Warning: Permanently added '10.128.0.176' (ECDSA) to the list of known hosts. 2021/05/15 07:30:15 fuzzer started 2021/05/15 07:30:15 dialing manager at 10.128.0.163:35869 2021/05/15 07:30:15 syscalls: 1997 2021/05/15 07:30:15 code coverage: enabled 2021/05/15 07:30:15 comparison tracing: enabled 2021/05/15 07:30:15 extra coverage: enabled 2021/05/15 07:30:15 setuid sandbox: enabled 2021/05/15 07:30:15 namespace sandbox: enabled 2021/05/15 07:30:15 Android sandbox: enabled 2021/05/15 07:30:15 fault injection: enabled 2021/05/15 07:30:15 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/05/15 07:30:15 net packet injection: /dev/net/tun does not exist 2021/05/15 07:30:15 net device setup: enabled 2021/05/15 07:30:15 concurrency sanitizer: enabled 2021/05/15 07:30:15 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/05/15 07:30:15 USB emulation: /dev/raw-gadget does not exist 2021/05/15 07:30:15 hci packet injection: /dev/vhci does not exist 2021/05/15 07:30:15 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 2021/05/15 07:30:15 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 2021/05/15 07:30:15 fetching corpus: 0, signal 0/2000 (executing program) 2021/05/15 07:30:15 fetching corpus: 39, signal 19030/19251 (executing program) 2021/05/15 07:30:15 fetching corpus: 39, signal 19031/19362 (executing program) 2021/05/15 07:30:15 fetching corpus: 39, signal 19031/19483 (executing program) 2021/05/15 07:30:15 fetching corpus: 39, signal 19031/19597 (executing program) 2021/05/15 07:30:15 fetching corpus: 39, signal 19031/19693 (executing program) 2021/05/15 07:30:15 fetching corpus: 39, signal 19031/19801 (executing program) 2021/05/15 07:30:15 fetching corpus: 39, signal 19031/19920 (executing program) 2021/05/15 07:30:15 fetching corpus: 39, signal 19031/20035 (executing program) 2021/05/15 07:30:15 fetching corpus: 39, signal 19031/20075 (executing program) 2021/05/15 07:30:15 fetching corpus: 39, signal 19031/20075 (executing program) 2021/05/15 07:30:17 starting 6 fuzzer processes 07:30:17 executing program 0: mmap(&(0x7f0000012000/0x3000)=nil, 0x3000, 0x4, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r0, 0x29, 0x30, 0x0, &(0x7f0000013000)) 07:30:17 executing program 1: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) 07:30:17 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b67, &(0x7f0000000040)={0xf00, 0x0, 0x401000, 0x0, 0x0, 0x0}) 07:30:17 executing program 2: mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000200)='./file0\x00') unshare(0x24020400) 07:30:17 executing program 3: clone3(&(0x7f0000000440)={0xe300100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x8935, &(0x7f0000000140)={'tunl0\x00', 0x0}) 07:30:17 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x10a, &(0x7f0000000280)="000000000000b50cec00050000000000000094bd9d45b0000000000000047d150801428a6a79940c9c0689bf74257a994a5cd7efad5175d8b454438488090804f443aa7ef6ee20c76b47e963c3ffe7365aba2063d1f69f3734a28a7e7d5dea167f8acc6439296b636226d39ad8b70ec8245cf266d26fbf76181616108401846eef0cb691b27fd4c537bb4c89a66cd5f09718ebd2d2595f8f3f023f7e4e88b6b7009b0cc5e0b52db8388ce6dd896dd0024e7083f34c69d42c6c7f0e25fcf20cf286894ee69e8fea4f4bd1cdc5cd1ad64a823872ea66d8682235a21f25e2fa75a849b5c8d5fc8c4c64cf13bc9eda57c5b20e884313fa334e4736731e1dbab2cde1f4f2464b9ca7c5845759"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 19.160015][ T25] audit: type=1400 audit(1621063817.073:8): avc: denied { execmem } for pid=1768 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 19.372132][ T1774] cgroup: Unknown subsys name 'perf_event' [ 19.397500][ T1774] cgroup: Unknown subsys name 'net_cls' [ 19.402738][ T1775] cgroup: Unknown subsys name 'perf_event' [ 19.406455][ T1777] cgroup: Unknown subsys name 'perf_event' [ 19.409564][ T1776] cgroup: Unknown subsys name 'perf_event' [ 19.426179][ T1775] cgroup: Unknown subsys name 'net_cls' [ 19.428360][ T1777] cgroup: Unknown subsys name 'net_cls' [ 19.439891][ T1776] cgroup: Unknown subsys name 'net_cls' [ 19.440450][ T1781] cgroup: Unknown subsys name 'perf_event' [ 19.446662][ T1780] cgroup: Unknown subsys name 'perf_event' [ 19.454560][ T1781] cgroup: Unknown subsys name 'net_cls' [ 19.461867][ T1780] cgroup: Unknown subsys name 'net_cls' 07:30:21 executing program 0: mmap(&(0x7f0000012000/0x3000)=nil, 0x3000, 0x4, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r0, 0x29, 0x30, 0x0, &(0x7f0000013000)) 07:30:21 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b67, &(0x7f0000000040)={0xf00, 0x0, 0x401000, 0x0, 0x0, 0x0}) 07:30:21 executing program 0: mmap(&(0x7f0000012000/0x3000)=nil, 0x3000, 0x4, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r0, 0x29, 0x30, 0x0, &(0x7f0000013000)) 07:30:21 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b67, &(0x7f0000000040)={0xf00, 0x0, 0x401000, 0x0, 0x0, 0x0}) 07:30:21 executing program 0: mmap(&(0x7f0000012000/0x3000)=nil, 0x3000, 0x4, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r0, 0x29, 0x30, 0x0, &(0x7f0000013000)) 07:30:21 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b67, &(0x7f0000000040)={0xf00, 0x0, 0x401000, 0x0, 0x0, 0x0}) 07:30:21 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b67, &(0x7f0000000040)={0xf00, 0x0, 0x401000, 0x0, 0x0, 0x0}) [ 23.725507][ T4510] loop1: detected capacity change from 0 to 264192 07:30:22 executing program 4: mmap(&(0x7f0000012000/0x3000)=nil, 0x3000, 0x4, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r0, 0x29, 0x30, 0x0, &(0x7f0000013000)) 07:30:22 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b67, &(0x7f0000000040)={0xf00, 0x0, 0x401000, 0x0, 0x0, 0x0}) 07:30:22 executing program 3: clone3(&(0x7f0000000440)={0xe300100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x8935, &(0x7f0000000140)={'tunl0\x00', 0x0}) 07:30:22 executing program 1: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) [ 24.426095][ T4583] loop1: detected capacity change from 0 to 264192 07:30:24 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x10a, &(0x7f0000000280)="000000000000b50cec00050000000000000094bd9d45b0000000000000047d150801428a6a79940c9c0689bf74257a994a5cd7efad5175d8b454438488090804f443aa7ef6ee20c76b47e963c3ffe7365aba2063d1f69f3734a28a7e7d5dea167f8acc6439296b636226d39ad8b70ec8245cf266d26fbf76181616108401846eef0cb691b27fd4c537bb4c89a66cd5f09718ebd2d2595f8f3f023f7e4e88b6b7009b0cc5e0b52db8388ce6dd896dd0024e7083f34c69d42c6c7f0e25fcf20cf286894ee69e8fea4f4bd1cdc5cd1ad64a823872ea66d8682235a21f25e2fa75a849b5c8d5fc8c4c64cf13bc9eda57c5b20e884313fa334e4736731e1dbab2cde1f4f2464b9ca7c5845759"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:30:24 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b67, &(0x7f0000000040)={0xf00, 0x0, 0x401000, 0x0, 0x0, 0x0}) 07:30:24 executing program 3: clone3(&(0x7f0000000440)={0xe300100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x8935, &(0x7f0000000140)={'tunl0\x00', 0x0}) 07:30:24 executing program 2: mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000200)='./file0\x00') unshare(0x24020400) 07:30:24 executing program 4: mmap(&(0x7f0000012000/0x3000)=nil, 0x3000, 0x4, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r0, 0x29, 0x30, 0x0, &(0x7f0000013000)) 07:30:24 executing program 1: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) 07:30:24 executing program 4: mmap(&(0x7f0000012000/0x3000)=nil, 0x3000, 0x4, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r0, 0x29, 0x30, 0x0, &(0x7f0000013000)) 07:30:24 executing program 3: clone3(&(0x7f0000000440)={0xe300100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x8935, &(0x7f0000000140)={'tunl0\x00', 0x0}) 07:30:24 executing program 2: mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000200)='./file0\x00') unshare(0x24020400) 07:30:24 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x10a, &(0x7f0000000280)="000000000000b50cec00050000000000000094bd9d45b0000000000000047d150801428a6a79940c9c0689bf74257a994a5cd7efad5175d8b454438488090804f443aa7ef6ee20c76b47e963c3ffe7365aba2063d1f69f3734a28a7e7d5dea167f8acc6439296b636226d39ad8b70ec8245cf266d26fbf76181616108401846eef0cb691b27fd4c537bb4c89a66cd5f09718ebd2d2595f8f3f023f7e4e88b6b7009b0cc5e0b52db8388ce6dd896dd0024e7083f34c69d42c6c7f0e25fcf20cf286894ee69e8fea4f4bd1cdc5cd1ad64a823872ea66d8682235a21f25e2fa75a849b5c8d5fc8c4c64cf13bc9eda57c5b20e884313fa334e4736731e1dbab2cde1f4f2464b9ca7c5845759"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 26.868351][ T4606] loop1: detected capacity change from 0 to 264192 07:30:24 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x10a, &(0x7f0000000280)="000000000000b50cec00050000000000000094bd9d45b0000000000000047d150801428a6a79940c9c0689bf74257a994a5cd7efad5175d8b454438488090804f443aa7ef6ee20c76b47e963c3ffe7365aba2063d1f69f3734a28a7e7d5dea167f8acc6439296b636226d39ad8b70ec8245cf266d26fbf76181616108401846eef0cb691b27fd4c537bb4c89a66cd5f09718ebd2d2595f8f3f023f7e4e88b6b7009b0cc5e0b52db8388ce6dd896dd0024e7083f34c69d42c6c7f0e25fcf20cf286894ee69e8fea4f4bd1cdc5cd1ad64a823872ea66d8682235a21f25e2fa75a849b5c8d5fc8c4c64cf13bc9eda57c5b20e884313fa334e4736731e1dbab2cde1f4f2464b9ca7c5845759"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:30:24 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x10a, &(0x7f0000000280)="000000000000b50cec00050000000000000094bd9d45b0000000000000047d150801428a6a79940c9c0689bf74257a994a5cd7efad5175d8b454438488090804f443aa7ef6ee20c76b47e963c3ffe7365aba2063d1f69f3734a28a7e7d5dea167f8acc6439296b636226d39ad8b70ec8245cf266d26fbf76181616108401846eef0cb691b27fd4c537bb4c89a66cd5f09718ebd2d2595f8f3f023f7e4e88b6b7009b0cc5e0b52db8388ce6dd896dd0024e7083f34c69d42c6c7f0e25fcf20cf286894ee69e8fea4f4bd1cdc5cd1ad64a823872ea66d8682235a21f25e2fa75a849b5c8d5fc8c4c64cf13bc9eda57c5b20e884313fa334e4736731e1dbab2cde1f4f2464b9ca7c5845759"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 27.161082][ T4606] ================================================================== [ 27.169171][ T4606] BUG: KCSAN: data-race in __xa_clear_mark / xas_find_marked [ 27.176526][ T4606] [ 27.178829][ T4606] write to 0xffff8881065b66b0 of 8 bytes by interrupt on cpu 1: [ 27.186549][ T4606] __xa_clear_mark+0x1d9/0x2c0 [ 27.191293][ T4606] test_clear_page_writeback+0x23e/0x560 [ 27.196906][ T4606] end_page_writeback+0xd7/0x1b0 [ 27.201830][ T4606] end_buffer_async_write+0x1b0/0x250 [ 27.207184][ T4606] end_bio_bh_io_sync+0x6f/0x90 [ 27.212064][ T4606] bio_endio+0x21d/0x300 [ 27.216285][ T4606] blk_update_request+0x435/0xa30 [ 27.221306][ T4606] blk_mq_end_request+0x22/0x50 [ 27.226139][ T4606] lo_complete_rq+0xca/0x170 [ 27.230710][ T4606] blk_done_softirq+0x69/0x90 [ 27.235404][ T4606] __do_softirq+0x12c/0x275 [ 27.239889][ T4606] run_ksoftirqd+0x13/0x20 [ 27.244290][ T4606] smpboot_thread_fn+0x2a1/0x3f0 [ 27.249217][ T4606] kthread+0x1d0/0x1f0 [ 27.253264][ T4606] ret_from_fork+0x1f/0x30 [ 27.257666][ T4606] [ 27.259974][ T4606] read to 0xffff8881065b66b0 of 8 bytes by task 4606 on cpu 0: [ 27.267490][ T4606] xas_find_marked+0x195/0x5f0 [ 27.272238][ T4606] find_get_pages_range_tag+0xf2/0x390 [ 27.277689][ T4606] pagevec_lookup_range_tag+0x37/0x50 [ 27.283042][ T4606] __filemap_fdatawait_range+0xab/0x1b0 [ 27.288567][ T4606] file_write_and_wait_range+0x1c3/0x210 [ 27.294179][ T4606] __generic_file_fsync+0x48/0x140 [ 27.299280][ T4606] fat_file_fsync+0x48/0x100 [ 27.303848][ T4606] vfs_fsync_range+0x107/0x120 [ 27.308646][ T4606] generic_file_write_iter+0x103/0x130 [ 27.314086][ T4606] do_iter_readv_writev+0x2cb/0x360 [ 27.319269][ T4606] do_iter_write+0x112/0x4c0 [ 27.323856][ T4606] vfs_iter_write+0x4c/0x70 [ 27.328390][ T4606] iter_file_splice_write+0x40a/0x750 [ 27.333744][ T4606] direct_splice_actor+0x80/0xa0 [ 27.338666][ T4606] splice_direct_to_actor+0x345/0x650 [ 27.344010][ T4606] do_splice_direct+0xf5/0x170 [ 27.348748][ T4606] do_sendfile+0x773/0xda0 [ 27.353144][ T4606] __x64_sys_sendfile64+0xf2/0x130 [ 27.358243][ T4606] do_syscall_64+0x4a/0x90 [ 27.362640][ T4606] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 27.368522][ T4606] [ 27.370833][ T4606] Reported by Kernel Concurrency Sanitizer on: [ 27.376960][ T4606] CPU: 0 PID: 4606 Comm: syz-executor.1 Not tainted 5.13.0-rc1-syzkaller #0 [ 27.385625][ T4606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.395747][ T4606] ================================================================== 07:30:27 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x10a, &(0x7f0000000280)="000000000000b50cec00050000000000000094bd9d45b0000000000000047d150801428a6a79940c9c0689bf74257a994a5cd7efad5175d8b454438488090804f443aa7ef6ee20c76b47e963c3ffe7365aba2063d1f69f3734a28a7e7d5dea167f8acc6439296b636226d39ad8b70ec8245cf266d26fbf76181616108401846eef0cb691b27fd4c537bb4c89a66cd5f09718ebd2d2595f8f3f023f7e4e88b6b7009b0cc5e0b52db8388ce6dd896dd0024e7083f34c69d42c6c7f0e25fcf20cf286894ee69e8fea4f4bd1cdc5cd1ad64a823872ea66d8682235a21f25e2fa75a849b5c8d5fc8c4c64cf13bc9eda57c5b20e884313fa334e4736731e1dbab2cde1f4f2464b9ca7c5845759"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:30:27 executing program 2: mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000200)='./file0\x00') unshare(0x24020400) 07:30:27 executing program 1: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) 07:30:27 executing program 2: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) 07:30:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x10a, &(0x7f0000000280)="000000000000b50cec00050000000000000094bd9d45b0000000000000047d150801428a6a79940c9c0689bf74257a994a5cd7efad5175d8b454438488090804f443aa7ef6ee20c76b47e963c3ffe7365aba2063d1f69f3734a28a7e7d5dea167f8acc6439296b636226d39ad8b70ec8245cf266d26fbf76181616108401846eef0cb691b27fd4c537bb4c89a66cd5f09718ebd2d2595f8f3f023f7e4e88b6b7009b0cc5e0b52db8388ce6dd896dd0024e7083f34c69d42c6c7f0e25fcf20cf286894ee69e8fea4f4bd1cdc5cd1ad64a823872ea66d8682235a21f25e2fa75a849b5c8d5fc8c4c64cf13bc9eda57c5b20e884313fa334e4736731e1dbab2cde1f4f2464b9ca7c5845759"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 29.882939][ T4653] loop1: detected capacity change from 0 to 264192 07:30:27 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x10a, &(0x7f0000000280)="000000000000b50cec00050000000000000094bd9d45b0000000000000047d150801428a6a79940c9c0689bf74257a994a5cd7efad5175d8b454438488090804f443aa7ef6ee20c76b47e963c3ffe7365aba2063d1f69f3734a28a7e7d5dea167f8acc6439296b636226d39ad8b70ec8245cf266d26fbf76181616108401846eef0cb691b27fd4c537bb4c89a66cd5f09718ebd2d2595f8f3f023f7e4e88b6b7009b0cc5e0b52db8388ce6dd896dd0024e7083f34c69d42c6c7f0e25fcf20cf286894ee69e8fea4f4bd1cdc5cd1ad64a823872ea66d8682235a21f25e2fa75a849b5c8d5fc8c4c64cf13bc9eda57c5b20e884313fa334e4736731e1dbab2cde1f4f2464b9ca7c5845759"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:30:27 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x10a, &(0x7f0000000280)="000000000000b50cec00050000000000000094bd9d45b0000000000000047d150801428a6a79940c9c0689bf74257a994a5cd7efad5175d8b454438488090804f443aa7ef6ee20c76b47e963c3ffe7365aba2063d1f69f3734a28a7e7d5dea167f8acc6439296b636226d39ad8b70ec8245cf266d26fbf76181616108401846eef0cb691b27fd4c537bb4c89a66cd5f09718ebd2d2595f8f3f023f7e4e88b6b7009b0cc5e0b52db8388ce6dd896dd0024e7083f34c69d42c6c7f0e25fcf20cf286894ee69e8fea4f4bd1cdc5cd1ad64a823872ea66d8682235a21f25e2fa75a849b5c8d5fc8c4c64cf13bc9eda57c5b20e884313fa334e4736731e1dbab2cde1f4f2464b9ca7c5845759"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 29.960243][ T4670] loop2: detected capacity change from 0 to 264192 07:30:28 executing program 1: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) 07:30:28 executing program 2: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) [ 30.464176][ T4684] loop1: detected capacity change from 0 to 264192 [ 30.542935][ T4692] loop2: detected capacity change from 0 to 264192 [ 30.908104][ T4692] ================================================================== [ 30.916196][ T4692] BUG: KCSAN: data-race in __xa_clear_mark / xas_find_marked [ 30.923558][ T4692] [ 30.925865][ T4692] write to 0xffff8881065f5d70 of 8 bytes by interrupt on cpu 1: [ 30.933482][ T4692] __xa_clear_mark+0x1d9/0x2c0 [ 30.938238][ T4692] test_clear_page_writeback+0x23e/0x560 [ 30.943868][ T4692] end_page_writeback+0xd7/0x1b0 [ 30.948801][ T4692] page_endio+0x1cc/0x280 [ 30.953170][ T4692] mpage_end_io+0x186/0x1d0 [ 30.957680][ T4692] bio_endio+0x21d/0x300 [ 30.961915][ T4692] blk_update_request+0x435/0xa30 [ 30.966930][ T4692] blk_mq_end_request+0x22/0x50 [ 30.971772][ T4692] lo_complete_rq+0xca/0x170 [ 30.976347][ T4692] blk_done_softirq+0x69/0x90 [ 30.981009][ T4692] __do_softirq+0x12c/0x275 [ 30.985514][ T4692] run_ksoftirqd+0x13/0x20 [ 30.989959][ T4692] smpboot_thread_fn+0x2a1/0x3f0 [ 30.994898][ T4692] kthread+0x1d0/0x1f0 [ 30.998959][ T4692] ret_from_fork+0x1f/0x30 [ 31.003374][ T4692] [ 31.005679][ T4692] read to 0xffff8881065f5d70 of 8 bytes by task 4692 on cpu 0: [ 31.013212][ T4692] xas_find_marked+0x195/0x5f0 [ 31.017973][ T4692] find_get_pages_range_tag+0xf2/0x390 [ 31.023428][ T4692] pagevec_lookup_range_tag+0x37/0x50 [ 31.028793][ T4692] __filemap_fdatawait_range+0xab/0x1b0 [ 31.034334][ T4692] file_write_and_wait_range+0x1c3/0x210 [ 31.039961][ T4692] __generic_file_fsync+0x48/0x140 [ 31.045081][ T4692] fat_file_fsync+0x48/0x100 [ 31.049668][ T4692] vfs_fsync_range+0x107/0x120 [ 31.054425][ T4692] generic_file_write_iter+0x103/0x130 [ 31.059877][ T4692] do_iter_readv_writev+0x2cb/0x360 [ 31.065065][ T4692] do_iter_write+0x112/0x4c0 [ 31.069646][ T4692] vfs_iter_write+0x4c/0x70 [ 31.074232][ T4692] iter_file_splice_write+0x40a/0x750 [ 31.079600][ T4692] direct_splice_actor+0x80/0xa0 [ 31.084538][ T4692] splice_direct_to_actor+0x345/0x650 [ 31.089902][ T4692] do_splice_direct+0xf5/0x170 [ 31.094645][ T4692] do_sendfile+0x773/0xda0 [ 31.099038][ T4692] __x64_sys_sendfile64+0xf2/0x130 [ 31.104125][ T4692] do_syscall_64+0x4a/0x90 07:30:29 executing program 1: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) [ 31.108531][ T4692] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 31.114400][ T4692] [ 31.116699][ T4692] Reported by Kernel Concurrency Sanitizer on: [ 31.122819][ T4692] CPU: 0 PID: 4692 Comm: syz-executor.2 Not tainted 5.13.0-rc1-syzkaller #0 [ 31.131465][ T4692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.141710][ T4692] ================================================================== [ 31.224217][ T4704] loop1: detected capacity change from 0 to 264192 07:30:29 executing program 2: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) [ 31.447365][ T4712] loop2: detected capacity change from 0 to 264192 07:30:29 executing program 1: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) [ 32.026976][ T4720] loop1: detected capacity change from 0 to 264192 07:30:30 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x10a, &(0x7f0000000280)="000000000000b50cec00050000000000000094bd9d45b0000000000000047d150801428a6a79940c9c0689bf74257a994a5cd7efad5175d8b454438488090804f443aa7ef6ee20c76b47e963c3ffe7365aba2063d1f69f3734a28a7e7d5dea167f8acc6439296b636226d39ad8b70ec8245cf266d26fbf76181616108401846eef0cb691b27fd4c537bb4c89a66cd5f09718ebd2d2595f8f3f023f7e4e88b6b7009b0cc5e0b52db8388ce6dd896dd0024e7083f34c69d42c6c7f0e25fcf20cf286894ee69e8fea4f4bd1cdc5cd1ad64a823872ea66d8682235a21f25e2fa75a849b5c8d5fc8c4c64cf13bc9eda57c5b20e884313fa334e4736731e1dbab2cde1f4f2464b9ca7c5845759"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:30:30 executing program 2: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) 07:30:30 executing program 1: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) 07:30:30 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x10a, &(0x7f0000000280)="000000000000b50cec00050000000000000094bd9d45b0000000000000047d150801428a6a79940c9c0689bf74257a994a5cd7efad5175d8b454438488090804f443aa7ef6ee20c76b47e963c3ffe7365aba2063d1f69f3734a28a7e7d5dea167f8acc6439296b636226d39ad8b70ec8245cf266d26fbf76181616108401846eef0cb691b27fd4c537bb4c89a66cd5f09718ebd2d2595f8f3f023f7e4e88b6b7009b0cc5e0b52db8388ce6dd896dd0024e7083f34c69d42c6c7f0e25fcf20cf286894ee69e8fea4f4bd1cdc5cd1ad64a823872ea66d8682235a21f25e2fa75a849b5c8d5fc8c4c64cf13bc9eda57c5b20e884313fa334e4736731e1dbab2cde1f4f2464b9ca7c5845759"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 32.898405][ T4735] loop2: detected capacity change from 0 to 264192 [ 32.902010][ T4733] loop1: detected capacity change from 0 to 264192 07:30:30 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x10a, &(0x7f0000000280)="000000000000b50cec00050000000000000094bd9d45b0000000000000047d150801428a6a79940c9c0689bf74257a994a5cd7efad5175d8b454438488090804f443aa7ef6ee20c76b47e963c3ffe7365aba2063d1f69f3734a28a7e7d5dea167f8acc6439296b636226d39ad8b70ec8245cf266d26fbf76181616108401846eef0cb691b27fd4c537bb4c89a66cd5f09718ebd2d2595f8f3f023f7e4e88b6b7009b0cc5e0b52db8388ce6dd896dd0024e7083f34c69d42c6c7f0e25fcf20cf286894ee69e8fea4f4bd1cdc5cd1ad64a823872ea66d8682235a21f25e2fa75a849b5c8d5fc8c4c64cf13bc9eda57c5b20e884313fa334e4736731e1dbab2cde1f4f2464b9ca7c5845759"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:30:30 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x10a, &(0x7f0000000280)="000000000000b50cec00050000000000000094bd9d45b0000000000000047d150801428a6a79940c9c0689bf74257a994a5cd7efad5175d8b454438488090804f443aa7ef6ee20c76b47e963c3ffe7365aba2063d1f69f3734a28a7e7d5dea167f8acc6439296b636226d39ad8b70ec8245cf266d26fbf76181616108401846eef0cb691b27fd4c537bb4c89a66cd5f09718ebd2d2595f8f3f023f7e4e88b6b7009b0cc5e0b52db8388ce6dd896dd0024e7083f34c69d42c6c7f0e25fcf20cf286894ee69e8fea4f4bd1cdc5cd1ad64a823872ea66d8682235a21f25e2fa75a849b5c8d5fc8c4c64cf13bc9eda57c5b20e884313fa334e4736731e1dbab2cde1f4f2464b9ca7c5845759"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:30:31 executing program 2: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) 07:30:31 executing program 1: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) [ 33.485786][ T4764] loop2: detected capacity change from 0 to 264192 [ 33.503503][ T4770] loop1: detected capacity change from 0 to 264192 07:30:31 executing program 1: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) 07:30:31 executing program 2: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) [ 34.003530][ T4776] loop1: detected capacity change from 0 to 264192 [ 34.085004][ T4784] loop2: detected capacity change from 0 to 264192 [ 34.199318][ T4776] ================================================================== [ 34.207434][ T4776] BUG: KCSAN: data-race in __xa_clear_mark / xas_find_marked [ 34.214816][ T4776] [ 34.217132][ T4776] write to 0xffff888106604b30 of 8 bytes by interrupt on cpu 0: [ 34.224753][ T4776] __xa_clear_mark+0x1d9/0x2c0 [ 34.229530][ T4776] test_clear_page_writeback+0x23e/0x560 [ 34.235163][ T4776] end_page_writeback+0xd7/0x1b0 [ 34.240102][ T4776] page_endio+0x1cc/0x280 [ 34.244429][ T4776] mpage_end_io+0x186/0x1d0 [ 34.248933][ T4776] bio_endio+0x21d/0x300 [ 34.253172][ T4776] blk_update_request+0x435/0xa30 [ 34.258195][ T4776] blk_mq_end_request+0x22/0x50 [ 34.263042][ T4776] lo_complete_rq+0xca/0x170 [ 34.267622][ T4776] blk_done_softirq+0x69/0x90 [ 34.272322][ T4776] __do_softirq+0x12c/0x275 [ 34.276828][ T4776] run_ksoftirqd+0x13/0x20 [ 34.281260][ T4776] smpboot_thread_fn+0x2a1/0x3f0 [ 34.286189][ T4776] kthread+0x1d0/0x1f0 [ 34.290390][ T4776] ret_from_fork+0x1f/0x30 [ 34.294811][ T4776] [ 34.297119][ T4776] read to 0xffff888106604b30 of 8 bytes by task 4776 on cpu 1: [ 34.304653][ T4776] xas_find_marked+0x195/0x5f0 [ 34.309442][ T4776] find_get_pages_range_tag+0xf2/0x390 [ 34.315022][ T4776] pagevec_lookup_range_tag+0x37/0x50 [ 34.320398][ T4776] __filemap_fdatawait_range+0xab/0x1b0 [ 34.325938][ T4776] file_write_and_wait_range+0x1c3/0x210 [ 34.331573][ T4776] __generic_file_fsync+0x48/0x140 [ 34.336686][ T4776] fat_file_fsync+0x48/0x100 [ 34.341272][ T4776] vfs_fsync_range+0x107/0x120 [ 34.346022][ T4776] generic_file_write_iter+0x103/0x130 [ 34.351475][ T4776] do_iter_readv_writev+0x2cb/0x360 [ 34.356697][ T4776] do_iter_write+0x112/0x4c0 [ 34.361281][ T4776] vfs_iter_write+0x4c/0x70 [ 34.365776][ T4776] iter_file_splice_write+0x40a/0x750 [ 34.371137][ T4776] direct_splice_actor+0x80/0xa0 [ 34.376072][ T4776] splice_direct_to_actor+0x345/0x650 [ 34.381442][ T4776] do_splice_direct+0xf5/0x170 [ 34.386194][ T4776] do_sendfile+0x773/0xda0 [ 34.390641][ T4776] __x64_sys_sendfile64+0xf2/0x130 [ 34.395749][ T4776] do_syscall_64+0x4a/0x90 [ 34.400167][ T4776] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 34.406063][ T4776] [ 34.408377][ T4776] Reported by Kernel Concurrency Sanitizer on: [ 34.414511][ T4776] CPU: 1 PID: 4776 Comm: syz-executor.1 Not tainted 5.13.0-rc1-syzkaller #0 [ 34.423176][ T4776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.433231][ T4776] ================================================================== 07:30:32 executing program 2: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) [ 34.744257][ T4793] loop2: detected capacity change from 0 to 264192 07:30:32 executing program 1: mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000200)='./file0\x00') unshare(0x24020400) 07:30:33 executing program 2: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) 07:30:33 executing program 1: mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000200)='./file0\x00') unshare(0x24020400) 07:30:33 executing program 5: mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000200)='./file0\x00') unshare(0x24020400) 07:30:33 executing program 1: mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000200)='./file0\x00') unshare(0x24020400) [ 35.920501][ T4809] loop2: detected capacity change from 0 to 264192 07:30:33 executing program 0: clone3(&(0x7f0000000440)={0xe300100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x8935, &(0x7f0000000140)={'tunl0\x00', 0x0}) 07:30:33 executing program 0: clone3(&(0x7f0000000440)={0xe300100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x8935, &(0x7f0000000140)={'tunl0\x00', 0x0}) 07:30:33 executing program 5: mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000200)='./file0\x00') unshare(0x24020400) 07:30:33 executing program 3: clone3(&(0x7f0000000440)={0xe300100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x8935, &(0x7f0000000140)={'tunl0\x00', 0x0}) 07:30:33 executing program 4: clone3(&(0x7f0000000440)={0xe300100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x8935, &(0x7f0000000140)={'tunl0\x00', 0x0}) 07:30:33 executing program 1: mmap(&(0x7f0000012000/0x3000)=nil, 0x3000, 0x4, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r0, 0x29, 0x30, 0x0, &(0x7f0000013000)) 07:30:34 executing program 3: clone3(&(0x7f0000000440)={0xe300100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x8935, &(0x7f0000000140)={'tunl0\x00', 0x0}) 07:30:34 executing program 0: clone3(&(0x7f0000000440)={0xe300100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x8935, &(0x7f0000000140)={'tunl0\x00', 0x0}) 07:30:34 executing program 4: clone3(&(0x7f0000000440)={0xe300100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x8935, &(0x7f0000000140)={'tunl0\x00', 0x0}) 07:30:34 executing program 5: mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000200)='./file0\x00') unshare(0x24020400) 07:30:34 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) r1 = syz_open_dev$loop(&(0x7f00000000c0), 0x1, 0x82) ioctl$LOOP_SET_FD(r1, 0x4c00, r0) 07:30:34 executing program 3: clone3(&(0x7f0000000440)={0xe300100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x8935, &(0x7f0000000140)={'tunl0\x00', 0x0}) 07:30:34 executing program 1: mmap(&(0x7f0000012000/0x3000)=nil, 0x3000, 0x4, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r0, 0x29, 0x30, 0x0, &(0x7f0000013000)) 07:30:34 executing program 2: syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) chdir(&(0x7f0000000000)='./file1\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1013c1, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write$9p(r1, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949", 0x38) sendfile(r1, r2, 0x0, 0x1c500) 07:30:34 executing program 4: clone3(&(0x7f0000000440)={0xe300100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x8935, &(0x7f0000000140)={'tunl0\x00', 0x0}) 07:30:34 executing program 1: mmap(&(0x7f0000012000/0x3000)=nil, 0x3000, 0x4, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r0, 0x29, 0x30, 0x0, &(0x7f0000013000)) 07:30:34 executing program 3: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000040)) open_by_handle_at(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="1c1775baa036df98b9280000004e0000db2ac8f81bad8e33faffff0100000400000004f16945ad61e70c6c00"/57], 0x840) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCDARP(r1, 0x8953, &(0x7f0000000000)={{0x2, 0x0, @private}, {0x0, @multicast}, 0x0, {0x2, 0x0, @broadcast}}) creat(&(0x7f0000000080)='./bus\x00', 0x0) r2 = socket$inet(0x2, 0x3, 0x2) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x20000) getsockopt(r2, 0x0, 0xcb, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000200)={'wg2\x00'}) 07:30:34 executing program 5: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0x891e, &(0x7f0000000180)={"b284c42cae6fa85e3a4eb81e76e8d48d"}) 07:30:34 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000480), 0x0, 0x0) r1 = syz_open_dev$loop(&(0x7f00000000c0), 0x1, 0x82) ioctl$LOOP_SET_FD(r1, 0x4c00, r0) 07:30:34 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSBRKP(r0, 0x4b41, 0x0) [ 36.671770][ T4912] loop2: detected capacity change from 0 to 264192