/0x10
[ 2033.019230]  ? lock_is_held_type+0xdb/0x130
[ 2033.019923]  do_sendfile+0xb1d/0x1280
[ 2033.020562]  ? __pfx_do_sendfile+0x10/0x10
[ 2033.021271]  __x64_sys_sendfile64+0x248/0x2a0
[ 2033.021976]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[ 2033.022679]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2033.023330]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2033.023994]  do_syscall_64+0x3f/0x90
[ 2033.024483]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2033.025149] RIP: 0033:0x7fb3320efb19
[ 2033.025623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2033.027780] RSP: 002b:00007fb32f644188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2033.028709] RAX: ffffffffffffffda RBX: 00007fb332203020 RCX: 00007fb3320efb19
[ 2033.029592] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 2033.030464] RBP: 00007fb32f6441d0 R08: 0000000000000000 R09: 0000000000000000
[ 2033.031333] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002
[ 2033.032205] R13: 00007ffc5996385f R14: 00007fb32f644300 R15: 0000000000022000
[ 2033.033112]  </TASK>
[ 2033.047791] FAULT_INJECTION: forcing a failure.
[ 2033.047791] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2033.049506] CPU: 0 PID: 9792 Comm: syz-executor.7 Not tainted 6.1.0-rc8-next-20221208 #1
[ 2033.050633] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2033.051762] Call Trace:
[ 2033.052148]  <TASK>
[ 2033.052481]  dump_stack_lvl+0x8f/0xb7
[ 2033.053058]  should_fail_ex.cold+0x5/0xa
[ 2033.053662]  _copy_to_user+0x30/0x1c0
[ 2033.054237]  simple_read_from_buffer+0xd0/0x170
[ 2033.054930]  proc_fail_nth_read+0x19c/0x230
[ 2033.055551]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2033.056246]  ? security_file_permission+0xb5/0xe0
[ 2033.056976]  vfs_read+0x2e1/0x9f0
[ 2033.057502]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2033.058223]  ? __pfx_vfs_read+0x10/0x10
[ 2033.058817]  ? __fget_files+0x270/0x450
[ 2033.059449]  ksys_read+0x12b/0x260
[ 2033.060002]  ? __pfx_ksys_read+0x10/0x10
[ 2033.060623]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2033.061378]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2033.062126]  do_syscall_64+0x3f/0x90
[ 2033.062681]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2033.063429] RIP: 0033:0x7f2e8883269c
[ 2033.063978] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 2033.066517] RSP: 002b:00007f2e85dd4170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2033.067593] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007f2e8883269c
[ 2033.068599] RDX: 000000000000000f RSI: 00007f2e85dd41e0 RDI: 0000000000000007
[ 2033.069603] RBP: 00007f2e85dd41d0 R08: 0000000000000000 R09: 0000000000000000
[ 2033.070601] R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000002
[ 2033.071601] R13: 00007ffe0fca3fff R14: 00007f2e85dd4300 R15: 0000000000022000
[ 2033.072631]  </TASK>
[ 2033.109570] syz-executor.5: attempt to access beyond end of device
[ 2033.109570] loop5: rw=2049, sector=84, nr_sectors = 40 limit=40
[ 2033.112263] syz-executor.5: attempt to access beyond end of device
[ 2033.112263] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2033.113834] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:32:32 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:32:32 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2033.194814] kworker/u4:5: attempt to access beyond end of device
[ 2033.194814] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2033.197027] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:32:32 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 7)

[ 2033.207892] kworker/u4:3: attempt to access beyond end of device
[ 2033.207892] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2033.209622] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:32:32 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 21)

23:32:32 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x80000000000000, 0x0, 0x87ffffc)

[ 2033.316719] FAT-fs (loop4): bogus number of reserved sectors
[ 2033.317899] FAT-fs (loop4): Can't find a valid FAT filesystem
23:32:32 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2033.379649] loop6: detected capacity change from 0 to 40
[ 2033.387214] loop2: detected capacity change from 0 to 40
[ 2033.389570] loop5: detected capacity change from 0 to 40
23:32:32 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x0)

[ 2033.564290] loop7: detected capacity change from 0 to 40
23:32:32 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 8)

[ 2033.577307] kworker/u4:3: attempt to access beyond end of device
[ 2033.577307] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2033.578811] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:32:32 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x80070000000000, 0x0, 0x87ffffc)

[ 2033.582346] kworker/u4:6: attempt to access beyond end of device
[ 2033.582346] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2033.584392] Buffer I/O error on dev loop6, logical block 31, lost async page write
[ 2033.599275] loop3: detected capacity change from 0 to 40
[ 2033.673191] loop2: detected capacity change from 0 to 40
[ 2033.697789] syz-executor.5: attempt to access beyond end of device
[ 2033.697789] loop5: rw=2049, sector=68, nr_sectors = 56 limit=40
[ 2033.698820] syz-executor.5: attempt to access beyond end of device
[ 2033.698820] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2033.699691] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 2033.789317] syz-executor.7: attempt to access beyond end of device
[ 2033.789317] loop7: rw=2049, sector=76, nr_sectors = 48 limit=40
[ 2033.790302] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2033.868864] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:32:44 executing program 7:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
openat(r2, &(0x7f00000000c0)='./file0\x00', 0x501d03, 0x22)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r1, 0x40047211, &(0x7f0000000000)=0x10)
ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000180)={0xffffdf8b, 0x3, 0x200, 0x7fffffff, 0x5})
sendfile(r2, r1, 0x0, 0xfffffdef)
openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x2e0800, 0x0)

23:32:44 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:32:44 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 9)

23:32:44 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xf8000000000000, 0x0, 0x87ffffc)

23:32:44 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:32:44 executing program 1:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000240)="04400000646f7366d8a02b00080101000440002000f801367658ffb78ae5e4d56823b51bbaf55bdd4b60af5dd83cc605be9fed5d8eae32e6ec1056597495753b218f9b8c2b683db966f1aad53a225c4cebb36449b5e6be1c01dbcd36911328c19369b549e37ff21b4bc73e75e20c31373f9f91eca15eb8755000e7c1158de25bfd36bbdb22d88fed2e359b51281700f346af0b34de466d5ab19d86d5925ad94b6c4708a623d42580dc16e31b70d1c6cf38e27223bf11d2496824709be07740badd2368c29bf69419c4f009721cbb9f85249d9200", 0xd4}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(r1, 0x941c, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
r4 = openat2(r0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000340)={0x2400, 0x104, 0x8}, 0x18)
openat(r4, &(0x7f0000000380)='./file1\x00', 0x400, 0x143)
lsetxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040), &(0x7f00000000c0), 0x2, 0x1)
sendfile(r2, r1, 0x0, 0xfffffdef)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x10200, 0x8)

23:32:44 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 22)

23:32:44 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 1)

[ 2045.979441] loop6: detected capacity change from 0 to 40
[ 2045.983291] loop2: detected capacity change from 0 to 40
[ 2045.989726] loop3: detected capacity change from 0 to 40
[ 2045.993390] loop5: detected capacity change from 0 to 40
[ 2045.998155] loop4: detected capacity change from 0 to 40
[ 2046.011076] FAT-fs (loop4): bogus number of reserved sectors
[ 2046.011497] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2046.013544] loop7: detected capacity change from 0 to 40
[ 2046.024900] FAULT_INJECTION: forcing a failure.
[ 2046.024900] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2046.025904] CPU: 1 PID: 9834 Comm: syz-executor.3 Not tainted 6.1.0-rc8-next-20221208 #1
[ 2046.026477] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2046.027026] Call Trace:
[ 2046.027228]  <TASK>
[ 2046.027410]  dump_stack_lvl+0x8f/0xb7
[ 2046.027745]  should_fail_ex.cold+0x5/0xa
[ 2046.028091]  prepare_alloc_pages+0x178/0x500
[ 2046.028431]  __alloc_pages+0x149/0x500
[ 2046.028724]  ? __pfx___alloc_pages+0x10/0x10
[ 2046.029065]  ? __pfx___lock_acquire+0x10/0x10
[ 2046.029384]  alloc_pages+0x1a0/0x260
[ 2046.029638]  filemap_alloc_folio+0x32a/0x410
[ 2046.029962]  ? __filemap_get_folio+0x254/0xc90
[ 2046.030272]  ? __pfx_lock_release+0x10/0x10
[ 2046.030586]  ? __pfx_filemap_alloc_folio+0x10/0x10
[ 2046.030913]  ? xas_start+0x157/0x6a0
[ 2046.031203]  ? xas_load+0x6a/0x140
[ 2046.031456]  __filemap_get_folio+0x32c/0xc90
[ 2046.031796]  ? __pfx___filemap_get_folio+0x10/0x10
[ 2046.032135]  ? register_lock_class+0xbd/0x1890
[ 2046.032486]  pagecache_get_page+0x2e/0x130
[ 2046.032797]  ? __pfx_fat_get_block+0x10/0x10
[ 2046.033103]  block_write_begin+0x35/0x450
[ 2046.033389]  cont_write_begin+0x4fe/0x700
[ 2046.033709]  ? __pfx_fat_get_block+0x10/0x10
[ 2046.034040]  ? __pfx_cont_write_begin+0x10/0x10
[ 2046.034348]  ? __pfx_mark_lock.part.0+0x10/0x10
[ 2046.034714]  ? __lock_acquire+0x164d/0x5e70
[ 2046.035044]  fat_write_begin+0x89/0x180
[ 2046.035346]  ? __pfx_fat_get_block+0x10/0x10
[ 2046.035676]  cont_write_begin+0x2fc/0x700
[ 2046.035973]  ? __pfx_fat_get_block+0x10/0x10
[ 2046.036303]  ? __pfx_cont_write_begin+0x10/0x10
[ 2046.036615]  ? lock_acquire+0x1b6/0x530
[ 2046.036887]  fat_write_begin+0x89/0x180
[ 2046.037162]  ? __pfx_fat_get_block+0x10/0x10
[ 2046.037455]  generic_cont_expand_simple+0x11c/0x200
[ 2046.037813]  ? __pfx_generic_cont_expand_simple+0x10/0x10
[ 2046.038230]  ? down_write+0x157/0x220
[ 2046.038485]  ? __pfx_down_write+0x10/0x10
[ 2046.038796]  fat_cont_expand+0x66/0x240
[ 2046.039079]  fat_fallocate+0x182/0x320
[ 2046.039362]  ? __pfx_fat_fallocate+0x10/0x10
[ 2046.039675]  vfs_fallocate+0x48d/0xe00
[ 2046.039939]  __x64_sys_fallocate+0xd3/0x140
[ 2046.040224]  do_syscall_64+0x3f/0x90
[ 2046.040473]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2046.040811] RIP: 0033:0x7f7ec88f5b19
[ 2046.041089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2046.042342] RSP: 002b:00007f7ec5e6b188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 2046.042826] RAX: ffffffffffffffda RBX: 00007f7ec8a08f60 RCX: 00007f7ec88f5b19
[ 2046.043272] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 2046.043752] RBP: 00007f7ec5e6b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2046.044262] R10: 00000000087ffffc R11: 0000000000000246 R12: 0000000000000001
[ 2046.044773] R13: 00007ffeb92bfdef R14: 00007f7ec5e6b300 R15: 0000000000022000
[ 2046.045310]  </TASK>
23:32:45 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xf8070000000000, 0x0, 0x87ffffc)

23:32:45 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2046.204623] bio_check_eod: 2 callbacks suppressed
[ 2046.204637] syz-executor.7: attempt to access beyond end of device
[ 2046.204637] loop7: rw=2049, sector=100, nr_sectors = 24 limit=40
[ 2046.213683] syz-executor.7: attempt to access beyond end of device
[ 2046.213683] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
23:32:45 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2046.214614] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2046.216530] kworker/u4:8: attempt to access beyond end of device
[ 2046.216530] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2046.217547] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:32:45 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 2)

23:32:45 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 10)

[ 2046.240312] kworker/u4:1: attempt to access beyond end of device
[ 2046.240312] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2046.241787] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 2046.287427] syz-executor.5: attempt to access beyond end of device
[ 2046.287427] loop5: rw=2049, sector=60, nr_sectors = 64 limit=40
[ 2046.288745] syz-executor.5: attempt to access beyond end of device
[ 2046.288745] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2046.289576] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 2046.299392] loop4: detected capacity change from 0 to 40
[ 2046.314302] FAT-fs (loop4): bogus number of reserved sectors
[ 2046.315105] loop3: detected capacity change from 0 to 40
[ 2046.315861] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2046.323090] loop6: detected capacity change from 0 to 40
[ 2046.326307] loop2: detected capacity change from 0 to 40
[ 2046.525730] kworker/u4:8: attempt to access beyond end of device
[ 2046.525730] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2046.526787] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 2046.531409] kworker/u4:8: attempt to access beyond end of device
[ 2046.531409] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2046.532284] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 2046.542622] kworker/u4:8: attempt to access beyond end of device
[ 2046.542622] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2046.543708] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:32:58 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x100000000000000, 0x0, 0x87ffffc)

23:32:58 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x6000c3, 0x24)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:32:58 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:32:58 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:32:58 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
stat(&(0x7f00000000c0)='./file2\x00', &(0x7f0000000180))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
r3 = ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r3, 0x5000943f, &(0x7f0000000240)={{r1}, 0x0, 0x8, @inherit={0x68, &(0x7f0000000000)={0x1, 0x4, 0x5, 0x5, {0x1, 0xffffffff, 0x2, 0x9b, 0x4}, [0x10001, 0x1, 0x1, 0x10000]}}, @name="845d85f91025f1cb2c5cb6e32b6adf526f84eada8c64b09b89f0f6f4997d0d3a30cf931040641237d206d9b461ac7b8cbf71c281b75482c002ec86ef6918b97aab91bf1e21826e03d09a749ba253a2b980f51ca65b2ac1717853af94c4facf591325bc6d249f72d14b1d73d6b9e3ac87ba936592b7b6ac66627c3479c4aa1249db03e88c85507a4e61acb76071126c491f836e3b4d3ebaff6e82a4a9fe01353bb8b7e3a01518859293c65daee89d9c79f0323649fa4a0b2b6797beaea8be560a68e64588f0f87a533b45fd3c5efee7b5cd401c69eb354ed7151a00693b03a6e94c30a9d1146b465afbd8883a853d72730235cc37470ebf97c853ccaf21fe84418e29bc4c208d4386ed9866d9a302ff8517b676218402e691ebccbda08f4de4dc5d4cb19fbe0281551fd955fcc7300be772005741cb101d129285c0fb0a06de0b1850fd4bd22830ee418ec8c1e5ff12572cf04637f56b28687596e913e23d41d3b3351e2e45646a4b1a4d7533673904714fefde160119f0f65a73b31d2e47fb35f8df9de183ba8c63626370790cf5b8868592eba9e8b7c11e08f7d27e7e43e34bcfd8a57487710f42757951b53302a3b227e8548ddeb72334979adf568ee59e5c4032d0b9eb34e270f6a81441013ca7e4ce818bfb2b1901cca3b840def4ac1afac5a205180579f7cda535a502e60b1d61de953af9b94d3d24f0c9145453b9f93104934f3a1caf67209c4e30c1d1077355fa36ad0e80624f841c8d93d57fcc6798fc5e0dcb6e1e3ef0fdb293feeba86e978c0ac9e7527fa7f250c6446bd808153b155b16b03a6cc83cccab5ad991474238002449dcb19acb47df901faffc571996b5b2ea575ce63755c42b7a157ec28fb0589d10aa92f600f33b11420fb175743441e3ff1e7b1350c2fd332715caaad4bba7bb605435057b8f4fe952da92c570631845b00c2b57ba92b87c9375d120fd6340ec7f009f48e38795240e16b0025cb6d8e355792d51896e510a7099393a6c58efa6c58870979a44ed2a21d9ec148583e8b60e114ca66763785b18b2f160f63a7e34de5256bf7866504adea4031b47d619c23650123fe0d0ea4e77fcf2ef32ea643bdc4a8428dacfb85afcd97f2711db3b40be9d07fbb58bca1acaf2d3668235d918c8f800bcf6530afe1bce019191bbc735dcde5398daa2cbd900c9a94a7c1870e1925ebefa03908f995b7cd81589d162bd706969f520b9e0456ac2b2fbdc314d2bd36e594278232281cb0962629eedfc093dceac144b1fcd910d0a40bd5ce7349924ca2f9825e348be2f321ba9b5ec0ba506327d66f4bc1d18ab38d9a41d9c545f7ca57854c02f29a29076b213f4b1995e1ac5650a93fed50b587550b473aca5b7fa56921d48e4e205289fe0357065388d874842fcfafda75da42dcea49b0b15d35ff7c80ec4705a4bd996f6d4acc51323a965c46602eee0a20011a6a6ce6fbe6e4f15083573776bcaa505e1904c721d35f4c77e6799d177c59cfe16270ce05dc73ce9b709c858430af8be9fee6147d7de30cd71f88a9c89b00002da1ff37051022f962c90bcca6bdf2e5382a27c80abc01baf0d261b9fdec05a2c834c6b84070fcbf1ccb97a3d47741be98f1993d8905af7418d973276d5b67fb7b2d1fa2bf8c6f18f4d53079ce511fde61355f871424b4a5e37f8d4f28fa297c17a5ee1b6115482b8cd48aed34d3cc7a790f33ad24e3eb6d88cb0a9845ba3b70e3842c44c4fa908adbb65fecf0f181b0aeac5e8b590a5d67569e3e045170a1bf249b4f0182098e1bd4ebd8b4ae6fa3836f23e08b350c5df8b4f82a07cedeec0abb7f438ecb2922348aea7ed9713eeb8b013035da65313e77d6691a3c581db63df404ee93c18e2bd645f18ac87fb99a688129caaf4966cd8888f1f6c40b45bbde91f9529df7cb630878dea5fdae66754041d22f50d32875241d50c61a619e2dc2043b58de1bb870aa0d8e8f6d3fadb99da539527a7c5c5add2ed824444571166ef50114e6cf15852f8fe83eb3c74f1848149438cc261d4a4452728f5d275e5dba6318f6d6953d5aa08583a89648bea1e70d7032f437382beebaeee018f19b7ff79a26c2488fd22ad101a04d3cc0627ac1a71d72fc0568d78b5c10784cb601d225bc747ad1d4eb46f050e8fc62803473c369bfea1fcbd27cb5f24427aa862923311da0fdb5d13cd6b58e00fb2c91f7e6472bfaca5d14bcc57895341a5c3a36b64096487b0035e4d6a7a9aae7685cbaa7b4414b0b321c9a02b00615a1654e4a0c7752daea7bfc7f663a0965490c78c8df1b3bdcb5a3c02251bf5ed8fd8407ce779fbabec91b37b829c5b764983cc71bee8bdb19028aa16b04f880871b96ea096dab0026075856e01ae65dcb5db874f4fcf06deb159264b2126c4f0881f74ec74f35fa03cb4dec4916ad0d6e4f361b2a3395d49ae0f18296f85b72f73d96824e617a2bc428837523e748aa4282b490434a08e933645b4e3f4643aa84d7aa98286de5eeb6c032786481cc509c8a369dc5e0335b1c0b8ef689813a6fde28156cb9b08b6957cb4b35040e099a8d315c7e52a39c30515e22a9ccaa5f70889930d6cd68c9db483f9f47a547a13ee5110b5dbbf764fcf4d3d40a834c3d35d7bf48e8fe69cc4f805c8d4baab5e79bdeca5fd4e1dd7bab33662f885a781b22337d17db64c39a9a7f6b80dce266eca9ddb27eb2e35988cfe0892e5c7620003ed1a0f05a8d49d290c9bcd418dd415aea1b4f8b507461fed4cac540cf1468a3e8449f68fe20c39ef9b0790d5dc7ba9b3ae506306dc41791181964ae76517d23fdc388b0c448ec47d13d68fcba0340f5da02547d343bdc06b38e4e94dfc0011610ce96c825a6b23f1a0e1a3360d36ed62be948aef9a070728a2782e64fb2b8d44eeff9b184fb80435c41e290cc512a16ce186470d40ea0cdfbac5bf27360e2c8e87aa632f7ee4a4dc30299edf4c4adbc0fcdb569a3519f1fe74e4445081f20a3b1a731c71d2fd1a3d967c6b8cf5183ad16324a4f8d5cc1d38c29a0186fc850a83bc3895088f822fb2ca8f9475c5f0ff61c1d500f0fb1abff8554dc703da26afc10b429eca57933ffd14af0cf13231dd9bb263a0dbaf2318b2d9bfbc96e2b8d47608b708dd56cfbb4c9bf46c1c0255e720921410821dd4c0f6baf64393faf87196428690dfed553c24fd1349c56a027249895f05fcca2d4c750e3b81a67bf0bc18cf5993e76a1e6ec3cbae69584fab65ed16e870bbd22a7101a2f907ee5833fadeebdd0976648e66a8655656f3f566fb6328e1614ebb89154ee3d437537b4acad1e0baee6bf3588cc82143fc1266aa99d1b7b2f368631f73371376de81d4b084830e7784d8201378dc6a770bca989eb81404bdddf9cfd633ccfd4f6cd42408bf37b4e57a6f94dd82b3b4774d52c6dc1eb357d2ff7a32c84534c8acb930406be807eb55e36dc788b7747c4e42425854399d121cf87a89cde20e4a51efb425f6053a16a7f12fc14ce811b7a293774241329263adb457fa2d896f83fdecf2c384070a586392c6cf567d68ec720312b968c20e726a72bf1485e23b2d90f811286a055f649865add068565811db7d0e7b919f5dccc70f9b2d890cba6f20ba5b9fd9eaea360d7753c80b190c0933cee36a01e6a92e4ee4e5b8dd9fe83eaf3ebb0ac8a6d79bb3eda5dc7f062924739fd8878ba86af7278e3229b4c3c5ac0b90f913780ca6ba23354dd387101318b6acecb7c113431798661fdf283b1a5599dc07f626e3a713a0d62cb1d40bf7ea275b31e7c674a0befbf2ba5aa0bd3d78749f8461f26ba65dbb017e5fd6a5765e668c067a1b2ce4e342f01887b8872c58c09ec435629054112f8eca77a40b798bb5dde5cc5fc7685ebb9fc6fbdf84aaabb9298ffd4dc4eecbf8b543d92adf53fe1773b2e3c3e5c9e059548ee18e4fd3b5b476dd396829cd511134c9535482f6ea39812b420505b7c3047314d1e91a2f17ce715fc65007a815d5a5656ae8d6a7aedc3cbdb086fa7dff478f94288902d3024dc7c9dcdb98292fbf2ed13af4029cfc8874a8bd7d122f37a0b0b8d229f51465a6191bc943a377c48b0ef85197778e731663e0a57965238e2adf08774589b30d20a5051fb29fff21200fcaad46d0a071ab8cd26df18a0c8874ee92b6c722eecb227bd67cb198545bad66e613e769de807487052efac322595023649ed30db8ec3de860b7ff9e3a5c681a102cff95f2a4648a3762ee769512ee285ea0aa7108c8f78a02ed8c977b4ed82b34a47e923822f90bf06c1c001cc1ca73e80c1f5ea7ffb848b31ecbcad11fc4c71b179902cb21f8f7ce3173063cea498bbe963562cd48daeea621473f1b5eb4333560b9fad2d2ab45b4a0f8e26b56c92ca093f35859a59acf0041b89152e1910e5eeba5f1ef46056080319ee90b94a27f43571d2f2f2cf5999c12c3dd76c79c4e8020288106efe2b495ac68a1703fd4263b825d51e7af2e7202b98f639c30067ea813915192e7db040f07065bce4d0506c7a84d2f0f4fb067969b13c926bf751aca12bcf047616bfb0262241c8f7ceae08f9bd6ac16ea116d9a7d3ba17e468e9df7ecaee7266e9929a022cb42b6d3c288fa38681aea8b806b815d45958a35e81bda32aba25c30242971c9622c5676409385d561bc0aadc17d6ce3d7c25dd7c249d3bfb195bc0e8bbfc2ce4ab0ae130fdd4ed39ec55a8bc0bc2c30c2c7176b78130363a2afee8326bfba06e9b09dd7fe7b2f14e564a68bfc3b420165e7ad630c0d06ca73475671194db2c3278272ac3520f0ec3a78a7a4bde399e95b6c3a1cc86bd297da141969ad21dba1177aa07b3bb1206a3b5899d561417be5b410b645e53991245805ffc4ebeb2289b40c63e4bf9aa631166554dfaea4e0eaa0308b8e7bd741bbaae92c97c3582514ad4301c66f2decf307d156ed7b86c446059ce11a8ae231271365202c4ef11313e35e2fa92696153c7562f446139f4852c2ca63d7e28d364109098c951753d972e7521dfe237ad1a2549a6e7eabfba52261b78703dd27a66c3e403c7f34c7ac67a7fa1badfb27e7a7cc6a82faf6ec77c26d850d162e20094d689069bf16f71e1aa757d90694d6b4aed5ab78e50d29ad479e64fe76023220aea71e87a097eca75e0181a878d7f41a25291a460fb9cd6b7e8df8a13773503789ef069a9f9b8b140def985683a7870208faa85df357544323e033d855af7012da640e2a451a15e274c81f66807285cd857db2ab9a93eb2cda1b06edf5f31e854c2306ab5a402ed67ed4abc42d0dbe2f5eead9162131606ae8f1240a9e15f04e15750ec138a110332ce875dbb541c6658e78fa144e9e50aaa277808f3527ceaaa68e0749d04a23a64fae901769dda935837118583cfcaeeeed3c0d129319ee8d8e939cfbd979ae5dca3ff13371e36cc37d19542b4eedcf44e8082540aa4bf213968ef3d81b23960f42052458cf9e29587268521cea2a975464b0318cc2216f09605031db9c0f7ef31073f4db3f098707826bb2cb481e04cf7f205e596bc2aab3ccbbe629d2cf7c9cb62f3c0cb114c124d54e4a915a5bc7bcd6d40704cf97aaeba4b7e82c83b3125b2cd37e0ad7d1de85f73f0b9926805c17475b7583738e785040ccd324c4e846ae535c8db32215e30bc0c5cbaa693dd91832eb0ec78d99df5509730443c4430d018162919f454f365a8a6d0fe3237a1cf5e83d9ebbc0efd3eb"})
sendfile(r1, r0, 0x0, 0xfffffdef)

23:32:58 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 23)

[ 2059.344424] loop3: detected capacity change from 0 to 40
23:32:58 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 11)

23:32:58 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 3)

[ 2059.365342] loop7: detected capacity change from 0 to 40
[ 2059.385757] loop6: detected capacity change from 0 to 40
[ 2059.388884] loop5: detected capacity change from 0 to 40
[ 2059.441381] loop4: detected capacity change from 0 to 40
[ 2059.447003] loop2: detected capacity change from 0 to 40
[ 2059.472336] syz-executor.7: attempt to access beyond end of device
[ 2059.472336] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2059.473304] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2059.484394] FAT-fs (loop4): bogus number of reserved sectors
[ 2059.485395] FAT-fs (loop4): Can't find a valid FAT filesystem
23:32:58 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x200000000000000, 0x0, 0x87ffffc)

23:32:58 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x30, 0x2, 0x87ffffc)
sendfile(r1, r0, 0x0, 0x92)

[ 2059.610787] kworker/u4:2: attempt to access beyond end of device
[ 2059.610787] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2059.612694] Buffer I/O error on dev loop3, logical block 31, lost async page write
23:32:58 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 4)

[ 2059.628664] loop7: detected capacity change from 0 to 40
23:32:58 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x400000000000000, 0x0, 0x87ffffc)

23:32:58 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2059.731409] loop3: detected capacity change from 0 to 40
[ 2059.755305] syz-executor.5: attempt to access beyond end of device
[ 2059.755305] loop5: rw=2049, sector=76, nr_sectors = 48 limit=40
[ 2059.775520] syz-executor.5: attempt to access beyond end of device
[ 2059.775520] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2059.777537] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:32:58 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 12)

[ 2059.867709] loop4: detected capacity change from 0 to 40
[ 2059.876667] FAT-fs (loop4): bogus number of reserved sectors
[ 2059.877128] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2059.877422] kworker/u4:6: attempt to access beyond end of device
[ 2059.877422] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2059.879043] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:32:58 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2059.945787] kworker/u4:6: attempt to access beyond end of device
[ 2059.945787] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2059.947803] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:32:58 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2059.987176] loop4: detected capacity change from 0 to 40
[ 2059.999326] FAT-fs (loop4): bogus number of reserved sectors
[ 2059.999601] loop6: detected capacity change from 0 to 40
[ 2059.999953] FAT-fs (loop4): Can't find a valid FAT filesystem
23:32:58 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 24)

[ 2060.081745] kworker/u4:2: attempt to access beyond end of device
[ 2060.081745] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2060.084001] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 2060.098748] loop2: detected capacity change from 0 to 40
[ 2060.183300] loop5: detected capacity change from 0 to 40
[ 2060.307722] kworker/u4:2: attempt to access beyond end of device
[ 2060.307722] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2060.308952] Buffer I/O error on dev loop6, logical block 31, lost async page write
[ 2060.335306] kworker/u4:2: attempt to access beyond end of device
[ 2060.335306] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2060.336381] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 2060.372315] syz-executor.5: attempt to access beyond end of device
[ 2060.372315] loop5: rw=2049, sector=92, nr_sectors = 32 limit=40
[ 2060.373358] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:33:12 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
syz_mount_image$iso9660(&(0x7f0000000180), &(0x7f00000000c0)='./file2\x00', 0x400000062ef, 0x0, &(0x7f00000001c0), 0x1210020, &(0x7f0000000040)={[], [{@smackfstransmute={'smackfstransmute', 0x3d, 'vfat\x00'}}, {@hash}, {@subj_type}, {@dont_measure}]})
r0 = openat(0xffffffffffffff9c, &(0x7f00000012c0)='./file2\x00', 0x121b80, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
mount$cgroup2(0x0, &(0x7f0000001300)='./file2\x00', &(0x7f0000001340), 0x8000, &(0x7f0000001380)={[{@memory_localevents}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'smackfstransmute'}}, {@fowner_lt={'fowner<', 0xffffffffffffffff}}, {@dont_hash}, {@subj_user={'subj_user', 0x3d, '\\\'\\!\'('}}, {@mask={'mask', 0x3d, '^MAY_APPEND'}}, {@subj_type={'subj_type', 0x3d, '-\x83'}}]})
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r2=>r0, {0x2}}, './file0\x00'})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)
ioctl$AUTOFS_DEV_IOCTL_READY(r2, 0xc0189376, &(0x7f0000001440)={{0x1, 0x1, 0x18, <r4=>r0, {0x7fff}}, './file0\x00'})
r5 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fstat(r5, &(0x7f0000001880)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
fsetxattr$system_posix_acl(r6, &(0x7f0000000440)='system.posix_acl_access\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="02000000010004000000000002000000", @ANYRES32=0x0, @ANYBLOB="020010c700004588f2702b665aa5796a0500", @ANYRES32=0x0, @ANYBLOB="040003000000000008000600", @ANYRES32=r7, @ANYBLOB="10000400000000002000050000000000"], 0x3c, 0x0)
chown(&(0x7f0000001480)='./file2\x00', 0xffffffffffffffff, r7)
lseek(r4, 0x6, 0x3)

23:33:12 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x500000000000000, 0x0, 0x87ffffc)

23:33:12 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f00000002c0)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.stat\x00', 0x0, 0x0)
openat(r1, &(0x7f00000000c0)='./file0\x00', 0x28000, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
r4 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$FIDEDUPERANGE(r3, 0xc0189436, &(0x7f0000000180)=ANY=[@ANYBLOB="800000000000000006000100000000000200000000000000", @ANYRES32=r0, @ANYBLOB="000000000200"/28, @ANYRES32=r4, @ANYBLOB="00000000018000"/28])
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x500, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r5, 0x0, 0x0, 0x87ffffc)
sendfile(r2, r0, 0x0, 0xfffffdef)

23:33:12 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:33:12 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 5)

23:33:12 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:33:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 13)

23:33:12 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 25)

[ 2073.471573] loop3: detected capacity change from 0 to 40
[ 2073.471595] loop7: detected capacity change from 0 to 40
[ 2073.490447] loop6: detected capacity change from 0 to 40
[ 2073.498713] loop4: detected capacity change from 0 to 40
[ 2073.502988] FAT-fs (loop4): bogus number of reserved sectors
[ 2073.503364] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2073.515053] loop2: detected capacity change from 0 to 40
[ 2073.526786] loop5: detected capacity change from 0 to 40
23:33:12 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x1000000000000000, 0x0, 0x87ffffc)

23:33:12 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:33:12 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2073.705607] bio_check_eod: 1 callbacks suppressed
[ 2073.705631] kworker/u4:6: attempt to access beyond end of device
[ 2073.705631] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2073.707827] Buffer I/O error on dev loop6, logical block 31, lost async page write
[ 2073.741394] syz-executor.5: attempt to access beyond end of device
[ 2073.741394] loop5: rw=2049, sector=92, nr_sectors = 32 limit=40
[ 2073.749604] syz-executor.5: attempt to access beyond end of device
[ 2073.749604] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2073.750711] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 2073.769009] loop4: detected capacity change from 0 to 40
[ 2073.785506] FAT-fs (loop4): bogus number of reserved sectors
[ 2073.786118] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2073.796720] kworker/u4:7: attempt to access beyond end of device
[ 2073.796720] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2073.798281] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 2073.803453] kworker/u4:3: attempt to access beyond end of device
[ 2073.803453] loop7: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2073.804887] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:33:12 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 6)

[ 2073.842198] loop6: detected capacity change from 0 to 40
[ 2073.843781] kworker/u4:7: attempt to access beyond end of device
[ 2073.843781] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2073.845545] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:33:12 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 14)

23:33:12 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r0, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r3=>r2, {0x4}}, './file0\x00'})
setsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000240)={{{@in=@multicast1, @in6=@mcast2, 0x4e24, 0xe9, 0x4e23, 0x0, 0xa, 0x20, 0x20, 0x2b, 0x0, 0xee01}, {0x2, 0x9, 0x7f, 0x3, 0x297b96fe, 0xff, 0x0, 0x200}, {0x5, 0x9, 0xfffffffffffffffd, 0x1}, 0x4, 0x6e6bb5, 0x0, 0x1, 0x1, 0x3}, {{@in=@private=0xa010102, 0x4d2, 0x3c}, 0xa, @in6=@private2, 0x3503, 0x4, 0x0, 0x6, 0x401, 0x4}}, 0xe8)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:33:12 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 26)

[ 2073.882416] loop3: detected capacity change from 0 to 40
23:33:12 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x1200000000000000, 0x0, 0x87ffffc)

[ 2073.920471] loop7: detected capacity change from 0 to 40
23:33:12 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2073.979303] loop5: detected capacity change from 0 to 40
[ 2073.980789] loop2: detected capacity change from 0 to 40
[ 2074.108616] kworker/u4:8: attempt to access beyond end of device
[ 2074.108616] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2074.110415] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 2074.112253] kworker/u4:2: attempt to access beyond end of device
[ 2074.112253] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2074.113811] Buffer I/O error on dev loop6, logical block 31, lost async page write
[ 2074.115732] syz-executor.7: attempt to access beyond end of device
[ 2074.115732] loop7: rw=2049, sector=92, nr_sectors = 32 limit=40
[ 2074.124552] syz-executor.7: attempt to access beyond end of device
[ 2074.124552] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2074.125711] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2074.163303] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2074.193206] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:33:26 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x2103000000000000, 0x0, 0x87ffffc)

23:33:26 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:33:26 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x10410, &(0x7f0000000040)=ANY=[@ANYRES32])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:33:26 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef) (fail_nth: 27)

23:33:26 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:33:26 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 15)

23:33:26 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
r0 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
close(r0)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
sendfile(r2, r1, 0x0, 0xfffffdef)

23:33:26 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 7)

[ 2087.603851] loop7: detected capacity change from 0 to 40
[ 2087.605422] loop6: detected capacity change from 0 to 40
[ 2087.612271] loop4: detected capacity change from 0 to 40
[ 2087.615315] loop5: detected capacity change from 0 to 40
[ 2087.622381] loop2: detected capacity change from 0 to 40
[ 2087.646878] FAT-fs (loop4): bogus number of reserved sectors
[ 2087.648003] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2087.658895] loop3: detected capacity change from 0 to 40
23:33:26 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xf4ffffff00000000, 0x0, 0x87ffffc)

[ 2087.715390] bio_check_eod: 4 callbacks suppressed
[ 2087.715407] syz-executor.5: attempt to access beyond end of device
[ 2087.715407] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2087.717841] buffer_io_error: 1 callbacks suppressed
[ 2087.717850] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:33:26 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2087.835785] loop5: detected capacity change from 0 to 40
[ 2087.913408] kworker/u4:8: attempt to access beyond end of device
[ 2087.913408] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2087.915311] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:33:26 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:33:26 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2087.968094] syz-executor.5: attempt to access beyond end of device
[ 2087.968094] loop5: rw=2049, sector=100, nr_sectors = 24 limit=40
[ 2087.971350] syz-executor.5: attempt to access beyond end of device
[ 2087.971350] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2087.972216] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 2087.990542] syz-executor.7: attempt to access beyond end of device
[ 2087.990542] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2087.991435] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2088.001908] loop6: detected capacity change from 0 to 40
[ 2088.007363] loop4: detected capacity change from 0 to 40
[ 2088.040430] FAT-fs (loop4): bogus number of reserved sectors
[ 2088.041423] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2088.121247] kworker/u4:8: attempt to access beyond end of device
[ 2088.121247] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2088.122756] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 2088.160873] kworker/u4:3: attempt to access beyond end of device
[ 2088.160873] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2088.163015] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 2088.267170] kworker/u4:3: attempt to access beyond end of device
[ 2088.267170] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2088.268654] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:33:40 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
creat(&(0x7f0000000040)='./file1\x00', 0x2)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:33:40 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 16)

23:33:40 executing program 1:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r1=>r0}, './file1\x00'})
r2 = openat(r1, &(0x7f0000000040)='./file1\x00', 0x44200, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
ftruncate(r0, 0x3ff)
openat(r2, &(0x7f0000000000)='./file0\x00', 0x6001, 0x2a)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r4, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r5, 0x0, 0x0, 0x87ffffc)
sendfile(r4, r3, 0x0, 0xfffffdef)

23:33:40 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:33:40 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 8)

23:33:40 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)
memfd_secret(0x0)

23:33:40 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:33:40 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xfbffffff00000000, 0x0, 0x87ffffc)

[ 2101.630852] loop7: detected capacity change from 0 to 40
[ 2101.637335] loop2: detected capacity change from 0 to 40
[ 2101.637337] loop5: detected capacity change from 0 to 40
[ 2101.639548] loop6: detected capacity change from 0 to 40
[ 2101.640750] loop4: detected capacity change from 0 to 40
[ 2101.649685] loop3: detected capacity change from 0 to 40
[ 2101.672313] FAT-fs (loop4): bogus number of reserved sectors
[ 2101.673167] FAT-fs (loop4): Can't find a valid FAT filesystem
23:33:40 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xfeffffff00000000, 0x0, 0x87ffffc)

[ 2101.776009] syz-executor.6: attempt to access beyond end of device
[ 2101.776009] loop6: rw=2049, sector=100, nr_sectors = 24 limit=40
[ 2101.777040] syz-executor.6: attempt to access beyond end of device
[ 2101.777040] loop6: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2101.777878] Buffer I/O error on dev loop6, logical block 31, lost async page write
[ 2101.799710] syz-executor.7: attempt to access beyond end of device
[ 2101.799710] loop7: rw=2049, sector=116, nr_sectors = 8 limit=40
[ 2101.810298] syz-executor.7: attempt to access beyond end of device
[ 2101.810298] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2101.812222] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:33:40 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:33:40 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00", 0xc}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2101.878498] syz-executor.7: attempt to access beyond end of device
[ 2101.878498] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2101.880219] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2101.914643] loop6: detected capacity change from 0 to 40
[ 2101.992680] syz-executor.5: attempt to access beyond end of device
[ 2101.992680] loop5: rw=2049, sector=80, nr_sectors = 48 limit=40
[ 2102.035369] kworker/u4:5: attempt to access beyond end of device
[ 2102.035369] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2102.037123] Buffer I/O error on dev loop3, logical block 31, lost async page write
23:33:40 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 9)

[ 2102.083273] syz-executor.6: attempt to access beyond end of device
[ 2102.083273] loop6: rw=2049, sector=92, nr_sectors = 32 limit=40
[ 2102.084204] syz-executor.6: attempt to access beyond end of device
[ 2102.084204] loop6: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2102.085126] Buffer I/O error on dev loop6, logical block 31, lost async page write
[ 2102.144305] kworker/u4:5: attempt to access beyond end of device
[ 2102.144305] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2102.146281] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 2102.149531] loop4: detected capacity change from 0 to 40
23:33:41 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 17)

[ 2102.182710] FAT-fs (loop4): bogus number of reserved sectors
[ 2102.183682] FAT-fs (loop4): Can't find a valid FAT filesystem
23:33:41 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:33:41 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xff77000000000000, 0x0, 0x87ffffc)

23:33:41 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0x100, 0x9}}, './file0\x00'})
r2 = openat(r1, &(0x7f0000000040)='./file1\x00', 0x1230c2, 0x0)
write$binfmt_aout(r2, &(0x7f0000000000)=ANY=[], 0x220)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r4, 0x0, 0x0, 0x87ffffc)
openat(r4, &(0x7f00000000c0)='./file2\x00', 0x80200, 0x1ae)
fallocate(r3, 0x9, 0x8, 0x87ffffc)
sendfile(r2, r0, 0x0, 0xfffffdef)

[ 2102.277267] loop6: detected capacity change from 0 to 40
[ 2102.317126] loop3: detected capacity change from 0 to 40
23:33:41 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0xc00, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2102.399771] loop2: detected capacity change from 0 to 40
[ 2102.438327] loop7: detected capacity change from 0 to 40
[ 2102.439785] Buffer I/O error on dev loop6, logical block 31, lost async page write
23:33:41 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xff7f000000000000, 0x0, 0x87ffffc)

[ 2102.475355] loop5: detected capacity change from 0 to 40
[ 2102.686630] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 2102.695650] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 2102.723834] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:33:58 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:33:58 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 10)

23:33:58 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:33:58 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
r0 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
chdir(&(0x7f0000000040)='./file1\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r3 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x20cc01, 0x132)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r6 = accept(0xffffffffffffffff, &(0x7f0000003680), &(0x7f0000003700)=0x80)
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000003740)=[r3, r4, 0xffffffffffffffff, 0xffffffffffffffff, r5, r3, 0xffffffffffffffff, 0xffffffffffffffff, r6, r4], 0xa)
fallocate(r5, 0x0, 0x0, 0x87ffffc)
openat(r5, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
lsetxattr$security_selinux(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), &(0x7f0000000300)='system_u:object_r:pam_var_run_t:s0\x00', 0x23, 0x3)
sendfile(r2, r1, 0x0, 0xfffffdef)

23:33:58 executing program 7:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101242, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r4 = syz_open_dev$ptys(0xc, 0x3, 0x1)
r5 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
write$binfmt_aout(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="dd90106e01c07faa935a7031ee0d1f640ff6773ce3aef35eb261ad274a585a5f9be512454098a2ccac0dbf12022ed33b0f2e88a4059c4495a656675879f2d2e0bb29727e9fd7f5d9be67d053b75c3ce88134f9790a2c83a9597364f0c7c458fb488331bfbaefe9e3996df19c95fdff93a7ca6521b467b7edbd2091c425855dafc1b7242bcdcc6a4c1bc8671a639c9fef2fa390cda2b072874b284d047b284482383ce8a269d0d02f0498da5efc5d0e6d0507d4cbebfd5ddeb14441de39cfb4007872c3f5adebad6ea05433e97f9cd1cf0bbc83657630f79e2eb694f2342f7fc1b1a4edc300a46a0832e5be025bae2893434c8c52d128341d", @ANYRESDEC, @ANYRESOCT=r5, @ANYRESDEC=r0, @ANYRESHEX=r5, @ANYRESDEC], 0x220)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r6, 0x0, 0x0, 0x87ffffc)
ioctl$TIOCL_UNBLANKSCREEN(r2, 0x541c, &(0x7f0000000180))
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e21, 0x40, @dev={0xfe, 0x80, '\x00', 0x37}, 0x8000000}, 0x1c)
sendfile(r3, r2, 0x0, 0xfffffdef)

23:33:58 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0xffffffff00000000, 0x0, 0x87ffffc)

23:33:58 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
openat(r0, &(0x7f0000000000)='./file0\x00', 0x101002, 0x8)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
sendfile(r2, r1, 0x0, 0xfffffdef)

23:33:58 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 18)

[ 2119.400260] loop2: detected capacity change from 0 to 40
[ 2119.401598] loop5: detected capacity change from 0 to 40
[ 2119.407663] loop6: detected capacity change from 0 to 40
[ 2119.447202] loop3: detected capacity change from 0 to 40
[ 2119.455018] loop4: detected capacity change from 0 to 40
[ 2119.462805] loop7: detected capacity change from 0 to 40
[ 2119.469262] FAT-fs (loop4): invalid media value (0x00)
[ 2119.470000] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2119.587226] bio_check_eod: 8 callbacks suppressed
[ 2119.587246] syz-executor.6: attempt to access beyond end of device
[ 2119.587246] loop6: rw=2049, sector=100, nr_sectors = 24 limit=40
[ 2119.597056] syz-executor.6: attempt to access beyond end of device
[ 2119.597056] loop6: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2119.598268] buffer_io_error: 2 callbacks suppressed
[ 2119.598279] Buffer I/O error on dev loop6, logical block 31, lost async page write
[ 2119.648888] kworker/u4:2: attempt to access beyond end of device
[ 2119.648888] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
23:33:58 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 19)

[ 2119.650294] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:33:58 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x2, 0x87ffffc)

[ 2119.692823] syz-executor.5: attempt to access beyond end of device
[ 2119.692823] loop5: rw=2049, sector=92, nr_sectors = 32 limit=40
[ 2119.702035] kworker/u4:2: attempt to access beyond end of device
[ 2119.702035] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2119.703159] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 2119.716065] loop2: detected capacity change from 0 to 40
[ 2119.716059] syz-executor.5: attempt to access beyond end of device
[ 2119.716059] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2119.718230] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:33:58 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 11)

23:33:58 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:33:58 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2119.801819] loop4: detected capacity change from 0 to 40
[ 2119.813756] FAT-fs (loop4): invalid media value (0x00)
[ 2119.814349] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2119.834263] loop3: detected capacity change from 0 to 40
23:33:58 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 20)

[ 2119.874648] kworker/u4:8: attempt to access beyond end of device
[ 2119.874648] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2119.875679] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 2119.881169] loop6: detected capacity change from 0 to 40
[ 2119.950629] loop2: detected capacity change from 0 to 40
[ 2120.040209] kworker/u4:2: attempt to access beyond end of device
[ 2120.040209] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2120.041295] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 2120.146384] syz-executor.6: attempt to access beyond end of device
[ 2120.146384] loop6: rw=2049, sector=68, nr_sectors = 56 limit=40
[ 2120.150159] syz-executor.6: attempt to access beyond end of device
[ 2120.150159] loop6: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2120.151791] Buffer I/O error on dev loop6, logical block 31, lost async page write
[ 2120.187224] Buffer I/O error on dev loop3, logical block 31, lost async page write
23:34:13 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 21)

23:34:13 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440", 0x12}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:34:13 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101043, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:34:13 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = syz_mount_image$nfs(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x100000000, 0x8, &(0x7f0000000840)=[{&(0x7f0000000380)="c868b7dc55ac79e3f7b928f7f9064c449336904ba4dc3f45dbeb7112b87a90858c385be8cc95bbb6c022212c6501d48ee1d16c1487a3b182e755891003f6941e0ecaccdf2a2ad65aaa2770a82edd86df942f17352a127dc0", 0x58, 0x2}, {&(0x7f0000000400)="3dfc1f879d263ec36f33173b91b38330d0efef0d53cf1eca8ec5bff39663ad", 0x1f, 0x7000}, {&(0x7f0000000440)="9841725c10baca018178fb113ede6bc7689c5f928e4791569ea6d5267cc4884805acc699c180f34273b87f0e14818db1d6bdb2b559fbf22cc6be6a11", 0x3c, 0x8001}, {&(0x7f0000000480)="e72d088190a7829b14cc1c18485caa0b8b7663a6749700ee042ea00551c170fd50ba94cd1e63428af35139cdc113bf4113eb0125443293d58b6cf97db128b95d5dc5e149ad9e6001404cbd9ee76a9dc7431591539bb44278baba160cb9e49b3ab34678f1f57a", 0x66, 0x7}, {&(0x7f0000000500)="d8c6a2fba93745d987876ce3d4b9719df8509261ee931f6fc4804abb2c9e8cc13d4fd2a0c916385a289ede67e53fed0922acfaa28b37f1ba3a912f9e41204edeed630e44daf881b22bdca137788a8b9f03b003fabbe653ae1118d31e67d23e11c413c259a3da7d", 0x67, 0x200}, {&(0x7f0000000580)="ac4450eb83c5b648ac9fc14bad775f893774496b274b1cfdbf76bd769367bfb1b65aa8396155a2d96a2e088795bb505839a9443a1b0f206f8769758b8f4a9e6c05a5e72e4714304570f1db37b006d4ba7cf82f07b79373c1d1b2b6311a086464b421eb85fdbc754210bcbaa4efb0bc73e669f5d78ab0cb9bfc2995d9843471d0dfdffd323dc891919655c3ac9800cf4a3c4395ddefcd1c85e572964ebed38b4305d200f6f75a5bc3a3694afec65cc159d063902899475b8826a1d5f6350f9546e93448d9ec0e", 0xc6, 0x1}, {&(0x7f0000000680)="2a1ad87a3565753311c32a15225dc459f7e170ff19c8101969d9531f3f6445e9fa71e12813b3f98edaf51e7bf142fef5c17d66826d419fdf826fade9072d4c5f27c866c6fc934a0bc0c1d6cf4ac6000f1daa76c5c927cd9cf73b0c0a1246dc40212d7ea44dbe564b5e364284b62711c42efcc3b449640f3b9c871c80c647e152f8e7fefe94ed7885e6bb056cecb6647fb5b39a543d7923492b4bf2cfe63343e3f1c616190d1d", 0xa6, 0x3}, {&(0x7f0000000740)="9b67daa132ca714d5122df0b41731d973d61f59c7ccd7bea6a7396e33c2892845af24c9e5290ba39934f72bcec80c86f65e7888c959f0246e5ebf81d9f8e5778f5b7f8430de9132dc0560ae2f4f9e927e122b4d3f600e3b1785e6b3fa95eb1632efcd1b2e4ff73b4e9abed25063e001c42930a595fb937a11472475f4260db8b2238fe5b976a31bb75a28dad49ba9fc6ac6f9c8183bbb5550d0bb518dc974bc76e128b4c30eb13c19f1f82fd7bfc67ffe807215efc97d9d30e02c61eaa66e8ac4abe66ccc0302ea8477a3c9f0d485a57d48ee3023fc1d776a307eab9", 0xdc, 0x7}], 0x82060, &(0x7f0000000900)={[{'#,{'}], [{@appraise}, {@fscontext={'fscontext', 0x3d, 'user_u'}}, {@fsmagic={'fsmagic', 0x3d, 0x7}}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x31, 0x63, 0x63, 0x33, 0x37, 0x61, 0x38], 0x2d, [0x61, 0x35, 0x65, 0x63], 0x2d, [0x62, 0x66, 0x63, 0x36], 0x2d, [0x61, 0x30, 0x36, 0x36], 0x2d, [0x36, 0x34, 0x64, 0x32, 0x38, 0x31, 0x37, 0x62]}}}, {@pcr={'pcr', 0x3d, 0x12}}, {@euid_eq}]})
openat(r2, &(0x7f00000009c0)='./file0\x00', 0x141000, 0x4)
setxattr$incfs_id(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040), &(0x7f00000000c0)={'0000000000000000000000000000000', 0x30}, 0x20, 0x3)
flistxattr(r0, &(0x7f0000000240)=""/159, 0x9f)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x8040, 0x20)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f00000001c0)=0x200000)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:34:14 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, 0x0, 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:34:14 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x4, 0x87ffffc)

23:34:14 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x40, 0x80)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
chdir(&(0x7f0000000000)='./file1\x00')
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:34:14 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 12)

[ 2135.107411] loop6: detected capacity change from 0 to 40
[ 2135.119619] loop3: detected capacity change from 0 to 40
[ 2135.121522] loop7: detected capacity change from 0 to 40
[ 2135.142130] loop5: detected capacity change from 0 to 40
[ 2135.148052] loop2: detected capacity change from 0 to 40
[ 2135.150941] loop4: detected capacity change from 0 to 40
[ 2135.165257] FAT-fs (loop4): invalid media value (0x00)
[ 2135.166068] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2135.342330] bio_check_eod: 1 callbacks suppressed
[ 2135.342355] syz-executor.6: attempt to access beyond end of device
[ 2135.342355] loop6: rw=2049, sector=76, nr_sectors = 48 limit=40
[ 2135.351343] syz-executor.6: attempt to access beyond end of device
[ 2135.351343] loop6: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2135.353050] Buffer I/O error on dev loop6, logical block 31, lost async page write
[ 2135.388074] syz-executor.7: attempt to access beyond end of device
[ 2135.388074] loop7: rw=2049, sector=84, nr_sectors = 40 limit=40
[ 2135.396068] syz-executor.7: attempt to access beyond end of device
[ 2135.396068] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2135.397684] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:34:14 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x5, 0x87ffffc)

[ 2135.421242] syz-executor.7: attempt to access beyond end of device
[ 2135.421242] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2135.423038] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2135.459584] kworker/u4:9: attempt to access beyond end of device
[ 2135.459584] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2135.461184] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:34:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 22)

23:34:14 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:34:14 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:34:14 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 13)

[ 2135.569315] kworker/u4:9: attempt to access beyond end of device
[ 2135.569315] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2135.570975] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 2135.588514] kworker/u4:9: attempt to access beyond end of device
[ 2135.588514] loop5: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2135.590243] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 2135.590750] loop2: detected capacity change from 0 to 40
[ 2135.601561] loop4: detected capacity change from 0 to 40
23:34:14 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
r3 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
ioctl$BTRFS_IOC_DEFRAG_RANGE(r3, 0x40309410, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2135.615705] FAT-fs (loop4): invalid media value (0x00)
[ 2135.616567] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2135.647398] loop6: detected capacity change from 0 to 40
23:34:14 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x30800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x3, 0x7f94, 0x7fffffff)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(r2, &(0x7f0000000100)='./file0\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000000)={0x0, 0x1fc, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="00010000", @ANYRES16=r5, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="e200330080dc0a075ec69561f201080211"], 0x100}}, 0x0)
sendmsg$NL80211_CMD_TESTMODE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={0xe4, r5, 0x400, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_TESTDATA={0x4e, 0x45, "59187499e3804a7952ad1b5114ead44f74c45745c96ba87f31238f8f5de5a8d406b43ca91e4f84dc053d0fe5373d05f05303cd42a6d9a1a675051cbb6226cd41af589b69d040dc86e239"}, @NL80211_ATTR_TESTDATA={0x76, 0x45, "10e32b7ae7b64b152fd077da91ee30e4b40cc239b0c35882635320d6da682e210933259392cfcb40f116240c3c60f2a785c35ee86702ae5d5ab27723e0afb26c4e2a2d57edf88d65be3df8d691529217473d3c69bc88790a1d6c2d10830edd25fe57af4f9980bfee7b4a7d4fe0909919fe98"}]}, 0xe4}, 0x1, 0x0, 0x0, 0x20000040}, 0x90)

[ 2135.740436] loop5: detected capacity change from 0 to 40
[ 2135.751861] loop7: detected capacity change from 0 to 40
[ 2135.772518] syz-executor.6: attempt to access beyond end of device
[ 2135.772518] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2135.774470] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 2135.780241] loop3: detected capacity change from 0 to 40
23:34:14 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x8, 0x87ffffc)

[ 2135.830733] syz-executor.5: attempt to access beyond end of device
[ 2135.830733] loop5: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2135.832067] Buffer I/O error on dev loop5, logical block 10, lost async page write
[ 2135.873629] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:34:14 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 23)

23:34:14 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2135.940136] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:34:14 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2136.064181] loop2: detected capacity change from 0 to 40
[ 2136.099993] loop6: detected capacity change from 0 to 40
23:34:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 24)

23:34:28 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_io_uring_setup(0x137, &(0x7f00000001c0), &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=<r2=>0x0, &(0x7f0000000380)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x6, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x3, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x1, 0x0, 0x1}, 0x100)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r4, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)
r5 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x80800)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r5, 0x5000943f, &(0x7f0000000480)={{r6}, 0x0, 0x0, @inherit={0x48, &(0x7f0000000240)={0x0, 0x0, 0x24000000000000, 0x0, {0x0, 0x7, 0x2, 0x1, 0x8}}}, @subvolid=0x8})

23:34:28 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
r0 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
openat(r3, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
r4 = dup3(r0, r1, 0x0)
ioctl$CDROM_TIMED_MEDIA_CHANGE(r4, 0x5396, &(0x7f0000000040)={0x4})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)

23:34:28 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x10, 0x87ffffc)

23:34:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000", 0x15}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:34:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 14)

23:34:28 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2149.325573] loop3: detected capacity change from 0 to 40
[ 2149.341051] loop4: detected capacity change from 0 to 40
[ 2149.346891] FAT-fs (loop4): invalid media value (0x00)
[ 2149.347499] FAT-fs (loop4): Can't find a valid FAT filesystem
23:34:28 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000240)={{{@in6=@mcast1, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r0=>0x0, <r1=>0x0}}, {{@in6=@mcast2}, 0x0, @in6=@private1}}, &(0x7f0000000180)=0xe8)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x101, 0x0, &(0x7f00000000c0), 0x2000, &(0x7f0000000480)=ANY=[@ANYBLOB='dos1xfloppy,shortname=winnt,seclabel,euid>', @ANYRESDEC=r1, @ANYBLOB="2c61708c72616901652c6f626a5f747970653d76666174002c646f6e745f61707072616973652c7375626a5f757365723d24982c66756e633d46494c455f4d4d41502c00852c55afbcb5c7351834f3ed046c103d1610e4c0319f3e13343908c0c1192333d946f77ef5238fe2a9c8675f30ccad610d9ab60fe35a86a7908dc27803f0f5a54305c34f5a239eea4880f7391500000000008000"])
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000400)={'ip6tnl0\x00', <r5=>r0, 0x4, 0x3, 0x1, 0xfffffffe, 0x10, @dev={0xfe, 0x80, '\x00', 0x3a}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x7, 0x8001, 0x8d, 0x6}})
bind$packet(r4, &(0x7f00000001c0)={0x11, 0x17, r5, 0x1, 0x1, 0x6, @broadcast}, 0x14)
fallocate(r4, 0x0, 0x0, 0x87ffffc)
sendfile(r3, r2, 0x0, 0xfffffdef)

[ 2149.368560] loop5: detected capacity change from 0 to 40
[ 2149.379564] loop2: detected capacity change from 0 to 40
[ 2149.409704] loop6: detected capacity change from 0 to 40
[ 2149.419455] loop7: detected capacity change from 0 to 40
23:34:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2149.476436] bio_check_eod: 6 callbacks suppressed
[ 2149.476464] syz-executor.6: attempt to access beyond end of device
[ 2149.476464] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2149.479246] buffer_io_error: 3 callbacks suppressed
[ 2149.479264] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 2149.493025] kworker/u4:6: attempt to access beyond end of device
[ 2149.493025] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2149.493865] Buffer I/O error on dev loop3, logical block 31, lost async page write
23:34:28 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 15)

[ 2149.516563] syz-executor.5: attempt to access beyond end of device
[ 2149.516563] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2149.517600] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:34:28 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x12, 0x87ffffc)

[ 2149.572640] loop4: detected capacity change from 0 to 40
[ 2149.582550] syz-executor.5: attempt to access beyond end of device
[ 2149.582550] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2149.583340] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 2149.585419] FAT-fs (loop4): bogus number of FAT sectors
[ 2149.585769] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2149.607793] syz-executor.7: attempt to access beyond end of device
[ 2149.607793] loop7: rw=2049, sector=84, nr_sectors = 40 limit=40
[ 2149.610605] loop3: detected capacity change from 0 to 40
[ 2149.611197] syz-executor.7: attempt to access beyond end of device
[ 2149.611197] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2149.612017] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:34:28 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 25)

23:34:28 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2149.617511] kworker/u4:6: attempt to access beyond end of device
[ 2149.617511] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2149.618456] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:34:28 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2149.765820] loop4: detected capacity change from 0 to 40
[ 2149.768073] loop6: detected capacity change from 0 to 40
[ 2149.772890] loop2: detected capacity change from 0 to 40
[ 2149.779203] kworker/u4:6: attempt to access beyond end of device
[ 2149.779203] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2149.780354] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 2149.787427] FAT-fs (loop4): bogus number of FAT sectors
[ 2149.787791] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2149.828135] syz-executor.6: attempt to access beyond end of device
[ 2149.828135] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2149.829065] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 2149.912329] kworker/u4:6: attempt to access beyond end of device
[ 2149.912329] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2149.913420] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:34:43 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 16)

23:34:43 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x78, 0x87ffffc)

23:34:43 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0xff, 0x8800000)
r3 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
r4 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
r5 = syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000180)='./file0\x00', 0x100, 0x1, &(0x7f0000000300)=[{&(0x7f0000000240)="abe7f68114c63c3467f53dd9da720246f3e60f90560a5a4392ebc1ebf9b001f97f12d729fef9e3d2d42c5276ea2f0ee70a015ee25c12db79b207bc0ed7715e579d884b4b9fa632338f82ae93530cc47bd6e70422a8ce40dd2c84b26523ed8e6ae7b22c1742804e8da936b48f2d8c2003d012fe6ee6b679eceb4c3821773b28934618a64991653e42e932c88ee9790e8684a52ece8740016a91132ee48cea8670", 0xa0, 0xff}], 0x3049405, &(0x7f0000000340)={[{@abort}, {@sysvgroups}, {@data_writeback}, {@init_itable}, {@dioread_lock}], [{@audit}, {@measure}, {@fowner_eq}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@subj_role={'subj_role', 0x3d, '@'}}, {@euid_gt={'euid>', 0xee00}}, {@hash}]})
ioctl$FIONCLEX(r5, 0x5450)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:34:43 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f8", 0x16}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:34:43 executing program 5:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f00000002c0)="f7ff1400fd3fef932a4a0440002000f801cc4bfb9855b13e54a2bfc0cbe00bed6af7a03cb8e6bd103b9b745aafbdced06c81f422c4dec199820c568ce802e69b4ecdaedd22cc3dadfd9b3d32fd25ada69be65a6f7f5249519e7eab1b2823299870b52b3855", 0x65}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', 0x101042, 0x1ed)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000004, 0x12, 0xffffffffffffffff, 0x120fe000)
r2 = openat(r0, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
socket$inet6(0xa, 0x2, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000280)={'macvlan0\x00', {0x2, 0x0, @private}})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x20542, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
openat(r1, &(0x7f00000000c0)='./file0\x00', 0x700, 0x18)
openat(r3, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
ioctl$BTRFS_IOC_BALANCE_CTL(0xffffffffffffffff, 0x40049421, 0x3)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)

23:34:43 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:34:43 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 26)

23:34:43 executing program 1:
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
recvmsg$unix(r0, &(0x7f0000001440)={&(0x7f0000000040)=@abs, 0x6e, &(0x7f0000001340), 0x0, &(0x7f0000000180)=[@cred={{0x1c}}, @rights={{0x3c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r3=>0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xc8}, 0x10001)
r4 = openat(r3, &(0x7f0000000000)='./file0\x00', 0xc2, 0x0)
write$binfmt_aout(r4, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r5, 0x0, 0x0, 0x87ffffc)
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001480), 0x101002, 0x0)
ioctl$BTRFS_IOC_SCRUB(r6, 0xc400941b, &(0x7f00000014c0)={0x0, 0x1e, 0x6, 0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f0000001900)=ANY=[@ANYBLOB="01000000d69a935b0960d1d9e7500877", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file1\x00'])
sendfile(r4, r0, 0x0, 0xfffffdef)

[ 2165.014901] loop3: detected capacity change from 0 to 40
[ 2165.020990] loop5: detected capacity change from 0 to 40
[ 2165.025542] loop6: detected capacity change from 0 to 40
[ 2165.034841] loop4: detected capacity change from 0 to 40
[ 2165.044390] FAT-fs (loop5): invalid media value (0x55)
[ 2165.045210] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2165.046779] loop7: detected capacity change from 0 to 40
[ 2165.048280] loop2: detected capacity change from 0 to 40
[ 2165.055377] FAT-fs (loop4): bogus number of FAT sectors
[ 2165.056235] FAT-fs (loop4): Can't find a valid FAT filesystem
[ 2165.140780] syz-executor.6: attempt to access beyond end of device
[ 2165.140780] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2165.142664] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 2165.155408] loop5: detected capacity change from 0 to 40
[ 2165.168660] FAT-fs (loop5): Unrecognized mount option "./file0" or missing value
23:34:44 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0xf8, 0x87ffffc)

23:34:44 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:34:44 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0xe6242, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:34:44 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:34:44 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
sendmsg$AUDIT_GET_FEATURE(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x3fb, 0x800, 0x70bd2c, 0x3, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x48000}, 0x2000c000)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
execveat(r3, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)=[&(0x7f0000000240)='-/@@-\x00'], &(0x7f0000000540)=[&(0x7f00000002c0)='vfat\x00', &(0x7f0000000300)='vfat\x00', &(0x7f0000000340)='vfat\x00', &(0x7f0000000380)='\x00', &(0x7f00000003c0)='vfat\x00', &(0x7f0000000400)='-A:#\x00', &(0x7f0000000440)='vfat\x00', &(0x7f0000000480)='\x00', &(0x7f00000004c0)='vfat\x00', &(0x7f0000000500)='vfat\x00'], 0x1000)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)

[ 2165.317428] kworker/u4:2: attempt to access beyond end of device
[ 2165.317428] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2165.319145] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:34:44 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 27)

[ 2165.328749] loop6: detected capacity change from 0 to 40
[ 2165.347666] loop4: detected capacity change from 0 to 40
23:34:44 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x1)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0xffffff68}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000500)=ANY=[@ANYRESHEX, @ANYRESHEX=0x0, @ANYRESDEC=r0, @ANYRES16, @ANYRESOCT=r0, @ANYRESOCT])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
r3 = openat(r2, &(0x7f0000000100)='./file1\x00', 0x101082, 0x0)
write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r4, 0x0, 0x0, 0x87ffffc)
openat(r4, &(0x7f0000000240)='./file0\x00', 0x440742, 0x118)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r3, r1, 0x0, 0xfffffdef)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000280))

23:34:44 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 17)

[ 2165.384769] kworker/u4:2: attempt to access beyond end of device
[ 2165.384769] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2165.386112] loop2: detected capacity change from 0 to 40
[ 2165.386377] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 2165.402827] syz-executor.6: attempt to access beyond end of device
[ 2165.402827] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2165.403785] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 2165.417034] loop7: detected capacity change from 0 to 40
[ 2165.454569] kworker/u4:1: attempt to access beyond end of device
[ 2165.454569] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2165.456353] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:34:44 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:34:44 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2165.558547] loop4: detected capacity change from 0 to 40
[ 2165.569882] loop6: detected capacity change from 0 to 40
[ 2165.587349] syz-executor.7: attempt to access beyond end of device
[ 2165.587349] loop7: rw=2049, sector=76, nr_sectors = 48 limit=40
[ 2165.588487] syz-executor.7: attempt to access beyond end of device
[ 2165.588487] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2165.589388] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2165.595488] loop3: detected capacity change from 0 to 40
23:34:44 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 28)

[ 2165.619042] kworker/u4:1: attempt to access beyond end of device
[ 2165.619042] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2165.620824] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:34:44 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x321, 0x87ffffc)

23:34:44 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2165.657697] kworker/u4:6: attempt to access beyond end of device
[ 2165.657697] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2165.659347] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 2165.661779] loop2: detected capacity change from 0 to 40
[ 2165.675597] syz-executor.6: attempt to access beyond end of device
[ 2165.675597] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2165.676709] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 2165.732533] loop4: detected capacity change from 0 to 40
23:34:44 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:34:44 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
openat(r3, &(0x7f0000000000)='./file2\x00', 0x480000, 0x80)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2165.843366] Buffer I/O error on dev loop4, logical block 31, lost async page write
23:34:44 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2165.856683] loop6: detected capacity change from 0 to 40
23:34:44 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 29)

[ 2165.913475] loop4: detected capacity change from 0 to 40
[ 2165.960765] loop7: detected capacity change from 0 to 40
[ 2165.963427] loop2: detected capacity change from 0 to 40
23:34:44 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:34:44 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:34:44 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 18)

[ 2166.056697] loop4: detected capacity change from 0 to 40
[ 2166.081876] loop6: detected capacity change from 0 to 40
[ 2166.127132] loop3: detected capacity change from 0 to 40
23:35:02 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:35:02 executing program 7:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
openat(r0, &(0x7f0000000000)='./file0\x00', 0x20000, 0x80)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
lsetxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000180)={'L-', 0x8}, 0x16, 0x2)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
sendfile(r2, r1, 0x0, 0xfffffdef)

23:35:02 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x500, 0x87ffffc)

23:35:02 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 30)

23:35:02 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 19)

23:35:02 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:35:02 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff})
openat(r0, &(0x7f00000000c0)='./file0\x00', 0x101001, 0x8)
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
open(&(0x7f00000002c0)='./file0\x00', 0x280000, 0x82)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
openat(0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', 0x684100, 0x111)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
openat(r3, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
signalfd(0xffffffffffffffff, &(0x7f0000000280)={[0xa3]}, 0x8)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r2, r1, 0x0, 0xfffffdef)

[ 2183.602300] loop7: detected capacity change from 0 to 40
[ 2183.609502] loop5: detected capacity change from 0 to 40
[ 2183.637235] loop4: detected capacity change from 0 to 40
[ 2183.649441] loop3: detected capacity change from 0 to 40
[ 2183.651600] loop2: detected capacity change from 0 to 40
[ 2183.652539] loop6: detected capacity change from 0 to 40
23:35:02 executing program 1:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r2 = openat(r0, &(0x7f00000003c0)='./file0\x00', 0x1000, 0x5)
write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='map_files\x00')
r5 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000380), 0x14080, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r5, 0xc0189372, &(0x7f0000001280)=ANY=[@ANYBLOB="010001000000000018000000", @ANYRES32=r4, @ANYBLOB="00000000000000002f2f66696c6530003c87c4db0397cb9288"])
stat(&(0x7f0000000780)='./file0\x00', &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000240)={{0x1, 0x1, 0x18, r4, {r6}}, './file1\x00'})
mount$cgroup2(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240), 0x40000, &(0x7f0000000280)={[{@subsystem='blkio'}, {@memory_localevents}, {@subsystem='net'}, {}], [{@appraise}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@fowner_lt}, {@smackfstransmute={'smackfstransmute', 0x3d, '\xff\xff'}}, {@euid_eq={'euid', 0x3d, 0xee00}}, {@dont_hash}, {@euid_eq={'euid', 0x3d, r6}}, {@fowner_gt}, {@audit}]})
sendfile(r2, r1, 0x0, 0xfffffdef)
r7 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r7, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r7, 0x40089413, &(0x7f0000000000)=0x81d)

[ 2183.772771] bio_check_eod: 8 callbacks suppressed
[ 2183.772794] syz-executor.6: attempt to access beyond end of device
[ 2183.772794] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2183.775128] buffer_io_error: 7 callbacks suppressed
[ 2183.775144] Buffer I/O error on dev loop6, logical block 10, lost async page write
23:35:02 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x1200, 0x87ffffc)

[ 2183.805540] syz-executor.7: attempt to access beyond end of device
[ 2183.805540] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2183.805874] syz-executor.5: attempt to access beyond end of device
[ 2183.805874] loop5: rw=2049, sector=100, nr_sectors = 24 limit=40
[ 2183.807136] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2183.814309] syz-executor.5: attempt to access beyond end of device
[ 2183.814309] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2183.815710] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 2183.847695] syz-executor.7: attempt to access beyond end of device
[ 2183.847695] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2183.849086] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2183.975783] kworker/u4:5: attempt to access beyond end of device
[ 2183.975783] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2183.977449] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 2183.978628] kworker/u4:9: attempt to access beyond end of device
[ 2183.978628] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2183.980289] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 2199.221236] loop7: detected capacity change from 0 to 40
[ 2199.222812] loop5: detected capacity change from 0 to 40
23:35:18 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x2103, 0x87ffffc)

23:35:18 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:35:18 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
r3 = openat(r2, &(0x7f0000000000)='./file1\x00', 0x80200, 0x82)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r4=>r3, {0x0, 0x4}}, './file0\x00'})
ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8936, &(0x7f00000000c0)={@dev={0xfe, 0x80, '\x00', 0x43}, 0x62})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r5, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:35:18 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 31)

23:35:18 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:35:18 executing program 7:
r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat(r0, &(0x7f0000000040)='./file0\x00', 0x10300, 0x125)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x121042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0xc}, 0x0, 0x0, 0x81, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x1000000000, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_RESIZE(r5, 0x5609, &(0x7f0000000000)={0x1, 0x45})
kcmp(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000280)={0x0, 0x2, r3, 0x6})
r6 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0)
sendfile(r0, r6, &(0x7f0000000240)=0x2, 0x93)
fallocate(r4, 0x0, 0x0, 0x87ffffc)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r4, 0xf502, 0x0)
finit_module(r4, &(0x7f0000000000)='vfat\x00', 0x2)
sendfile(r3, r2, 0x0, 0xfffffdef)

23:35:18 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 20)

23:35:18 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2199.232203] loop2: detected capacity change from 0 to 40
[ 2199.254451] loop6: detected capacity change from 0 to 40
[ 2199.290326] loop3: detected capacity change from 0 to 40
[ 2199.306688] loop4: detected capacity change from 0 to 40
[ 2199.377078] syz-executor.6: attempt to access beyond end of device
[ 2199.377078] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2199.378843] Buffer I/O error on dev loop6, logical block 10, lost async page write
23:35:18 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 32)

[ 2199.393757] kworker/u4:7: attempt to access beyond end of device
[ 2199.393757] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2199.395087] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 2199.420253] syz-executor.7: attempt to access beyond end of device
[ 2199.420253] loop7: rw=2049, sector=108, nr_sectors = 16 limit=40
[ 2199.424618] syz-executor.7: attempt to access beyond end of device
[ 2199.424618] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2199.425471] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:35:18 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x77ff, 0x87ffffc)

23:35:18 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2199.529853] loop2: detected capacity change from 0 to 40
[ 2199.534343] syz-executor.5: attempt to access beyond end of device
[ 2199.534343] loop5: rw=2049, sector=76, nr_sectors = 48 limit=40
[ 2199.540333] syz-executor.5: attempt to access beyond end of device
[ 2199.540333] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2199.541190] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:35:18 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2199.578114] FAULT_INJECTION: forcing a failure.
[ 2199.578114] name failslab, interval 1, probability 0, space 0, times 0
[ 2199.578885] CPU: 1 PID: 10371 Comm: syz-executor.2 Not tainted 6.1.0-rc8-next-20221208 #1
[ 2199.579443] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2199.580881] Call Trace:
[ 2199.581287]  <TASK>
[ 2199.581719]  dump_stack_lvl+0x8f/0xb7
[ 2199.582455]  should_fail_ex.cold+0x5/0xa
[ 2199.583147]  ? fat_cache_add.part.0+0x5b4/0xb50
[ 2199.583892]  should_failslab+0x9/0x20
[ 2199.584511]  kmem_cache_alloc+0x5a/0x410
[ 2199.585164]  fat_cache_add.part.0+0x5b4/0xb50
[ 2199.585901]  fat_get_cluster+0x922/0xd40
[ 2199.586566]  ? __pfx_fat_get_cluster+0x10/0x10
[ 2199.587382]  fat_get_mapped_cluster+0x216/0x450
[ 2199.588125]  ? __pfx_fat_get_mapped_cluster+0x10/0x10
[ 2199.588972]  fat_bmap+0x1fc/0x460
[ 2199.589551]  fat_get_block+0x33e/0x930
[ 2199.590183]  ? __pfx_fat_get_block+0x10/0x10
[ 2199.590891]  ? do_raw_spin_unlock+0x53/0x220
[ 2199.591632]  __block_write_begin_int+0x380/0x13d0
[ 2199.592256]  ? __pfx_fat_get_block+0x10/0x10
[ 2199.592839]  ? __pfx___block_write_begin_int+0x10/0x10
[ 2199.593554]  ? PageHeadHuge+0x169/0x1b0
[ 2199.594095]  ? __pfx_fat_get_block+0x10/0x10
[ 2199.594679]  block_write_begin+0xb9/0x450
[ 2199.595260]  cont_write_begin+0x4fe/0x700
[ 2199.595814]  ? __pfx_fat_get_block+0x10/0x10
[ 2199.596420]  ? __pfx_cont_write_begin+0x10/0x10
[ 2199.597032]  ? __pfx_mark_lock.part.0+0x10/0x10
[ 2199.597648]  ? __lock_acquire+0x164d/0x5e70
[ 2199.598204]  fat_write_begin+0x89/0x180
[ 2199.598728]  ? __pfx_fat_get_block+0x10/0x10
[ 2199.599373]  cont_write_begin+0x2fc/0x700
[ 2199.599928]  ? __pfx_fat_get_block+0x10/0x10
[ 2199.600533]  ? __pfx_cont_write_begin+0x10/0x10
[ 2199.601156]  ? lock_acquire+0x1b6/0x530
[ 2199.601690]  fat_write_begin+0x89/0x180
[ 2199.602201]  ? __pfx_fat_get_block+0x10/0x10
[ 2199.602772]  generic_cont_expand_simple+0x11c/0x200
[ 2199.603459]  ? __pfx_generic_cont_expand_simple+0x10/0x10
[ 2199.604201]  ? down_write+0x157/0x220
[ 2199.604720]  ? __pfx_down_write+0x10/0x10
[ 2199.605257]  fat_cont_expand+0x66/0x240
[ 2199.605810]  fat_fallocate+0x182/0x320
[ 2199.606350]  ? __pfx_fat_fallocate+0x10/0x10
[ 2199.606953]  vfs_fallocate+0x48d/0xe00
[ 2199.607512]  __x64_sys_fallocate+0xd3/0x140
[ 2199.608098]  do_syscall_64+0x3f/0x90
[ 2199.608609]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2199.609288] RIP: 0033:0x7fbb3612ab19
[ 2199.609771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2199.612076] RSP: 002b:00007fbb336a0188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 2199.613036] RAX: ffffffffffffffda RBX: 00007fbb3623df60 RCX: 00007fbb3612ab19
[ 2199.613944] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 2199.614848] RBP: 00007fbb336a01d0 R08: 0000000000000000 R09: 0000000000000000
[ 2199.615793] R10: 00000000087ffffc R11: 0000000000000246 R12: 0000000000000002
[ 2199.616704] R13: 00007fffd513a5af R14: 00007fbb336a0300 R15: 0000000000022000
[ 2199.617658]  </TASK>
[ 2199.625802] loop6: detected capacity change from 0 to 40
[ 2199.629702] loop4: detected capacity change from 0 to 40
[ 2199.668603] kworker/u4:1: attempt to access beyond end of device
23:35:18 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 21)

[ 2199.668603] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2199.670810] Buffer I/O error on dev loop3, logical block 31, lost async page write
23:35:18 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x7800, 0x87ffffc)

23:35:18 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x8000, 0x40)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2199.745592] syz-executor.6: attempt to access beyond end of device
[ 2199.745592] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40
[ 2199.747295] Buffer I/O error on dev loop6, logical block 10, lost async page write
[ 2199.838631] loop3: detected capacity change from 0 to 40
[ 2199.840803] loop7: detected capacity change from 0 to 40
[ 2200.090386] kworker/u4:9: attempt to access beyond end of device
[ 2200.090386] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2200.092051] Buffer I/O error on dev loop2, logical block 31, lost async page write
[ 2200.137473] syz-executor.7: attempt to access beyond end of device
[ 2200.137473] loop7: rw=2049, sector=76, nr_sectors = 48 limit=40
[ 2200.144668] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2200.202986] Buffer I/O error on dev loop3, logical block 31, lost async page write
23:35:32 executing program 1:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r3 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
getsockopt$SO_COOKIE(r3, 0x1, 0x39, &(0x7f0000000000), &(0x7f0000000040)=0x8)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:35:32 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
r3 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
r4 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4)
connect$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000180), 0xfffffffffffffef9)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, r3, {0x5}}, './file0\x00'})
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r5, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:35:32 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 33)

23:35:32 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

23:35:32 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file2\x00', 0x800, 0x10)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
ioctl$INCFS_IOC_CREATE_FILE(r0, 0xc058671e, &(0x7f00000006c0)={{'\x00', 0x1}, {}, 0x100, 0x0, 0x0, &(0x7f0000000040)='./file2\x00', &(0x7f00000000c0)='./file2\x00', &(0x7f0000000280)="139d515260447890559e0b48a72ec9c81d004f6649d7961f08803ff414d6818cdc29855154c6fd1f4d5cd1f1fe8ac542cf86980cbe4acb45158487aa138264a6d1adc6d7aa81f7473a131c6f4ac3e1508e637e0ba1bb4fad866fab74435cb96cca1712ea80f56f195d7f7e1109397ce941ac1bf1222ca585589772457b0258e4d5f57384d87ef957e19517cb69352c7b72e5a982284235178323c4ccbdfed289d0a4e4a93eae4e87320aa6ea1b401f90155ab56cc2e6155b9a8799a9bfdbfcb9031a072015d44011d1371f2f3e82036b0320831c9defbec6fe6bf953cbe4e3d034a8a822ab70aca89c4b2addc32b9756a8da1d887b117cf4c512bdffcaecac57c7277f9ea57f57764e74aac4fdc26f92d53c4c10023251f2c24c47957e94a732cc2b253f8443374ee873bbfd25da3f572f45c887f582159e47f80fb88cb36e4d77dacba4306f9854316f8d8d93d4f4dfcc963181498a7ae271fd8fefa0da1665b5453b53f7cb9bd5513659fbebe4e9a81afed3832e3f81df5972cc43b53f832bb2f072689e3f83242393bceaf5a166b588c09c1cf57bf3d7a3529e4fab3ec76779446361cb5e21b60c2131f72287593698ace794f9f547c3fde4f54dd99784db8d76f0630ca2f2a51db05ce324d05afb6e", 0x1d1, 0x0, &(0x7f0000000480)={0x2, 0x1c7, {0x1, 0xc, 0xd2, "7b7f7396e1f74e5d39c0406696ff378e28258f8a78055b4899cea384d23dc54ae8dad6956b08b9c8be09a007237f6554c19ce3243275af282d96ec8f914ba07900df694ae3065bbe565ec669f4bcb8550066b6027f4c6532da82196003ef39761e13a8b4a1db401724ae1f275c361745888c7fb4d9930a29c2e0b47253752524717686a3cf7fb4087c1de992c5c21acf817d45361e69a3346505ab842b8eeba355902b6ed16d71c5d19f4f284a2c5fce3c2b64cbce7a8252b14afd31b26a8598a9aa3dd06c594737624e97469dedc22debbf", 0xe8, "128d8e55caf84f041c1b0ba725b8967453dbf4234dab97688a680ea4437bf5ff865580c587a867128fb2284b3d8ff5d8e57cb430f0e1c9c85ae21f7467924bdccb0e72c043e24369a9cc16bab1edf14c894a8e2cec7d77e13220c5f7558ec5f1d58b99ce23737662ed39daffdc5b46a3ff2e2fb34335b60263d25c71b11f0ea8cce7725edfd97b6359b382b7c1f9ba81e7631c99db82a5c5d0b098d6c148f06be03931e8f141369b38d82bdd57458b49a085ead151417f5af1abec74991c3b83663e118945c82eebc517b4dd1cc812c3cbc59c705f8b4430c862dcd416108e504810c4a00a9a2645"}, 0x60, "caa6c64be4f07e3cc7fa2d7dee2da04bbeb6083638d1a4613814ce94d0e1d018cf342a7baf62c329f3449b054b46d0b7f05dde7eb481593d840e22212ec6a70b48681710bfab3e098133b6fa10065212d74cdef979eb794b313df08dfebe444d"}, 0x233})
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:35:32 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

[ 2213.217602] loop4: detected capacity change from 0 to 40
23:35:32 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0xf800, 0x87ffffc)

23:35:32 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 22)

[ 2213.227577] loop7: detected capacity change from 0 to 40
[ 2213.266780] loop2: detected capacity change from 0 to 40
[ 2213.273699] loop3: detected capacity change from 0 to 40
[ 2213.312812] loop5: detected capacity change from 0 to 40
[ 2213.315627] loop6: detected capacity change from 0 to 40
[ 2213.324495] bio_check_eod: 2 callbacks suppressed
[ 2213.324527] syz-executor.7: attempt to access beyond end of device
[ 2213.324527] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2213.325730] Buffer I/O error on dev loop7, logical block 31, lost async page write
23:35:32 executing program 4:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0x0, 0x87ffffc)

[ 2213.405494] loop4: detected capacity change from 0 to 40
23:35:32 executing program 7:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x810, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
openat(r2, &(0x7f00000000c0)='./file0\x00', 0x4000, 0x100)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
chroot(&(0x7f0000000000)='./file0\x00')
write$binfmt_aout(r1, &(0x7f0000000240)={{0x10b, 0xff, 0x7f, 0x1da, 0x71, 0x2, 0x15, 0x9}, "3673aed285e418b25950297aea4a474d9989e5ae27bcc217c742494dffa31da5a062238d72c50e001987cf791656945cc6ddcd92245a94dbed71bcbed4814b5aa3d895ba9d3d28cf43791226d4f9a6d9a50f1ec243341459f973b9ff6a7f22d9467ba5925258f9fa4ce144ec3515ce0adbdefb33a6a35077bf95c687ff13da33fc239b3025351f7d902b7c09a9be81557c096747471edb53cf11631fa98b42eed10af64b", ['\x00', '\x00']}, 0x2c4)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r3, 0x0, 0x0, 0x87ffffc)
sendfile(r1, r0, 0x0, 0xfffffdef)

23:35:32 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 23)

[ 2213.471414] kworker/u4:6: attempt to access beyond end of device
[ 2213.471414] loop3: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2213.472945] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 2213.486110] syz-executor.5: attempt to access beyond end of device
[ 2213.486110] loop5: rw=2049, sector=100, nr_sectors = 24 limit=40
[ 2213.487273] syz-executor.5: attempt to access beyond end of device
[ 2213.487273] loop5: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2213.488299] Buffer I/O error on dev loop5, logical block 31, lost async page write
23:35:32 executing program 0:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r1, 0x0, 0xff77, 0x87ffffc)

[ 2213.554602] loop7: detected capacity change from 0 to 40
[ 2213.569713] kworker/u4:7: attempt to access beyond end of device
[ 2213.569713] loop6: rw=1, sector=124, nr_sectors = 4 limit=40
23:35:32 executing program 6:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
sendfile(0xffffffffffffffff, r0, 0x0, 0xfffffdef)

[ 2213.571217] Buffer I/O error on dev loop6, logical block 31, lost async page write
[ 2213.582866] loop3: detected capacity change from 0 to 40
23:35:32 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
chdir(&(0x7f0000000140)='./file0\x00')
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r0, 0x0, 0x0, 0x87ffffc) (fail_nth: 34)

[ 2213.593874] kworker/u4:6: attempt to access beyond end of device
[ 2213.593874] loop2: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2213.595590] Buffer I/O error on dev loop2, logical block 31, lost async page write
23:35:32 executing program 5:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x410, &(0x7f0000000140)=ANY=[])
lgetxattr(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000001c0)=""/39, 0x27)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x800, 0x90)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x30, 0xffffffffffffffff, 0xec465000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220)
write$bt_hci(0xffffffffffffffff, 0x0, 0x13)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
fallocate(r2, 0x0, 0x0, 0x87ffffc)
openat(r2, &(0x7f0000000240)='./file0\x00', 0x642, 0x100)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r1, r0, 0x0, 0xfffffdef)

[ 2213.685769] loop6: detected capacity change from 0 to 40
[ 2213.686964] kworker/u4:7: attempt to access beyond end of device
[ 2213.686964] loop4: rw=1, sector=124, nr_sectors = 4 limit=40
[ 2213.688543] Buffer I/O error on dev loop4, logical block 31, lost async page write
[ 2213.725094] syz-executor.7: attempt to access beyond end of device
[ 2213.725094] loop7: rw=2049, sector=116, nr_sectors = 8 limit=40
[ 2213.726087] syz-executor.7: attempt to access beyond end of device
[ 2213.726087] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2213.727024] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2213.732901] loop2: detected capacity change from 0 to 40
[ 2213.738442] loop5: detected capacity change from 0 to 40
[ 2213.775977] FAULT_INJECTION: forcing a failure.
[ 2213.775977] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2213.776809] CPU: 0 PID: 10435 Comm: syz-executor.2 Not tainted 6.1.0-rc8-next-20221208 #1
[ 2213.777375] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2213.777937] Call Trace:
[ 2213.778123]  <TASK>
[ 2213.778286]  dump_stack_lvl+0x8f/0xb7
[ 2213.778572]  should_fail_ex.cold+0x5/0xa
[ 2213.778973]  prepare_alloc_pages+0x178/0x500
[ 2213.779431]  __alloc_pages+0x149/0x500
[ 2213.779731]  ? __pfx___alloc_pages+0x10/0x10
[ 2213.780061]  ? __pfx___lock_acquire+0x10/0x10
[ 2213.780424]  alloc_pages+0x1a0/0x260
[ 2213.780701]  filemap_alloc_folio+0x32a/0x410
[ 2213.781027]  ? __filemap_get_folio+0x254/0xc90
[ 2213.781374]  ? __pfx_lock_release+0x10/0x10
[ 2213.781695]  ? __pfx_filemap_alloc_folio+0x10/0x10
[ 2213.782021]  ? xas_start+0x157/0x6a0
[ 2213.782309]  ? xas_load+0x6a/0x140
[ 2213.782583]  __filemap_get_folio+0x32c/0xc90
[ 2213.782924]  ? __pfx___filemap_get_folio+0x10/0x10
[ 2213.783265]  ? find_held_lock+0x2c/0x110
[ 2213.783573]  pagecache_get_page+0x2e/0x130
[ 2213.783875]  ? __pfx_fat_get_block+0x10/0x10
[ 2213.784201]  block_write_begin+0x35/0x450
[ 2213.784518]  cont_write_begin+0x4fe/0x700
[ 2213.784825]  ? lock_is_held_type+0xdb/0x130
[ 2213.785149]  ? __pfx_fat_get_block+0x10/0x10
[ 2213.785478]  ? __pfx_cont_write_begin+0x10/0x10
[ 2213.785826]  ? __mark_inode_dirty+0x249/0xe70
[ 2213.786183]  ? generic_write_end+0x1fe/0x3d0
[ 2213.786522]  fat_write_begin+0x89/0x180
[ 2213.786818]  ? __pfx_fat_get_block+0x10/0x10
[ 2213.787122]  cont_write_begin+0x2fc/0x700
[ 2213.787456]  ? __pfx_fat_get_block+0x10/0x10
[ 2213.787789]  ? __pfx_cont_write_begin+0x10/0x10
[ 2213.788148]  ? lock_acquire+0x1b6/0x530
[ 2213.788457]  fat_write_begin+0x89/0x180
[ 2213.788752]  ? __pfx_fat_get_block+0x10/0x10
[ 2213.789089]  generic_cont_expand_simple+0x11c/0x200
[ 2213.789470]  ? __pfx_generic_cont_expand_simple+0x10/0x10
[ 2213.789890]  ? down_write+0x157/0x220
[ 2213.790151]  ? __pfx_down_write+0x10/0x10
[ 2213.790463]  fat_cont_expand+0x66/0x240
[ 2213.790776]  fat_fallocate+0x182/0x320
[ 2213.791081]  ? __pfx_fat_fallocate+0x10/0x10
[ 2213.791394]  vfs_fallocate+0x48d/0xe00
[ 2213.791699]  __x64_sys_fallocate+0xd3/0x140
[ 2213.792025]  do_syscall_64+0x3f/0x90
[ 2213.792317]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2213.792697] RIP: 0033:0x7fbb3612ab19
[ 2213.792971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2213.794266] RSP: 002b:00007fbb336a0188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 2213.794815] RAX: ffffffffffffffda RBX: 00007fbb3623df60 RCX: 00007fbb3612ab19
[ 2213.795334] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 2213.795844] RBP: 00007fbb336a01d0 R08: 0000000000000000 R09: 0000000000000000
[ 2213.796357] R10: 00000000087ffffc R11: 0000000000000246 R12: 0000000000000002
[ 2213.796869] R13: 00007fffd513a5af R14: 00007fbb336a0300 R15: 0000000000022000
[ 2213.797402]  </TASK>
[ 2213.805742] syz-executor.7: attempt to access beyond end of device
[ 2213.805742] loop7: rw=2049, sector=124, nr_sectors = 4 limit=40
[ 2213.806681] Buffer I/O error on dev loop7, logical block 31, lost async page write
[ 2213.891805] Buffer I/O error on dev loop5, logical block 31, lost async page write
[ 2213.895666] Buffer I/O error on dev loop3, logical block 31, lost async page write
[ 2214.641746] ==================================================================
[ 2214.642692] BUG: KASAN: use-after-free in __lock_acquire+0x42c9/0x5e70
[ 2214.643527] Read of size 8 at addr ffff88801e0c8a38 by task syz-executor/10444
[ 2214.644358] 
[ 2214.644568] CPU: 1 PID: 10444 Comm: syz-executor Not tainted 6.1.0-rc8-next-20221208 #1
[ 2214.645479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2214.646408] Call Trace:
[ 2214.646714]  <TASK>
[ 2214.646990]  dump_stack_lvl+0x8f/0xb7
[ 2214.647478]  print_report+0x175/0x478
[ 2214.647952]  ? __lock_acquire+0x42c9/0x5e70
[ 2214.648467]  kasan_report+0xbf/0x1c0
[ 2214.648930]  ? __lock_acquire+0x42c9/0x5e70
[ 2214.649451]  __lock_acquire+0x42c9/0x5e70
[ 2214.649958]  ? __pfx_mark_lock.part.0+0x10/0x10
[ 2214.650513]  ? finish_task_switch.isra.0+0x22d/0x8a0
[ 2214.651112]  ? __pfx___lock_acquire+0x10/0x10
[ 2214.651661]  ? __switch_to+0x5c3/0xee0
[ 2214.652253]  lock_acquire+0x1a6/0x530
[ 2214.652833]  ? kmemleak_scan+0x1a0/0x1600
[ 2214.656941]  ? __pfx_lock_acquire+0x10/0x10
[ 2214.657494]  ? __call_rcu_common.constprop.0+0x589/0xa40
[ 2214.658178]  ? __call_rcu_common.constprop.0+0x589/0xa40
[ 2214.658863]  ? lockdep_hardirqs_on+0x7d/0x100
[ 2214.659460]  ? _raw_spin_lock_irq+0x45/0x50
[ 2214.660013]  _raw_spin_lock_irq+0x36/0x50
[ 2214.660545]  ? kmemleak_scan+0x1a0/0x1600
[ 2214.661075]  kmemleak_scan+0x1a0/0x1600
[ 2214.661586]  ? __pfx_kmemleak_scan+0x10/0x10
[ 2214.662157]  ? strncpy_from_user+0x107/0x500
[ 2214.662711]  kmemleak_write+0x574/0x680
[ 2214.663223]  ? __pfx_kmemleak_write+0x10/0x10
[ 2214.663797]  ? debugfs_file_get+0x1d2/0x450
[ 2214.664339]  ? __pfx_debugfs_file_get+0x10/0x10
[ 2214.664930]  full_proxy_write+0x121/0x190
[ 2214.665451]  vfs_write+0x358/0xe40
[ 2214.665910]  ? __pfx_full_proxy_write+0x10/0x10
[ 2214.666492]  ? __pfx_vfs_write+0x10/0x10
[ 2214.667011]  ? lock_release+0x3b6/0x750
[ 2214.667527]  ? __up_read+0x192/0x730
[ 2214.668006]  ? handle_mm_fault+0x43d/0xae0
[ 2214.668525]  ? __pfx___up_read+0x10/0x10
[ 2214.669043]  ? __fget_light+0x212/0x280
[ 2214.669540]  ksys_write+0x12b/0x260
[ 2214.670013]  ? __pfx_ksys_write+0x10/0x10
[ 2214.670534]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2214.671159]  ? syscall_enter_from_user_mode+0x21/0x50
[ 2214.671792]  do_syscall_64+0x3f/0x90
[ 2214.672262]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2214.672887] RIP: 0033:0x7f397af3f5c3
[ 2214.673345] Code: 16 00 00 00 eb ae 90 b8 6e 00 00 00 eb a6 e8 44 ef 04 00 0f 1f 40 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18
[ 2214.675469] RSP: 002b:00007ffc18e2bea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2214.676367] RAX: ffffffffffffffda RBX: 00007ffc18e2c4e8 RCX: 00007f397af3f5c3
[ 2214.677209] RDX: 0000000000000004 RSI: 00007f397aff5ed9 RDI: 0000000000000003
[ 2214.678057] RBP: 0000000000000002 R08: 00000000000008a6 R09: 00007ffc18e43080
[ 2214.678903] R10: 00007ffc18e43090 R11: 0000000000000246 R12: 00000000fffffff6
[ 2214.679725] R13: 00007ffc18e2def1 R14: 0000000000000000 R15: 000000000021c8d5
[ 2214.680540]  </TASK>
[ 2214.680815] 
[ 2214.681023] Allocated by task 10448:
[ 2214.681448]  kasan_save_stack+0x22/0x50
[ 2214.681923]  kasan_set_track+0x25/0x30
[ 2214.682385]  __kasan_slab_alloc+0x5c/0x70
[ 2214.682883]  kmem_cache_alloc+0x1e1/0x410
[ 2214.683383]  __create_object+0x3d/0xc10
[ 2214.683859]  kmem_cache_alloc+0x273/0x410
[ 2214.684343]  __alloc_file+0x21/0x240
[ 2214.684785]  alloc_empty_file+0x71/0x170
[ 2214.685262]  path_openat+0xd4/0x29b0
[ 2214.685712]  do_filp_open+0x1ba/0x410
[ 2214.686170]  do_sys_openat2+0x171/0x4c0
[ 2214.686640]  __x64_sys_openat+0x143/0x200
[ 2214.687132]  do_syscall_64+0x3f/0x90
[ 2214.687582]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 2214.688173] 
[ 2214.688380] Freed by task 13:
[ 2214.688744]  kasan_save_stack+0x22/0x50
[ 2214.689217]  kasan_set_track+0x25/0x30
[ 2214.689681]  kasan_save_free_info+0x2e/0x50
[ 2214.690179]  __kasan_slab_free+0x10a/0x190
[ 2214.690677]  kmem_cache_free+0xfb/0x610
[ 2214.691144]  rcu_core+0x7e2/0x2090
[ 2214.691577]  __do_softirq+0x1c7/0x8f9
[ 2214.692038] 
[ 2214.692244] Last potentially related work creation:
[ 2214.692795]  kasan_save_stack+0x22/0x50
[ 2214.693267]  __kasan_record_aux_stack+0x95/0xb0
[ 2214.693824]  __call_rcu_common.constprop.0+0x6a/0xa40
[ 2214.694431]  kmem_cache_free+0xc1/0x610
[ 2214.694900]  rcu_core+0x7e2/0x2090
[ 2214.695339]  __do_softirq+0x1c7/0x8f9
[ 2214.695797] 
[ 2214.696002] Second to last potentially related work creation:
[ 2214.696648]  kasan_save_stack+0x22/0x50
[ 2214.697119]  __kasan_record_aux_stack+0x95/0xb0
[ 2214.697676]  __call_rcu_common.constprop.0+0x6a/0xa40
[ 2214.698284]  __kmem_cache_free+0x95/0x410
[ 2214.698769]  ieee80211_ibss_rx_queued_mgmt+0x1a73/0x2f40
[ 2214.699401]  ieee80211_iface_work+0x9cb/0xcc0
[ 2214.699931]  process_one_work+0xa17/0x16a0
[ 2214.700432]  worker_thread+0x63b/0x1260
[ 2214.700910]  kthread+0x2f1/0x3a0
[ 2214.701315]  ret_from_fork+0x2c/0x50
[ 2214.701761] 
[ 2214.701971] The buggy address belongs to the object at ffff88801e0c8a20
[ 2214.701971]  which belongs to the cache kmemleak_object of size 368
[ 2214.703383] The buggy address is located 24 bytes inside of
[ 2214.703383]  368-byte region [ffff88801e0c8a20, ffff88801e0c8b90)
[ 2214.704653] 
[ 2214.704860] The buggy address belongs to the physical page:
[ 2214.705486] page:00000000f2e6c87d refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801e0c97a0 pfn:0x1e0c8
[ 2214.706653] head:00000000f2e6c87d order:1 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0
[ 2214.707684] flags: 0x100000000010200(slab|head|node=0|zone=1)
[ 2214.708361] raw: 0100000000010200 ffff88800844f780 ffffea00002e5090 ffffea0000348190
[ 2214.709227] raw: ffff88801e0c97a0 000000000012000c 00000001ffffffff 0000000000000000
[ 2214.710076] page dumped because: kasan: bad access detected
[ 2214.710698] 
[ 2214.710902] Memory state around the buggy address:
[ 2214.711455]  ffff88801e0c8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2214.712258]  ffff88801e0c8980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 2214.713058] >ffff88801e0c8a00: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
[ 2214.713858]                                         ^
[ 2214.714432]  ffff88801e0c8a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2214.715252]  ffff88801e0c8b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2214.716059] ==================================================================
[ 2214.716847] Disabling lock debugging due to kernel taint

VM DIAGNOSIS:
23:35:33  Registers:
info registers vcpu 0
RAX=0000000000021c3a RBX=0000000000000001 RCX=0000000000021c3a RDX=0000000000021c3a
RSI=0000000000008159 RDI=ffffffff864b14cc RBP=ffff88804697fcd0 RSP=ffff88804697fbf8
R8 =0000000000000000 R9 =ffffffff86066c46 R10=ffffed1008d2ff9c R11=0000000000038001
R12=ffff88804697fcb9 R13=ffff88804697fcd8 R14=ffff88804697fc78 R15=ffffffff8181593b
RIP=ffffffff8112de55 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f20f7eb38c0 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe322219a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe3222198000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055b31ec56f40 CR3=000000001e3c0000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=372f6b636f6c622f7665642f7379732f XMM01=00353a372f6b636f6c622f7665642f73
XMM02=00ff0000000000000000000000000000 XMM03=696e656420737365636341002f737973
XMM04=000055b31ec4d5d0000055b31ec57bd0 XMM05=0000000000000008000055b31ec50fe0
XMM06=000055b31ec50db00000000000000000 XMM07=00000000000000000000000000000000
XMM08=610064253a64252f6b636f6c622f7665 XMM09=00000000000000000000000000000000
XMM10=00000000002000000000000000200000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000073 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff824891f5 RDI=ffffffff87fb5b60 RBP=ffffffff87fb5b20 RSP=ffff8880473f71e8
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000073 R11=0000000000000001
R12=0000000000000073 R13=ffffffff87fb5b20 R14=0000000000000010 R15=ffffffff824891e0
RIP=ffffffff8248924d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 000055555559a400 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe53826b7000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe53826b5000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffc4104be08 CR3=000000001df96000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=0000000700000013000055b31ec4f290
XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973
XMM04=3d5347415400333d524f4e494d00373d XMM05=455a494c414954494e495f4345535500
XMM06=534b534944006b7369643d4550595456 XMM07=414e564544006b636f6c623d4d455453
XMM08=49006d756e203c2069000a313a56000a XMM09=00000000000000000000000000000000
XMM10=00000000002000000000000000200000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000