fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0xffffffffffffff34, 0x2000}, {&(0x7f0000012600)="ed41000010000000daf4655fdbf4655fdbf4655f00000000000004008000000000000800050000000af301000400000000000000000000000900000010", 0x3d, 0x4400}, {&(0x7f0000000140), 0x0, 0x4800}], 0x0, &(0x7f00000000c0)=ANY=[]) r2 = creat(&(0x7f0000000400)='./file0/file1\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0), 0xd4ba0ff) [ 280.216448][T20558] loop2: detected capacity change from 0 to 4096 [ 280.251158][T20558] EXT4-fs (loop2): VFS: Can't find ext4 filesystem [ 280.382497][T20520] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 280.390947][T20520] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 280.417541][T20520] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 04:31:41 executing program 4: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x7, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 280.425987][T20520] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:31:41 executing program 5: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:41 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x10000070, 0x94c, 0x5063, 0xff, 0x11, 0x1ff, 0x3f, 0x2}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x6) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x6, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000082e36724c6f34caa846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000000040)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000010500)="7f000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0xffffffffffffff34, 0x2000}, {&(0x7f0000012600)="ed41000010000000daf4655fdbf4655fdbf4655f00000000000004008000000000000800050000000af301000400000000000000000000000900000010", 0x3d, 0x4400}, {&(0x7f0000000140), 0x0, 0x4800}], 0x0, &(0x7f00000000c0)=ANY=[]) creat(&(0x7f0000000400)='./file0/file1\x00', 0x0) [ 280.581328][T20572] loop2: detected capacity change from 0 to 4096 [ 280.620238][T20572] EXT4-fs (loop2): VFS: Can't find ext4 filesystem 04:31:41 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x10000070, 0x94c, 0x5063, 0xff, 0x11, 0x1ff, 0x3f, 0x2}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x6) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x6, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000082e36724c6f34caa846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000000040)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000010500)="7f000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0xffffffffffffff34, 0x2000}, {&(0x7f0000012600)="ed41000010000000daf4655fdbf4655fdbf4655f00000000000004008000000000000800050000000af301000400000000000000000000000900000010", 0x3d, 0x4400}, {&(0x7f0000000140), 0x0, 0x4800}], 0x0, &(0x7f00000000c0)=ANY=[]) 04:31:41 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) [ 280.841975][T20585] loop2: detected capacity change from 0 to 4096 [ 280.879192][T20585] EXT4-fs (loop2): VFS: Can't find ext4 filesystem 04:31:42 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x10000070, 0x94c, 0x5063, 0xff, 0x11, 0x1ff, 0x3f, 0x2}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x6) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:42 executing program 0: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x10000070, 0x94c, 0x5063, 0xff, 0x11, 0x1ff, 0x3f, 0x2}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x6) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x6, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000082e36724c6f34caa846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000000040)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000010500)="7f000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0xffffffffffffff34, 0x2000}, {&(0x7f0000012600)="ed41000010000000daf4655fdbf4655fdbf4655f00000000000004008000000000000800050000000af301000400000000000000000000000900000010", 0x3d, 0x4400}, {&(0x7f0000000140), 0x0, 0x4800}], 0x0, &(0x7f00000000c0)=ANY=[]) creat(&(0x7f0000000400)='./file0/file1\x00', 0x0) 04:31:42 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x10000070, 0x94c, 0x5063, 0xff, 0x11, 0x1ff, 0x3f, 0x2}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x6) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:42 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:42 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x10000070, 0x94c, 0x5063, 0xff, 0x11, 0x1ff, 0x3f, 0x2}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x6) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:42 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x10000070, 0x94c, 0x5063, 0xff, 0x11, 0x1ff, 0x3f, 0x2}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x6) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) [ 281.578961][T20566] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 281.587450][T20566] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:31:42 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x84800) syz_io_uring_setup(0x54a5, &(0x7f0000000140)={0x0, 0xe45b, 0x1, 0x2, 0x7f, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000340)) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r2, 0x80045400, &(0x7f0000000380)) r3 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r5, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) write$binfmt_elf64(r5, &(0x7f00000003c0)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x5, 0x4, 0x2, 0xfffffffffffffff7, 0x2, 0x3e, 0x8, 0x129, 0x40, 0xa3, 0x4, 0xc3ac, 0x38, 0x2, 0x5, 0x1, 0xffff}, [{0x1, 0x0, 0x10000, 0x1418, 0x1, 0x8c, 0x7fff, 0x2}, {0x6474e551, 0x5, 0x2, 0x0, 0x7f, 0x6, 0x1, 0x9}], "a53ed10d454ebbd7ee562863eee0675607ddee881a7ff7c45ceb5be9d36e5d5a6a3cd36b2b5c9c", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xad7) write$binfmt_script(r4, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:31:42 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x10000070, 0x94c, 0x5063, 0xff, 0x11, 0x1ff, 0x3f, 0x2}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x6) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) [ 281.747972][T20566] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 281.756430][T20566] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:31:43 executing program 5: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:43 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x10000070, 0x94c, 0x5063, 0xff, 0x11, 0x1ff, 0x3f, 0x2}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x6) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:43 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x10000070, 0x94c, 0x5063, 0xff, 0x11, 0x1ff, 0x3f, 0x2}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x6) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:43 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) [ 282.120700][T20608] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 282.129179][T20608] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 282.160740][T20608] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 04:31:43 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x10000070, 0x94c, 0x5063, 0xff, 0x11, 0x1ff, 0x3f, 0x2}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x6) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:43 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 282.169186][T20608] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:31:43 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x10000070, 0x94c, 0x5063, 0xff, 0x11, 0x1ff, 0x3f, 0x2}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x6) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:43 executing program 4: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4053b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000200)) 04:31:43 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x10000070, 0x94c, 0x5063, 0xff, 0x11, 0x1ff, 0x3f, 0x2}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x6) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:43 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x10000070, 0x94c, 0x5063, 0xff, 0x11, 0x1ff, 0x3f, 0x2}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:43 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x10000070, 0x94c, 0x5063, 0xff, 0x11, 0x1ff, 0x3f, 0x2}, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:43 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) [ 283.162396][T20647] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 283.170846][T20647] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 283.196573][T20647] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 283.205199][T20647] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:31:44 executing program 5: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:44 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, 0x0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:44 executing program 0: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = getpid() sched_setattr(r0, &(0x7f0000000180)={0x38, 0x1, 0x10000070, 0x94c, 0x5063, 0xff, 0x11, 0x1ff, 0x3f, 0x2}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x6) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:44 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:31:44 executing program 4: sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100300}, 0xc, &(0x7f0000000040)={&(0x7f0000000200)={0x8e4, 0x0, 0x10, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_HE_BSS_COLOR={0x20, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x3}, @NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x28}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}]}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x62f}, @NL80211_ATTR_SSID={0x17, 0x34, @random="df71e13a7d658f030d98efb9d875869789d72c"}, @beacon=[@NL80211_ATTR_BEACON_TAIL={0x11, 0xf, [@erp={0x2a, 0x1, {0x0, 0x1}}, @ssid={0x0, 0x8, @random="9a1e98f50ca9186e"}]}, @NL80211_ATTR_BEACON_TAIL={0x236, 0xf, [@mesh_chsw={0x76, 0x6, {0x5, 0x4, 0x2c, 0x9}}, @measure_req={0x26, 0x7f, {0x7, 0x6a, 0x81, "33e2e57d75d38ced90c387338adc120322723503dc63fcd842caf915c59b0f2ee26e4c2cbca70692047e0d6eb278e03a5566006e843a9d07a583ce31b5269671027a6f39a78b4d4509a0374cdd5f3709cc488fda8ff7cc56bd28bf66eb87e94ef5706bdd902c1b27bf9ae259579096e1e66d0534408ce324b787528a"}}, @perr={0x84, 0x10f, {0xff, 0x11, [@not_ext={{}, @broadcast, 0x0, "", 0x20}, @ext={{}, @broadcast, 0x5e8, @broadcast, 0x3f}, @ext={{}, @broadcast, 0x10000, @device_a, 0x38}, @ext={{}, @device_a, 0x8, @broadcast, 0x1f}, @ext={{}, @broadcast, 0x9e, @device_b, 0xff32}, @not_ext={{}, @device_a, 0x4, "", 0x33}, @not_ext={{}, @broadcast, 0x2, "", 0x1d}, @not_ext={{}, @device_b, 0x8, "", 0x26}, @not_ext={{}, @broadcast, 0xffff0baa, "", 0x3b}, @ext={{}, @device_b, 0x7fff, @device_b, 0x24}, @not_ext={{}, @device_a, 0x8000, "", 0x1}, @not_ext={{}, @device_a, 0x2, "", 0x30}, @not_ext={{}, @device_a, 0x7f, "", 0x30}, @ext={{}, @device_a, 0x20, @broadcast, 0x11}, @not_ext={{}, @device_a, 0x6767, "", 0x12}, @ext={{}, @broadcast, 0x3, @device_a, 0x42}, @ext={{}, @broadcast, 0xc, @device_b, 0xe}]}}, @dsss={0x3, 0x1, 0x70}, @peer_mgmt={0x75, 0x4, {0x1, 0x5, @void, @void, @void}}, @preq={0x82, 0x36, @ext={{0x0, 0x1, 0x1}, 0x7, 0xbc, 0x1a34, @device_a, 0x7fffffff, @device_a, 0x9, 0x3, 0x2, [{{}, @device_b, 0x8000}, {{0x0, 0x0, 0x1}, @device_b, 0x3f}]}}, @fast_bss_trans={0x37, 0x55, {0x40, 0x1, "9734ab523ce46fecd9eff09542c93795", "87eaac12f36a869d9b31c6bf6193d1d6c5cd8b70d5bccc2d965139f11a13ef3e", "94bcbaa115cb2b655ba3a8329f3b82f18795fc5a8a88e227ed62f891f0635e4c", [{0x4, 0x1, "01"}]}}]}, @NL80211_ATTR_PROBE_RESP={0x534, 0x91, "6d2730b56a06c069562d9ca0290f4b61b08ab4aaa7a5e6c41113f8d53403158b51b56d2b1f0feff84da02fb97d8fcf99bdfbf316d2d3853df998773f5a0166ae41becbaaee98094441fbfe41a8e775992cfebbb2436a71f11a81d519be2baef3385bf2bb26d80cd685fab7b19912058f91b0aba8d0d33756caf66030bf4757e5e29bb6beed529385b4c30c51c9913541cd5dea0c78e9e62f5ccec8b7ad19b8b6acc1b545fb706174b1093be079faf33828a13f4326d0369b80fc459abf097e95601f5e14fbb5e17d524adf97dc3570da2b55ca224c75626105153518c017626b090933ca63f530627a7801565b9ca4eaa932e36223a4f648bcf9c086ae8908d8c20ac029dd07342f06a0f0de1c0768ac9cdfe9def8544e6ef9f78e76764cb043ff285594cba6bb4434ff781c9d8ab13970a060052a9b3ab7476a69fd4f29ae75c1b886e4decd2250f6950ee34745ea5341ef834e9c253a104a7021931dd0f07400919bbf60bb9f24b3e6ea909e6fed6c940ebedaeab93a251cef82d615543fd46780c3e44bb3753f38276bf591384788cd68d2c875a72e66b2ba4986deb02ad1a6a1c2dcfd3153dc8673c33a8a32f8797f1833cf6a5c894da1a41744961780d4b00ce4db23f54c11f76bb606586beec299af28b88009d976c8372367bc941b10ac38d375a71c98a20b5451758f745bb8423957affbfa29dbb4b65d7042358b957fecfc1af7e1a0c7cfa7a5d279190fa674f4d17f8b71d90af4d32c61b3d9d39542ed18dbf90b448d243d13233331eec60f2a8db03774d95b7fb6f0ffb19ae43cc253c84e68222d2a1ba5b6143a320189c3f0451553b3372494906cd9b5509f587a71a4ee555d8e903de6114ba36931a0feb53b42654680b138acbc1e94b3fa3f210239ddeadab188c64ba8ff66e4edfdd05a9696b8d0f06ed8b066c6f6f8e788469812c0607fec7062b0fcf16e534956cf625305476e236e5e5b8c8265382631d571d459a876320e485856b0579ca611845cb5b4af5b4c1608589b754daf50d15e506e160a148e8d3ad489ecf8f1d6e86d97454b5f8e4bf570d40bfe8e482a0879f77e531f5c6fdae5f097d76b356db336bf2f22eb2e7d20c3154264dbf8af6fc5d208cc356cee2b55d36a089724b4ffeb0d1065515c6d4aa25956d43a959cf7cf43f5f0a568d653d3800c4c9c56848e6ea5b5ebf25e6aea23db2b659d430bc493831a231d87e23dc4856f89e01dfc3c3764509c43a4cb8787cc5d879754ad30c9544906e9208bb4b1b0c859a945ed6bdf820864792491f9f23049f8281459afb5563f7464db20e703e693ad0be14b2878cae7afe59b9036e184441ac15ec74ae76b21b4c1e693d65548ec2af153a5bb3f934bbf13e39c4ffeca2f6b0496700e9247400068249a843d744d2dae95381e393018e4bd397b4048835b689d22c37d892f73437db26ad268340e963187c1a921acc7e8afa9aa107ffc342deeeb091ec01b9a5318373f758c7a1b9ad0caba481fee8a88d60ee3b663783a269db2356138be82b881eaff799ef4cee549954ddf3026f3f0ebce448b0a31f14f8127eb037b6abfadcd92263a91c8aea57face97fb96403a594f692d710f1e62263b4b33f2a50404aa88732f0c59bef90b9861abd5b5605817bc27c0a6ba1b07af38e81afbea7d07086a74eac9ea944832a2a9d1d9ffa6c92289bffb57870c049fdaa3ac59a1db93c0c742cce1df2cfe783f2ffc6ff23ae87fb4198cb82116781deeb93c6bd78703599c56b639aa6ca954ff293406828ddf9d059927334a43a4425951e7fb64bf07963aaa9def04474c9bbe77892dfdd35bab1a021c92ef4b673cf57b8971bf506705fe2b8f268d5ac8bca95fc8d"}, @NL80211_ATTR_IE_ASSOC_RESP={0x104, 0x80, [@tim={0x5, 0x44, {0x5, 0x25, 0x1, "3318749aa2f87e09e146cddf704daaf35d2d739ec6d7af79124d5aa9297ba1085c84eedb22c3aa8daadb4ab3e94fd32d899d2e1caf51c13138128321e7ab7bfa7d"}}, @fast_bss_trans={0x37, 0xa4, {0x7, 0x5, "a716d1d54a1b702925557de9005047aa", "4f8b78ee4cd0771df0557393c3cef1917187ca0fe2c735ef31a0ba1d891a0ad8", "faa167fae7712aebbafce1d8fcb49a7a7a673c3123c81b492997a886f6497b4a", [{0x1, 0x1a, "5a2abe5e94e49ff2a9a8a14997a89d41d5f1409659c851452571"}, {0x1, 0x13, "355f3627833260fe0191f6a0457676121b1fa7"}, {0x3, 0xf, "fc31b6bd9740b1223aa38fd5bb7538"}, {0x4, 0x7, "b171c2ce19a5e4"}, {0x1, 0x5, "6bc18794b1"}]}}, @cf={0x4, 0x6, {0x0, 0x3e, 0xfff7, 0x7ff}}, @gcr_ga={0xbd, 0x6, @broadcast}, @ibss={0x6, 0x2, 0xe3}]}], @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0xff}, @NL80211_ATTR_PBSS={0x4}]}, 0x8e4}, 0x1, 0x0, 0x0, 0x40004}, 0x400c004) r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x14, 0x0, 0x1, 0x0, 0x0, {0x8}}, 0x14}}, 0x0) r3 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_buf(r3, 0x107, 0xf, &(0x7f00000000c0)="a2e619f9", 0x4) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) bind$packet(r3, &(0x7f0000000000)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) ioctl$sock_ipv6_tunnel_SIOCGETPRL(0xffffffffffffffff, 0x89f4, &(0x7f0000000fc0)={'ip6tnl0\x00', &(0x7f0000000f40)={'ip6gre0\x00', 0x0, 0x4, 0x82, 0xff, 0xb54, 0x48, @mcast2, @empty, 0x0, 0x10, 0x3, 0x8001}}) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f0000001080)={&(0x7f0000000f00)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001040)={&(0x7f0000001000)={0x2c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}]}, 0x2c}}, 0x20000805) sendmsg$NLBL_CALIPSO_C_REMOVE(r1, &(0x7f0000000bc0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b00)={0x44, r2, 0x10, 0x70bd2a, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x4) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000180)=ANY=[], 0x208e24b) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000180), r8) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r8, &(0x7f0000000ec0)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x8008000}, 0xc, &(0x7f0000000e80)={&(0x7f0000000d80)={0xe8, 0x0, 0x200, 0x70bd29, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_SEC_DEVKEY={0x48, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0102}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x3}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x1}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x401}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xffff0001}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_SEC_DEVKEY={0x40, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x20, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x3c}, @NL802154_DEVKEY_ATTR_ID={0x14, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x9}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2}]}]}, @NL802154_ATTR_SEC_DEVKEY={0x28, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x10001}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xfff}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xfffffffc}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x4048005) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r7, &(0x7f0000000d00)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c40)={0x58, 0x0, 0x2, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x58}, 0x1, 0x0, 0x0, 0x40}, 0x404c095) 04:31:44 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, 0x0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:44 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:44 executing program 2: ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000140)) r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, 0x0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:44 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:45 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:45 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:45 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) [ 284.369754][T20707] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 284.378291][T20707] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 284.404117][T20707] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 284.412566][T20707] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:31:45 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:45 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:45 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:45 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:31:45 executing program 4: r0 = perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x7, 0x0, 0x7f, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x7480b000) fcntl$lock(r1, 0x6, &(0x7f0000000200)={0x1, 0x0, 0x5, 0x2}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x600, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x3f, 0x12, 0x7, 0x4, 0x0, 0xffffffffffffffc0, 0x57, 0x6, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, @perf_config_ext={0x6, 0x10001}, 0x16a04, 0xe27e, 0x3, 0x6, 0x16b5, 0x4, 0x5, 0x0, 0xff, 0x0, 0xfffffffffffffffe}, 0x0, 0xb, r3, 0x9) openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x400440, 0x0) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000180)=0x4) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:31:45 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:45 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:46 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:46 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:46 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:46 executing program 4: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x4, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) r2 = fork() tkill(r2, 0x13) wait4(r2, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x81, 0x8, 0x6, 0x8f, 0x0, 0xfffffffeffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000040), 0x9}, 0x1a802, 0x1000, 0x40, 0x7, 0xb37, 0x8, 0x0, 0x0, 0x8001, 0x0, 0x2}, r2, 0xc, r0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') r5 = fork() perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x80, 0xff, 0x9, 0x0, 0x0, 0xfff, 0x10d09, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, @perf_config_ext={0x9, 0x2}, 0x1100, 0x272a, 0x6, 0x0, 0x5, 0xbc3, 0x7, 0x0, 0x3, 0x0, 0x6}, 0x0, 0xffffffffffffffff, r0, 0x8) tkill(r5, 0x13) wait4(r5, 0x0, 0x8, 0x0) tgkill(r5, r5, 0x12) ptrace$setopts(0x4206, r5, 0x9, 0x100004) preadv(r4, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) sendfile(r3, r4, &(0x7f0000000000)=0x7fff, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:31:46 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) [ 285.534936][T20744] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 285.543389][T20744] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 285.640550][T20744] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 285.649063][T20744] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:31:46 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:46 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:46 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:46 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:31:46 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:47 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:47 executing program 4: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) r2 = fork() tkill(r2, 0x13) wait4(r2, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) perf_event_open(&(0x7f0000000140)={0x5, 0x80, 0x2, 0x2, 0x0, 0x5, 0x0, 0x1, 0x80400, 0x4, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x4, 0x1, @perf_config_ext={0x2, 0xfffffffffffffff9}, 0xb3787e36179cf851, 0x2, 0xd64e, 0x8, 0xffffffffffffff80, 0x101, 0x5, 0x0, 0xfffffffa, 0x0, 0x7}, r2, 0x9, r1, 0x1) openat$cgroup_ro(r1, &(0x7f0000000000)='freezer.state\x00', 0x0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) sendfile(r1, r3, 0x0, 0x7) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:31:47 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:47 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:47 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, 0x0, 0x0, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:47 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, 0x0, 0x0, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:47 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, 0x0, 0x0, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) [ 286.818836][T20802] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 286.827286][T20802] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 286.952350][T20802] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 286.960804][T20802] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:31:48 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:48 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:48 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:48 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:31:48 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:48 executing program 4: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) setxattr$incfs_size(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)=0x6, 0x8, 0x0) 04:31:48 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) [ 287.496101][T20879] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 287.504585][T20879] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:31:48 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x0, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) [ 287.547961][T20879] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 287.556427][T20879] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:31:48 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x0, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:48 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x0, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:48 executing program 2: getpid() r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, 0x0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:49 executing program 2: getpid() r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, 0x0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) [ 288.159261][T20868] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 288.167768][T20868] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 288.320316][T20868] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 288.329172][T20868] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:31:49 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:49 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:49 executing program 4: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) openat$cgroup_ro(r1, &(0x7f0000000000)='cpu.stat\x00', 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/icmp\x00') r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) preadv(r2, &(0x7f0000000140)=[{&(0x7f0000000340)=""/152, 0x98}], 0x1, 0x8, 0xfffffff9) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:31:49 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x0, &(0x7f0000000000)=0x7, 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:31:49 executing program 2: getpid() r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, 0x0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:49 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, &(0x7f0000000300)) 04:31:49 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x0, &(0x7f0000000300)) 04:31:50 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x0, &(0x7f0000000300)) 04:31:50 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x0, &(0x7f0000000300)) 04:31:50 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:31:50 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:50 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 289.414162][T20920] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 289.422685][T20920] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 289.522580][T20920] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 289.531134][T20920] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:31:51 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:51 executing program 4: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) syz_open_dev$vcsn(&(0x7f0000000000), 0x8001, 0x2a000) 04:31:51 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x0, &(0x7f0000000000)=0x7, 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:31:51 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:51 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:52 executing program 4: ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305) r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) truncate(&(0x7f0000000000)='./file0\x00', 0x2) 04:31:52 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x0, &(0x7f0000000000)=0x7, 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:31:52 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:52 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:53 executing program 4: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$BTRFS_IOC_SPACE_INFO(r1, 0xc0109414, &(0x7f0000000200)={0xd2a, 0x100, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:31:53 executing program 2: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) [ 292.275747][T21013] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 292.284260][T21013] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 292.310119][T21013] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 04:31:53 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 292.319345][T21013] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:31:53 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:53 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, 0x0, 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:31:53 executing program 4: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000016c0)=[{{&(0x7f0000000000)=@alg, 0x80, &(0x7f0000000080)=[{&(0x7f0000000140)=""/90, 0x5a}], 0x1, &(0x7f0000000200)=""/99, 0x63}, 0x8}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000280)=""/169, 0xa9}], 0x1}, 0xf8a9}, {{&(0x7f0000000380)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000001580)=[{&(0x7f0000000400)=""/227, 0xe3}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000001500)=""/128, 0x80}], 0x3, &(0x7f00000015c0)=""/194, 0xc2}, 0x10}], 0x3, 0x0, &(0x7f0000001780)={0x77359400}) fcntl$getownex(r1, 0x10, &(0x7f0000001b00)={0x0, 0x0}) perf_event_open(&(0x7f0000001a80)={0x1, 0x80, 0x6, 0x1f, 0x2, 0x40, 0x0, 0xfffffffffffffffa, 0x40000, 0x8, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x7, 0x4, @perf_bp={&(0x7f0000001a40), 0x8}, 0x0, 0x8, 0x3, 0x3, 0x7f, 0x10000, 0x4, 0x0, 0x5, 0x0, 0x6}, r2, 0xc, 0xffffffffffffffff, 0x2) preadv(r1, &(0x7f0000001a00)=[{&(0x7f00000017c0)=""/236, 0xec}, {&(0x7f00000018c0)=""/38, 0x26}, {&(0x7f0000001900)=""/159, 0x9f}, {&(0x7f00000019c0)=""/5, 0x5}], 0x4, 0x3ff, 0x7) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$TIOCSPTLCK(r3, 0x40045431, &(0x7f0000001b40)=0x1) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:31:54 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:54 executing program 2: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:31:54 executing program 4: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000040)=0x14) sendmmsg$sock(r2, &(0x7f0000006d40)=[{{&(0x7f0000000140)=@xdp={0x2c, 0x2, r3, 0x32}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000200)="9354bbe400ec382a14b4581e24422bb332691a9bb92f9c4dd73a616f661481a58ce7a7811bc139ef1b813fac7e299aefdb3fe7294f23ec73624c2ba778247a09a2e39c17ee2f8b", 0x47}, {&(0x7f0000000280)="b840e60b86f5e032610e5a32bd58e4d17140c9137fd2d298097129d88912c1bd415d2b23153cbc35d71d2a453021bf83d93f6382d1d19919d6a78c94fd74e28cc7dbd83c99b498425cf92189842b53f5b44cdee93c71cbcaf9bff4d3f62d0f2c05bae8523052dae5a4e63ba5a4d2a12b1eaa3aef6f6f9d8d454108d728db85690d29a5f24e6be8aedecd057570a0857edc7282cbaeb387817d290afbc7", 0x9d}, {&(0x7f0000000080)="3439a3c8c34f4024b13ccbb504b84b5969dfc5b71a", 0x15}, {&(0x7f0000000340)="c5c11659ff39f81aa33d4042367d4a0f4b18db61521883ccfb82d1f34364e00be4b4537d3ee21cec90403ac7c262ba638fd1c00f6e6862b70bc2dcf56e31ad434b2bed6d86b83ae0ea32c705d40a412d98953959d19326beb3fc7770f9a6e8a8a7ef35c6442a893bb9f354889e7cc659080ead", 0x73}, {&(0x7f00000003c0)="794ca71c244f60b7f7cc891fc059d9f316f6b43b2b387e565db8716e197c762011d8527fcfcfdf0f26764b1b1a269e13bd4899e5bb81c0da682d0e41a20f0d98cb7bb87ef2c0199dff4ee67cd68b3e7b9c3f5fb5c3394a901fcbebda9767070f452272c6a4eada3aba4e10ec3c8577e5cfcdf9a620932ed67bd68ad6266357e20a1a956a8ca08888012a718d23ebddd7680a1694afdad34f3929cb518f75083b09ebe8ba7fe3de55ecdcbcca70801b6e9a6072fa781764e5eb3196fd146ff2e4f5c8268fa2a53145102964e65ff9ecd88a", 0xd1}, {&(0x7f00000004c0)="9c4e5a70d99688392cc44418b6bb78ac9df14c685ffd1198827283e5477eddd83ea2242b100344611ed1141c64eaab1f08d52e2a636edb24d0e6627752b8f92646bf3f3cf6def6d942ad", 0x4a}, {&(0x7f0000000540)="419d2d5fa542213afad0609da453b3bdc918388a55c4bf428884a54ed77f82e42f8962f93b549373729e381a2c21cf560dd8e4a207fcd5d2d66c10c207adfdfe", 0x40}, {&(0x7f0000000580)="37940ae4a9f672776f95dcea9b0dfe4b023e9e737c16473276c1b1cada8319d78f5d05faa174967eaa1c91660e0fd47dbcbcf3636ea610ac33c8bd7f0387b551831e4a70dd7f6ad329b7508da417148eacce4ec603caaac140e120a1ed76d2f5c626cbeb67695aa0f8dcb650fa2901c95765f57269c266309b64b13732f4030b02b79748e39f579e932cfd3c335af9b9eed36f9777aa15edfad48b07b24201afcc81060437f5b797de5cb33109f42be5e7ca38e98df23f9b333e4fc42f5e7bd51cb4", 0xc2}], 0x8, &(0x7f0000000700)=[@mark={{0x14, 0x1, 0x24, 0x100}}, @timestamping={{0x14, 0x1, 0x25, 0x1000}}, @txtime={{0x18}}, @txtime={{0x18, 0x1, 0x3d, 0x80000001}}, @txtime={{0x18, 0x1, 0x3d, 0x3}}], 0x78}}, {{0x0, 0x0, &(0x7f0000001900)=[{&(0x7f0000000780)="0208be9e23deeb97b71bed7b814baa76fd9a1bfe29fc3303bff3a15cf62d6a9bfac3f4b3b1aafbb6eb689d1b648cf4e6b5eec2ee8dcd1ae24ec5e9c832615814d46e137369d55950386d27afb5398db8b45de1c78ec73dd559f3b25422e73872435abe623c788aceaf693bc859023b31c696b017ddb9788708091514b7e647b7c6f06ee61cf388f4fd47c2f140800450bec16a", 0x93}, {&(0x7f0000000840)="6ae0eef69cdb508a1b793b19424888b2e6d507d072aef1e6139b6707271c15789ccc295b733375856d16432568243d7ac63067f235cdf2cc07d140a9f92f84cd8a190f4912f2d99f942017dae875a917237725ca82087c36a88be11dc294d71156809c0f80606b127c3d5480f94f490431cdaf0cb0ad4b968b80af66f369bd2bb41ac21a89c89f51320ced5053", 0x8d}, {&(0x7f0000000900)="bc7340b6d2983538da37d73b0592e111503dd725626d7b0231489973b7db271823dfa1904e6e6e8139d796b99d9cd66310ade4abe0c6e7d065af880b6abaab31cf3aab2cc91e65e4eee57042d03d24740d95b25960ae40c898181b62a3ae63e0f717fa841f5c472da8f882a07388beac518def9fbb5970ea9d96b6ccd03f0d504a5e445c9cad888452d8f83ea0f79a0bd13046e450dd821a9e63280c1e3caac246eb932d261df5b6668db7309b3b1903a1921cce5c906eeaa8be213ad2fbf9db337f8b790c79227403465849ceeb80accfbbbf0869daa70f62a5c71577bc4ec5e5c51714ba964d66e6084406c3fbfe158538d2e60168442af23fb1b85b1e4ea5f5ec03500dc964d28f82d11daeceea4124ac5fc0f9dc7c7c02403ef36679f7144600c126f8f377347069c20be47d6ad09c1f8d097bc628da143be05557c17ac2fac8c9d126611192466249a40994b6df358e2e4d88bf4bd080e9a964f682e8202af8fe5074c43a34ae4d06dd50317c7ec245dde44c52bda0417c679514dc5d18fd89fb174e7192fea352f398935f074a26a351f6b1bf94c0f69633b6a1dd6f24d9809982ada9dfbe4b65fad923fcf523494ef4a842dd043d6e2d7d2617b82ea2f89ed9dfc09c11733b667f8cc9668964bc217628545d033ded3f609a92579d6682d68c32b75ac1baaacaacee328d35ea920f218b482f1bbb7d2a2dac2b0075c545ed2b08b4f3344cfb32e8abe8dfecd9bf04361642e668f9f2a75cb99258e60db84a77e2c975132407e45e01883d8b4d94e20f42876305f472c5e9bb5a2d819c9e4b2c3db6c65cb35bc4a2d3be15ec2edcbde2529ac5b2449f34b29db92d047252754501e5bef826075724aef6d794385e021e60beefc66b7c47c1beb977499f5d63d62b52bad3f777d8350531ea3f6ec6e134dbdd3641f7ad2b5d5e523f91d685d1cf1b1416a483a667d804f4c6527cb98cdaf931ee7277d667c79e8787dcec3a44d31404890bac35f0cdf1aed6657f30e73d95383187ae09f23350cbd6b7d3c2007e13d5dce15616e67e01912c626f96c8badc0f3a755f1ed3d6cb2bdc4f7cd6263d47a83de68249345ac8e74404165762bb879922dedd0a1d6dbba6e1bb1f594b7e438f645b6c3f4af02ba41304b5c87752e0bc708575c9cef9d6bed6037013acf7c9d8d5caecfcb6ccacb6584307d571322da6fbf14ef30d7cfdf20dbbe21be00df01bfe9842c67051616ba36e291fb2353edd613afb67464b8a27edecda381f291654362437d53f52a53b2448e5bfeb6d51f17b95e832582d8dc6acad3a368fb35a3defc9875af7cf66f2091ec665b41e58db60e6246c4fcbcf86dce67d75b7dd4ebe6b2320c5dc4518cf04059e3217292066c2294c299d85e1ce0cef62082bfe8c07ca2f2a00fd8ac6afd221dd7613f62fd26a9dd8ec4a9d1fdf01513cf0304b6885eef8c1c418acf9c720ff98cbcbce7f25ad7a54afc75b728116e7fcb531417b24aa9519438aaa36222f457841cf74d2a093a249aca0e58383427a868b54aa0a3b7d2b2f4076bd2b63f3c1967f34373ff9f49047162a63f7ad2c1d88f5017ae621db48ed81dbb864dddfe67ae752f64fd784f88be9232ae4b952b026739694feb4f08541dfc548d3c8b23b81bd4862b17a592b97fcbefaacd3bdc0e630eb2824184e2ef0acd42beba2b3db8af819e24d20ef3368bc0c948894f67c713baab50316d486ee7c91fdc2a61b15448093189b3e85d7a068869bfe8f18a3630208437bdb3ab9a1245fa2b7cc0e7ab5443d07dcc348c2dd555d5cdd0640a9a7af462f0b4676ee433fc44e91e5317d0ac9ca2a7c57f766cf288cb63481a40c3add9edfd309305ab0447cb80948e69617e4f3c779acab589f0c76da750dd9020879bfe34aaf81e9b92f2aa176b0e6b1104f4630b944b0dd4a031642e808b27097bcbc7ce07ddf77da7c70f24b3cb14274eab0891309ffb8520bee975e4699ff40c6659586b432f138d6da4fcef7be07799ec676516f39664f10d99b07a9cc234e2db4123a874445284dc86bb10516c596586318cf20099c22fd29d21ef85d95f66a0509fd4bb832fad90d6d002c03209b2371e9926550cfee35c71c25b093f54d64a9a96dd163bcaddfbb2cd722d7fd634e6f5a34f67023ecfa52ec69647948b045f79745cc8cd01cd525c44ee624070e5bcd9e0a6c2c9b5a920b93d56eccaef2c2a618e8e87a182cac6da4863886423f5106bf4696337d844dca5e861637499f43e37fce43dcd5599d963d8a482fb7791c6fefb5b44c5ad503cc4a80770122a1419aafb6a83c71a263af100a09084b3b628b3ca18df73426a1d7e3746123aef8a62b2cadbd9f19fbddb525b98e8b1140103a373519577b9dd8bb5ed210714493ce49d0b2cf9a69a6c6ce05fefa6a62a38264f40b2f188c5c52b1c019dd229eba98d24a3aaa68f61efeb68eaffddfd87c486055e08143431b1d03f22752dd2a9331b86f9d83eb92aeb37e9be4d8eb14b296c65b24c6fcfab96cda68ff95e3be2e4e779472832561d0c0253d8e1c3f0341c92744b734fff58c286aae5945629642b911d1b5def31b17eb90cd3af083102e86db41576dc01a81b2476c349edcea454794829a8150d5a1e3f0822a9490ed8ddc4abf431606ba2bb7f97443cbf1d666c04b7b352ca38f9999515e2fb1f50ceb6b6b1606ae0f0c9a2f1ae491ae154228da425e46d2e8a879a359e12b5af73a93eb6da5d958153e2572b82b329390948a00f384e6b70210abc87a320eb8c28293dafe021462ade56cbc09b70db16a021e5ffe4471eba6f208cd45fcfccb2097896b21e5533962bb010c9514d449fc1f9fe1dee70a13727b1af66cd1e9e55a56c959a80adfd6ea3ba3884f8544b0fc3a4267a801e2680c244882d88b6d155a7917916747b47c1f475ff9924436ecb1356e46d325907066f9ce9a966ada5d65febab3a2a43705aee151df07b67ecde5d175d82f4813bb2a6dfa3cdf1e8e0c9b3f38b5a2c9780ba43ccff4cf59e6a4dd413385738f8bd0e7228f507b485a68d20032335f56e762c7fd22a42d26ccfb60e8cf928454fe81c63bb807d3a01c18f155932e9989f47a4f6cf64302e0f763a3977d766b3ce9b62e6edcbcb04373624a0ab0faefa8393211d7137712faaa0fdb64c32d89b5ab51d44f481ccd13c016fca665a99ca0d2691fcd93e0b0b95e1f79183db598cea2f2535e98b7314fa2605a3c30da181300618e1054d5543fe25b2aee24122a5bda7a409102728d4e7faf139fbda75bb430faf56877fa42f1688fb41511e9dca1f11c723d461687424115c52d7ecf9cb3a6d4b48217d28cbebdb787f8307223402722985c95cf7aec8f6ae298673b33530f10b5e3d9d4a5deb371cbca8eb049144c9e6d74fcf5315e7625a71f0b5aca2bc48bc5744bfafed58dbdfe15b943051434da7ddfe9b27268164f0c8e6eaad3dcc1be9c47eeff73083ef902369c28b0340b4550f150e6c62c7588513173c836ae53ef705925d630f40f6538b0cbfb7624d5ddc2ab7165d641ac9f1bc7d02f449063ba5d6e7f62005ec2d6582480a808e372bb119871edc2dc1356590d04ab5b7127b83178d151e264e233f4e53c235effcb037139d8ce0762f7a5debdc923153fbd875fad4e0b299affeab232febbebcd9fd7ecfd35bcf63ebc89263e8133cf2fdb54d8744adb2a5c8b3d35640f5cb6a6c61950ce7984a476a3180e5152d97d0217125e3ce4e554bf9d8ba42500103d15bc1b34fe65b15f13f40eebe25cf5f7fe906ce6cd6e8f3a674b275b1565de7f5b9b2b85940ee265d932f2bbb8c85ce73c19e2bccebef169f036fc2081679ef3e797ec2b9684cd1e0214da393bec3ff22940b08120e51f40acd053c984b7e757c27f3a1100a9a11e8b5ce2656be42a515e869cdae44f9f8ba23d0d88ea59548342112af5167653031d77b42bec531a32fd5dc12808dc73ceba3fb7edd78370e8442755270d35829455c72c3ea4e02ccc9832ddda85b1eac9b172d209a2eb52d8c19092d7a8c91b1fe9b0fc9118dc9b5cbe36bea57fdee575545d36a264f3190272222eb3702c7c2acdbde67a653e2870b607552aa4a3cdc387d2ce0732647c34577d57a360ae7233d46eb02a61cc5cc46e0fb284abf8a7a3c8a2a824fdcc3896e91b03aa2ce3f6d27b7d1055d9e40292263050ad9d669ba02390b9ebec2bec9d0f5fb23f519e38def85b189588bd9af202f74dcf056a2aabd174e0a4c7eb35543ec8ae247d16167eb7d27872d5df81121c4e44ae5cfba876ab485bf71faee93e8638047bc497c207a2f2499cf7952d314500ad72e315ea5b411679ebc815034f3d42aeb278efa2a0444291e9609fba1e3b3398ae4de36576a3bbffdc09a05650a175f4884cea872c75518d99d9d12fe23c7bee00560bca7ae1c0092011c0e47ece7a4757166da0c289aab743a6104f8a292a53a785c10ee10c01b1ccb7889d273cb9798f0273ab30bb2cb08cd05679bbf2dedc04f16bd80d33bf21e3291db8296445fbafb968efe65f51c9e7a5309b68723df378f4080e525db9b27564369aa85840801e27210b11443c9e0b3dc5a8eeb421bdef2436f2f77b83003e9598faafaf1e2c4c35b7ca3da0e05fc201bde334e5abaf7c930d507ec9de2d8ed8b35eddae47d3d9bd3f6082a89e0414c07c96265869f4d33ab600b33d9e13cb03968814c9312c43f7b133ec701c4fb4d707072d8fedc3ce97982f4e71970c15a047f77c9e76459958ee02f1d385216ac133f2b4d73d50d9d8eb752a6983da78f32e5572f466710576a90ee7f195ebf5732cf2e2dc8fa250338a3b5a0141978ec716f893b27e5261dc075663a8393f56ace355365a1994fe41ec3c5da38d355377232f3b4c84b685ce0c8bc2be2f5039bfc479765f23ea7b8e9fdd444395f32edbbe320d8aa0f163a47032db0f443318b48ca651b0ae6a25c2f5e492e41243d16fbaf9006b0bc41e9d966ac6662cad610af15d68be61a2d845dc5a92e049045d8f3954cc4fe955dc6089dfcbfcda340772da45850dfef5704058df8313628af13fac19a5850aa946717294f80e56339b899d888b0b160032ae215c056050c017a00d5b46f53e1241e4ae16e720e90ae1f4225913cae225a2940165ae3a2e7d4119aa7278eddcb915709bf3181cb31fd10d205f9a73a1d9551a610450fe6a81b30a777b30248a421b3fd52a809d932af82d813533c74b2d9f45427dfa1fa71649f70234f6ac4fa2e1e8c819b2ae30270f24a7056bb73b840c9098866c82c75062f9a34347f1a77a01e92e6167eefad99a3e2a495c38de477625b2513fdcc110eaa151b4e30b293d6c996e259fbe959e1427e975ecdf4810b58a75a39d86870fd67fc21ac1aeba115c4034c2bae4a930a98e2ba1c609426149e46edc3d84af4f993d0d839ec58e1d1c914b6a24bfb26ec7b6e89acdc743facd7c646a107b0e94c934834d38aa376335ea785efde5c013c2d4834140f1a4bba54f342de0c64e78e39553ff085b9ebce2e1f4830e4c3e423dbdafd1cae2e2aff3cc714e30b7307f2267963428cc9fe4d0064e4e756c4e1f58bb12a40b1de858dab36f249c18aaa9cb3f24fed3a90ce4868e4733507f4012d77de9b70b34fc287bcc5ef3823588a91b3d7a19fad22840fbb59e7f77026dbdc48eec861fd794f7ad8b258963a88689a0b136bdfcdb8a3f247e7c16f9781c18bccdf6880efd9f287f59d5cbc92df4e816375724c27095cddec1153761cdd6c1ce9bf93979e499369ffc1d780650d8d70b68c0", 0x1000}], 0x3, &(0x7f0000001940)=[@txtime={{0x18, 0x1, 0x3d, 0x8}}], 0x18}}, {{&(0x7f0000001980)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000001c80)=[{&(0x7f0000001a00)="4e360383dd82b0e806d98b619764e72bd13d29709eba92ec0c9a4d0fa812450b3e46ea1da2fb284f902947801b2f2e002abbfa55ebbddbd80d07510ffc3bc1789771d63082e9d75556d58b28216660695d86ebcc08c0f022403fcdd293f16353aec52d65c06516589a4a2f2a3d89ca564586228c9ded9938c9b6ceaf7987f3f56d7ffc812c82ef62a4e7ee129917bf771036545ab63b9d158c9bab7d5b5cbaef7ee28321c83b091caba91aaf3683b6a527f6d27fb622e66a844708298567fc7635a18e650fbf01ed345d9f81114872877afa55030dbd3dc2dbfdf4a15e", 0xdd}, {&(0x7f0000001b00)="ba291d38bb72de412a215f9a1fce5d84670129721535b21d7109ae72ccb90c5727ad92a26856dac76a5d8b9c4d4e37169ce3d517abc6f79cc84fea41eb0d0884b1594c00f060d4539bc6aba94fddd5ffefe87694abce9cee59d38b9065890b6c85d90b9392f840799e9b246ea148a5e53849df9ee76a83a51c9acf58a586d171e5", 0x81}, {&(0x7f0000001bc0)="018c0d29cc78a203bc0b5060396fd8ef3a43a757493e05d57972b7ab1c93fe0521f1eda2946772b1906d0b0242acc1393fdc53b9458797e1de0a65f02e40b676c24d70c5e12c807b84a9aa2f5bcc01dcdcdadf153a9402f563a6a753bdd19f9ebfdb20ba13912c8eb8cc9a4cf576b466e2f9770d2231861b4d703bf5bc03a3704187d73795043ef057fdf6bf8427e6e1c7a7f9fe18be180c264558c12dee8ac9234cf2aef8fc49d3f048d005cf43c64f705fdee9", 0xb4}], 0x3, &(0x7f0000001cc0)=[@mark={{0x14, 0x1, 0x24, 0x7fff}}, @txtime={{0x18, 0x1, 0x3d, 0x10001}}, @timestamping={{0x14, 0x1, 0x25, 0x3}}, @timestamping={{0x14, 0x1, 0x25, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}, @mark={{0x14, 0x1, 0x24, 0x40}}, @mark={{0x14, 0x1, 0x24, 0x1000}}, @timestamping={{0x14, 0x1, 0x25, 0x5}}, @mark={{0x14, 0x1, 0x24, 0x3ff}}], 0xd8}}, {{&(0x7f0000001dc0)=@nl=@proc={0x10, 0x0, 0x25dfdbfb, 0x4000}, 0x80, &(0x7f00000020c0)=[{&(0x7f0000001e40)="8a7ea8fb67bd8cb1a2ae0eddb96f937819c31a874a1601168ea6238d7beb6293388190bf2004a872e16617e8e9c3fcc9faa9e5776fec51e6a27318dc44221632aa8ed0b0b9483f73c376190cbe37b26fb005ae", 0x53}, {&(0x7f0000001ec0)="e7fd59f48931c142f332795f6abe3f7e2efcedd9df5d3d8c5814e971e240a516acc208ccf2f7e0e8d15c1cf510431f320de74b2c115d59acde9c64d24082994d11ec74a10848ae1dd0c4a4a8336e4f90ddea7fb7006e41ec0ab677f50026ce3aecbf06a75ea9d60f724c124664", 0x6d}, {&(0x7f0000001f40)="68aa94fa9995d9a98bc5c7b701ff7b3f4b82ff936fc0d58e7a2ac46f97cf1d1903f2bddd783ad5b7ae8979d203c7464c57d3fba580e00865943ec3d1526a9c53b72ec2d8f153788318341bd968e9e774c511", 0x52}, {&(0x7f0000001fc0)="0ecd1a43e713df6ec4d727eb0106761db7394a8751ed0b0c2125aa0f14f7ba71ab7be204766796ce5318b792361eec52b7c3aea6bb4e445e29553f19b1582f92ce0e4a44db3c28a7b2bb1ebd4836c9cd786c05e94a7cb8644037b136da1980d7e57f2e79fba951e494d01322ae04b58d2c37bd3b8ba1a38df2222998fd158ce2881fa61ca37e9052bc0642f8414840a3e42589fce5fe38aa28d2f53730a750579e2d1c0cc5ca08228fde9bd539b57c5bc58ccf86806e44cc80d9078e5d67979e0ad66080c35acbf5f25678350b06277a51877d8778438388a4f56271c41fac67425d22a95c82751cd7b78f1c5ca33f6bd05067437d03cd575c60bf", 0xfb}], 0x4, &(0x7f0000002100)=[@timestamping={{0x14, 0x1, 0x25, 0x7ff}}], 0x18}}, {{&(0x7f0000002140)=@sco, 0x80, &(0x7f0000005600)=[{&(0x7f00000021c0)="457dc750cd369fb4a55150a642869f6da27e0702355a8165f23a783e35e5d3d330dd86525ab90fd75b02313af740c5e6e2f0bc5f670c4b3da1c35d9f56b0f2c8bd354bef5a564963ce9922cb0d788444e02417403069c1a97bf874a48ec9548122f9c5221d91d14f4def", 0x6a}, {&(0x7f0000002240)="53463a619d5b742f99a1bfd216cda82d8f6629ee405236d172652618bb764469f7eaa701f2240987ad952a8631f636ad49c7a68a5ddd05a7743cad5e2ca3757e87ecb2e7eed98a78f5f7b7b4fde4959b4d8e3f6864aaac0f70296e58412c2076f2d734d24cf07c201aa82e68d82152839bea", 0x72}, {&(0x7f00000022c0)="230402e941e0c3b456c46759eeafc86902b30ce97d852d40368943787170376abac3d2aaeda624e17802b717fad36d383ba4c9070c56632fca23aa0accebc4767aac831563e6f931fe4a90a08226", 0x4e}, {&(0x7f0000002340)="5e43ad3293ef901e0ba3e0273aacf452b95b75da668188d73d0d1a8819b3be3bc20c128f93eb1f872ed82f9e2e54f41cd1b2dbe4a4aef2600b72e2e10b135818b174d45580f6093e29789ba9865412f58a06fda7ec03ad52f650df4b85e636761b034ade6a1062382fa8a92f9bdddb0ba5e16d2dc4a481da481b4119dbc939629393d4acf9e8eace460270aa154be404666c00149ed3587b75e85754d137a9aceb50f395b26b3d4065ca9fc4cd6c02f441d4be48c53b2da22a75137a85e6dd03a05fc776116743229a91e833f63d26d09a5116bfde06f19b017f35cee9a64271e13d24316a2d9c25fc8a5c0d5d453258e80c0c652f00c0b2403f81c15c08211aba175465cb2a7734cba2ed00419544d0f5021f4fad02c1d29701d5cc10f4dc573dd0721f911a13a81f1ac884ce977b0f09f9abc635e53cc6cab4779c40ad5bf7512c3340d7df273096f145b611e99aab736b84acb1832744356a3d828c7611725c97523b48af604ca8a742a709ba3225d1724dadad04322e45a82ded0fbff51c3b0fa317a8bc192669116fc23cd58e5b80256523fae8ce04409a49ab0bb2a65934ff0dc0e6b4a101a8054e8142118adf7e5eb51aad6ee182aa5cb447c6bf910c7cef69e9cef732644f733cb905e3c4e2ab159b75d43e0ab8a1227d9a1ae417b0498f49cd73dbeb86364f0d75364e50ef8052679289ac5abc9bee6291dfaa36af7803b53bcd07211335dc299266ab2b251ca35934297f813b9c25919dc8aa98f7ddde80a57dee394b15107345047aaf9f2ae7bd18437393166037159cf206d320d91106022a65b05f70d4816360b627087a66901a3a08dd71c136736c41708af9ee219e189c41a132e81592772f80c9cacdd272b8bcd1879e5ac32f5c5bc8f6f532e302e199cd8b600775465c4203dbc7ce17f447c59b1d24984cf27bd694ed40d0557ae6190426f77cdc43cf001ea8316031a6f9c3940797518850d3687988a5e3c83c202b0fa6112b538b5025a1ca37ede91c2d8d4fd17a7f918d17833e4558767fc1955dbe0c50bb12cc92e6ffe97d1c49a4e8a1cb57616f8ea3dface0fb3b4074e71afdc7edbf873bb32ffee29e7883374b7b77fbaa4c884856af7943aecb85e41a6a9b6ca21ccc845887daef7b3249f39d5eac6e8a3aca4bde5deb47ec90dd4e192846df988fa1bd4472e1255ebb2de6763502ea17f09ff196dd6b82d0e21fcecc5b45b13ca814ae36b40185417ffc0e714b1a5e133934bde2a26c0bd8069b40f103d3d07aa6b82247fdf4d7d7ffefdeaa38c7d69355147f1187099efa2df30257cb26ecccb315de020465704061ac54012c6941485b62ba5fd045119105c9b26defa924e1af3e94305a8e9b9f59183076ea245e3eecba59419a101abd06469101c5eaa7753b8cef54c9ec1299c57ddba3bb7d2bc24dea04bed8458c581d7c2a098a9d43cc0066bd10e5f036bf7999f58f9488df4a971b3c8379ee90ef1b67ed201972a95ffabfc5025b923e265ae02059eea9a524443f4a1f726cf19fc4c292c1113998f5c189d8c015ab3c376ce245e0a3d4a09c347e034e241c18d4d7bee222443d24fd4ccdc984fc8896a7ed867903f5dbc6edd8cea54bff5f9a7d1e5d7cb4ef3a54aa2949a702e71d1bab02ee5958347666e6dadecebe3a03c7f8b110f6e0d49d7735042a96e2723e31a67593841d92d4035e8de9894b4475ef6a2e824a6d9e6e0a733171f4318e510fdc5ed73b6b29c130c23c726ef08c228491d13d1a120fb7b0be456100b5839eece28c1d3ad8c66007cc0e877e6a2a5eda53691af8c1bcbfa4233f2a2ed3bef7edbeb94f2324cd1fa4db1e88b791785f78dca242d615baa42ff075eaa78da81bb9c7dd04831aae694424df8c4cdd859ad8969cdaa1b5b7adb5f6df560cdc0572556fbc0e677b63dd91f964502db76df5a77877e1ca5fdd6ac160246f31324c07bb90570e095d993fe87085942378fe3f37612dd2a0e49e627ee3b95d272d26eedaccc612fbda605ec58e74742704ee2e09ac895107819f140ef687972240a05f62832598872ce2bfb568d5f5c0734df40e14c64360df634310ac723c203d4ccab66f663cf49687fc8244a8ee53969e9a2916779ec83f3efa3bd77b5eba6be463fa8481afe852d9e54b06d3c47388bf219919d68f7406ffb32cbbe2ec8983cf9b9e3cffbe1c242bfe080085f989ff19cf88f3886cbc13cdf1005319b2b8112014fed2f4d3b8c13a18e21caacf2b419dc3d8bf0e6e06480555df7fb0cfe015ca97339e13787d5d33e37003e1e314e42292ca73ece617f118a6aa915f226013a7a4b421126d705ee7bcb4587c61f2ab21dcf6d6f8442e23d0439fe22f4a977f0b3c6692424d2c8e8d4486c222037c9999178d9f8f59d40c14f85386184c343db02b66768fce32aa5540b042748be6465db933394107bacb6a06bc02359e7abcfce49cfc9a3f4656bb2931e97b1887209de747d4cde2f1e3d1dba6ab8d4ff13bb3b9452c04d0f7fdb5a4e116b5491df46fac5bab95778fbdf0511b4f3169a6e5c6f0c80ead5aad07da0212baa56b37cef8bf05ccbe4a2bba92367139717a2b185028ace7cac3d7e6d4fdb33cc688a34433a4a5cf0f0fe5c878ebd7277dab84afe089a565dc4846cca90d21ed072f390b74a4ea9db80b3a3a1dd707af2d0fb7d3dc105084c20f0ae511bc81c81916b4d97220805763e8832b0317ad2a4323ee9bc6daa4d3db7b5fdd8c14677f6e7c281c19e3d2026ce403e43c433a66192ee0810bef874aadf6d437e9a5f2b8d64504a23358a3de57592d101517a0d5b2a6bd334d184a8b484b65530b52764297581678fc3446c9cf3a23e5b83a0dea46a245ae0e78b40ee7c9bd5241966a1b20b554e069bd66ce7d0b519711c49b69aed789be54d22f80431da4727ca5b9f145f1ddf4d9d5048e520d3a104aebaf85f6c5a98498ae2f6b09b2e1b3b7157a1a27c510c9b2793e2386930216e010d42e9b81f387a82d29267ff862bfaec4f2abecf03443d179a27bf4514f4680d6c803da91b209a612e0ea5bd530653825d88da9b70ed0a36403d8f07f23d7d611109b7bd227d4ed70f2752a1ba9be43e53358fa6f658c5e9f9ab241e1c464326c94184e4f92f2b34d81e67be94137c7ac461b4a2e130313d6627330c4e8ecde933651db3659ab46e879b54bc8b815cdc9701c36a551df1044ee42d0776f3597ab35a68d2ed821b462c68817fcc9b0293ffc30eec33cdfc69c174367bbd5d24b951d836855f2050bd033f69cb0b6a7d7c2070ff4941ee678880b7188fde80e7839a8ee8fbfaed9d976d29fcd9964f53a7bd52a9d7ee6466be083fc4efb96b28f5ec1076a1900c483f8a543f47d90b8bbc2268977b976633303d9bf9e0fb55210ca13231493d6fa34998750d5a158294892906d6f125fabc8acdf9f34868fc39baa5f4907d4cf5ff84f4bce9cc865f8d58a4ed7231e165b799340028510e422a91a0db1047e1e4516040476fb88ae6e71545a9b47885a06969eea3af2b5235e0fce5b732b0101f013645a24833baaf9a95f5c50688f10cbccc63fdc9ecff3bb2c7af4b340254018bab417c9be2f54fc4afe2aa422b54af2058765326c1be005f363a5165fcf4448ce4de6c43a3cf2bf783d4df3c96cf7265daeae8b50cac0cbbf7898b9b6b2c76cffc21354bded51f461ef7c3f47a637ab0e1f40a1daf07e1d2f47661ccde32cf4be20ee6ac50c4dd749f979e1bcbef96a82eac7234e4615a27c562bd4610178ca3563841cdc428132f8c9bb5815f287b0cf3927da5d10b1a314f81887331897f75af818e952153947d816c4870f189e82d83772d1619fde4608aab9e95817a5bf88a2babffae7d092e69cc5f9a238c2f0beb87ff9c84ace2e453a58352cfa9101187788460f221a5b84e75b052a3ad1a454173d4ba3a613810bb9fbd7229063fd3cbe3c6af8488d37a15fd3ef22a5b19fb7546659ab82948668de1679f3b5a7fe40876ee01cae52a7b2397fef4572d2581e30c017892328d053af8e282a22173d0ed764fa5408df8d952f94ce5f0892d7b0ed04e3cb2c23e89f9696096d1fc7ec0ed4a7579da3a1a85c2c7755df09c2f291d56356259bdf986c667de137afc4043ab5e064d405eeec65846520697fe8f05241d40d1ac551fa6ba0b74a18c3cb6026a1d8f573c205eb1fea23b605195f03d7def466e4e8c8c9a5991d2ea00fdd217a7e7a674ff25799082f3331a2ce7bd9c3626258ceb039e05cfabfda8d7832f68a4608559b207417c1d6a7c7478ba65aadf817bdcc9fe6b605e33062d9fa99caf4a0e5d913099fe90b59911ff539ebdd917cc1c17bdc6a3752ae10d76d41eac7a3bcca62e159f106dbc2795e014ebb3e9c2ac16095400c61750eadaaf14763e6bc79554353331dd230b0fff7b83aede3044eb302c947c40b078ae3d5f49f204c8cc8b7c2131f296de7ca3ab8bfb812cd74730714727da9950c0143d6252351903f789a9e92185b57d5ba59464d2ed521b3e941302e94d0ad64fd3d1bd330ebe7b2669591fb6cb9b2eae7dffef04f6fda806643b2e6f2df35338606f099310e1d23c648ba7331c011c31e7bdaed997a5f0c41a2c9ad6495d4ef340494331a98b13c477e3e9b50e232aa1753d4cc15280230b22066654cc38910da5ddbe0df830052c5e16ad206e7beccca6a407a777c710266724779f14fa893c542e9379bf874804b3bbca84b6e51d318a8b2103032a98023b593acb088364034f7a658924fd4b62471d183b09b9149d113d8e4c2ecb7fef9c4f9ea66b4288c2b8722871c3829a241b8ac4a577e656bdb79067aa63fd8a0f3216345a8a6914bfe432e6d67b65254e25323c3c5255bce8bf18849f87b70c1008f23c1bbe8af0764e28468656ce3f918e495390d2165ddf9cc9c2365089cd5b74a60be1e55584880f14d1eb83c7dae28bee056879a3b62aadbe5f95b249ff3871c6e5652c92d7740ffb289b19eb415eca676ce9b51fa5955546d141b0bebf211559903ec4a4dd262626c9898764ea309a793296b38e373339062f43fe35bde472cc5539bcf8c58eaf80b4f5799f7f07dcec13ad18b58d7c6f7e5b7b275bcd6e2a3096ce22ccb4c92f2362b4227bcef897950b320c74a0ce8fc3f31feecfccccee13d716967a1747a34ecd27e8de058e3d3d8028a4fc0811d4b7d5b73f9c9a664033389b58ed0147cb2e648656ee3946b5503bc37af8154c55d447c29a5527d1642e963cf279b697c36e2d0acde37e91744e256de8d195f065b9bbe56497032ac1badddfd1929efc0cec03c44b194648c7a5d80e78c3d228339b1053186b0f0b53c305eff1ca63da58100084bec64178d25af86b2aa9ee7d1864de15fd3529e561dd40a9e49b5f89671279e0002be5188a25005bc9e3435b26153bb0772f6b5e6bb8d8508a16b6979242994035d062127029ff613ac93abd3c4e5a5c9b7a53992477b26cfa67a8cdc5b2a005064b20455203e594e14d6e39f67bf4b5345576e10f0df9d77aad82469c3dc1fb5ff3fc1ad38b4445828346bdfbaaf644ef08f47ca2b4cc95232e285c406821954e87915e120ab7ff70761e8bd2fc2177a0eef064afe02b3456defb64c6bb6d7cbfd5c76eee7c699ff61706c7c541ba5bc64dc31ae102e490b071a44e729e3b7f780ecb2ea5966055b62840468c649677c1d518785f0c0062679d73b65b2a618bb83da9244d9fff6835beb322f2ecaf884bbae64a7b1e76a6f61b102ca55efb24d42cc6a82ec56e22c0426afc433958ca69cd7769be9606e", 0x1000}, {&(0x7f0000003340)="b427007f0bf884211e73c7121520440316445e1e85b9a2518e3e9558f2bf4124d3aa864e97437ecc92df09161777caffd0e0496f450c3c56c359ef232ba49ce738450bff58c1a2e86016a31a4ad65a1d0bb5ccb81c0210de86ed738b5014e4801e64eb0907fe45e00c158c661e54aa0aa97caabe358e10be5bb8eb8c8eabc353f4dbf35a053e37fe78809bb2237b907ad8b28c9db5c4c8ca2a582c592f01a1d6eaa0692799329cbcc0058613b999cb893790658556b0c12650b51ee21b932c7700b74f0faed55fb2bddd88acf7b5a8cd9d99aa2ed0be0d01f0d52d3dcf1d1ec5676811fe77d7bc", 0xe7}, {&(0x7f0000003440)="8a08c6f888c1b85e651446fbbe75798530c953fc56f3e77e8570da3e3b0064f0f96948fa98376bedd805b192a874d75ba4261231c682a997456769721dbadeb4ed1c0a9c5e29f55af867ad6a961d23b0b314b5602dc2964208e76f48ca8ede66a9f4e0cad9d2999a98c706cbb758cf1ca42922ec42c39630de61bb79093105888d699ffca78f54e34a90d3bea47e735490b235c4cf36e605a7ab0f994014147cf745daa381a6f35c9a3ead4a96a60e695f3929cd53b4e49c8fab52b4038978620d71b157350db6a44fcd7589c2e387ec525065eb7c514e3e137ed93e2ad60870619dda22f51534307a668abcc465fcbcdf3bf265a55e1a094f81face1a84efd89bc73d318d8b42bc83b7badbb4ee53d5d7d313cd13cda8e1411d0bc7e7705fd2eb3525b6805b5badc7ececf790c28554b1ff8fc1d2d49d1d94f1c1346c3bb8b15b9aa96d1df9b1d7623eec24208161909b588c6c4d60f34b49aab4f03600a00f069640b987dc87cad7958e0c204029c7c61850f5b28ef99a1aa4c08becd6cb972fb94a67ef5807f54f641a5eca976f9be17f29e1217b3ada31e1d4518a365d7c6aa82a00c3a0173074edb74bf0036e03a023e9778abaecff5bf3004f33f6bcb283aa0f83ea5f6ab155abae62928977ebee5d8596d85472a1ae56ccbb6acff9135270a510f625cef8fd480ceafd868ef3fdef489d76eaf0288a80a4c1ba3de5986e02b682df7d10a7a70445c29844dd1b31cbc8de07772babe31dea579874f3dae9906cdf564a5d0e6697ceccee38257db407c9512d8112abbd75c24ca94d9f0e01a9b5388f706d484b65afcf355d10e6ee2bb7c8338561c3d6d915a8c9e529eb986151142d06bf595f90a67365b086d0d9599296ac6e5a0d3ab1d3c90c853123310f13e82d1d7bd29fcb3768ffc33170bd41ea11e998f04d5cb8d63818a94b5db8ec1c870a16d53341de4b6a6fade611911f0957c359e22018e43582d9cf6917f880edc349245485c762beb7a7021360dba6965147818f48121125b794971205558e5a2d262c37bc318115703add238ac688347447dc2a75a40ce24cff11028639d793ca4469468b6637cb3a68c8a645d197cf0a37c31aa053f9b8484c11a7eb8ce323feecbd1c7b7959a6ac3b1f60452a4e7ce830a489708c40d6f8a2f6a8871b8f2abe6662b18d11473286b2a6097f4af40e5a96a979bdc94633c9542536acad2c5c45537541e57a90b5ca961dba01bfab2f64e1d6e800766a588ee3c4827206fe1013f1081c22f927a8638c92dae323c0d0e5bdcb3a10c361ffa3a4b8748d0b66af070a9a70538b48ddf6b97a39e7b544586ae8fe611fdef6ce826b0fbdeda8d1d890334b23bab5a6f056c20397302f48769f5142be6e2a87edaa8e7399421a250d85aa4e76dfad2d6ff04f0333f3857e6f7ba86106699d06d39fa6985a8d32f088f8155e0c9f625c58d3506d15a2a9234e1d843068a17e6687fe31257a2aefe11bba69a1746f4b015c4bd2c4fd96491279fb525e5fcad24515117c3432b3b6cf5f720eff9d86b9982ad37f31eaa576632ca0a8578a3c0db608edc4973e77810176edd8a75120c10f08cc0e32416777750b64bd7e21250264e74d3e8af7a4912c8a85af3fe44e98453646c60942377ad0503e9504b3d997bc7352b02ba0dc8cd8f85f562a13867673303501b49e63b8c32ee28c6c5d462ca1f1a7dce365d24906588670a757c0af84693332f1e096473b6885fe8e585e6c886ffddcf427c83f4231a4bdcd155e3961f0ed6ec0e456840436f71e9a9cd298836588999b61ebdfa10679927d944848e970424d8daaecac3b474c51f77f248398de32a2b9840d2396e69842d9b530043c1e2f01458556d08532623bf9ea878070b9f1e3e5c95224a33f9f278a1a914ce7b550ee9fbef83bea44a64e387442929ce52ae581b7247d092e700aeee2f173d8f170b66add0f0f510baeb0f247a41a7a5855ddb61dce4a9a74f722d9fa9b7fa911226c9fcf22f30e15bb2a38af718f6e3dd93d6f905dc6a48eb7a04791c520ca4225f8baabebd09a338f09cfe7ddcda93d855a37614b8f15088258ce51d8d7e16b88c596e4247d786b3a5d58a7ce2b08134df8b564e794574e5a8d1ab0528615ebfb8fb6d74b890f28ee6ff8ddd9bf390494a6e34defbd340c41918fed281b757a1f02d383162f380bee77f49c723f166cdb520a7b52bd85cb7b9775b134cb74efa13639eab455993637da0048dfb7f1e6aca39b88a07cde0bdcb1b1d897b4f06009f516d84fd0931fe8002ef4b8971f865ce8492df0e9c4e359055bd8d79eeb6f3597fa246147cc27b3a173906057fbd722953195ccf12a0b744f256293a677c52b19da4c66e0c496c75681a3cce095ba8e579f5286f2528023bac8be6909ba42bd0a281407c1f345370e2a839f7b29b706bd36322cec47870b365af0a9ecd5754bb79b9fd9c19b79c50079f4533dbf2faa12bc3b765108fe1a7942a74013624eda573beddeb7e595e35f40f4480ef9679c2730926324826f7e18837f534cf06e0649444606b2ec1699adefd61ac90c1d560268a6cc1d88be7b95cfb54cf7a84a9fcd32a0c28d260aca0af0d41dbd3b71cb955d0229f7863df304f05f8140a8df556c87f20ca4b3d529774d84701b1a79faa45602b8f0d60cb26595773ca20762d4ea9235da2c3010355184805c707c1d12ef1c0747f82d64698c56a3949d762ad8681b876551238c476e39ace3046068a810e32c700a2063be527112f0b396e5a92e15988e7036f8cf5c2f0a5105eee4283ec24c9211f0644f26f11bf6786c9a6e719b46417ef7f538fe7eff0a23452a5301d46aea7435929c9efb1474fd4fe29b4ae2df2e8466c4285229b336ae513c8c49e899b383459c352bf1061413511f5f57d21b63fe5711784e00604cfd8975c93eab90d61bbb6e6f68fec7adfc3595e2ede78d234488c21cd43d9ee0540bf643543119351adc8197e5ba425a32a93601816da98b392075adebe2c91ebb453c8538ba77af41b1f466b96575a0e6963a7cce286c32f0fbc584a60208b6530fe3b5de65e5f35ff8aca8aa03b94bd15f1d544cd9d05de12e643f6ad4365b868423cd73f0bb04435c003ef946d161d465695dbfe832fd032a0864ec4629a90f3af3cdf25b0581525490fe2a3406a83c75247b236324935f39a306c2b75273f24f8f309f0667376c8a6c445d6012a581e970442d4e3b4aaf0afde81d42c7f509b7dd393b9d68d18005897ef01092bcf0f10e46b45ef05ba7c87dab60ae90813eca57dd9689ff07aa866348d33eaa4d2273d42c65de84527195806fe85c52056c2bdfa79f285ede2c42a33c5e7b7db243a3e54d7e4110d01aafc0e0d8d90350549a455e3114d1cd0da99f8d306a36150e2a4c86c97ec0299c574aa2568f803fad04ec3ce574f48abaae775b535c4fff5e9daeb0e77f28731a6ac2b6987e217686422bb3b24e03c8e41f216930c956770365d98f5566fd60b71986788b7db7ed7b4d5f0eb3c1a022d410dc6efa6382ccb1720ede60283632b26289e182ab9177255a8713972bab1cc1c3a3305d664befe91c28f84c276cb95bf9d1da7e0a431605ea9280275abe466b12c84f592f327b8cee600b4ed32bd90779d4e6adfb6198abd41a4d0901f0024b0c18a49c7ca509eed838c978dccb7dff9fbe62c7d249cd934dc6d601cfc8f88804311f6afdd04f544fc729897e56e344f06bf56511b12c037f2f2e3517f59316b7e5ebd1deed16a173f99d314d78cf251f21ed8e91b6339f84f38a315a55dce40ac7b2a01e3c7c7442e6da24729838137dca4b98f13da30a55e002e201b5424f9b02a771dbd8541fbd44ad205bda3de959cc0d4bf9e812bd40ea114acc153e12ac803fde011d9d83b5ca2e3620f4901e999583710219d5db9427ed44461c962a5e0b33e43bf762d742aed3ec68888d4a26030d0593c1d2730cea9ce8082bb0165c37ca21506b177b6f4752695a58c2707477b59583d942b680bc536754557d2d9877fe1ab4a49e0dcf503db12d944f3bee12db5beeef97587d08d8d0df1437076ce41cc2d978cbb70391f4243c1a780385ed4f6132f3da07318803c7f250d7e8ce6f5c06f8cea11d12c6e48c25729d5c9462469962602be1f9518f26305522568968f52c38dfd8a773b05969b6adc772657aaf0ff323a9a853e986038351c57bb6b929c616a38047efa25f44f2d2d0f2107cdb80742b2cee651c75c1f228e8e688e7fd77810ff73c09c6b4900af6b2965c4ed6ce5e40cba16ff2afa22aaaae3f95f5e8e0c00278738a440f6d6cb93600ec15a4b205b27ea502f66022f0316dac6c8f33d75b0bc4374c9c4002e668e3c99cd4c248d83de765db7dfb14097d2dd24de3721817508ab5c45e1d7b9d8607e0b679faaaac2cc9f894e2e8685c4a5613de1e6f41a7ddd9b4807555ff3c996f30d946622606ef7eb54984b94fe382858bccd4467f94ad7fc9673dd7d6f2cb5850bcb41d5768907a763860d0e57d27bea97538fec23e6b4e041ac3c96cf2ae54c114eb2fc7760672256d4ab22832ae35cba484e4ade04377f9707d7305596696b6e6ac1f3b7742a7ff761ed8773a86e987d7fb4dba6e8bcda0e7024dc339c24e070876768f2eb5ae7b3094f80fe5e7dbbc5d0feff40bdbb40d884a17223b63bd2c0ae08dda1d640cce548d261022af09d10294867f8b5ad13ce9af17bbfc2d1ac77979da2cbf6ec804225ee70c18257a8f49dcb2c46676c09d2f09b41b089a9bc767d1547432ed2b1edcb2a2639833b066ebea5e36a10e030ca667cf51f1e9947c16ec2303027951e69f1d5e5d2aedafcb68a368b3911d6aedfd9bed13a8a5f3fa028169ca58d664ff85baa42c2b70f8f0c8bbcfd2fb069d4ac67511fd7acc63adbc5094edb1d5c4cc0df293a98029b6c0a531ad084041be76b7626fee43aab2bab8f3e617a0ba4aa98173446555314e642542b2170a1960bac55baafeead7e37dea1e94b01a9a6cc7f277297e185c18d76ffda3af6f075c222c89fdaebcad5a40360d1fe217b58408f60f4d9a7300df74e533a7a37e9dabfc70b3d119e3f2a1194edd15fbabb84836585f7109e4e413a3ae76f15c3bb7aad2cbd6eef103cabcd7de20ab11043117308fdeacdfc6b6da30bc50b11476ab60b663ec1f0f1dce349d7c8f9d64e81fb305020689bf825e96000b4ac37f0ec7b19e82df1f45c60db74ca02aeb41f07882456af8aff690d57841dd749a811ae28b295da33641b23350af6ac2657bfec5fe312daedd6e48d0e042cb2b913bcb8b8a454262f1d042f05a8f070857b3f8bef707fa70b15271c9357e8fff737ac51f84b1e6594a3731ad810b18439a1ba7848f981b95402726a88158b6e9e0d31c689f868abbe41b2c6c1d2dc29ec519b6e12dca6cdeb22f5df178fec41bbbff268eaef5866a14a70109b6c520056f1fe6269d221b492a0ca0cc7a79159b97848778593039a622aacc32eb1b1925061f11ea32db66c3e6d4d9de871ae7cd14b7ecb93ea07aa700e74283e3e411492bce798379b5438afd42bf26a03632020f28beb95b9cb419c185ec9d250f7ae67783eed7ccd3fc69ec376a419d012853ee51b7b115b24f1f14b7912c9ce01231e9cd6f460168db0006ce7563993c99c9f8078902d1a599fcffcf58dc4cf72eef2f94b51c712962a1c01cbdf2bcc23370bbe9d163abf5a3e78459f864c337fff9cacb51291f0a6c8a8575a7299e49c6e715962145ce560d2d93baf489553da84ad692a9e135ac791d656445e22d", 0x1000}, {&(0x7f0000004440)="a7055b7458e42cdccdf5d90fac31f2ab335bba70383068cacf6ad84f6ddc08d31d793847e1637dc54715e3834a6597a94cb21ef33f4ba762243a07e4095b18bcd475266d0c5f656471a281331ebe2707b02c6c70c135afc84174e722f7c818b8edaa6c2480ea6814a3e0356040ee1448febae107f0b4fb2523a66a0040d4866b42b33a99a997aaeb5bef0227197c21d464f382cfe1a591fbfeda6e6b5d5830c4466078d0fc6555fb10239da90115cc372de0263d07d4ab23bc812deedd5741f26f3d5b66baf40882e6862a753e5ded1eb1ac6254a916ee53de152f70a6a0ac997be5aedc527dada3cc38a9f8d9080c2c63145b2076fb04eb9cdb8ad4cc21693a85a11d3327770f6aeea855a07235ccb6239fc3527c5355de2f3ebe0e8d3b306525f87b3f221e89b30200185a5b861fa3eec4fdc8dffcf9bded6dbd65dc004e777d691bbd7aca078b7d51a72412ccfaded68a575338793d1793cf93fa32e3d9e207d6bb1a65489fc46f427e9ee818ce87d7d4d009469b33932044adb0d9558aaccc85333a37295a1ed0efd8551b59f98c8a539d6d740f5b90bf35cd8941004a358b51adc16f5c4d92e2415e51506fa25c93c0e3f2853fef523dcf4a3ee03318dc5fec9a82d9bced6da9a91f53fe573eb8765d14273ab75ef5b951c7c77666b0dc70695d7806f835020b7041cb50b8d29666ea2bb0452d7eb372419b423573d10533ec162dc510f804baf4b8d6cbfa1198ce3abe8e5c8918cf86ac9a1262a5a588a0f5026f471f3ada3827a382468d34fa3176219a498fa80f29aa2ab6a4226e3539100acc1eed298c77e2f713a2844a2509264a506af3e86cf0c233d5e8713ca1e331feaf3864550a0d6dde3f2b258e0c3ec247f34ace136f2f4892eb7af0ebeb00101bb16cc3617ba804c7f71571ffd75feb797385de8b7e58d7d4e2b13416cd01b1c1a9ccd974cd334169ec476807fa62f7c26ff61f248e06ca63561a69279006ffe464ddee54933272308b2df57b179640f38a37d5e2111313a95f2884c3806bb1f7bdbfe5a2bae4bc78e144973b14d0f3383f1d97f333dd79db9f24817d19f6dfba28159a298ed710eb9c5802aaffe55a2a1e017133b485e8e3962e0ded81d62aa17982650cff56b021d96f50c457340249ab85367219ef67984923f327afdfdf537418f6327447d2a204bfb04fd14a953080c723d9c66802b7c3340cbfd0c6275971c8795ed6154663a60ab4276041a7847a028d438549cc7b6c7b5b8bb405ba016911d481156f47a2ee729a94d9b0fed9faae65814ee86669a3f763e87c407aa8f43d8c6a09cf00fce7afab12ec585804f9220af1079cc63b9bcf214b0ed11d1228b795e494d184684b6fe8f0ff64d7092bff108175d7df220ae0b7a2489dc97b2ab491f3b300ec69c5b921104dd4081f6bcd1b7662efb245b9e18ecdc6657db5a89b6b2ad6743ccb2c0ec6dd10d9dad2406804ec665e224ecbd071de0aec80dd03dbefdfdc5da53ce1ed6cc564deea52dc30e05bc5511e7897401f2d34c0927a50a4bb387d893133e902f5898e9a0b8f99a296aaa5b6e215d87790b582be61c2f691c02794ba21d982be46a58d0b84b5b6fbe048e482b058c54baf3dc8554416cb9a3d677baded4fc2f9b056bc2a26544af8b9e3aabf9afe4610e0d0cde9bacaf7e8d8f2f931e0790c284288f2a28bca12e825f95bcc03d5e558eb4df61d56073c5e7815ff747a0666c15e2e8ad118105cf6ca0413dc6470e33c5ad4f1107f8976ef618b2a799ed7387bdf8f0133173c00093f104c8ad5cf1afacfef11fe96b2eb4541e8a9a4599f8c22e9892fbd27ecabc8c0f930a0d893e6953656e40fbe3eaf2ebd971fd98fad7bc14b88744bdf0b14d9bd00f2ef07046465b0ed3115d6a811c1d39b4081c9ffbc2e7b34fd28f9d198e797ef16f765d0576a7f0f806d5534a434cb2582b5a17f6dda228f9bdde880c467c475ad7c9db70890acc77bb8acfe381c07e09f95a389c8160f0771ca9ef09c010d5757e3453672b52060369b7e9b6d412b2e2b7d629ebdf75fb21b631a3b921bc19e5bfbe8a4ae19e7134f19fcfc928c46fb0fa12fa9df9a804b8e9da1d10acaa1fd5eccf0e782c24c123344d282213178df745b7e53e37ed03384f0e97a37db70b07491e342ce9c635ccf7bdb0b7a8d7448e04d87bc7ec50cbb47690390d5f637498570dff46fae6ef85a4ccf4fa341ac54cbb5092302ce8635bbbb19e93ec0af326efffc998d336394253ec60abfa6cd7001df58ccbd8575fec13a3441762d37368af2c783e04bfb419a7adda16c03126e6453c391de1e488fe95a40959ca9203284a4036d4fdeb92c7b1cbaec5bb347a0d252b87ea5755510a6660a882e1978cd31bd0d3acae74344c70345ee94583a8ae188162e39683faefa412b173d03ecd0e40e923a164dade2717c2510cc534256597dd56b62f4be751ed4cfb3f873d52b7ec0faf5f58fd748a0d3b46d6b48311daa4b1bb3e03218083d5a991d7adb15239f0f59c463c34f9d1d3ebbe16310ce6ae1550bf06a112556ff5a46eef39f87cf15e4226c156a1203d99e7140ee4d0b36be007645b6cddcf8c9735d2c466d45bf303026ed5f5da277463a448fd99f4bdaac0dd634146dc265c73d7bc714ffb719fbd6af72c68c7587fd57ed2087b716e1dae39254a6cad42bffc266896a2cfd430f3ce7a92714742d9fa798efc35a41400b13517f2f9b672e775b27cfc619b43990da561de4566287257c0e1c4a02b4b84ffbbcca69451c406cc0d5ded62c47518246586d99b877bf1c4f75d04b08286e86868dff1538dd48c05afcea7890c8efd2f634ddfb0ebc392dcbd207d0ff5474c0214ac20b049748133fc3516f799f8800f0828d6801934ea4bcf5065ea60a40a001ae16bcc3766a0137794dfc25ae2a65c9f9ba095224746ffc57d97b3a9b9770448e020695b6a1a17b6f7c0a904b6a03afe7f90702e00f3d9cf57f5ebf4dba1aae83096c2f90276730b57c6a4a4fc06b8f4fa5d078c991e0a348f5558848976683932e38d348bcf101e7c216be019b51b9d8010215c32e77cf120aca1680c9f8195fe977ad4a30e8b891d6af738caf4008acdeb2922f8d6c3d66e7769389b519e9a614a3595523c15abd854982393eaa167f9d156586b6bb4a6241e1e89baba445d8378be14861195de4127a6c3aac128af4dcdece6459647b46589dbf319b428b75da52511f62a03854012048cd8631ce5c14aa4f485e4c582d58a9aa048011161fbbf6a8b08d90d0d432094a77ef4e333cc46469a6e7e7274846a13f7b07a73b345cafc7c843493eaf4f4d506519576b398392dedd567456e9dbc43caef6b51f62c82b200b1e69d6b96f5b73e2ecca7473e7cdbbcdae652212188c39b43015777fbab6f5cec9ec27923c95dd575d7b89efa8984bd7225b6241d60f22f5c09bc8ff8fcfde0d8da1d5fb587810d6b0f91f07be471a24916b2d476b76fb4d39bd173cc14c75f8f6cae8047ae62dad858cc85c6da018e1527bae7b453d5f6313223d6b2567ea90867922d3cc6edf2baae78ceeff4c000ee808b24da86cbbad46bf6309237846fddbb58c4a0c7152f9c17598a85930b5d845deae549e04d5001d81ed99c659c68fb51f21360485f1fb86c76a83b8746d67cddd05a1203b32b9fd75dc3351fd42b26641e311c1d7692f4dfedc182f6a6b01f50e1b46804fa1c5263aa12d44882926f09638a7585564c5aee638accbc9be6eafda5edd171665b483ee788b2fab4325cee6df700e3d3b631afa0f31890ddb6a3ec544000d763074c8a10a8cf63e4eec789dcbde4c675b8cf86f83c10791afed4b2997545a18c5caf15f7d2873eed8418cc120aab2b5c5bcb9c90dbc0d391607d99a13dd5a032ec514081ff69441e9d5d254637192033efbb5cdfb3e6d3a2a1908558b2c9de3efa824c4477566ac9630f7a09a89fc1bf96bee4e6c42bcb6a7d36a191b73c1a0fa0713ab1cac4cb385d99a9f9c339e213d14ab33008aae2be07d4b00826318ec209ca0cca0a10f9abdcf812ac2181b8d75dfcb8769b81120619b17e1883caf81080471d973b66b8089cda12e631d67c91d27f7f497b6d793d1887349c391510359e5d6c505f4a373794cfe80ae91e7628d5403b72a3def99512b0cf52e25114eb8420b552e6be050d51eb37d75944e5edb49cc33db8d1ed41ba561ce87a7a38815514218d14bed279dce5722e206afcefbb29465d364f52ebb86a7afd33837ec69f6d23048c8730308dff3002c4f73375a8c419df7c88fdf180c3035953a81b4f9fe977ecd8a0d4b48b8bbdd51e4a5aeb9a0a243cb05bd81d1279b25e805fff8693228058b2d8e31ae9e9e521e965aef4d8093dc07894d6494d854491ae170fd845136e89f26f298bc66f66dd44fd2f718cb842cba9fed0fa8a5d834776a85d63abb9f2f918c31581e3d50a32c95ad017aca790a82cde72059ceab508201213cca3aa9e48d5d0f9e2387a8947fc81642ffdfac4049bd6811db462a0421cecc191b8acadfea7c3a314bb86df007effc7b7d0640e86e5ed64b51cb2dcfc3f5e4f02301846e60201548fb0c3b9a76e0fc074dc4377bc59d14ac964da8b6fffa1d14827fa00df0020f39548a6c8720e275725084f0e161d1d54e6e46a538013ac5a3ab232d4b2aee06decc91aafb13e1a1dc41f26d1a3fd41cbc3993e15232abfc6a78aa001f6b3ef495c35ee9bcd09bbbc4b522fc35c19967a5388739b130789988b46188b3d39bca3739662cb8baade4aff93a1f32270c601db2c5bb829a7232c1a03c8fcba2214c8440a04672bd74867f41280a0b714e43d92b88576c17ed35a8088e7595b7ce806df9f36e488420225f50766ea96f3c89f01c6f872af898b437df9fab4ce2585825e05c70ec1d3c5c42f8e7123398fc9d9ccd6299f62cb670057feedfb49ed9de6018f3f990ed2bbf01181af61b2438b4e6d16e56ff2bc7e355ec238a3d6f68108ef895cd5747e65daa698536cb4be09b616561809aac32302eb45bda1e4c4122ab6d21c41acc4f98a1ec785609d849c322832d6031a2b76ab72d840a3f662dfcb98a91b6c358e179f71d0d10d384616caf1b6b0dbcf4078725ba875344fe359c6f842c886500a3aff414f5ff807c627be3436a9bc2f23b61deae90b8ecbc3458a9d56da30c663f20ec6243805ad15fa21dacdbc62e78bc6cefb2692e9539007ff178cadb750271dd82289c6a7c1f053214464e3c8929f51ea7b0875f0dcf62d5455612dd5b79ca90cd0263cc66eccf6800cbb890e757a31296fd9716a3c0c954bbda1e05c68bdab8ebd0f9f8628186fa382fc4437c920f67893cc1ff837934d7d86d7903d6c7420ae2349964d3fbd879ebd42299ee2613007834336520488512e719d351878aa9adae34f543487c238c74779af18810b040bca271e6b729ee91bf2fbfc8d6119ebeb77c65ffcfdc7ad992063347b5be76f6fc76be1b01d5939bc13a87f22d9f6a79d7a9ab69b416d3830ab62964899fc5465b174240296e82404774ed65afa49317a3d01babf8c1d8f1923db6bfd5b862aa99976263ec98c6f5667b959796ca34812212ae9ff02ea0a5b879b17b0bee9cfa91e3b0503e18ea3c6c7b7206f7360ea417e1d0b9861a307f870b129477ceab8b310a922f6f883854a8a1112a4e5cdd2254bf08a387f103a28043318a1db4c182c17a458eaf3101f3f42b9d0dc79db46eb7ffaa6b6fc00224f347f5a3fb6e7c79e982e0e5462c53fe5948450fb72b8255f95f4766fd1ce522df49b3c97e", 0x1000}, {&(0x7f0000005440)="2d9c14a9e2225b83a567712adeb3cfb258d7988c0aefddd5632d85bff39ef4f3abdb06a36e37ed08d127d38a8e9c1b205f82ac8966e171f50022ba229e60d0992d3383c9b5f6397ff02c7a4431d9386633d36e4b197232a5c475d41e08660e4b4527da5b1125bd917c23f37a18b63259c7a7a735e74e057610d189528c9d51593ca965f39d25cb102ae501177baf9e910f87e230cca093cd80d61735f93298ec52a89abc75ba72d955f4ae1ffbb7", 0xae}, {&(0x7f0000005500)="748aec01cf2a5601846840a30bc9cdd5beee9edd8771f51b4a1ea78d8e9143aa5de5c2adb463163943682736bcbc5c1f3e5eb83ad195487b0624511cc6ff4a7c4d4f47d2169554c911d92d665a3e19539176ea27c670a1fcfe4f7a5559f6e77f2695772a691d93b26aabedbcee1a58ee19d71c063ec6b542dc315b8736a8d7284440da9e47b0d9ddf4c1c2b1a29c945592e7ccd1ecf3590fd47441ad480d7ecd2377cc46d983adf68a1e0254e219f509a4ba25740704f1d4833dab30a725c5c7ab26a9388bfe4f98af6aa9388ead2ecf85c2a80b7be9c6b098c3b7f2f7162902e712190a71a8d6c6544a8bb741", 0xed}], 0x9, &(0x7f00000056c0)=[@txtime={{0x18, 0x1, 0x3d, 0x8}}, @txtime={{0x18, 0x1, 0x3d, 0x9}}, @mark={{0x14, 0x1, 0x24, 0x5}}], 0x48}}, {{0x0, 0x0, &(0x7f0000006bc0)=[{&(0x7f0000005740)="ab04160cb383d75d62872f50d87785c7c491d2971cfe0ad78debdf835edecd7d2d2a6eccc52a952a8822275bae23da98f1d092ac4a5f5d4561d33eeff8e4d26b511d538d9b9c1fc85230540e7dbe", 0x4e}, {&(0x7f00000057c0)="3df6da3c2789447d92d95c34fddc2b69f1e52e886c2e16dbb761c4b445a82c5d11bf5077728a715cd258998446dc0963bafc387f2dca03b0925909298607f2450921220378ed33f896f39cf9e4e9b70ed3a2c39df380a9f73a1be2cc59eea25c281567b5fdb5239471cca2", 0x6b}, {&(0x7f0000005840)="52dc671f5a43304a249ad0a1ce4e95e02594cf77", 0x14}, {&(0x7f0000005880)="4553ae0cb07c0f298a7d70eae96abb6217c290445c86b1c81043f1990241987b65efa829cd169de07ed1f4a64f178c442ee7d88f6297ca64b73be028280a86cb3a09b6292fd785bfc58a3dd5625be9a89c5c31c9944476fc03988e580f70e341d933bb97a90a8b7ac46e6571a6a9e14392f632b37cd8ac6e9f4445a61102ac96530e6040a5dffb7f8dfa616cc25e1adf3252115250c7fa11854e20843b03d516fbbf5a8615478762fa0c4296542777ae2f46cd7c11b751bf187251dec021899cf3c94e2cdfa851fc9d9c460e1afa4f6ad32b4d4c276a8721aa5a580bd1f23df34c76907661b059f7c20b350f93c05571ebd07c838ba3be3703", 0xf9}, {&(0x7f0000005980)="4350b6ca67f2fcc314e1a9eddc91fe72c4382dec9ce2e7039f9749e1157dd6", 0x1f}, {&(0x7f00000059c0)="ac69aa25405e67d452f7a193f1e8242043ed5d7ee5b2ce883c12e882c3c92a8cc3bceb53aca03b894102f0b58b78d892b3bf5ae73886aff180903aae51ee6d2513dca0b28533b1a75e816eac6e54ac5afb9b83cf2d64e971162bcaa648", 0x5d}, {&(0x7f0000005a40)="71bad0dc31ef22cf6b2abc4b495cb2c58584f3b69690907d568046528b3403de5c25b7bf3df0d6afa5c78fb3798f50012e6b4084e281e1c36a62faebdcd5439f87d5f3901a0c6b099c232b698fa56b5bbda96545faa23b5c67200708da3ce95722d8af51bd26a85c67644c144b3d39595e6b09282ef23b15f50123201df55f0a33e0e247a3d51c10ea9b4067950357c37e80ce178555cd3e68b1df219a2094c8b11b209478db9f997c3299235178435c512c12a1605b40342d4099febc0650d91ef911f2f0b154004d5065c4eae2236dbd0de186244e6f891f2128858502e4138cf91308f4e903bf1a0a0dab983b5829872a9e30f7e2ba63706ec45f46719545d5608b2bf9fb7b875295fdbf4c98bf6c279fa1a96c9486ec3422669c7371663991c08eaae0c567153c1b0b8427ed90ed87f981e889d2354daba8601d0b89ff3442089ffb1c8c8c6d3e2ed0605d837f25e219cb254497e518773b687010a1a718f211b7c6859f8236dbf51a69749c9b0337542ac1a40eeda36eedb36d9886410e705a2b63ae433ac278f00d66b6711dd7b86327b0c3b48c6dcf020d92455625e15f724a1c4464fe1e3a054e2530b51ae33285466de1a04626ba278cf12e226b804f9da3a318c10c9a2bf04ccf0d4fc7a54b09ca8d757c551338512c6ce42d33d9372500dd4a392f1976fcb327f7493b11ff28dbfb0b94804ca12f88e32c579905923250de8f5fb60c5b1201b6476a92d93333df70ddc883b79a3a18c0887624822912f34e4aa71dc7ef25d7f1154b041af8eba8c6318fb6e8a577ca5d739413a3c927ac061c3b7a93ce1955ce72b8e3facfc5d8cc6005fea39808d418083c66f0dfb3f6fd15666750433486b1ccc2662d9de5c74d56161dd8b62247a69d787af729ee1468b27abd926bfda12cfce988707ab0de0de58f06a42573dbea3bfa10a4adacf342bc2fbe2890fa6b9d38b0b2e28ac5b844bf7fc1653f420d2862190c3cbce2d704938afcae8a073bd72f677cc9ec58c5d19653d7019c4f1069c56d5afb862d506d63918c3fae79b8c2703cf1b25a063c8533177798ca551e4d478b12ed2d1fbd54d6ab2efd7e3a53d95c6fb3ea32a4d4b03acf93e44df510bebc9744b0d24425d02232c8d008ffff02a3ace3e2900a99179db9303de917aa5df4f95e90130cf49db0344fd1f2b3236398cbbe9bce6758a3e9d69fea0193789b4008feb95b5af1d1c8db8d503896c721b1c8a88e90815c62919c539b72a9d1fa2333fcf8ee2b90a713be2b59f4c1a76e942d6502f1aad79e3ae7c7683bcb1badb6fb1eca7819acfa9a71fd45d3f5d3386ebb1ff3be79d238d9a1483664f96b7b3ee0c9a4f3428b3ee441b59d5a5aab82c5fd1d4391e7a37b13802d6a9b3d74d45e7176ec2317bc7414d0164ff1aab6c7dbe245135eadde1422efff5c42bc0bfd18951d5124a52280e93136b29d187b4e03626f4573738c9ef41cd2e9240b2c82fbc7f00388d548ec72466abfd59ac41e0d843d8fb99dd29b4c77450022356ce430d7861b0790e8e350cdd2a7399c3ea1a7300b5eb8ef0700313181f0017a9750ba31d150ce1e46e7029fe3fafd0349c005d2e131ed3acbcf9a4b93288b51575097d64bd1a183d0a609af6342c04a9be646274df5e496f2c237c9a7d1d1be1e1a03a7d02f2a9db1f3dab47a9682919a8e6599f5ee9051e60c009815964da80edc75d4abffa6b476e79f40f28b6aebaa373ea50e668abb8fe25401196cc0a10049fa40f54632a64f55f5d11398683d6a71bde6e1f09c0225a2041b753bc2cd94f2c2ec86f2c052f09b44e1189057ae5944aecb77a816dceae200ab9775f5ab40dd67109f2b274a781f29f0ca5df05fe25cea7791dc5c4ea6de3f4948060ee6038a8c687fc3bd0a0a352dd8b7f379daf7dc202189e12144151cfbc8659cfc57ea862db91d387d7644deab5f2e002b5453f3bf6e1c03f5a2cf81b7958431ef0ec206584a82b475130aed01621c9c288b53fafc7ab8dbdc3a9a6d603aec4d596ba78fe0a4b76101d834a2f7879b9984f521b7e6c1439f9782409aca799f7c29fb2cda96645351498222aee88ee94d2c15c9bfa51e623b8103160784f2dc64343ce5cd6b3b9dfc921b63a2a17f5b0e2e671094766042e6f009448a3cbd3a4f6383ea206cdcb15a0a48fcbf1401604830960602ade2df446c928ac93d8c177c89c2299724776f6beaa11ace23b648f1d0a02e06da85543113cac58ba0565b669b653441cd6164b5f318c2bbaf56993ab0c5adde6cd27bdd719b1e2d252d34faaf85d810723e72ad8644c5ff4e317b02b578a6eee99dfe91ac091538fb7e48520b57d74fbbb071a4d83d8e41c7215559cbb42dd08a95d93b5148ae576446633fd1946f84d18296c06cc51eeb3b32e226ea980d4fc0eb03705008d865d378779c141b45dbe9b71211bddd6a423aae739c8073bb32ac7795408b1451bdfa7bb6759f83656095f1ef04bf52aa20b7e7349cafd0232bf4b831829384dd9a6c48512dcc4d82143c478f6c83a2fd1e3eb754bce0fe114fba62ca42abf055fc582997aef13f737bd759e286f9e27a290a2f17826734fa683d32ddfa277a846ed03d230893d0ea2846d0cb86d7621fbb5cb4efc3a305d6f127af5201b718bbc7d724915b0745b770cbf3c43b2f6136630e3dbd8ba808c986dbeae689897026c5aae5a770aef5550efe88c925db24293e29c5db39b2edb3c1c74c8ccdf37f1cce8b0f28633fcf3eb938095996455b7ddc2f1c39dc19c87190a55b63b70481e119b3a0cfde7ed41f3a08dd2480e694e784c50178a2f1670f054a05bb07b38d5e21d8bfe062ab4279137c2e2b0b539601521f1718de00f27e61db4ecdcc3e59c00a5ba3358e08565f03d0ac19325ac727d42107e1d523ed0469d67fe626efc43dc898de347eb70dd8a8b30db313c4ce9f3d8a4177c4c3bafe18993a9463890feafe1ce6934cbe4d0265a4db2f70158a1d25ee2b4b5170a465608988b6bc901cec5c79970353478d2643ced80a5c49b3d8cfc8376cc2f20e486452aa3731ceb92b74ef25ba474ed2a0edfd4a55d12ba43f497cf3d77811dcfb309353b9dcf0a1b0ca94842c769fe62e81222b0280e6b63acb242449d828edaeaa8bb4e7ca326488a3096416e962f1d8e3ce1808e9fbc981304b2ea3845724c308d8076fd08afbcde2020e5483fac8b6cab6bbaa934542ce26432d18ac16d81204a9556a7c5302ed66998356e9736f764fe3720e39915c45fb3d3dca1f2715a61fefd31c6a3b332dfb4d99a4f5f168c9ed21e891a404590778760b7bb4f1733f841f494d3f27158b99b941b71647281b940a893e53b63330a2e65083421de179f71ed55dc2f4f224896d3f58179ef3b8a2a819f53a5f8d3b2b14cd53e45158dde0a5981ab54d9fb031f860e55e01658a20bd3430301349e335a307a8227b483bdd20db447d4baf120f879ffb6b48fb0542005eda913e105c0d7e8348d07c75d85630742cba99a17d11f0b680511ee05d799d50f0162c69c797e1c6f0bff22b78b3cdb5a1925a218f2b16f39f517aac32c290a12d4af4b439f7a8de480771ad8a7d1742899d1362105a366b91587b55914b0e02ecafd8d1de1d82d3606fb1e4001caa472913bb7376f99c0d1c48f4464faffd135403ff22b8f3fdc53c955d016e14f3dcef4431637adf37566e26f76a86bcb34b55a1d52868abb0d11fb709c589f7e2d7567dad763e8b461bdf8b997ce549a33808b7891cc746914f157b05a35c8e218f3fe4fe9c56d30a484b0bf2290091ed59acdf84ecdd3b737024a918007e235b5298ba40fe47ff1c3754676f7daedfb84f4b5a0768d5003ad2f16c0fae5c8ecab71b6aae2b6dd5a482d78f5ea2b8a62f3ad0766e717045495d79725f6745b024d581bed057ddb7bd9b0d3f91921976fe2386cc36996b0c1eed6bb02d76ddc5154a7e1deca47ece7cd454e7eda02eaca91ac370534d2e357e8044ba452aff1dfff5cd1e146174e78299bcc2618ac7ce34b33125dc3ca4c2283f92736cb74e28b66de3deffcd04ba025149365e14cb24d09d7035870089bd0d500385fe096e30121dc8a8a3c38e022f07bb93277f156d69f010e8daf2727cc9103b06a0409cd41dc0a243ebb71714e0364507e4cf907e76b334443d0514ccdf85fd3c7e31ae20db3b98d3f51086977c2a866cd1349488ad99a64fee70a02e50a0797149e974ccb41512404c2cf2424093ea8f5fc85004a8c0f27af8e95681a2f76728e83c835e3f4af01e151ea369a62fbb7ad7e98702e455069507b48d80bf65be8987cc703a5243a0d27c49a8f2ab1a59b4ab33b8de24efdcbc2e48b1fd52c4a5d15dc6f75f21d5d45c11d05f1eecfed1629aa3a49d6def0cf987dcf855ae7358aeeeda3d9583d6458b476c67bab5c7910d209f79dfc9e3b7d89239c4ac994a58bbe4e892e367593a8397985abf289fa87fda90547d33fecda07a81e111d58f776c77279cc0b59303cc5b50ec0e89e5582f4cf0ef9ae772c4a266a3aa14da1dcca30853e3835a66f866a7b8e54c234dacf4a705ee616c30dc6efc5ebb37689ce18f325b2c765f031754c52dfce64a2f2c13ee2e321804bccd9c5d14728492550ef033bc577294e7a4f0164ebd60c9ed025952e9cd70b7eb29740af25916d9cbd8d47b550de3557d0f46944fb4aab713cd2e0635ab288a9e9da73a514ae2c59d86686207c2839640598ae79b1e558029530373156c269af24c42ce8216a97b657131cadf53c872efaedd506493b5f1bbb2e94007503cb80aa27c25b37886a82077bf83fd658f2a4701a47c11074081ee32465b13953bfd2bc98ed1c5cdd93f6d5aeda9daad5472001de102ef6864ab9151d8f63ff6d074e6b9e0080013144e1c58c5e79b19a507cb50c36f6b5eac6623542ab7d478b321cb9b7f663176f39c26d2aafe1635007f34d980328b60ea3e242f080f48c9966770ebf14738a9c5f68535cd538b0350d8a600b953752853bad85cf3bfc43ace25c92ce2f62b1b9ce6c62a808b0009a9ac50bf1e849089d5406037a9080fdebb7dfbccfeb7347e044a318516177b02603e9cdeead32d948a76af2ce631b30c6a4388ba52743e1cc04de7523b40f774ac708a10616071ecbcd836e0491b52e2381d7985b691dee5531bb04439b6b142a27f59dc1fc5cda524a001d522f23cdc8a7e06042fec2e0f5a0527bf8f0c5373b611d188db5f31e3b9d811cff4904d771b437ffaa4bdfb4516d7033f3fb334d479a7b972004d70bac8dbdf297964617ae389bfa3e3fc3318f7f7bfde38124ab7e00d5c4f3317c1f19f9344a6ad3b529368ff4cd55301139d357ab590a630ab097e296b3c4742334633ab4fb581be4226eac29c48675cfd8a0270867b6547a34895341d2fd49bdc773ee992bbd186796275d989bebb7d40c7f27221ef6a0534863dbf9450922bb41bc833774474444a93061d0c383cfe46b126e084a060a28825a152e879d1a1319ee6ae5041a4240e682b979afe1a54ba87c687b10a5b9f293538b52dc0190646889c67e8de4b6f61dacc401c0117700fb06ac12769372ab4c072cad891eccb0a848f83592b33a579790da85d13565e75da5f1e49439ad4e416ea0af15c4a0951b136d289ed804703718d844a3697b3c6f662e9529ead76c9f0a42b8b631ff504749ae529053a4ca786b50bd7ea21f8e59a300ced324f87e9a605691c2ed7426a7748c6cb8e87e5267c7d64e24c44475547954f04149c1cd7e82eb51360b8d2baa9f026c4b13339bf576960d09d95", 0x1000}, {&(0x7f0000006a40)="1365bc3db9e7bb7ae1aab209f147dd2b0616a12affb3cecbeeadab8697cad57a124d694498ff479a6bad1dc68bb126996cff3d786024dc564b6a7eca70fdbcce84acd8d1cda42eb7147c56b983abde90c826bf5b136b7de5b234822b774d844ad3cdecfff5c672c219681f06d444059a261aee0d9aea361e04fa852a062be7cbd277d5956b2a1925ea97b9bf74c84b32b396ff925fecb71c336390a8ee29eea4cce717c3a33189a5f0e76069fc6459ea9763be7591e952536eab2fbb504e045e7ac1a4b8128dbf5e978793b34952dc", 0xcf}, {&(0x7f0000006b40)="dce2c39dff04ea8463c1ebd287804f4b060b41bcbaa02337d7e399b5021e2274797d79fe97ba72ed58f75cebebb1a1b004fdc37df19f64c5b003b457f6b163580b69", 0x42}], 0x9, &(0x7f0000006c80)=[@mark={{0x14}}, @mark={{0x14, 0x1, 0x24, 0x7fffffff}}, @timestamping={{0x14, 0x1, 0x25, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x35}}, @timestamping={{0x14, 0x1, 0x25, 0x3}}, @timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x90}}], 0x6, 0x4004000) 04:31:54 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:54 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, 0x0, 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:31:55 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:55 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) close(r0) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:31:55 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:55 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:56 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:56 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, 0x0, 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:31:56 executing program 4: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x3f, 0x0, 0x1, 0x3e, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(r0, &(0x7f0000000200)=""/217, 0xd9) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000002, 0x30, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:31:56 executing program 2: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 295.902752][T21102] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 295.911360][T21102] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 295.942787][T21102] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 295.951249][T21102] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:31:57 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:57 executing program 4: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:57 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:31:57 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:57 executing program 2: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, 0x0, 0x0, 0xd9f, 0x0) waitid(0x2, r0, &(0x7f0000000080), 0x8, &(0x7f0000000300)) 04:31:57 executing program 2: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000080)='./file1\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0xfa, 0x0, 0x3, 0x9, 0x0, 0x7fff, 0x2002, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1ff, 0x4, @perf_bp={&(0x7f0000000000), 0x6}, 0x4, 0x5, 0x76, 0x3, 0x8, 0x26bf, 0x4, 0x0, 0x7dfa, 0x0, 0xdde9}, 0x0, 0x7, r1, 0x0) ftruncate(r1, 0x800) ftruncate(r1, 0x6c5) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:31:57 executing program 2: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$msdos(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0xaea1, 0x1, &(0x7f0000000300)=[{&(0x7f0000000140)="040005090000000066617400040409000200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000080)='./file1\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0xfa, 0x0, 0x3, 0x9, 0x0, 0x7fff, 0x2002, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1ff, 0x4, @perf_bp={&(0x7f0000000000), 0x6}, 0x4, 0x5, 0x76, 0x3, 0x8, 0x26bf, 0x4, 0x0, 0x7dfa, 0x0, 0xdde9}, 0x0, 0x7, r1, 0x0) ftruncate(r1, 0x800) ftruncate(r1, 0x6c5) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 296.723804][T21152] loop2: detected capacity change from 0 to 87 04:31:57 executing program 2: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r5 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r4, r5) recvmmsg(0xffffffffffffffff, &(0x7f0000004380)=[{{&(0x7f0000000380)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000500)=""/251, 0xfb}, {&(0x7f0000000600)=""/187, 0xbb}, {&(0x7f0000000100)=""/36, 0x24}, {&(0x7f00000001c0)=""/55, 0x37}], 0x4}, 0xe8e}, {{&(0x7f0000000400)=@l2tp6, 0x80, &(0x7f0000001b40)=[{&(0x7f00000006c0)=""/203, 0xcb}, {&(0x7f00000007c0)=""/19, 0x13}, {&(0x7f0000000800)=""/150, 0x96}, {&(0x7f00000008c0)=""/1, 0x1}, {&(0x7f0000000900)}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f0000001940)=""/255, 0xff}, {&(0x7f0000001a40)=""/171, 0xab}, {&(0x7f0000001b00)}], 0x9, &(0x7f0000001c00)=""/47, 0x2f}, 0xfff}, {{&(0x7f0000001c40)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000002f80)=[{&(0x7f0000001cc0)=""/36, 0x24}, {&(0x7f0000001d00)=""/215, 0xd7}, {&(0x7f0000001e00)=""/132, 0x84}, {&(0x7f0000001ec0)=""/83, 0x53}, {&(0x7f0000001f40)}, {&(0x7f0000005580)=""/4105, 0x1009}], 0x6}, 0x8000}, {{&(0x7f0000003000)=@l2tp={0x2, 0x0, @multicast1}, 0x80, &(0x7f00000042c0)=[{&(0x7f0000003080)=""/64, 0x40}, {&(0x7f00000030c0)=""/4096, 0x1000}, {&(0x7f00000040c0)=""/135, 0x87}, {&(0x7f0000004180)=""/67, 0x43}, {&(0x7f0000004200)=""/134, 0x86}], 0x5, &(0x7f0000004340)=""/30, 0x1e}}], 0x4, 0x40, &(0x7f0000004480)={0x0, 0x989680}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) close(r1) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f00000044c0)=""/155, 0x9b}, {&(0x7f0000000900)=""/28, 0x1c}, {&(0x7f0000004580)=""/4096, 0x1000}], 0x3, 0xd9f, 0x1) sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0b5d494986450382303110511277d7414ea84c6d093f3efa482fdb283836d1977627dd2c7004355c42df29d8bb668d7f8f67262befc7c65c8b37d7bc577d0f24ae2a9b33418f3b87c870ae13ca19440369615459bd9c8d1d0e627b050c3f88fd2064dac85cd5fd5b32a0bb032b30b5162545e2e022551bc6354da2e5610a502257b0617f337405a56b85b6794745b37aa8dd6d0ec4727537f0c34c24f9bf9dfc64b2e46bcad822319873"], 0x44}, 0x1, 0x0, 0x0, 0x8804}, 0x0) [ 296.834340][T21159] loop2: detected capacity change from 0 to 87 04:31:58 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:58 executing program 4 (fault-call:4 fault-nth:0): r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 297.244589][T21176] FAULT_INJECTION: forcing a failure. [ 297.244589][T21176] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 297.257701][T21176] CPU: 1 PID: 21176 Comm: syz-executor.4 Not tainted 5.14.0-rc1-syzkaller #0 [ 297.266470][T21176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.276525][T21176] Call Trace: [ 297.279795][T21176] dump_stack_lvl+0xb7/0x103 [ 297.284411][T21176] dump_stack+0x11/0x1a [ 297.288584][T21176] should_fail+0x23c/0x250 [ 297.293015][T21176] should_fail_usercopy+0x16/0x20 [ 297.298049][T21176] _copy_to_user+0x1c/0x90 [ 297.302477][T21176] simple_read_from_buffer+0xab/0x120 [ 297.307854][T21176] proc_fail_nth_read+0xf6/0x140 [ 297.312852][T21176] ? rw_verify_area+0x136/0x250 [ 297.317714][T21176] ? proc_fault_inject_write+0x200/0x200 [ 297.323616][T21176] vfs_read+0x154/0x5d0 [ 297.327811][T21176] ? __se_sys_waitid+0x165/0x1b0 [ 297.332749][T21176] ? __fget_light+0x21b/0x260 [ 297.337427][T21176] ? __cond_resched+0x11/0x40 [ 297.342133][T21176] ksys_read+0xce/0x180 [ 297.346332][T21176] __x64_sys_read+0x3e/0x50 [ 297.350839][T21176] do_syscall_64+0x3d/0x90 [ 297.355259][T21176] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 297.361161][T21176] RIP: 0033:0x41935c [ 297.365085][T21176] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 297.384694][T21176] RSP: 002b:00007fc26d3bb170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 297.393169][T21176] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000041935c [ 297.401164][T21176] RDX: 000000000000000f RSI: 00007fc26d3bb1e0 RDI: 0000000000000004 [ 297.409135][T21176] RBP: 00007fc26d3bb1d0 R08: 0000000000000000 R09: 0000000000000000 [ 297.417108][T21176] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 297.425081][T21176] R13: 00007ffd16e05d4f R14: 00007fc26d3bb300 R15: 0000000000022000 04:31:58 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:58 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:31:58 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:31:58 executing program 2: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r5 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r4, r5) recvmmsg(0xffffffffffffffff, &(0x7f0000004380)=[{{&(0x7f0000000380)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000500)=""/251, 0xfb}, {&(0x7f0000000600)=""/187, 0xbb}, {&(0x7f0000000100)=""/36, 0x24}, {&(0x7f00000001c0)=""/55, 0x37}], 0x4}, 0xe8e}, {{&(0x7f0000000400)=@l2tp6, 0x80, &(0x7f0000001b40)=[{&(0x7f00000006c0)=""/203, 0xcb}, {&(0x7f00000007c0)=""/19, 0x13}, {&(0x7f0000000800)=""/150, 0x96}, {&(0x7f00000008c0)=""/1, 0x1}, {&(0x7f0000000900)}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f0000001940)=""/255, 0xff}, {&(0x7f0000001a40)=""/171, 0xab}, {&(0x7f0000001b00)}], 0x9, &(0x7f0000001c00)=""/47, 0x2f}, 0xfff}, {{&(0x7f0000001c40)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000002f80)=[{&(0x7f0000001cc0)=""/36, 0x24}, {&(0x7f0000001d00)=""/215, 0xd7}, {&(0x7f0000001e00)=""/132, 0x84}, {&(0x7f0000001ec0)=""/83, 0x53}, {&(0x7f0000001f40)}, {&(0x7f0000005580)=""/4105, 0x1009}], 0x6}, 0x8000}, {{&(0x7f0000003000)=@l2tp={0x2, 0x0, @multicast1}, 0x80, &(0x7f00000042c0)=[{&(0x7f0000003080)=""/64, 0x40}, {&(0x7f00000030c0)=""/4096, 0x1000}, {&(0x7f00000040c0)=""/135, 0x87}, {&(0x7f0000004180)=""/67, 0x43}, {&(0x7f0000004200)=""/134, 0x86}], 0x5, &(0x7f0000004340)=""/30, 0x1e}}], 0x4, 0x40, &(0x7f0000004480)={0x0, 0x989680}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) close(r1) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f00000044c0)=""/155, 0x9b}, {&(0x7f0000000900)=""/28, 0x1c}, {&(0x7f0000004580)=""/4096, 0x1000}], 0x3, 0xd9f, 0x1) sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0b5d494986450382303110511277d7414ea84c6d093f3efa482fdb283836d1977627dd2c7004355c42df29d8bb668d7f8f67262befc7c65c8b37d7bc577d0f24ae2a9b33418f3b87c870ae13ca19440369615459bd9c8d1d0e627b050c3f88fd2064dac85cd5fd5b32a0bb032b30b5162545e2e022551bc6354da2e5610a502257b0617f337405a56b85b6794745b37aa8dd6d0ec4727537f0c34c24f9bf9dfc64b2e46bcad822319873"], 0x44}, 0x1, 0x0, 0x0, 0x8804}, 0x0) 04:31:58 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:31:58 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x3, r0, 0x0, 0x8, 0x0) 04:31:59 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x4, r0, 0x0, 0x8, 0x0) 04:31:59 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:31:59 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) fallocate(r1, 0x20, 0x2, 0x7) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0xffffa000) preadv(r1, &(0x7f0000000100)=[{&(0x7f0000000140)=""/20, 0x14}], 0x1, 0xd9b, 0x7) ioctl$sock_inet_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000040)) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:31:59 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) dup3(r1, r2, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:31:59 executing program 4: r0 = getpid() r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) r2 = openat(r1, &(0x7f00000002c0)='./file0\x00', 0x1, 0x101) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:31:59 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800008, 0x12, r1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000500)) r2 = fork() tkill(r2, 0x1f) wait4(0x0, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) r3 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setresgid(0xee00, 0x0, r4) getresuid(&(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600)) fstat(r1, &(0x7f0000000640)) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000740), 0x0, 0x8000) preadv(r1, &(0x7f0000000680), 0xa, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) ioprio_get$pid(0x0, r0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r5, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) sendmsg$AUDIT_SET_FEATURE(r5, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x3fa, 0x1, 0x70bd2b, 0x25dfdbfb, {0x1, 0xacefde37a79ef594, 0x1}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x480}, 0x1) 04:31:59 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 298.759607][T21193] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 298.768299][T21193] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 298.799215][T21193] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 298.807647][T21193] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:31:59 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:31:59 executing program 2: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) r1 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r5 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r4, r5) recvmmsg(0xffffffffffffffff, &(0x7f0000004380)=[{{&(0x7f0000000380)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000500)=""/251, 0xfb}, {&(0x7f0000000600)=""/187, 0xbb}, {&(0x7f0000000100)=""/36, 0x24}, {&(0x7f00000001c0)=""/55, 0x37}], 0x4}, 0xe8e}, {{&(0x7f0000000400)=@l2tp6, 0x80, &(0x7f0000001b40)=[{&(0x7f00000006c0)=""/203, 0xcb}, {&(0x7f00000007c0)=""/19, 0x13}, {&(0x7f0000000800)=""/150, 0x96}, {&(0x7f00000008c0)=""/1, 0x1}, {&(0x7f0000000900)}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f0000001940)=""/255, 0xff}, {&(0x7f0000001a40)=""/171, 0xab}, {&(0x7f0000001b00)}], 0x9, &(0x7f0000001c00)=""/47, 0x2f}, 0xfff}, {{&(0x7f0000001c40)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000002f80)=[{&(0x7f0000001cc0)=""/36, 0x24}, {&(0x7f0000001d00)=""/215, 0xd7}, {&(0x7f0000001e00)=""/132, 0x84}, {&(0x7f0000001ec0)=""/83, 0x53}, {&(0x7f0000001f40)}, {&(0x7f0000005580)=""/4105, 0x1009}], 0x6}, 0x8000}, {{&(0x7f0000003000)=@l2tp={0x2, 0x0, @multicast1}, 0x80, &(0x7f00000042c0)=[{&(0x7f0000003080)=""/64, 0x40}, {&(0x7f00000030c0)=""/4096, 0x1000}, {&(0x7f00000040c0)=""/135, 0x87}, {&(0x7f0000004180)=""/67, 0x43}, {&(0x7f0000004200)=""/134, 0x86}], 0x5, &(0x7f0000004340)=""/30, 0x1e}}], 0x4, 0x40, &(0x7f0000004480)={0x0, 0x989680}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) close(r1) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f00000044c0)=""/155, 0x9b}, {&(0x7f0000000900)=""/28, 0x1c}, {&(0x7f0000004580)=""/4096, 0x1000}], 0x3, 0xd9f, 0x1) sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0b5d494986450382303110511277d7414ea84c6d093f3efa482fdb283836d1977627dd2c7004355c42df29d8bb668d7f8f67262befc7c65c8b37d7bc577d0f24ae2a9b33418f3b87c870ae13ca19440369615459bd9c8d1d0e627b050c3f88fd2064dac85cd5fd5b32a0bb032b30b5162545e2e022551bc6354da2e5610a502257b0617f337405a56b85b6794745b37aa8dd6d0ec4727537f0c34c24f9bf9dfc64b2e46bcad822319873"], 0x44}, 0x1, 0x0, 0x0, 0x8804}, 0x0) 04:31:59 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:00 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000000)=""/43, 0x2b}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000000040)=""/56, 0x38}], 0x3, 0x6, 0x3) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:00 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000000)=0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000013c0), 0x80180, 0x0) ioctl$INCFS_IOC_CREATE_FILE(r3, 0xc058671e, &(0x7f00000017c0)={{}, {0x4}, 0x9, 0x0, 0x0, &(0x7f0000001400)='./file0\x00', &(0x7f0000001440)='./file0\x00', &(0x7f0000001480)="4ec4951041b7bd540a44d3e4b9a968b0657a7eb6af3e001d487710148c178160cccef7a75897ff98c2b843441642fc45b1f5fc9fa3b30982c6a21989c82e687bce22b70c7792d018cb3cfd2a821531be27792a90ded8263a65ce04883de4b4ff8112c4ecb8ddef1aa4063a78952d5db79737e1405bfe7345b2cdbf881c2e143f9a097d3db8002ba34ebb9dfdbcf77ee77db2b09dfb4b2e5732a157efcfa06673f095346df3e862110f3c04fefb3885da2ce85674496112467618f99730f8a0ad85f0682776d6302a445e880c9819f9b7eccb8a2ced065f36992d6add76abea225d859ff6a333e3dd2da6c0c9ec8610d5b18679e837f5027e19b3b5e568acdf59f6be592cbba0e3d9b2bc6fbc04492fb632f137b0d8b93a448b0fde59a0f41d5c2c", 0x121, 0x0, &(0x7f00000015c0)={0x2, 0x11a, {0x1, 0xc, 0xa8, "3bcce74004932a1a5c647f21ee9109f359e6e45908f7c46c67fcfac1ba07262bd0af021d072f337b7af727c2c1a2a6e3d4d13b4f05cba37eebd1bb19ab95890c6365ac49581d6b2093196ff6d7ebb06f649ee8a0ea65a4c2b7787230fe62df1527fe151a51f225ce326364ebad223184e2f7f966b808be14fba376ca779fb3d97f132ff57d5f6cb73d83ed920faf8ae6c9bb9cde1726427e2c9a511b3d199d95dd34e1f2dbdf5b73", 0x65, "210543200c7de4be8f384ef69ce6e39b8e36f5b85e0961b46bb2b7bce4d3334602475e640dc034281cdaf187c3cf038cc0170deed63cf022e51d1b518a56bea1782c3f69a10dce3115c4e102817052719bc42e1c3f6349ce763f78ff266d0206cb0cdcdd08"}, 0xd8, "39507ce915603f9f0dd7baf676f42d6de2a3b77337c2001a218d5d8225cb3936a34d5027d0a28240100769797ef6b027a7b6f4f86d7c09f86a886b58acb2d283737a3961da7d38ef8bc1c78ed6847228a8e3ffe3e6aa56b7b31716e308e5a6b74188de49b96df4f1e970db7e7d3afcc0e0227c7ceac6e58e253355a39dd918a8839c6dda315feec90170a56fffc92eed0333310b74ded9b60edbac1ab05e4f639dbcfd20ef1ff67d08a2da066ec45b3982bc4b30cdde199993388981231091abb8a33a531e2fd46968b3f530c1761cfc382717127662f0b7"}, 0x1fe}) process_vm_writev(r2, &(0x7f0000000280)=[{&(0x7f0000000040)=""/104, 0x68}, {&(0x7f00000000c0)=""/222, 0xde}, {&(0x7f00000001c0)=""/170, 0xaa}, {&(0x7f0000000300)=""/4096, 0x1000}], 0x4, &(0x7f0000001380)=[{&(0x7f0000001300)=""/127, 0x7f}], 0x1, 0x0) r4 = openat$incfs(0xffffffffffffff9c, &(0x7f0000001840)='.pending_reads\x00', 0x480, 0xa1) fsetxattr$trusted_overlay_opaque(r4, &(0x7f0000001880), &(0x7f00000018c0), 0x2, 0x2) ioctl$SNAPSHOT_S2RAM(r1, 0x330b) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:00 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x442040, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x80000) fcntl$lock(r1, 0x24, &(0x7f00000004c0)={0x0, 0x0, 0x9, 0x8, 0xffffffffffffffff}) r2 = openat$cgroup_type(r0, &(0x7f0000000040), 0x2, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000000080)={0x0, 0x0, {0x0, @struct}, {}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) waitid(0x2, 0x0, 0x0, 0x8, 0x0) 04:32:00 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) recvmmsg(r1, &(0x7f00000047c0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/243, 0xf3}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000000100)=""/83, 0x53}], 0x3, &(0x7f00000001c0)=""/188, 0xbc}, 0x3ff}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000001300)=""/154, 0x9a}], 0x1, &(0x7f00000013c0)=""/88, 0x58}, 0x15a5fa56}, {{0x0, 0x0, &(0x7f0000001700)=[{&(0x7f0000001440)=""/245, 0xf5}, {&(0x7f0000001540)=""/8, 0x8}, {&(0x7f0000001580)}, {&(0x7f00000015c0)=""/17, 0x11}, {&(0x7f0000001600)=""/220, 0xdc}], 0x5, &(0x7f0000001780)=""/46, 0x2e}, 0x4}, {{&(0x7f00000017c0)=@ipx, 0x80, &(0x7f0000001900)=[{&(0x7f0000001840)=""/121, 0x79}, {&(0x7f00000018c0)=""/9, 0x9}], 0x2, &(0x7f0000001940)=""/65, 0x41}, 0x7a6}, {{&(0x7f00000019c0)=@xdp, 0x80, &(0x7f0000002dc0)=[{&(0x7f0000001a40)=""/91, 0x5b}, {&(0x7f0000001ac0)=""/127, 0x7f}, {&(0x7f0000001b40)=""/4, 0x4}, {&(0x7f0000001b80)=""/195, 0xc3}, {&(0x7f0000001c80)=""/238, 0xee}, {&(0x7f0000001d80)=""/48, 0x30}, {&(0x7f0000001dc0)=""/4096, 0x1000}], 0x7, &(0x7f0000002e40)=""/199, 0xc7}, 0x5}, {{&(0x7f0000002f40)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x80, &(0x7f0000003200)=[{&(0x7f0000002fc0)=""/205, 0xcd}, {&(0x7f00000030c0)=""/106, 0x6a}, {&(0x7f0000003140)=""/27, 0x1b}, {&(0x7f0000003180)=""/70, 0x46}], 0x4, &(0x7f0000003240)=""/252, 0xfc}, 0x2}, {{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f0000003340)=""/4096, 0x1000}, {&(0x7f0000004340)=""/118, 0x76}, {&(0x7f00000043c0)=""/179, 0xb3}, {&(0x7f0000004480)=""/45, 0x2d}, {&(0x7f00000044c0)=""/231, 0xe7}, {&(0x7f00000045c0)=""/45, 0x2d}, {&(0x7f0000004600)=""/231, 0xe7}], 0x7, &(0x7f0000004780)=""/38, 0x26}, 0x80000000}], 0x7, 0x0, 0x0) writev(r2, &(0x7f0000004bc0)=[{&(0x7f0000004980)="e9436a59a30a8660b0ff75f9f28225b175d589b684f02895c329621c40b5978c9dff2db0f88e2ecf087d417ec900871e159397d6b0d488044106ee49693f22e2f3a07dc8d65600c75d3baf3bcabc73cd3834b38775af645f1ad470fff065014d034da51340478852f9ae9e6ec8fb6ac36fe894430cc921b31d2dab9d66b590ee816518af3d33fc851566ab921842337ad36b27fa6146c05a83925a30425495b752bb426c3137b981d8a49fbe7eeb1a1c49697b27851c856a25b681489f91a92231d38aceeadd559e5cfff0762225a4fd4585df24eeb9481b0e8905b7e598087d4e3aa8c1fc2330dc7893776eace57cec6e3a4ac62a2be9", 0xf7}, {&(0x7f0000004a80)="92addd84da9d1a5ca75a880929c9b37167e181280d5ef5673911b8f5a4dee78472edbad3a5d874f7968fb8dbd93e606bd4916c16b2b9e08b9e9963775bbac4e1", 0x40}, {&(0x7f0000004ac0)="795a1fe8f3eca5d89cca30575459a0be3b5d2c16a9f7382766647dfd4626c9e6fc3a972f4702afb79df684c9", 0x2c}, {&(0x7f0000004b00)="3fcf4f2ef740ccfae035d2cea5ecb6d766108c8a329db56ae82a60d1ebb27fd4db40c48ab408b391664b23434366c08c87683f6a6d7abe5be3d69aae3c5c4f6a8ef27ecbb4e2601d1b52d2795645fdf6b84191d4c48942143dc45ad95fb4428abeddb4bfd74354c0ab7fd3c6cde67559a32e35b4ebbd2adab47b5ec1ddab93d0cb78da321502c8a5285fcc0012ce5d6c5807b8ca6c5d994e381eefb0616ddf19dde08161d2ff8c6e9a6c66197303cc9e820edaadd2c216457bf9", 0xba}], 0x4) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x0, r0, 0x0, 0x8, 0x0) write$binfmt_misc(r1, &(0x7f0000001580)={'syz1', "e8c22d1a4bce99cab71d0eb28e81010b898658c98fdad09fa8e520b4ea6a4ebe83d9c58839b0b632466f81029b43adc6147c"}, 0x36) 04:32:00 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) splice(r2, &(0x7f0000000000)=0x20, r3, &(0x7f0000000040)=0x9, 0x1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:00 executing program 2 (fault-call:0 fault-nth:0): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 299.780746][T21245] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 299.789303][T21245] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:00 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 299.828765][T21245] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 299.837191][T21245] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:00 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, &(0x7f0000000200)="7bcf6426418870272eb9681388c96f447dda7b", 0x13, 0xc800, &(0x7f0000000340)={0xa, 0x4e21, 0x9, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c) r1 = getpid() r2 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) syz_open_procfs(r1, &(0x7f0000000380)='net/dev_mcast\x00') mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) sendmsg$NFNL_MSG_CTHELPER_GET(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x108, 0x1, 0x9, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFCTH_TUPLE={0x50, 0x2, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast1}}}]}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x17}, @NFCTH_TUPLE={0x54, 0x2, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x4}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x3}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x27}}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0xced}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x9}}]}, 0x108}, 0x1, 0x0, 0x0, 0x40000}, 0x4000810) waitid(0x2, r1, 0x0, 0x8, 0x0) [ 299.889115][T21293] FAULT_INJECTION: forcing a failure. [ 299.889115][T21293] name failslab, interval 1, probability 0, space 0, times 0 [ 299.901751][T21293] CPU: 0 PID: 21293 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 299.910549][T21293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 299.920697][T21293] Call Trace: [ 299.924002][T21293] dump_stack_lvl+0xb7/0x103 [ 299.928670][T21293] dump_stack+0x11/0x1a [ 299.932832][T21293] should_fail+0x23c/0x250 [ 299.937256][T21293] ? __se_sys_memfd_create+0xfb/0x390 [ 299.942638][T21293] __should_failslab+0x81/0x90 [ 299.947503][T21293] should_failslab+0x5/0x20 [ 299.952197][T21293] __kmalloc+0x66/0x340 [ 299.956529][T21293] ? strnlen_user+0x137/0x1c0 [ 299.961286][T21293] __se_sys_memfd_create+0xfb/0x390 [ 299.966537][T21293] __x64_sys_memfd_create+0x2d/0x40 [ 299.971778][T21293] do_syscall_64+0x3d/0x90 [ 299.976199][T21293] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 299.982274][T21293] RIP: 0033:0x4665d9 [ 299.986167][T21293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 300.006160][T21293] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 300.014574][T21293] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004665d9 [ 300.022550][T21293] RDX: 00007fc47e285000 RSI: 0000000000000000 RDI: 00000000004bee66 [ 300.030529][T21293] RBP: 0000000000000000 R08: 00007fc47e284ff8 R09: ffffffffffffffff [ 300.038505][T21293] R10: 00007fc47e284ffc R11: 0000000000000246 R12: 0000000020000080 [ 300.046568][T21293] R13: 0000000020000140 R14: 0000000000000000 R15: 0000000020000180 04:32:01 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:01 executing program 2 (fault-call:0 fault-nth:1): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:01 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0x0) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:01 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) mmap(&(0x7f0000474000/0x12000)=nil, 0x12000, 0x1800003, 0x10010, r2, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 300.118167][T21292] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 300.126603][T21292] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 300.154897][T21303] FAULT_INJECTION: forcing a failure. [ 300.154897][T21303] name fail_usercopy, interval 1, probability 0, space 0, times 0 04:32:01 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000680)=[{&(0x7f00000000c0)=""/86, 0x56}, {&(0x7f0000000740)=""/175, 0xaf}, {&(0x7f0000000200)=""/190, 0xbe}, {&(0x7f0000000300)=""/96, 0x60}, {&(0x7f0000000380)=""/186, 0xba}, {&(0x7f0000000440)=""/86, 0x56}, {&(0x7f00000004c0)=""/33, 0x21}, {&(0x7f0000000500)=""/167, 0xa7}, {&(0x7f00000005c0)=""/168, 0xa8}], 0x9, 0xda7, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) setxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)='system_u:object_r:policy_src_t:s0\x00', 0x22, 0x1) [ 300.168050][T21303] CPU: 0 PID: 21303 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 300.176915][T21303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.186982][T21303] Call Trace: [ 300.190288][T21303] dump_stack_lvl+0xb7/0x103 [ 300.194902][T21303] dump_stack+0x11/0x1a [ 300.199057][T21303] should_fail+0x23c/0x250 [ 300.203514][T21303] should_fail_usercopy+0x16/0x20 [ 300.208545][T21303] _copy_from_user+0x1c/0xd0 [ 300.213145][T21303] __se_sys_memfd_create+0x137/0x390 [ 300.218462][T21303] __x64_sys_memfd_create+0x2d/0x40 [ 300.223717][T21303] do_syscall_64+0x3d/0x90 [ 300.228139][T21303] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 300.234115][T21303] RIP: 0033:0x4665d9 [ 300.238020][T21303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 300.257735][T21303] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 300.266156][T21303] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004665d9 [ 300.274200][T21303] RDX: 00007fc47e285000 RSI: 0000000000000000 RDI: 00000000004bee66 [ 300.282173][T21303] RBP: 0000000000000000 R08: 00007fc47e284ff8 R09: ffffffffffffffff [ 300.290147][T21303] R10: 00007fc47e284ffc R11: 0000000000000246 R12: 0000000020000080 [ 300.298119][T21303] R13: 0000000020000140 R14: 0000000000000000 R15: 0000000020000180 [ 300.307676][T21292] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 04:32:01 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 300.316129][T21292] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:01 executing program 2 (fault-call:0 fault-nth:2): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:01 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 300.437530][T21326] FAULT_INJECTION: forcing a failure. [ 300.437530][T21326] name failslab, interval 1, probability 0, space 0, times 0 [ 300.450310][T21326] CPU: 1 PID: 21326 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 300.459173][T21326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.469225][T21326] Call Trace: [ 300.472498][T21326] dump_stack_lvl+0xb7/0x103 [ 300.477086][T21326] dump_stack+0x11/0x1a [ 300.481312][T21326] should_fail+0x23c/0x250 [ 300.485731][T21326] ? shmem_alloc_inode+0x22/0x30 [ 300.490667][T21326] __should_failslab+0x81/0x90 [ 300.495432][T21326] ? shmem_match+0xa0/0xa0 [ 300.499843][T21326] should_failslab+0x5/0x20 [ 300.504343][T21326] kmem_cache_alloc+0x46/0x2e0 [ 300.509114][T21326] ? fsnotify_perm+0x59/0x2e0 [ 300.513873][T21326] ? shmem_match+0xa0/0xa0 [ 300.518288][T21326] shmem_alloc_inode+0x22/0x30 [ 300.523060][T21326] new_inode_pseudo+0x38/0x1c0 [ 300.527827][T21326] new_inode+0x21/0x120 [ 300.531979][T21326] shmem_get_inode+0xa1/0x480 [ 300.536663][T21326] __shmem_file_setup+0xf1/0x1d0 [ 300.541598][T21326] shmem_file_setup+0x37/0x40 [ 300.546272][T21326] __se_sys_memfd_create+0x1eb/0x390 [ 300.551711][T21326] __x64_sys_memfd_create+0x2d/0x40 [ 300.556919][T21326] do_syscall_64+0x3d/0x90 [ 300.561346][T21326] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 300.567276][T21326] RIP: 0033:0x4665d9 [ 300.571160][T21326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 300.590850][T21326] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 300.599281][T21326] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004665d9 [ 300.607321][T21326] RDX: 00007fc47e285000 RSI: 0000000000000000 RDI: 00000000004bee66 [ 300.615388][T21326] RBP: 0000000000000000 R08: 00007fc47e284ff8 R09: ffffffffffffffff [ 300.623421][T21326] R10: 00007fc47e284ffc R11: 0000000000000246 R12: 0000000020000080 04:32:01 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x8000, 0x20) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:01 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 300.631396][T21326] R13: 0000000020000140 R14: 0000000000000000 R15: 0000000020000180 04:32:01 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x501c00, 0x10) 04:32:01 executing program 2 (fault-call:0 fault-nth:3): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 300.774890][T21348] FAULT_INJECTION: forcing a failure. [ 300.774890][T21348] name failslab, interval 1, probability 0, space 0, times 0 [ 300.787697][T21348] CPU: 1 PID: 21348 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 300.796560][T21348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.806614][T21348] Call Trace: [ 300.809888][T21348] dump_stack_lvl+0xb7/0x103 [ 300.814477][T21348] dump_stack+0x11/0x1a [ 300.818629][T21348] should_fail+0x23c/0x250 [ 300.823050][T21348] ? security_inode_alloc+0x30/0x180 [ 300.828357][T21348] __should_failslab+0x81/0x90 [ 300.833200][T21348] should_failslab+0x5/0x20 [ 300.837789][T21348] kmem_cache_alloc+0x46/0x2e0 [ 300.842642][T21348] security_inode_alloc+0x30/0x180 [ 300.847770][T21348] inode_init_always+0x20b/0x420 [ 300.852741][T21348] ? shmem_match+0xa0/0xa0 [ 300.857148][T21348] new_inode_pseudo+0x73/0x1c0 [ 300.861979][T21348] new_inode+0x21/0x120 [ 300.866205][T21348] shmem_get_inode+0xa1/0x480 [ 300.871038][T21348] __shmem_file_setup+0xf1/0x1d0 [ 300.876014][T21348] shmem_file_setup+0x37/0x40 [ 300.880690][T21348] __se_sys_memfd_create+0x1eb/0x390 [ 300.886033][T21348] __x64_sys_memfd_create+0x2d/0x40 [ 300.891388][T21348] do_syscall_64+0x3d/0x90 [ 300.899726][T21348] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 300.906068][T21348] RIP: 0033:0x4665d9 [ 300.910201][T21348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 300.929897][T21348] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 300.938354][T21348] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004665d9 [ 300.946491][T21348] RDX: 00007fc47e285000 RSI: 0000000000000000 RDI: 00000000004bee66 [ 300.954555][T21348] RBP: 0000000000000000 R08: 00007fc47e284ff8 R09: ffffffffffffffff [ 300.962787][T21348] R10: 00007fc47e284ffc R11: 0000000000000246 R12: 0000000020000080 [ 300.970760][T21348] R13: 0000000020000140 R14: 0000000000000000 R15: 0000000020000180 04:32:02 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:02 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() wait4(r2, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) r3 = gettid() rt_tgsigqueueinfo(r2, r3, 0x15, &(0x7f0000000000)={0x3, 0xbd, 0x7}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:02 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0x0) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:02 executing program 2 (fault-call:0 fault-nth:4): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 301.369674][T21369] FAULT_INJECTION: forcing a failure. [ 301.369674][T21369] name failslab, interval 1, probability 0, space 0, times 0 [ 301.382329][T21369] CPU: 1 PID: 21369 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 301.391307][T21369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 301.401362][T21369] Call Trace: [ 301.404805][T21369] dump_stack_lvl+0xb7/0x103 [ 301.409396][T21369] dump_stack+0x11/0x1a [ 301.413562][T21369] should_fail+0x23c/0x250 [ 301.417988][T21369] ? __d_alloc+0x36/0x370 [ 301.422359][T21369] __should_failslab+0x81/0x90 [ 301.427202][T21369] should_failslab+0x5/0x20 [ 301.431749][T21369] kmem_cache_alloc+0x46/0x2e0 [ 301.436521][T21369] ? __init_rwsem+0x59/0x70 [ 301.441136][T21369] __d_alloc+0x36/0x370 [ 301.445309][T21369] ? current_time+0xdb/0x190 [ 301.449901][T21369] d_alloc_pseudo+0x1a/0x50 [ 301.454463][T21369] alloc_file_pseudo+0x63/0x130 [ 301.459312][T21369] __shmem_file_setup+0x14c/0x1d0 [ 301.464340][T21369] shmem_file_setup+0x37/0x40 [ 301.469012][T21369] __se_sys_memfd_create+0x1eb/0x390 [ 301.474299][T21369] __x64_sys_memfd_create+0x2d/0x40 [ 301.479508][T21369] do_syscall_64+0x3d/0x90 [ 301.483920][T21369] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 301.489891][T21369] RIP: 0033:0x4665d9 [ 301.493797][T21369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 04:32:02 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 301.513404][T21369] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 301.522336][T21369] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004665d9 [ 301.530311][T21369] RDX: 00007fc47e285000 RSI: 0000000000000000 RDI: 00000000004bee66 [ 301.538281][T21369] RBP: 0000000000000000 R08: 00007fc47e284ff8 R09: ffffffffffffffff [ 301.546342][T21369] R10: 00007fc47e284ffc R11: 0000000000000246 R12: 0000000020000080 [ 301.554337][T21369] R13: 0000000020000140 R14: 0000000000000000 R15: 0000000020000180 04:32:03 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) recvfrom(r2, &(0x7f0000000000)=""/243, 0xf3, 0x2, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xb4, 0x1, 0x2, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@CTA_EXPECT_MASTER={0xc, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}]}, @CTA_EXPECT_FN={0x8, 0xb, 'sip\x00'}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x10001}, @CTA_EXPECT_TUPLE={0x40, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}, @CTA_EXPECT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}, @CTA_EXPECT_HELP_NAME={0xe, 0x6, 'snmp_trap\x00'}]}, 0xb4}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000011) 04:32:03 executing program 2 (fault-call:0 fault-nth:5): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 302.116228][T21385] FAULT_INJECTION: forcing a failure. [ 302.116228][T21385] name failslab, interval 1, probability 0, space 0, times 0 [ 302.128901][T21385] CPU: 0 PID: 21385 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 302.137719][T21385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.147770][T21385] Call Trace: [ 302.151040][T21385] dump_stack_lvl+0xb7/0x103 [ 302.155640][T21385] dump_stack+0x11/0x1a [ 302.159800][T21385] should_fail+0x23c/0x250 [ 302.164228][T21385] ? __alloc_file+0x2e/0x1a0 [ 302.168823][T21385] __should_failslab+0x81/0x90 [ 302.173676][T21385] should_failslab+0x5/0x20 [ 302.178177][T21385] kmem_cache_alloc+0x46/0x2e0 [ 302.183009][T21385] ? inode_doinit_with_dentry+0x382/0x950 [ 302.188733][T21385] __alloc_file+0x2e/0x1a0 [ 302.193243][T21385] alloc_empty_file+0xcd/0x1c0 [ 302.198066][T21385] alloc_file+0x3a/0x280 [ 302.202359][T21385] alloc_file_pseudo+0xe2/0x130 [ 302.207224][T21385] __shmem_file_setup+0x14c/0x1d0 [ 302.212273][T21385] shmem_file_setup+0x37/0x40 [ 302.216954][T21385] __se_sys_memfd_create+0x1eb/0x390 [ 302.222322][T21385] __x64_sys_memfd_create+0x2d/0x40 [ 302.227527][T21385] do_syscall_64+0x3d/0x90 [ 302.232002][T21385] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 302.237906][T21385] RIP: 0033:0x4665d9 [ 302.241907][T21385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 04:32:03 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0x0) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:03 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:03 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x0, 0x20d9f, 0x5) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 302.261604][T21385] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 302.270343][T21385] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004665d9 [ 302.278320][T21385] RDX: 00007fc47e285000 RSI: 0000000000000000 RDI: 00000000004bee66 [ 302.286295][T21385] RBP: 0000000000000000 R08: 00007fc47e284ff8 R09: ffffffffffffffff [ 302.294289][T21385] R10: 00007fc47e284ffc R11: 0000000000000246 R12: 0000000020000080 [ 302.302350][T21385] R13: 0000000020000140 R14: 0000000000000000 R15: 0000000020000180 04:32:03 executing program 2 (fault-call:0 fault-nth:6): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 302.377692][T21403] FAULT_INJECTION: forcing a failure. [ 302.377692][T21403] name failslab, interval 1, probability 0, space 0, times 0 [ 302.390362][T21403] CPU: 1 PID: 21403 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 302.399156][T21403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.409213][T21403] Call Trace: [ 302.412495][T21403] dump_stack_lvl+0xb7/0x103 [ 302.417090][T21403] dump_stack+0x11/0x1a [ 302.421249][T21403] should_fail+0x23c/0x250 [ 302.425687][T21403] ? security_file_alloc+0x30/0x190 [ 302.430910][T21403] __should_failslab+0x81/0x90 [ 302.435763][T21403] should_failslab+0x5/0x20 [ 302.440304][T21403] kmem_cache_alloc+0x46/0x2e0 [ 302.445089][T21403] security_file_alloc+0x30/0x190 [ 302.450123][T21403] __alloc_file+0x83/0x1a0 [ 302.454635][T21403] alloc_empty_file+0xcd/0x1c0 [ 302.459408][T21403] alloc_file+0x3a/0x280 [ 302.463706][T21403] alloc_file_pseudo+0xe2/0x130 [ 302.468599][T21403] __shmem_file_setup+0x14c/0x1d0 [ 302.473711][T21403] shmem_file_setup+0x37/0x40 [ 302.478512][T21403] __se_sys_memfd_create+0x1eb/0x390 [ 302.483893][T21403] __x64_sys_memfd_create+0x2d/0x40 [ 302.489118][T21403] do_syscall_64+0x3d/0x90 [ 302.493545][T21403] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 302.499444][T21403] RIP: 0033:0x4665d9 [ 302.503430][T21403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 04:32:03 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 302.523165][T21403] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 302.531682][T21403] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004665d9 [ 302.539659][T21403] RDX: 00007fc47e285000 RSI: 0000000000000000 RDI: 00000000004bee66 [ 302.547676][T21403] RBP: 0000000000000000 R08: 00007fc47e284ff8 R09: ffffffffffffffff [ 302.555902][T21403] R10: 00007fc47e284ffc R11: 0000000000000246 R12: 0000000020000080 [ 302.563877][T21403] R13: 0000000020000140 R14: 0000000000000000 R15: 0000000020000180 04:32:03 executing program 4: r0 = getpid() capget(&(0x7f0000000040)={0x19980330, r0}, &(0x7f00000000c0)={0x8, 0x40, 0x9, 0x7, 0x7, 0x3ff}) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x240c00, 0x31) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) r3 = syz_open_procfs(r0, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000000)=[r2, r3], 0x2) waitid(0x2, r0, 0x0, 0x8, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x42, 0x0) 04:32:03 executing program 2 (fault-call:0 fault-nth:7): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 302.660277][T21417] capability: warning: `syz-executor.4' uses 32-bit capabilities (legacy support in use) [ 302.748150][T21423] FAULT_INJECTION: forcing a failure. [ 302.748150][T21423] name failslab, interval 1, probability 0, space 0, times 0 [ 302.760778][T21423] CPU: 1 PID: 21423 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 302.769591][T21423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.779647][T21423] Call Trace: [ 302.783360][T21423] dump_stack_lvl+0xb7/0x103 [ 302.787956][T21423] dump_stack+0x11/0x1a [ 302.792171][T21423] should_fail+0x23c/0x250 [ 302.796596][T21423] ? getname_flags+0x84/0x3d0 [ 302.801301][T21423] __should_failslab+0x81/0x90 [ 302.806062][T21423] should_failslab+0x5/0x20 [ 302.810611][T21423] kmem_cache_alloc+0x46/0x2e0 [ 302.815467][T21423] ? notify_change+0xa59/0xa80 [ 302.820233][T21423] getname_flags+0x84/0x3d0 [ 302.824761][T21423] ? fput+0x2d/0x130 [ 302.828742][T21423] getname+0x15/0x20 [ 302.832640][T21423] do_sys_openat2+0x5b/0x250 [ 302.837230][T21423] __x64_sys_openat+0xef/0x110 [ 302.842032][T21423] do_syscall_64+0x3d/0x90 [ 302.846541][T21423] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 302.852440][T21423] RIP: 0033:0x4196c4 [ 302.856421][T21423] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 302.876023][T21423] RSP: 002b:00007fc47e284ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 302.884624][T21423] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 00000000004196c4 [ 302.892586][T21423] RDX: 0000000000000002 RSI: 00007fc47e285000 RDI: 00000000ffffff9c [ 302.900551][T21423] RBP: 00007fc47e285000 R08: 0000000000000000 R09: ffffffffffffffff [ 302.908625][T21423] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 302.916619][T21423] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:04 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x3b) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = fork() tkill(r2, 0x13) wait4(r2, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$BTRFS_IOC_RESIZE(r1, 0x50009403, &(0x7f0000000100)={{r3}, {@void, @actul_num={@val=0x2b, 0x2, 0x2e}}}) wait4(r2, &(0x7f0000000000), 0x8, &(0x7f0000000040)) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:04 executing program 2 (fault-call:0 fault-nth:8): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:04 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) [ 303.369198][T21433] FAULT_INJECTION: forcing a failure. [ 303.369198][T21433] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 303.382283][T21433] CPU: 0 PID: 21433 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 303.391336][T21433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.401400][T21433] Call Trace: [ 303.404680][T21433] dump_stack_lvl+0xb7/0x103 [ 303.409274][T21433] dump_stack+0x11/0x1a [ 303.413543][T21433] should_fail+0x23c/0x250 [ 303.418040][T21433] should_fail_usercopy+0x16/0x20 [ 303.423072][T21433] strncpy_from_user+0x21/0x250 [ 303.427949][T21433] getname_flags+0xb8/0x3d0 [ 303.432467][T21433] getname+0x15/0x20 [ 303.436483][T21433] do_sys_openat2+0x5b/0x250 [ 303.441079][T21433] __x64_sys_openat+0xef/0x110 [ 303.445849][T21433] do_syscall_64+0x3d/0x90 [ 303.450309][T21433] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 303.456211][T21433] RIP: 0033:0x4196c4 [ 303.460099][T21433] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 303.479968][T21433] RSP: 002b:00007fc47e284ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 303.488390][T21433] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 00000000004196c4 [ 303.496360][T21433] RDX: 0000000000000002 RSI: 00007fc47e285000 RDI: 00000000ffffff9c [ 303.504328][T21433] RBP: 00007fc47e285000 R08: 0000000000000000 R09: ffffffffffffffff 04:32:04 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 303.512307][T21433] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 303.520284][T21433] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 [ 303.581139][T21411] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 303.589647][T21411] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 303.620893][T21411] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 04:32:04 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 303.629356][T21411] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:05 executing program 2 (fault-call:0 fault-nth:9): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 303.994715][T21457] FAULT_INJECTION: forcing a failure. [ 303.994715][T21457] name failslab, interval 1, probability 0, space 0, times 0 [ 304.007473][T21457] CPU: 0 PID: 21457 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 304.016239][T21457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.026299][T21457] Call Trace: [ 304.029576][T21457] dump_stack_lvl+0xb7/0x103 [ 304.034195][T21457] dump_stack+0x11/0x1a [ 304.038412][T21457] should_fail+0x23c/0x250 [ 304.042877][T21457] ? __alloc_file+0x2e/0x1a0 [ 304.047471][T21457] __should_failslab+0x81/0x90 [ 304.052245][T21457] should_failslab+0x5/0x20 [ 304.056762][T21457] kmem_cache_alloc+0x46/0x2e0 [ 304.061658][T21457] __alloc_file+0x2e/0x1a0 [ 304.066079][T21457] alloc_empty_file+0xcd/0x1c0 [ 304.070894][T21457] path_openat+0x6a/0x1f20 [ 304.075321][T21457] ? avc_has_perm_noaudit+0x19a/0x240 [ 304.080721][T21457] ? avc_has_perm+0x59/0x150 [ 304.085306][T21457] ? avc_has_perm+0xc8/0x150 [ 304.089901][T21457] ? fsnotify+0x1167/0x1190 [ 304.094465][T21457] do_filp_open+0xe9/0x200 [ 304.098887][T21457] ? __virt_addr_valid+0x15a/0x1a0 [ 304.104033][T21457] ? _find_next_bit+0x16a/0x190 [ 304.108955][T21457] ? alloc_fd+0x388/0x3e0 [ 304.113298][T21457] do_sys_openat2+0xa3/0x250 [ 304.117887][T21457] __x64_sys_openat+0xef/0x110 [ 304.122722][T21457] do_syscall_64+0x3d/0x90 [ 304.127143][T21457] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 304.133049][T21457] RIP: 0033:0x4196c4 [ 304.136937][T21457] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 304.156571][T21457] RSP: 002b:00007fc47e284ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 304.164991][T21457] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 00000000004196c4 [ 304.172967][T21457] RDX: 0000000000000002 RSI: 00007fc47e285000 RDI: 00000000ffffff9c [ 304.180944][T21457] RBP: 00007fc47e285000 R08: 0000000000000000 R09: ffffffffffffffff [ 304.188920][T21457] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 304.196963][T21457] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:05 executing program 4: r0 = getpid() r1 = syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x800, 0x2, &(0x7f0000000180)=[{&(0x7f0000000080)="d9aea7039c5526546efe4043438a1a8274", 0x11, 0x2}, {&(0x7f00000000c0)="aaa00514bd4df810d4aec12f72cdd7a884b24146f7ae26c91783ace7bf52511622f9bae878ed8713ed6e9e7a9922310fdbaec182a74be1e024de31d0bd5820ae89ec27e66f4ff82a4929dae1838775121f61ca4a95b6ca623197eeaa594a421eb0fec181c343eeffce397ddced005e2a8d5571102a0f968cb1872d47edf8c7717579e7255ec4289414da0233a1657e5207aeba4378f0f76f8b17d8f41fcea4dd15382adfe2e65cbd431607d589e82edb92b83feb10181aaba9", 0xb9, 0x5}], 0x848, &(0x7f00000001c0)={[{@stripe={'stripe', 0x3d, 0x8000}}, {@jqfmt_vfsold}]}) r2 = openat(r1, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x13b) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:05 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:05 executing program 2 (fault-call:0 fault-nth:10): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 304.320290][T21461] loop4: detected capacity change from 0 to 4 [ 304.345680][T21461] EXT4-fs (loop4): VFS: Can't find ext4 filesystem [ 304.384264][T21469] FAULT_INJECTION: forcing a failure. [ 304.384264][T21469] name failslab, interval 1, probability 0, space 0, times 0 [ 304.397047][T21469] CPU: 0 PID: 21469 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 304.405822][T21469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.415876][T21469] Call Trace: [ 304.419160][T21469] dump_stack_lvl+0xb7/0x103 [ 304.423793][T21469] dump_stack+0x11/0x1a [ 304.427947][T21469] should_fail+0x23c/0x250 [ 304.432370][T21469] ? security_file_alloc+0x30/0x190 [ 304.437576][T21469] __should_failslab+0x81/0x90 [ 304.442393][T21469] should_failslab+0x5/0x20 [ 304.446904][T21469] kmem_cache_alloc+0x46/0x2e0 [ 304.451678][T21469] security_file_alloc+0x30/0x190 [ 304.456908][T21469] __alloc_file+0x83/0x1a0 [ 304.461333][T21469] alloc_empty_file+0xcd/0x1c0 [ 304.466162][T21469] path_openat+0x6a/0x1f20 [ 304.470638][T21469] ? avc_has_perm_noaudit+0x19a/0x240 [ 304.476080][T21469] ? avc_has_perm+0x59/0x150 [ 304.480660][T21469] ? avc_has_perm+0xc8/0x150 [ 304.485333][T21469] ? fsnotify+0x1167/0x1190 [ 304.489821][T21469] do_filp_open+0xe9/0x200 [ 304.494313][T21469] ? __virt_addr_valid+0x15a/0x1a0 [ 304.499412][T21469] ? _find_next_bit+0x16a/0x190 [ 304.504330][T21469] ? alloc_fd+0x388/0x3e0 [ 304.508645][T21469] do_sys_openat2+0xa3/0x250 [ 304.513323][T21469] __x64_sys_openat+0xef/0x110 [ 304.518069][T21469] do_syscall_64+0x3d/0x90 [ 304.522549][T21469] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 304.528437][T21469] RIP: 0033:0x4196c4 [ 304.532362][T21469] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 304.551967][T21469] RSP: 002b:00007fc47e284ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 304.560366][T21469] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 00000000004196c4 [ 304.568348][T21469] RDX: 0000000000000002 RSI: 00007fc47e285000 RDI: 00000000ffffff9c [ 304.576394][T21469] RBP: 00007fc47e285000 R08: 0000000000000000 R09: ffffffffffffffff [ 304.584437][T21469] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 304.592661][T21469] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 [ 304.628556][T21461] loop4: detected capacity change from 0 to 4 04:32:05 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:05 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x50442, 0x8) r2 = openat(r1, &(0x7f0000000000)='./file1\x00', 0x6240, 0x5) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) utimensat(r1, &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)={{0x77359400}, {0x0, 0x2710}}, 0x100) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:05 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') ptrace(0x10, r0) preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$sock_netdev_private(r2, 0x89f2, &(0x7f0000000080)="3df4fc447fa862b5e1c4c2a4cf9a3dcd9207e9d777e539a704aa517753761694578da0d3bd79f69c7726321c0943b9e3ba3cf4212a87b30420679fa949f8d738bcb46631680996020d414d2704523131a7558198240e4d02baea365ab5482f7593d4e86ff93cc6c59f6973b65ee06aa4a508748e8de5ad50b51d906fe00b9f65b3812bb1dbbda14bb6fe5624713414c2bb86280a4931778a372520c8f9ce45d2fa29f9590648ac") waitid(0x2, r0, 0x0, 0x8, 0x0) write(r1, &(0x7f0000000000)="eaa6cdb153b17989bf29132e44e4ec3e004be3cb6d7cbeb5f4df0b6eedc57e2cd6371f9f943056d2a9fefd791d111422e53720b520ff424e84b83b622b4228fbd0c8d0d075f52234497feff905ffe55a0b8e783cceb9ccd117f986499a30", 0x5e) 04:32:05 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:05 executing program 2 (fault-call:0 fault-nth:11): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 304.903891][T21501] FAULT_INJECTION: forcing a failure. [ 304.903891][T21501] name failslab, interval 1, probability 0, space 0, times 0 [ 304.916996][T21501] CPU: 0 PID: 21501 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 304.925762][T21501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.935898][T21501] Call Trace: [ 304.939166][T21501] dump_stack_lvl+0xb7/0x103 [ 304.944549][T21501] dump_stack+0x11/0x1a [ 304.948949][T21501] should_fail+0x23c/0x250 [ 304.953355][T21501] ? kzalloc+0x16/0x20 [ 304.957412][T21501] __should_failslab+0x81/0x90 [ 304.962194][T21501] should_failslab+0x5/0x20 [ 304.966688][T21501] __kmalloc+0x66/0x340 [ 304.970895][T21501] ? __d_lookup_rcu+0x39e/0x3e0 [ 304.975757][T21501] kzalloc+0x16/0x20 [ 304.979637][T21501] alloc_workqueue+0x11e/0xaf0 [ 304.984467][T21501] ? blkdev_get_whole+0x308/0x350 [ 304.989483][T21501] ? bd_prepare_to_claim+0x1e5/0x270 [ 304.994901][T21501] loop_configure+0x54c/0xd10 [ 304.999672][T21501] ? mntput+0x45/0x70 [ 305.003637][T21501] lo_ioctl+0x558/0x1210 [ 305.007864][T21501] ? path_openat+0x18e4/0x1f20 [ 305.012633][T21501] ? putname+0xa5/0xc0 [ 305.016705][T21501] ? ___cache_free+0x3c/0x300 [ 305.021368][T21501] ? blkdev_common_ioctl+0x9c3/0x1040 [ 305.026799][T21501] ? selinux_file_ioctl+0x8e0/0x970 [ 305.032150][T21501] ? lo_release+0x120/0x120 [ 305.036641][T21501] blkdev_ioctl+0x1d0/0x3c0 [ 305.041131][T21501] block_ioctl+0x6d/0x80 [ 305.045387][T21501] ? blkdev_iopoll+0x70/0x70 [ 305.050360][T21501] __se_sys_ioctl+0xcb/0x140 [ 305.054934][T21501] __x64_sys_ioctl+0x3f/0x50 [ 305.059519][T21501] do_syscall_64+0x3d/0x90 [ 305.063922][T21501] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 305.069848][T21501] RIP: 0033:0x466397 [ 305.073727][T21501] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 305.093318][T21501] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 04:32:06 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) ioctl$BTRFS_IOC_RESIZE(r1, 0x50009403, &(0x7f0000000000)={{r1}, {@void, @max}}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 305.101732][T21501] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 305.109774][T21501] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 305.117729][T21501] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 305.125727][T21501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 305.133694][T21501] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:06 executing program 2 (fault-call:0 fault-nth:12): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:06 executing program 4: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000001b00), 0x600, 0x0) perf_event_open(&(0x7f0000001a80)={0x1, 0x80, 0xf7, 0x7, 0x5, 0x1f, 0x0, 0x0, 0x169bd8e23eb6e013, 0xc, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x6e9e, 0x0, @perf_bp={&(0x7f0000001a40), 0xa}, 0x2122, 0x3f, 0x7, 0x2, 0x0, 0x20, 0x1, 0x0, 0x10000, 0x0, 0xff}, 0x0, 0xffffffffffffffff, r0, 0x1) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x1000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpid() r2 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x10000, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/153, 0x99}], 0x1, 0xd9f, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x420001, 0x1) waitid(0x2, r1, 0x0, 0x8, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) vmsplice(r3, &(0x7f0000001a00)=[{&(0x7f00000007c0)="590b681d130166a14ba0f585a8f8c5037142ed8366dd32673c339663543b551a6fc7dc632e2fbbdfc842fb6743ebd75c0ecb6e22fd2f1ad78114ccc98ce21e3520d18c5d2b464eb07a1e536b993db3eebd9992d5f4c0e8e79c0bafd9f84eb151beb6ccea72bf4f4f6bd1fba133b3c5267c615805705bb35a0c633926406e396a8b5946cafbafec2cfad7cff8aa6d966ea53de377c4c35acebfead6d6e48e80adabd47bf839d94d2f37cfd666b0cd305c6416846bfe09", 0xb6}, {&(0x7f0000000880)="4987f8d7c804bb8af477890efe621f95aa45e7d9cef06b621f43d7e5046e24d3c6c8737b1ae0d5a0496a0f0695b4f5f865e4bf905209e1b7e450d805f8429e39f6629b00a1b90a6f14", 0x49}, {&(0x7f0000000900)="2e686155021bd706e38c386b36513cb6478d3ea86b11004022d834f01a9c24503042886dc5bbf7bc4bba87980f766da5c1e21e1bf6c00eb26139be215e2da43cb9f44f72eeede50574b1f3ad2c3ff1e999e7fa5a2c2f2307375e029ed0a78244f759b4af25cf282c816fc8d21d4564003d00db67253e30d8cf1f5fa2b66f0cc48c4a1613b78daa57f92ec3e51c2a5a60cea82902fbfe128d4367f68d324b5880cd1f0afcfac137db22195379a4d11438fbd4cc5b9d1b5e9db20c77ba3b299781044f56e4904bb8952cee3a50f67ce34df940d3c0e4aabd59bb28baee92670aaf1043a319807be475ef4f55bc6aec3383289f3cfa77d1f7285529e1e2bdc4093defa4ec6f0c63896d1d0f1041d5f27c47d5f0db441f69231e3fa85489d72d89e7bbff8a43594bb0165801a4ecbcd9af411dc57278e5970d97ba79179ceed3aadaf179c5a272a42e65757cc784ddd7e1de13c46fdb22d4ccbf072b0afe164a53f24f3b329b4fb1d81ccd3ad0458c540d60765f95e746892464819cde8faf807393bc1cc81e638c821baf2b2d2a11d86d3cdf63cc2ae0801a8d752f4f94727a56a0ae7f2347566798504132258f1f073f1968b4bb16abd3b9858d73d709468f44d4884b3f9d563e4e1163d988d912409af3345e5bba1eb68c27ce96799397c177933a263bab90dd542bf029cdf7d10a2cce0ade028ef0565f72f59cfb293763260dd058d70cd0de81c558b28df86629c3139096ed35f6053b5271d99905b85f007aaaf58686890642f20eab0b73ccaf128d56dfd2500ccdc6caf62ea2ed56cbe044f513bed85ca4275fa09c31fbecc7d9a21d8fb2bb040ea5d01e7febdb601abf1047741972f7f9dbb04c3f96414f52019a7f8de39dac50f2faf4022aebe2b0a43ea2fecd5ba33d456f1f0934ee051c253576da37bfde723fe3546d4d8b57b51426302ed5ba17c5868f3f69dc7cd36363f088a9d95077796fd0af44d0f537a14b37721c64e1e5d4ff3bf45546f44faa8f81d463b365dc87161e30c27c3e491e05263d4a721348c80d8555917c96bef121463b632936a9a36b9892e6b7ff422a8af9ed14dafd4f2732828b49169ffb4c9b21e19cb374272e7b34d1d06cc921feaac762e67b7e81af9a6741ab2990819cacfabb7db66b304760fd1ac8999edbd75e22d1f9f852ccf042b61a4cea0dda8a4e09e4320e35aa54cc7d88827eeec0f604c94609ffbf1f8e7bc2df2fc0c1cddd62950122b838db1a171a58a0c86e6ed93abc9a09d13de95d664bfc98eee7c491f1c2041576b3f2b0d400e937a523c1b0f617ae3b7ca9630dd7b5601bf12a63399428eba009f78ee4858dba4967f2c72755b32bba4429014f953c0a7f8a5c494502c2960704aa6a093981d7d3e4f574c33e4b9d9c8216f25ea2c64a5dec8d16b65be48909755294625683b5a526ef101591d0c65fab7f9e42f3accab876d6078243f2aea92a86d109acbff563535c2e3f20236c21390ab37640de0d59a97e09bbf1df26bea099340ed769febb3fc051f92fe720f628464885725027e7c06aa808a56801d388e9a92c6337521576227000971f61bc3ede132b19252f167ae51783099560343ff6c45ae1ec9b79347920ce570c8a87a8423f1e0d26c56314951d8067909b6c5add0ab0285d799e8545b3a5d6e7d5c2edd3581a10749c1a3291ea9a5213a761f680b708ddf6344cf752452349db9d041200f16a94d1cc518bb745c8c2d5410f58f179f449893f356b6c0dee83a4c16462a7e7b079598a0cc1ea119af8b425d55c60893142f73397e944432bdc8c125fc38d171af195ec9221fa5373051a7aa0af22f90d12a2f09aadae7853b9b50f128b105bd045a1143c57a207bec0f4871f861591ca9571a08997f29d0ee22e2a98d1e86242942dfb7b51feb273406b4a492dd2eab31d0537dee703953202937ddcd1d710dbaeef8169b5716e0c2178bb1531660d8f5feaf59ce09ce3c24a6c7bdbb2c1a65fc22398c509b615cdc8138a40f3d9899f1b27ef5f02f06c7ba3388a94bf27cd4d6642a964ac60cf01aeba1ae3f89727249799f61b08f287ef63991da620160f33cbbd25f50dc52fa8b84bfe553dee1b0884ed7295bff9907f845cdf124c424ee04046222e1d30fdffb087b938175558bcb063902f2f839a08b1a7efa17fc06e61e6a31325c24d7dd754c72c1b5752729da8acdf5484e921a92731d4becab1728f4a1d227af7f7f37a1550bd13bdf51a95521c75f931cc6545095e91093678743490dfcf8d16aea8f9f26c38a0ea664bb8c649d2216b6113444406caf6c9cc15dd60e7bdaeb5ee85d825b03da862a2e0bd9ba452d4c5e3b18f308e99f520e4dc4e6e6d449e1be957d4a2712a1c74e7cf7dc8c1ded8865aaf44b4e90ab3873b5efbef430eafcaaaf812e4a40c137e68533085b9581f871c606620107658c20bc3414ac7b0710020769084c3cd5d9de570f11f6736596e2e9387b543d2a7987d0c282e4a51862bdc7af81020c83aef57f2763dbae4a773d0d5d4e78549a70b6f6f68314d7dc2c11a1ded1c5808e62237c94c571bef0a770870c7b3f1cc3f1c48bc076e75fe6a0bcab1e47e68402daf43a6bc1889528de705e5771fd6b41fbaa5a694eedd2936e443665efa2f33ed6ac0aab72cc477b8d15ada858505cbfb2d02803d4eb3dbf41cbed5195ebea77a19c2d9278050826b5c2d413e8e34c3c8b8be73265fb0e0a976cda17183b7ae200ab1af71bf0ff6db90b9f83a03cc0afc05d72a63aac43d2fd638ceefb0ff32388671ef7b002722f5b35fddfaa66180ddea8f44022006220d91f52982dfdc25a7bfcf9b232c3f63900de3e2c1fd009f801e43453314b82d3f0f83fb5c9a3f83c580211c28501da9537798581e309bb48761bda558b8e61f900843d2838f0169413f33940601286886b5480a81873aff29fc326a94097d10fdcfa6b02812b147092e385041f4e00bbd649c4935405e7a8d6ffe23e6023ab86fbde40496fed80fcc74136157f77e0d59b97f4b1805ead1b3add921915a3fe939054f312e4cb221224ea0a028e92d0860dd3d67fc4a327d712b8b512344a3cb796250a8578f4b4781bdd353c542d4aa1276dc13abd014c1e5987fe640518e9c0d8a39b2eaa63b6df562508ff0ac7ce6a891e97c12f67af5fb049b4f4f62bed5d7e4393802abe309e380cb4ce0a672dae8f04285591179d1458c9b1e099070de7f7965b78432281c1467edc00ef4f290b39abfc8b045a4f30b01df1d0c6b5ecd73fe6faa3dc33cae32f0b5ee2a121105a6ad68a9f293055a2b4d0374deceb29969a62cd98e4555979d0f6d238afc40d67e2b632e656be559df863a617f8c4667369ade945a5609986ae5617460a0e6e22b3f93b9ec1c48801a3ce47c93a47441ce73d76d68700ed0f3ea762579ac494a60417616e42018f23d6b0ba70e9ee898142a8e21e6658b602db5d2476aad9731b27f48c7c72e436b0226646742a36c0b8f55dc3a0ddb04022ba543361204c8476e6764be37ef71379af8e38ddda4887102666702dad09ef50ebeddc3d0a0e42931052678c6376fabc2a2f3f1ac90871c51b592b40811bf99dcf73c0ddd18874c6e38729fbb513d2421eb91516bd2322266ec68af79af78dd797cf15a1e338e5481d3db6a509e441a99c134b70e31341e979cd7eb88cfb9ad19fbe926a11e3242a64c89edd68fe4d5b6e054a03742297fe60226c0c8a5efabd901a363b19d359adecef3fdc4f50a90fa278aba2d47bf77ea6e111748ed858ac04ed1eb7ebb0dfaf7167d59f4a27038cd26540b2ff6bd461a07f29e289667222076bc4d9ceea9a6fcb074c46244e019cf2bd9b849a56507ef9784dec6a03d10e01688bb5ec0b0c5c50ea0f440f7acb7b005c7d49051ee014cbd99930ae91194863a980c770bace84e40cd644c0d4d0f209a0f0107736b5e8b81ad7d07117ef06996f5b934813a99922ec83e841dd2a4325bdd7d5e6bb594d6a7ea5c45f6be3287717a82fee8b8dab34f687aa6f3a573e115cb41bddc096539ba0bde1634a8279a640e145e800b1d0fd92130fc02a0fe3ab419f3b712fcb1bc0b040e20feabf83da4a162952ad2dd19a6cbd6056d98fbacb91eb0cf106ba9984e7930c001a43d81af15b5cc3e4d6625531804aa4e47b1d8c3c3b0b9305476a123f00c9e4a390d473b49df086fcd3b727d35580a0eef47a85bd73bd9e256df41db44ce1a6bdd4afe31a0395930889147825070fa0f21584cc4921b60d3017e399d7c08654ec8a0a2272a4081da9c4e43c3d47eb323db4e0091e2a6aa5fa3c013dd62b3c9d86d7bc4f2e17aaf9fa41eddd44975ab4a7d8117cdfd375ca08cc9ee6e68d5198820fe4a7591ef8226b223fc3b66224cb72e592a6aff58278659bb401a51434b44e8b432bfd89be1a2053a6b5f32d11585df6bc98d56bba5e59c5dd2a18d2942bb9b7cf677c2f70b3e5e6be92eabbf5f5d23cde4cff50d35c84c38c9825544867d4a12779e143ce45d65ec7c74b8cacf041b3dffb66624e6015de402fc3ea1d464fb60acc2e964ceeb72fbc32a10c79b831ff0ee9cdc812131efb43e983dfefdfab9c9484cbe88d90e7d34ae34d809c425fcd77189eccd8119a873005899985d809ae1a61daf10d76ecef995b6f671abd68795c6f7335a373e21b6563561fd141b46fcc4bcde7e955305a07187a2c4f8a9f13da69dab2a1f15a694b561b20f15e85b5d97a0895cf80c6552d88f63a9cdc540d003114a22417028ffe195cf700c5d4cb594c2767663d46ea7fb0e7e9e519953094e42c1e00f4d0191bc19dc39e394764801bf478a3ce07f2f8b9be011471560cdd8d3f42062c1d23513d48bf0b61e8faa3f5e51f3f5eda2ff8732fcfb382bf12c2743dfd118edc39ea78752cffe782cb6a10ecbc5a5f21e6cbd232d3ba375623615c6b5a176cb9c2f07c73830c6477c5c9490ff72abf30e095a0a6f436c96f5668267fc8d9944b716832764990b68627d86873fb80cce7fcdc6195d44e6a43173a46ace69402ce4701c85c395bbe5e4cfd10fd63bca057a93338c8e6c0b0363ef579cf8b860eb33477bb655bc30d5f3f06f46d7045ba8a7ed1605d1ad1f3641a7212abce930fa8b9eef5598c9f89565e2f82e52cbfcddbf6bc2b5138394e8ac4c46766920d6079481855dc24876bf1418fc30bc707fb46cde66068e878460158d16fff7a32bc9aa6e9ef471f99a6713aa4369c3764715e4cf7079f6d8a8e578b9153eb7797a4ea8e31ad975484021df24ebffdfc1731e282efdd9596754dde4f544f7c970aa4250f00d4b4d70f63ff258add7bdc1dfd536865db286988ee914602b899d343af82cd88baf4ef5c1b6a86d0496a3e0eafe31348a3bf2349d27a56234edac26ba69b281ca05ba32a8e205de358ece9c54b327a79a2c4d5f19dad5d26bad90f76db9b9b92c718a8b67c4cdac3b1525d1c6de20e17b54bf19e22cac65795b14591e031ba746b09e2f2eb918e7c5d13a9357fff32155e6c6449f7f2b2bd92b89890a1e9315a124b2289fdbe4710925f4fe74dca706092722baf168fcbab6a75bdc85264821401916a470dfbead2e9f5cf0b0911c82fe019e3ebeda3717bc8d8b04e76f14c5643fea0235f59a0d7c8bb51a4de9f6a3f19978c6e1942b2e66addfef0f75b0e548da133cfbcb26e6b58b8206502a71dc8cee5d9485570cca2ca2f82082b20a4a5ae8a33db71d9454bf7d7d9221dcf8b40a87ab8720b3e3cfb1e468bcceae9cd8bbdc0af0acc9dd4670ffb25119d8d670a5f8405ea70b19", 0x1000}, {&(0x7f0000001900)="2f4568f1e22f6fd35d13a6963769626b1f3ceb7cc213c39bb5f6215d2b501338a3be167ef4a308e0edcb8244aa33edb91421279dd1e1c1a4f484d35f2cbc52933a7bbf3c6f0fa6197b8129834ffc3baf66538e84b1c7a12f91bd2b02ca3b0d01dd55eaa72323bc5fe45290e5586c018eacb6842c135f2712c635dbb287dfd7ea898dea3b300bd897ca96d424bd2f460e5888e2a6dbd77a78c27feae242e183e5ac8b22e26b7b01b4e1ef85f5ac275e231d5fa37b5316ebd662989c11593ce5ad2fadd0fa980fd1fde7f7fc98024f34ef19403567817bc350c04c222fd7a99276f7f7e0cabf128d80d0eba8", 0xeb}], 0x4, 0x8) r4 = inotify_init1(0x80000) preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000140)=""/175, 0xaf}, {&(0x7f0000000200)=""/148, 0x94}, {&(0x7f0000000380)=""/200, 0xc8}, {&(0x7f0000000480)=""/171, 0xab}, {&(0x7f0000000540)=""/184, 0xb8}, {&(0x7f0000000600)=""/25, 0x19}, {&(0x7f0000000640)=""/89, 0x59}, {&(0x7f00000006c0)=""/107, 0x6b}], 0x8, 0x4, 0x3) [ 305.240062][T21512] FAULT_INJECTION: forcing a failure. [ 305.240062][T21512] name failslab, interval 1, probability 0, space 0, times 0 [ 305.252749][T21512] CPU: 0 PID: 21512 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 305.261512][T21512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.271743][T21512] Call Trace: [ 305.275023][T21512] dump_stack_lvl+0xb7/0x103 [ 305.279618][T21512] dump_stack+0x11/0x1a [ 305.283818][T21512] should_fail+0x23c/0x250 [ 305.288241][T21512] __should_failslab+0x81/0x90 [ 305.293011][T21512] ? alloc_workqueue+0x14c/0xaf0 [ 305.297954][T21512] should_failslab+0x5/0x20 [ 305.302535][T21512] kmem_cache_alloc_trace+0x49/0x310 [ 305.307828][T21512] alloc_workqueue+0x14c/0xaf0 [ 305.312595][T21512] ? blkdev_get_whole+0x308/0x350 [ 305.317704][T21512] ? bd_prepare_to_claim+0x1e5/0x270 [ 305.322998][T21512] loop_configure+0x54c/0xd10 [ 305.327690][T21512] ? mntput+0x45/0x70 [ 305.331778][T21512] lo_ioctl+0x558/0x1210 [ 305.336029][T21512] ? path_openat+0x18e4/0x1f20 [ 305.340803][T21512] ? putname+0xa5/0xc0 [ 305.344928][T21512] ? ___cache_free+0x3c/0x300 [ 305.349616][T21512] ? blkdev_common_ioctl+0x9c3/0x1040 [ 305.355017][T21512] ? selinux_file_ioctl+0x8e0/0x970 [ 305.360222][T21512] ? lo_release+0x120/0x120 [ 305.364727][T21512] blkdev_ioctl+0x1d0/0x3c0 [ 305.369282][T21512] block_ioctl+0x6d/0x80 [ 305.373546][T21512] ? blkdev_iopoll+0x70/0x70 [ 305.378149][T21512] __se_sys_ioctl+0xcb/0x140 [ 305.382746][T21512] __x64_sys_ioctl+0x3f/0x50 [ 305.387338][T21512] do_syscall_64+0x3d/0x90 [ 305.391761][T21512] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 305.397661][T21512] RIP: 0033:0x466397 [ 305.401549][T21512] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 305.421232][T21512] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 305.429660][T21512] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 04:32:06 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:06 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 305.437635][T21512] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 305.445849][T21512] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 305.454001][T21512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 305.461999][T21512] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:06 executing program 4: ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) pidfd_send_signal(r1, 0x3e, &(0x7f0000000080)={0x40000023, 0xffff}, 0x0) 04:32:06 executing program 2 (fault-call:0 fault-nth:13): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 305.599692][T21482] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 305.608159][T21482] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 305.630258][T21533] FAULT_INJECTION: forcing a failure. [ 305.630258][T21533] name failslab, interval 1, probability 0, space 0, times 0 [ 305.642903][T21533] CPU: 0 PID: 21533 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 305.651666][T21533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.661722][T21533] Call Trace: [ 305.664995][T21533] dump_stack_lvl+0xb7/0x103 [ 305.669770][T21533] dump_stack+0x11/0x1a [ 305.673982][T21533] should_fail+0x23c/0x250 [ 305.678412][T21533] ? kzalloc+0x16/0x20 [ 305.682596][T21533] __should_failslab+0x81/0x90 [ 305.687371][T21533] should_failslab+0x5/0x20 [ 305.691878][T21533] __kmalloc+0x66/0x340 [ 305.696040][T21533] ? number+0xa03/0xb50 [ 305.700185][T21533] kzalloc+0x16/0x20 [ 305.704106][T21533] apply_wqattrs_prepare+0x3a/0x630 [ 305.709355][T21533] ? vsnprintf+0xe8f/0xed0 [ 305.713761][T21533] apply_workqueue_attrs+0x9e/0x100 [ 305.718990][T21533] alloc_workqueue+0x77d/0xaf0 [ 305.723762][T21533] ? bd_prepare_to_claim+0x1e5/0x270 [ 305.729124][T21533] loop_configure+0x54c/0xd10 [ 305.733887][T21533] lo_ioctl+0x558/0x1210 [ 305.738336][T21533] ? path_openat+0x18e4/0x1f20 [ 305.743217][T21533] ? putname+0xa5/0xc0 [ 305.747311][T21533] ? ___cache_free+0x3c/0x300 [ 305.752080][T21533] ? blkdev_common_ioctl+0x9c3/0x1040 [ 305.757473][T21533] ? selinux_file_ioctl+0x8e0/0x970 [ 305.762788][T21533] ? lo_release+0x120/0x120 [ 305.767318][T21533] blkdev_ioctl+0x1d0/0x3c0 [ 305.771816][T21533] block_ioctl+0x6d/0x80 [ 305.776057][T21533] ? blkdev_iopoll+0x70/0x70 [ 305.780795][T21533] __se_sys_ioctl+0xcb/0x140 [ 305.785554][T21533] __x64_sys_ioctl+0x3f/0x50 [ 305.790148][T21533] do_syscall_64+0x3d/0x90 [ 305.794632][T21533] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 305.800535][T21533] RIP: 0033:0x466397 [ 305.804416][T21533] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 305.824033][T21533] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 305.832478][T21533] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 305.840446][T21533] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 04:32:07 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:07 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:07 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000400)={0x0}, &(0x7f0000000440)=0xc) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f0000000480)={0xbc23}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) preadv(r3, &(0x7f00000003c0)=[{&(0x7f0000000000)=""/239, 0xef}, {&(0x7f0000000100)=""/226, 0xe2}, {&(0x7f0000000200)=""/148, 0x94}, {&(0x7f0000000300)=""/156, 0x9c}], 0x4, 0x7f, 0x7) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 305.848413][T21533] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 305.856422][T21533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 305.864459][T21533] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 [ 305.875049][T21482] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 305.883647][T21482] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:07 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:07 executing program 4: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) sched_setattr(r0, &(0x7f0000000000)={0x38, 0x6, 0x22, 0x8001, 0x9, 0x7, 0x4, 0x5, 0x20, 0xffffffa0}, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x2, 0x30, r1, 0x615ec000) r2 = syz_open_procfs(r0, &(0x7f0000000140)='personality\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1800006, 0x12, r2, 0xc5173000) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000100)=[{&(0x7f0000000040)=""/155, 0x9b}], 0x1, 0x0, 0x8) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:07 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:07 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sched_setattr(r0, &(0x7f0000000000)={0x38, 0x0, 0x5b, 0x1, 0x800, 0x0, 0x3, 0x400, 0x25, 0xde}, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:07 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:07 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:07 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:07 executing program 4: r0 = getpid() pipe(&(0x7f0000000000)={0xffffffffffffffff}) clone3(&(0x7f000001a300)={0x200, &(0x7f0000000040), &(0x7f0000000180), &(0x7f00000001c0)=0x0, {0x15}, &(0x7f0000019300)=""/4096, 0x1000, &(0x7f0000000200)=""/115, &(0x7f0000000280)=[r0, r0], 0x2}, 0x58) write$P9_RGETLOCK(r1, &(0x7f000001a380)={0x29, 0x37, 0x2, {0x0, 0x3, 0x8000, r2, 0xb, '#,!\'^\xc9]}](.'}}, 0x29) r3 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f000031b000/0x4000)=nil, 0x4000, 0x1000008, 0x12, r3, 0x850fc000) preadv(r3, &(0x7f0000000140)=[{&(0x7f0000000300)=""/102400, 0x19000}, {&(0x7f0000000080)=""/160, 0xa0}], 0x2, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:07 executing program 2 (fault-call:0 fault-nth:14): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 306.457896][T21579] FAULT_INJECTION: forcing a failure. [ 306.457896][T21579] name failslab, interval 1, probability 0, space 0, times 0 [ 306.470575][T21579] CPU: 0 PID: 21579 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 306.479342][T21579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.489400][T21579] Call Trace: [ 306.492682][T21579] dump_stack_lvl+0xb7/0x103 [ 306.497284][T21579] dump_stack+0x11/0x1a [ 306.501445][T21579] should_fail+0x23c/0x250 [ 306.505878][T21579] __should_failslab+0x81/0x90 [ 306.510722][T21579] ? apply_wqattrs_prepare+0x5f/0x630 [ 306.516135][T21579] should_failslab+0x5/0x20 [ 306.520641][T21579] kmem_cache_alloc_trace+0x49/0x310 [ 306.525941][T21579] apply_wqattrs_prepare+0x5f/0x630 [ 306.531159][T21579] ? vsnprintf+0xe8f/0xed0 [ 306.535741][T21579] apply_workqueue_attrs+0x9e/0x100 [ 306.540943][T21579] alloc_workqueue+0x77d/0xaf0 [ 306.545782][T21579] ? bd_prepare_to_claim+0x1e5/0x270 [ 306.551084][T21579] loop_configure+0x54c/0xd10 [ 306.555748][T21579] ? mntput+0x45/0x70 [ 306.559804][T21579] lo_ioctl+0x558/0x1210 [ 306.564068][T21579] ? path_openat+0x18e4/0x1f20 [ 306.568878][T21579] ? putname+0xa5/0xc0 [ 306.572930][T21579] ? ___cache_free+0x3c/0x300 [ 306.577645][T21579] ? blkdev_common_ioctl+0x9c3/0x1040 [ 306.583006][T21579] ? selinux_file_ioctl+0x8e0/0x970 [ 306.588249][T21579] ? lo_release+0x120/0x120 [ 306.592808][T21579] blkdev_ioctl+0x1d0/0x3c0 [ 306.597310][T21579] block_ioctl+0x6d/0x80 [ 306.601541][T21579] ? blkdev_iopoll+0x70/0x70 [ 306.606209][T21579] __se_sys_ioctl+0xcb/0x140 [ 306.610779][T21579] __x64_sys_ioctl+0x3f/0x50 [ 306.615352][T21579] do_syscall_64+0x3d/0x90 [ 306.619799][T21579] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 306.625754][T21579] RIP: 0033:0x466397 [ 306.629636][T21579] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 306.649238][T21579] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 306.657634][T21579] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 306.665587][T21579] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 306.673539][T21579] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 306.681491][T21579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 306.689455][T21579] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:07 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:07 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:07 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x44001, 0x1e1) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:07 executing program 4: getpid() r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)=0x0) waitid(0x2, r1, 0x0, 0x8, 0x0) 04:32:07 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:08 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 04:32:08 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x1, r0, 0x0, 0x8, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) mmap(&(0x7f00003b9000/0x4000)=nil, 0x4000, 0x2000000, 0x4000010, r2, 0x8f3f9000) 04:32:08 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 04:32:08 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r4, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) sendmsg$netlink(r1, &(0x7f0000000080)={&(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfc, 0x400}, 0xc, &(0x7f0000000040)=[{&(0x7f0000000300)={0x8b0, 0x18, 0x100, 0x70bd2b, 0x25dfdbff, "", [@generic="0a1bd8eb9475b6cf1538915cf714b50d08b5eb8490bc3c594403b302a337e2bc8cf5da77dd3cee982e791f70d00e4d686e4c907091ff11dae5fd7993c025b5dbf4e71143d2f3ec4b5fc37ef6ff4650171f17eb1d8bc38b454e410c1e2e7d2f86a3b1d917a2f33fe3987ba1d7996c82e9bd21ccd21e40513f1ed8d5fc8a007e6145ad07c15e9081609261fc4591c73567b522ead29c5c74ef2cb96eb4343c9f6dbbdb834f192529454d9a56b56847660cdf2fe5b0493a69e8de29943684e35a1e5ea1b8cc00be6f16de7296de0077bc7a953933df13548c3e8aa24377b9cb9a371e52df147d01ce508f11555374b3659c5cfdfb1475", @typed={0x8, 0x72, 0x0, 0x0, @u32=0x4}, @typed={0x8, 0x81, 0x0, 0x0, @uid}, @nested={0x3bc, 0x1c, 0x0, 0x1, [@generic="815c93956eecf4f905b829f217b64a65e57144388db63505ed7abb231acbc3a4b44afdd50d0e6d3e134d9fd11022f715f10eeb93cb2dc35e3c88fdc553720103011f6341b7d5043401370900753a724a5f20eddf2273b37f1215b736a508e4b2b19b2f58a338ecafd95939fd363bfe0815197c6af09595248f550504d74c418be4de74996867450700c038483d1b6aa0e4509e79140036bbd8283f5d29e355edfe2665709875e3bdb9d7459e4172de0a725b43", @typed={0x4, 0x74}, @generic="ffe6559dbd419eb50b4b9648550ad098d7d035e193e27d3f508730c91debad81a71d934948e5539423755e84ec2655f1b4d07da3aee726e3ea910e941406e057a4f891df306ae4fbeaffacc2f9029cd77c8ae9bdd5346f3d64f9", @generic="4b2e3bb4b9b7e7fbc0da988e4caba2a23ba0f29e3f0ed942a9ece80d8b8aa8de00cb5d89bb72f296057b3ef792c03e78a8446ad7a76be3f495f54fb150874eb91c5842e3838e607e2683357876b1c37515551dccadd48e342de5487fd1fb0265db2d6e8c946adf6d241bc36acd4e6f23c2da748674852f47dbfa16330d94243437f5b6d7d0285b11fd7ef5b6732d506584496e716dbe38398a4c48333d9af4bcd6b73ad4ac8c177a", @generic="69cc2b435813a7bf0f3423f50a781d21052471bf8da3a5274e40189ced721162f099c29ab1fc1542b72c01ee67a6870c612333cd9acb98ecd0b4473a1d43215ac2fee69bd29ea823cf5ec42b174ebcc31067017a128814f22bf13d4e5932316a52d91e0586a40705cdc2ea19472a1f07fed2e8e0ef661cf5e6508f43561c69cd594a6815ab1a10", @generic="1b912e63e03ff179ee54d3e7943864dd6095d60b4c3fb597c1cc8646d28e48d1fd498399f147da2dc0af998223c35cdffa735f4550dc5d71dfe6953108f1cdc81d68a5c0971dc76cedb1b1db98dfa887ac8e30bc166c61932d820357aaa835eae6e092b60563a8670f5da909bc351e4ac7f73570c64a514957165fac6b4c5e6402911b5222f3124eaaa0dcc07bedc710f55c3e489487c2e9741039a2a3dce2266857fa16556650eebf280a4a71f8007104468ca8186516d47f7622d85ab3b1b2c768cab9db51299166cc8924f9a80a25fb816db504c70fa6b05785e320ecc361d2d030d77181f282a23bf13425af22610c33fe9abf437d5d56d407", @typed={0x8, 0xe, 0x0, 0x0, @fd=r2}, @generic="91b82915af47da4b", @generic="e747032b98f6cd6773df9c80bd2a24e31911f0620587fb1d337f6c2320b57c6c358936ea66fda853b6b37ed463f94d5fe139a74ac99f101f820de2fdf0948d74cc1b603c18419554601cdca3573ec0ec9da87a6462a7c78faf", @typed={0x14, 0x89, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x18}}]}, @nested={0x163, 0x3a, 0x0, 0x1, [@generic="9d8d4229a4657128c899020e9dba61247b008a3175c3d67fd5110a11ef8d82f598b3dfb5d3cc99366ed3e44192f5f23213ce0d9c74a623ea7290f5e393717ff58febcd8eaee774e8b9a3dfa8a3593cda0ff2c6690f734cef16c604d90759dfd97196e0b9bfd7a55e4adc", @generic="d6f62da93f634584a862a8d9e62c395dbadec083f0aa948d1930417242d1a1d8663f79b96e85272119493e9190ded7ac425497c8e61e5d6310f175db024762bf74f3327891e431f16d88675f7d703e066e1a7716f2210fe87cb4024b6deeece48831dca2d39699082f1ea85da3c40e9441a80ca62bca66486922468de124198d4f93e98a3de5fa3cef6bf72a5e02b47024c682daff9a952a004a22db9a98dd4763bafa4817e8e82dd6781dfb5d1df10defe50c1419fe95202aa1e572b1afae62713f5644cb89c66173980b7cdf220bde7df8807315a34955286994d0caf854fd98", @typed={0x14, 0x27, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, @nested={0xf0, 0x7, 0x0, 0x1, [@typed={0xe2, 0x30, 0x0, 0x0, @binary="90bfbefd749855c8dd59755d2f8c4df602b01e79918c36622f147d9cb2bac4798ff6db88486cfa2d5bd406a52cc946220e7b112321d9479896236e1a03ec80fac999ef29ac266f2cb16b394755dcafb734137330106c2aa0a0a6c9b292473968f3e21924a6fe2e90d6979287f9248138b825c21e968dcfed448656c6f90544ce09bbc973c0284cf8e44221aaa83365aebd84a7bb814a63343b20cc30bd988872d5d88615a853002ac22ad839d801752fcedc83b58f7e603de7ba5113f5ee275b0f4d15ef0c85341bcb1a9a7c95bf17241698b7d003e320abfd0aba5725a8"}, @typed={0x8, 0x8b, 0x0, 0x0, @u32=0x80000001}]}, @generic="82441f04be7632fbb3f64dbefe8201a32a7b4902a76263bad1c2d38d0a100cfcecc7cb0652131fbe76f73f09461f3a1ed618cd207c5b5e1eb56905ce4eb17c6d794beacda906d19f02e8eca804db991f3ef46e4a4e91cd57f1f6422f8df1aa178f594520738e396a95f59664daa4f943d0e1190b83341f9fa86d9b87aace2048d914292265d0d1c38d50eda83df3f1e0dfb962580d5bc4b9c23b335a58f119b9804ba19f1be63ad4c8359a9add9032e0e93e6b391eaa7d10a4b27a5aac415b30486a887cfde695b7d8db82ae80f5c7ca5f2d4733", @generic="77eff9d753d407c22386c244f97e4a2f3beb9873b66b980d20f520e555ef03f09f81924b1f5b98effd616586dbeee5975c27b3faef66b3a4ab7667b7d1b36cd9a33b093b1848c5e3753c36f72824b241e0b25135e93054653566809896ffa711b82a5b64d88ccaf59cd40d0948ef02a020781dfc57d95f5d41b66dfe", @generic="37d2540d06bad6db6cddfb6db78e1b136f5e16b0f4b6c7e2", @nested={0x20, 0x1b, 0x0, 0x1, [@typed={0x8, 0x8, 0x0, 0x0, @u32=0x400}, @typed={0x14, 0x23, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @local}}]}]}, 0x8b0}, {&(0x7f0000000bc0)={0x14f4, 0x37, 0x609, 0x70bd28, 0x25dfdbfe, "", [@generic="32c8dbf282a17f1f4ddc9af9193b4fe30b51b5f341387cdd8532b86c977b21ffa766a86cec2ce4f8edc09354f400cecd4941c251a3ed7776c57708a8f3735cc2b228399e5edd63146639aa698a6dc6f08b66c77aadbfdbc8e8f150f9479e7de0af8fd6b28de83cd757796a2239cc5000623f21d7be3e3b6ea8bb32cf149bb3b33d2853defcd25c4346074d861adc5a34e086d671bdc64114ebc9a2cc053cd87f9658446f5ff17fce4020e93dffc6d3dfa64f3c0b0889cc7ffb335abdb5472b2fdd40266ef926256663189b524595701275", @typed={0x8, 0x64, 0x0, 0x0, @u32=0x200}, @nested={0x180, 0x74, 0x0, 0x1, [@generic="dead246ada0686b53634637ea13f4f004b02b49fbe7432a1f8bcde8e4481f07824ab47f1fe57537242ac", @typed={0xc, 0x93, 0x0, 0x0, @u64=0x6}, @typed={0x8, 0x2f, 0x0, 0x0, @fd=r3}, @generic="5cf7ddf45387f339f10e82c0278d7fbc91233479e774639d33bb70d987288c9c3b1e79d1f9712c93f0d6e67a512e08d51d156c0716a356395a68407928bebca432bf859b80a1281329176bcfad43a387c6d6defc948150159b57a0f89ab15d182ba486e45f5eb6db53bff7bd2eaf9a5c568849ca54ac774634e12c51b4d45c3c9ee9e7bba7d8a5c9a70b5cf559fa3716297b68", @generic="e25f71208e63b62e3f525f57a25c2d6cee5389744a551327fc8412dff93c23e68dc37d78d8c2cac5e336d31e592864abe56d6f766cd8e46be9762859235395c62aa035e4cc1ee9ba82fd1540bf796af99bf938", @typed={0x4, 0x22}, @typed={0x43, 0x34, 0x0, 0x0, @binary="1212c67d218aeb060c2fb6257859ed9a9b82bcee53cf43070d42e06d54864fab7d66c636f4182866bcf662695a54796d258266d5a3aec9e19c399e4072e2f9"}, @typed={0x8, 0x41, 0x0, 0x0, @uid=0xee01}, @typed={0x8, 0x44, 0x0, 0x0, @uid=0xffffffffffffffff}]}, @nested={0x17e, 0x42, 0x0, 0x1, [@generic, @typed={0x4, 0x83}, @generic="e5c5bd74ebf6a33fe336a019205f97359bb04c6ef9184d876d0d0bccc7352558437a3778bff712fc36af2f253a627699e4e79bfb9fe56a4577675fdc990497229b1ffd8b5088ca10df8328fc0920601b2abe16ae423aa0be567952c00f81a5ae002c01ad714699cf0f6c53832d9f4864d63474bdfef4cfa01023ae417f5b4c5e0e0e53191367615479dbf617065ceda8923ee252f4e0ce44bb5de09de8e4757c3a05cce6d6b01950d0d674e79b6ea542ac0bc3d58b3783d4410cef22199dea4f789b617b1ab9a365a9", @generic="fbe6b880b36413f39c70c002faa01c83d0fe0275e68157d1301f3a2292f8d372c0c52703dc7eefb2d36d9c84506f64b4b51b611501d5f26984bd4eafd9edd309cd0f5e294f80455e9cff1fbbabb2e4e4bda7256e139745cebe0eb3a42865a7bd29df60c9df27d9952f9b4ad1f3f4dddec096b8ffe2ae3c4872e51a4b71c81b3338d6a3800956c6d6311a2fd66cd5dd22331f49db8345f56990", @typed={0x9, 0x32, 0x0, 0x0, @str='*()\\\x00'}, @typed={0x8, 0x5, 0x0, 0x0, @fd=r4}]}, @typed={0xc, 0x83, 0x0, 0x0, @u64=0xffffffff}, @generic="0654938a131383d62c24588d73c5c2c553c9550215bf2c949aaa27421f611e9f80895a5e6c41f75b3bef99db5b0ec87361bb178b3f31b70adac7063c47b0949153e22f01fd6dedde607697d5d3db5d10312aa3e477c0f0a2c065cf815c56629e2443224782d2ff71bfd5345ea988f71dfa76d7401b4af50c63eacb47fde8ad10512edaa73fd91754e23016f39e0b6bbb5ae8dcf674e6544d344a8fd0018f92b57a42a42989616e0fb7d5dc57f88852d9985044ceb83b3575aecfd88bf7568560e8e8e4499658436da57f6b071579f1e4abe42196cc36db2b6c00fe4659fbd823fd2e0c99b01389cc6c5eaba3246c9a898db2fea25afd5d947acd9bbc8a12a0e9784805db69a9647f09d80e3cd7f12d51be3bbb3aea20cf0d656c9d6a0e7c928dd6bda7b261fd513a5f81bba373167be71abeaeb3bd67753c689b3c875740a4ceeeb89809fb75d5ec77ce3090758a2bd189827f79007c299065a1477de5327eaf39f111f07b12f01b6ea492fbe392e11e43469106085cba901e15e2e2c81dba6f804dd9ecceb0944359337337bc2a33310b3abf366809d3cb98c9ac42943c968c0e11dace3db7f9e85a64dc57cdae9215134e686cf66d91ef066d85d6f59348d24d2014f4839812089f47c1696881ef210fd0ccdbca3ce83a79316d4e56445194dc63815b309dfb1dd5d1885554d6c160aba488c94829fcd319375b28d77b3a7636c4bb9fcc3c8f88501648feb85c07c0f66b5e421f4527298635ba1bca30a064f75b010bbaf2fa1b2fd20a4ef40a97ead30405a029a074de54dd6061bd00908c4f08de38449fefc12c890d1ac1cfe0ac1d11bc3a2b8b5945c583c4988ce9f632261c0d938d845256b4bd2eba42a8f8d2798ff426afa7a68bc595e6b15d023261a79da4fd4700b8f580b8f03ef191911c2b98d8191e85bb6f0a5f70bae850bc86143b3bbda456e83442309f801ef24cc8b7b1f5518e2d5aba4e2ae638ae304cb6583595ea3ff6de51c43bcc2e5eedb1424825612f3e78a575f36a8fbf521691414fe9780cb4e190cb6b8f240c59c200ab7db95af64284eb2f6865a289e4e78c3ca34fce122ab738b3a8f68e54b12a55d2c77b9373da02b23e5729a13f543dbdf0a8dab5f49a63b3cda8f23dd094bb154c4919f2ce42951e661c2e186349cc2d9518df9db5b4b26ce13d008085cd578a1e3f4daa3835a1336a8fc845982d61b958f422ec26e38f0b621ed4c09c8ab93ab46de157f7b35d91b8c252273c37d435ce902141552301e2060c81395ac7d9e94d1f56516164bc3d2090bc3f487e95607fd4c3a1d48ef471323e3af0e5441422460893b53c39cde64dd68aad84b29ca185bac8a270637e48c95ee125cacb8f4e90fce93c9d46f986fd66a61e944c195c329021122fe0d3bbfea966a24bea85489d7b0f1fe01688ad299417d1b848f04e0ebd578798ae3b6d459344bc6f3876fc9f8a0bbcc57fbca63f212dcc83e7f9fca2f2db6f160ced0a518519930ac0445eccc174b67f30839d2cfe16409314e650f1afcb75226c3db2f438a4836d3a0a2dd939a0a9e6dfb08586189829580108cec0e3faed7774c52a8480d7c7fdf43521afc453650c6c0bb99197d8f08acd2a1e32106eed11eaad78c18acca01c47cfbf08d395c26af598e036e36de2f65a58653955fd8e9501537d6aa99ed700185f427d9091fdcc60e83937b502d37cce3b464862152742c08c249b0a0544ef2caa6f1b14aeee51180a090e5e459283ccfdf0f62ea1e7839effee06b656e40f25dd3588ca683b31b59b42c55e19218a9ca70b5cd8b6ccc337febcf0593497efab94b905c0b3a915c509f6bc6f7a7d6ba0852d55d51ff5fbbb5e0d6b7bed5c2b70983c44c8530bad8eb163febb14d9e5215285aeb539806a61c14e08bc23229a561491cdab0ac1b7a7576d1b59da2e6754c646d02808b2d39d17642e7ca7ecda8256db953b776dc779260381ad22161c3bb225ca897a47006f1fd86183d5a98446e276684c023d30a6091495f0a32fe9e97564d7e7704b761d627a1d3764f3b04de577a4870036c33734bd0c32ef370462d1b8379f7db7e15c6b4a570c759f5d3609efb42ab90ddaa05245e6ed32417cc46279ff3c55041253fb101690979f5a5db64a104d7f034b40db1f7fc3f59f63a5855c094b6c3cca2526cd81004eff669fbeed14f08df306911d4b927a06b94a8c4c1a73cd63240d930ed2549d954548faef152a3e11bd3cf5425c74119981a844cdcbcc66da83ec814ab00c655e60c36b69ef00bed51a96f20febe3208edc6a8aa4234e2432a26ff3149c005f164a66de5165d0dbe5cd31904357855c492ad4d47ef8ce71aa8e7ab48478889b402cd760997ee63e3ff978830d4cd777c468bd6a97d42633c124a96e59fd4d3974106af4164e9e7890572a27a2e993b560bcf4b91ba55a9f7477aa8861b93ee4faed2c3a84807c8a048923ec15fde230fc006c87553bff2318cbf8881914d0b38e4e894b836a4c94fec0f9aa3332f384728efab3c2efa00ddb15049fbd45c91d9af6b7c2e802ed9a49399db25e5e8384d3cacda1e5074f2a17d0b392b5b95597bff5e6f5fb682f22bcb53c179d1d309a2f191146ebe644cc26955b3be44912cbf6a9a78679559535a20b3887c30f0e2686e8fc6a77c5c8b78a995195afff4417b87d87ff44aae401cd486878e9d00c7bdc81ebeb0ca63bf0d0e1898f9eaed272b8749b6d11c3c0227d581d2c1782349d74264d29e548341fbfaa5b39d21508fa9a5ebed2fc647f30f578cc00db74572868db65303be677a62a64f4428cd1653aa23a3f4a94b1e1d10d3bf1d18ce36660fa1728de5f4f0af6d205f942c47781b7d980474efebd8802604871019dae0473e37838ffaf5a52bde075dd5c245069577723dbe02a6776a0449e4d395dca78b9559f59887a1fa26a522a9608fcb66af9233000d69199320938f27005d79ca688d93bba486efaa48526ce083727b4adc83a8a76c891fc33c3cf71d5375b630c086a5a4f2ce383a002726c305f5545105d25ed87bb578bb656aa912b6fe041794bd0020ad41ab8784725dbdc774a3e6ea1c0257cda0136e54cad0dd6cbec12c06cf461b96938de2a9ba569d967dc24e892fd3792b719e6060a39569d6a24b53696d705e963f64b89b1d3646ce09ddcd46d73cebab6960bc15d745cf5389a112daf65760ebe4362228b5f87f07549147fa78cd277c25c468e4af04a88068e9bef452096ebde2225f0492609b7cbffebe878834d6c4e4d4dd2e3140b9d8045b706c9146cddf7858507ea18ee27aff29bae73a681d9de09f7aaa7f37516ab06dfe666fa8fb8561290bc4ad4307a8919a75035d763863db2bb8fa34620793b691b382056353d38b7320a0ed9d410927d2581a7ff211c372fd01de93b0f1e8fbdd9c9e327f28e6dc2a7b6ce275e23e12836d93841b7f7063c4ada34fc62f279947bd99dbad26c68c145030be10948ba14feddb7169be832becd13cca7def09d77eb4a6e7af9a2097de29d91a38beb4c6a69cdee145e052d0eda4d57fa3bdd55b1a958b1ef5ebac65cd1fc923efdec93e76d84e62400e3208204859fe47db308f87eb1f3cddafc5d0b90654df44c845b1c979689a4df69e842a156e6c2f209924056135054e97da735c5f4fd47094e2952abf2a90454b772a8665714260ac0b49359fba98acf5f382e13ee7cacedb8db238796bfe741deb7139a921c93463218381e1b33ad0f62369805796f19247c9e8cd373b044321568a02ed34ead270e6d5df6ded64659aa9757d23a7014d1181b4528d2ec1428c91f06f5b0eec09763fb7ecfbeb273fbff6601e1cf0002059a192e42441328309afe64f409d27cb740a41e2106471165c8cbb55fd08538d73d46e287486f5b02b5fa9533384822cffacb8de3b49ef01f331fe586227332d6b228931f4b18d66c39bcfd411eaaa015c9d8a5a8d97847dd691bfeaca02a08bde4902ce010ae2b5f911543119a9fa492b7a810522d6d8f8d435f33cc53294a2ed3a66f14c4861f0e9f14b3f722695a3c41e83b7f5a57201312fad5cbf2b79c17800ac81200877b0292bb7fbc5ddfc635f3477613cdb756d22000dc04e4b9264a12320320969f80195eb0846be88d7bb6a4c256939c871d222a9beda818eb3dd5d601090c6985571f37b38f01792ee52a7d1efa2c8ecd7ccd7edcb0c33f851f3b217da3ce049615fa39b221908516207c40043467639a49656952306f03e3a78d4abec99fc805692e9df79bd3490b955667fb1fab6b7062ea6f77a14c015fa646b02302671cf655e8256f69bfba1ed5245047a46cbd06eb43d4fb01004c00b3e8d0ded7835ff0132f0f28e911784708f95b5b7b774f8ba8cd690ef8e1a33e2a8fde2112de4042cc94bb513a80234d6428848450c7c5b3e5dad5fce6af89616646d02955bf657e58033394ff5a6ad634502078887a05cd62785f9d4ce40a522b4a900fdf0d9c7196c0ba63a233eaa7ac30dd52881771ea88fec1937579693097c9dff66d483ca1dcd494d30144bd3ff5fd89695a04b5f354b65865c67d7d261b9e05a0a691eb750f5a85927743e0d2cc51535a9bbe01b2a67831d1b79a009e3a9d1acdd7a718a7cc5fcd0a8003bdb00ab5fba7b4a8760e5e13c6f4c9d6435ddcad71ac23f29880992c0a766d523ac2f70a412ff2c11990f2554e265139c0bd23703d7e89e880e537864139ef0bd3c9b7f48defffddca7155dbfbc587b997b11f45403de2c4e7ab8d5dc7ff423029c60d245b6c05c77c3161ffb3a0d75cf45524175017a49be09c1f1f96d33d045a2977301f76d12f37ad5bc21f31419f84739418e04c599829302df38ea3aee783aee4e2f3a1610c7a2cffd91fee2ff65c35d580d74c674c9e90f92813748a98e2c36dd9b11b76c89f5cb4efce699ef4fb59567607527c5a8c31f5e772d722245c445b0ee67cb3744842482f5b61975bfd071dde83577a325d82cb0428b53da0287b54df5f7060742f35c9f7fabbb399effa86e0b604b41d2ecd2e96c655f54305298859cc6cd8b1c0144d1808bb3aacd759fd1987e4fdf7572f8a2b086fb7d650e13a647572e6ed82c94ba1d871a8f3ee7b5701b3578ec8e333a0f3d39798d1c52d0886415fe94e344995fdd5694b4490d00cbe475ed321bdd219866f1d60927bca79745ef58461a1ccdff41a98d48a040e12470ff6f9311f4adc6bea0943bae68d6def735cc4a923d1fe970286845226ae3ec203067fa24e47c0ba2a596f5244c15d590427142d00836acf24f92414fa49093d0207dadb46f860e783cdc309cb2fa976ee90cc8128eea95584bfbc2c77888feb1ec58a50e6de020392fe948102a937fa310c6eeb1de6808c979e2ea6d0c04534d6ccb99c150b095ecafcff70d8e5f70f4a10096911838487fc8dd3736921c78efa73fdc427cf6fd2aa7ffe1b7fa3ab517323a3ffa9fda7bbfdbf0ab8748a7e54314c1afe954f2919ab587465a4f93053a9670004d7424766e79d6edc2ea2db7a32645281cecd75a07442bb850688da4eee3a1fedb2af2767adc057214f9f3ab7f3e8dd0446d852212d0aa3a854bc02a0360ed3c4a27526d83072c3da6b05d3ad2d5620ab54b12fc69645b7ae1834d39a2f09cdfcd3b046745b01b663a768d8ae71a8c3f4ca1fa301a262fd7e3e717928b3d3361188a2ba8019c56d487c5f488ac34829f6b256e237f833a640da5b6a828c7fd2057ce5b822f1c1f4f1b7d82a0e4799590c7c160e9401223610693d99f64f4c9459f8cafad8c768f0fbc9", @generic="62c66b959b076af75f1eb130b7c430ae0baee746066ffeca3442dbfb229c812fa8ee5500817502cf713a603334c969ddc591c149335f4723d45ff164602ad9e7585d852ed205d90dbcdce07305b7fba7e60b1512951ce57e5baeee92df03a16233eb31771c3cdb2fd76597a7028903af2ad9d560ce92792a92d5fd9223acbdb6f7c5d7b7f84368f96fc9438908738b140d16a554f4eaae042fe189477e25f31af8022a8bceec36b591bc94312d21dd37a4f50a65c0aa13bd9977ec028c51b9881fac05565c650da5895c7f53d5e94fbce688f14cc7b0ede5be7c85cdee191e6e890c21214c3da0e27c601339b215322e365bc65990e7e6328d25373059737b"]}, 0x14f4}, {&(0x7f00000020c0)={0x12c4, 0x3a, 0x20, 0x70bd25, 0x25dfdbfd, "", [@generic="ffce24097290c8c9c4dea55997b33c17d972e602029a6ea0e130f479fd40aa7e2ed7553cbd111fd3cfca49583a24f861c797b1568dd69a90504995cd45f61ae4d03de104ee90fe5ac96d358b541485d6eadb74c4f8d8efe21d0b3181de35fc44d76ab0f7ab2583073ba18c54ff671df8caaefa3fa95096dda5722be3eebe785f9773226a8b2347ea678fcf5873e15517efdc3bf653e476e9dde3d068d8d01f81fa513e13cb41c73d1f41bf8ff1f097f271a7cc833d3e184d37eb59a8977d13073346fef776832a752a9e01c1b34e775608f4d192b1fce432c4baa28bc4a3d7f950917933e889948ba475a2d39c2e6f353bb07e0cd9ca4313d3ee1c74fe6a92b925fae9667d55215d5c258422ca3dce469a7bb3dd2b6451bdba7bb6cf68de4c95235689f49603bca4b04a6e8d704c8c3fd726a15014847910cf99f9a4579cea63f6639e1b4dedf44cc0080ec57b50a4022ad7ace0cf23d2d956eb0ab7bbfd03dbd76b5076946a13501651d59b5fa3c6be8e0ac9f71b7f84756b9bcc663b58c4a2269cb4d34c662d7751aa29268ad4ca8e722d8f07e9e6d1357c479271baa7cc878e0c1916262b490e90e06dd41803a9f5e2c9e3b83e5e17c5d042ed7d45e9b56eaa69eb357cad075cd63f5fe4bca493b85c2831adfba565b3bda9c3f4dcab50a2e1d6e1084843b87863f2dc7fc26899e25e113b8df08200818e31c65b5cbbdb758c98168cb16226c367a8d86b30e5f28406edabd74b3bd2a62a4b3ea3915349ef67e6b854bfa7c565f66d90e8fe9e3a12efb43d70272329f3d50abde9296e76b41b297f53cebb0febccfa0ca0eee8cb33f77aa8fb0904093f74784fbf13efe6a4d04fe01f7098ec96b7fb45a16af714dc4ebd6e5211020af4800acbd2dc0922f595e34787083b535440b5f3068a34b98b39d7f341a9e7f77dc1e6786f1da5b99acb54327e97e7419ba3b2d2e786407db76203d012ee160d661ac2614c091547806092c08eddc26552665c96ede463e17f1ca4a89486138aadce01224da335042b2b7e92bcd04290cd428c0137d532c3407f1dcd34ecbf2c955c345ab44fe2ea94339c2407ceb8c020c24dc1b74bf3ae4c1d581b53cacab05eaec0516fe843ec25cb04e4225a75b1fd452c0df2f108a951e438796a50a4da892099f8558cd6978aa468e726f9bbafce6977de591899a3b2659935581d12cee2d9e86e0b0a81a1f12de1e026512b616665f89b19fce235801f842c0c83c256a7116ecbad7fb68d3832d7b20456cda6bb3eef973b1f6849fa1b37335c0b824b22ed3a594ba37598b0eed8f3412f9e33b785d0acf3bfc2a8e371783401a169c19787ae6a8de4891b5422b37a647d016623b8ef5ec0f0d0d3d58a2a8adb0d6237d1ee32c2d245a806071cd078f5fbb38bdc58f828ad216dc47658bb857ca3a2780c14d5febcdea2b9524c9933f36035cdbd76ca0872b8f8d8cc5d16546265e57d9062b0ca07a1016258b6088e9801d226869d0da40e137cfc484dfcb1dfc8c0286ea60820ea9e41ab8b28c541c1ad081d3d7bfc18babd26b8f69cdff6d8a8fa3c3dff2fd33a15f40e2f4a7b25e7bb44d5358bb2549ff0fc05a7ded9b82b6224d18cb2a39c2c6d45d29d67d8d9ecb448274d14a256c94bbac97cec7048d9287fc17cc6fcd9c0aa961d64239b8a02171b6d181dfada48336fa88f2a97d4fc4639dda730d58fc0e3a66679335297a59a8e007992cc4fd585f866691291068b6687f5e72d83c13ac912c569b9d2b1931660b77886e2394d06ff343fdf101221dcf2304cc3d0674553db088fcb8a391d64e43d1cbfe7bc84fc5c591c561cab21096d9ce780d7161187ff79385f1ea43224ca38e4edf89daf6a82807ffd5f9c14ac8c7ff588c05a484317a728c6e0b88122588d6bfba840f61c61822aa8f5fa2d81da9e7971d5b1679da7baec92c0e6c491691aff8bc1e71e2ec3412b8866cff0b16ca284f5dc213de3dd21d1acc2fb13a1132116b8bf958d351796b7d5e14329908ed248e60cf7e3a0e2446ee5d4964195d74e2af4a456f15a4d4883fd58f4a815e5fd47018c05e4c9d560d6710bbd2627a79f43a0ccef8ba2192786fd605e1a67f03511e85e79cf8b12309941c5955c590d4334d6c5bfe1a3130ce1a0ed2ebd156283a4b2df2dddc29eaf2318d25142bf10aab61c6fc42708fbbf7a08ff8cdb87267bc4ca2975a10d18b17cd0d18128236f9154d6de9707e25ad50462e9f9b2955c9c2717b0cae357708a9d50755498c73768d7edb06d7cb5078e00e34c5d5b239b65a240f9641f98d6b4cec3dce95a624e9715447a48696075731702e7234baa0ffa7caf55c8881f911cf73317ffd0c2d7f340929aea35badf256fcd5da2c3d4c981c81fd9aa33cee0a2be7d16a2f032adcb4d44fec7b40959d9e14ddbac3f3cd2144d5ac7df6be6687d93ff233fb0edeb1a89fa562bf6e0cf7d3eaf2a371f4af93452e63cf85cd074b68e5fd64c12638f3d49b43f27c489558e1d09899fbedc1b890930af866977c177307d2aef45d8837ba19f8c28614c6b2ddabaedcf977b9db8da8cac2fa7cd6e74f2cc9fa4266987a00e901afefa997481c40dd65ce7b01957bed898196119a7c48ed6147c10134cd5220950fdd0e28cb06aad6297318bf8842ba755f6c057be97598a1c6ac13f61b82489fd7e617bf2f20beb6efef3c8ff3618ec5b8bcf68d9add335a7194816e3f3e7754d05330ba0101956d02bab5d42cc7b00ece22e4c6107ec4f86dfc41c62357c7060cfc695500a4bb4774424cbd1273d23f566645cc4456ba234a03da956d1a00f41e60e2e279306facf13f11c906f10651b930fd302a02900ab3ed8336b10ed127cca2e73672b8c6fa200dda135d72456ac22c8a7cec374f1a0cb35952a457dae87a1e0b7c044758871d3042ad6cb7d2da471f137ad419fe57813f73f1be059a67b37d1c0f4f572532bba0c179e99886c0ae98a0cca0dc38aa332b6f4f34d2d84977abd742689647b04d1927396f18702362ec06f92afc93dffa5574235afa19a6c7dffbc16389f5917f7f1e7bb26834efe9e8b792d6fc3dc6c97216259530df684626e2a3edd10bc2f5aafa5b30a0a9840305ca3963e608fab68f3e3c51aba2c6e699836db61eb39ade1036081047576d47f689d4a1fce289dd2a77362e66bb76c5fc6d9d0db4853c5804b4ca3d380f5d8ca059f4b1fc61df9a0d6c90fd001aa50504eeff8726e87a36f12a2b53330c6bcb0990e1626a8a21293328b6d831b221d602c2180af11509ee00707aa78a0458ef2874834544498c822c0ef455fc5d3599a52c0b4ebf1c91c985df1746dc7969fd70745778354499f3e1d9b55e84ec794ce72e09be8164c29610ed17efd7edd0a00f17eec57068f6b49a915ee3790142a987a2b9d6c69b60c9720f4fa103b4dc9144a6e3109053ffe3e617987c9b69d4cf93800fbf17c993854483aba182ba610e57c15efccb32539406dfb7ad6135b951113e95400ecc326ddf4ec68f1c20f232ec156cd34ec07a36e216418a68e72f435fb5b90550b3d26909ba6a97ad2c7433cc89f87a311f06d0e972e408a49cefa0bd6a6b064759749a5fd19968bd1ee8d7e9daff6e5c2f466688b74d731a390968346ea1962da20e7365e04b3aaa6118982bdf067ec5146f0dc895ed84a87e12b9c21afdc3b4e13acba3f505f55c4e167686d5461deec9d07f4cbc902617f4460ce4b6e7103f3f6497ddf5273793ffae95c7640a410d9b7175ef63816fcab057feab7b2c361e077636f747fe06b6534851ccf286d3c51e1ca04d73bd553b7b6849bd53f63a45c31f90a5500121035c186d705020dbe7b20cbee483b88e89cc320ce5aa39f5348b7f6cbb304ec01d94a895680a5981e3dec687d1f2a9b098c2e8c22ebd88f6d8d03ff9456dc8b9bf48d1080af28ca533177d447f3f4f9b7715629b267067d985f414b1cb34a394b228aff57af6ce510f321003d88c23350b73f5825b47811e11f6fd66ac80c794da87810ff209109e78a78f38ea9c1ea1f6212704f5c8dcbb04016c63c292c3259405fac313c6ccea35947b383834f2161001432b55766c6cf65900c1a9780fd32273cf5f9dc619419a605897c084cd58e9c5d5b157ef7efb66077971f66a1b0b64139f80733ec0607faa89a235fb9dea63fbecfd7dd84145f066d7928f54ba89de9578e8ce14cc3b7edfc6f17a6abe861d7c98ff9b8a1eb230ba581dac0c73806c5a7c3124c46faa5e3b301a0e1a23c7c1603e304811d1101d44a838872193ad6575642d7901de195ad8b41600edea6413941864880aa1947ec6acb1c82ae0d255d823ca5c856d331be9981b9182d214ca6b89c1240046dd1d419fef429f0b4f560da6e197c82adfee9c2ddf7cfe1b307bf9cae0b5ab1e61424b0098e34533cbde6a64f38efe430dda0ad255e6b69b77c273b6a83d8ecd1443aa3ecb09c1adaf24f8d92d0654e4c88c3ccf8978e6eb2a1c3bdbf3ce3f6c36f3a8d3ce880bcf77ca025df1805e6e440fc5153207e3eec38986dd61ab60f28541ba763d974bf0fa387a6273c2c3e6200fc0d6245f1f7ac28e24925d9fb524fb6ae37794f691925285bc02606395cb1c4da23047812d6c3e40c45917bc410a8da1d46237520c20ea2b19b20b22cef5a63e39f4e5bc4486df28ddcf11717f4c13ec6a696976021eedb02bf198b4b8d689567b85914580a96aae97e50964867aa1be8b56435bd052ffa97300e1cb8d922abbd3c971d1ec5fa4023edfd59f10cef3b01e95733d45a7da795d01c5d332404188cf9f8fd832e0aae140f58b63f6c7d901eeccad8a9a4b4da0627931af0bdfdc4653ae07573cf6a9231a8b3474976306bf79936c1a408bb5a19d3bce0cdedde4ee82d1be6a96bdb5a8f11753ca5d1962457c38d7c4db0982c97459e128785b2819cce2ae728952010b8ba5b7fa3f30ec7910827f9c5ef2ad464d743023b906cf5bc38b4829b3fa8c285b6d6a4fe2912113c72426a1ac38d051e044dc568ca18a383b76a832fff684d608073fd36404f60d15dc744a66de556491c68d264dbabaf3a35bd3c434982c5a492b8d12d37b0743ae99219dc91105b51ad909ddd420c8dcfea5545d7fa8245fd7a34903acadbf6f541c50937599c519666c58d76d3a19cc7434965117a9cb6e81b199c074d6cf08358167aab9054683050b4210c129d3b29a0a5e206caf05b93a23ad41e5d8ed1de632f0a6527c5cb6d9fc12fc9f6741a2ed59105a257107bf6c7df1791b40103fff1bc503ae528c100de496420d6af37d17c21f8e6052cc06802c877ff58c9ed24897fc7010287709d4b8ac0cdf07bd29389a0b6687890ee92241326f9fe00a783f920353f92bc49e765cfdc8be26a0f629093c0a806fb2672f41e04d5901f334ae690de423ea2f0f388bd9f3c99414b6e34a2b93c5395c7a06ef56425b3915ae7b48427566871dd86cb99f22ddefb8b973f61a4f09f751da1e32954ad851d29d4f2607607e59c33e11e2c6180942dbe96449c8952a44b2a2d887edd82381167435ddbaa8600559f7602a7652a70e3d4a9dc6d6e84413b3de681e7fd88b62d86f08ed563e736c4888ba1bff2ad40094c0e76814dd05f67e9b96af9b33bb9317603850965601ffea54c1325123c95cc8efcf7ef407f45933dd1599489d19e66cd239b55cb9c9adf33e7fb1db934fc1d2f2705fff2976c95b9185192d337fe5b736bca4a44bf24d2aac14f04e113d74de8d59edfcaa01aed4b5a5ca275ae2106c1d2f00de0714133936c1107a6898712bc02", @generic="73634f5baa4f0761924a60d254952d68a86727fa9fe47130f491a94e939b372067ff2af7945c70971b40ef38fddaa97c687ea59321eea8911fc629a0e03e768f757033fdb4541b63a1cff5ff1c5d8943f637fa9546965ae2b82ee74c9d019a1ef409c5fa312fd3d49cdbe41ebd3bf649ff959d8ceb771ec4409444fc7146d3ac5d697cc202c032f9bd8837ff8dd380b8a76cb1fe4f7ef87087dc56f9ba4deb1be0fcd6e7c166b02d60a88650e613719ad1d3adc48e867aa09b", @nested={0x10, 0x1d, 0x0, 0x1, [@typed={0x8, 0x2b, 0x0, 0x0, @uid}, @typed={0x4, 0x2c}]}, @generic="66959515da4cd991ef1ab0c9dced2aa4c1c34b5d59d83ef4e9f3e59d019b96358806fe53753746813ccebcfbd4eca63410d5510e1cf45cf44c96e03855ba1eb30a6a2ff5392c47b3d076b32348125d6339fb79864f52c8909a528264a5178740f27d223ef97387711cb9ce1861278572f458fce31a6333be17c5968cff9b043cfa80954a88ce012129f18766e64bc6cb2100b298667c5d1fe0e6e875b23e6f14cb", @typed={0x14, 0x32, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @typed={0x8, 0x2b, 0x0, 0x0, @uid=0xee00}, @generic="4ce968ccda9d437c2f2c5382f6dc0c11944575830357c8f6ca1e432c66925915821494147d7c200fdc7214a4e1c58045f06c528ebc15fb221c0f5263300c9a74ecdd97b3a22b62a3d743c8d26e5f4306ad47be2d9361b22b7d7494bf858ec5d0e897b3eebd031b829c3d4573d43a51b4ed3e380747d3ad8288bea6380bbab3e3170922941e417ddd0ecb277e7191a06fa26fffd8e71d80472142d6", @generic="b5f811298fe67c0534fbfce9552b901c1d730b768cd387a25db66ef96127bf2cbe869f7f756def123f991b6a394290f0b15d7ba836623d41a2d16456069b48658d08d42d18a5ea9273fd9f576561314cc5f852b2fc93c38183ea632bcc6d540a5788dd74e0b014a890e5e19bf1b4eb7be031cd7bbd3d69b582613a6b239c818c7998fc0b643ac3979bc56711f2ef89d00f1c18"]}, 0x12c4}], 0x3, 0x0, 0x0, 0x4080}, 0x24004081) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:08 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:08 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 04:32:08 executing program 2 (fault-call:0 fault-nth:15): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 307.295318][T21624] FAULT_INJECTION: forcing a failure. [ 307.295318][T21624] name failslab, interval 1, probability 0, space 0, times 0 [ 307.307992][T21624] CPU: 0 PID: 21624 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 307.316858][T21624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.326920][T21624] Call Trace: [ 307.330198][T21624] dump_stack_lvl+0xb7/0x103 [ 307.334792][T21624] dump_stack+0x11/0x1a [ 307.338948][T21624] should_fail+0x23c/0x250 [ 307.343366][T21624] __should_failslab+0x81/0x90 [ 307.348134][T21624] ? apply_wqattrs_prepare+0xbe/0x630 [ 307.353608][T21624] should_failslab+0x5/0x20 [ 307.358118][T21624] kmem_cache_alloc_trace+0x49/0x310 [ 307.363438][T21624] ? apply_wqattrs_prepare+0x5f/0x630 [ 307.368824][T21624] apply_wqattrs_prepare+0xbe/0x630 [ 307.374025][T21624] ? vsnprintf+0xe8f/0xed0 [ 307.378422][T21624] apply_workqueue_attrs+0x9e/0x100 [ 307.383605][T21624] alloc_workqueue+0x77d/0xaf0 [ 307.388355][T21624] ? bd_prepare_to_claim+0x1e5/0x270 [ 307.393825][T21624] loop_configure+0x54c/0xd10 [ 307.398491][T21624] ? mntput+0x45/0x70 [ 307.402537][T21624] lo_ioctl+0x558/0x1210 [ 307.406917][T21624] ? path_openat+0x18e4/0x1f20 [ 307.411668][T21624] ? putname+0xa5/0xc0 [ 307.415738][T21624] ? ___cache_free+0x3c/0x300 [ 307.420422][T21624] ? blkdev_common_ioctl+0x9c3/0x1040 [ 307.425780][T21624] ? selinux_file_ioctl+0x8e0/0x970 [ 307.431008][T21624] ? lo_release+0x120/0x120 [ 307.435502][T21624] blkdev_ioctl+0x1d0/0x3c0 [ 307.439990][T21624] block_ioctl+0x6d/0x80 [ 307.444295][T21624] ? blkdev_iopoll+0x70/0x70 [ 307.448882][T21624] __se_sys_ioctl+0xcb/0x140 [ 307.453468][T21624] __x64_sys_ioctl+0x3f/0x50 [ 307.458041][T21624] do_syscall_64+0x3d/0x90 [ 307.462442][T21624] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 307.468323][T21624] RIP: 0033:0x466397 [ 307.472206][T21624] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 307.491848][T21624] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 307.500310][T21624] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 307.508265][T21624] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 307.516223][T21624] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 307.524177][T21624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 307.532202][T21624] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:08 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:08 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:08 executing program 4: r0 = getpid() sched_setaffinity(r0, 0x8, &(0x7f0000000100)=0x7) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3800003, 0x30, r2, 0xffffd000) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000000)) vmsplice(r2, &(0x7f00000005c0)=[{&(0x7f0000000140)="d8f3419f751edc582c96b4946320429cebe4ca953d065229d483c86b8a37bfa3a9edf587d6eea2d9d5249d7301fbf08354890aa450d4bf228f96cb60874593bceb1c0d29f536c13aab5867b4211bc6caa27ab86ec4ba95a307c2cb0dfac537739959c7f43a5216e84d3a668ccd04859d8e1e1df9b3299b5ccd2787ed52c3050f2689fb8f9b9fba6744fab63aaf19b677fe2f96bc19b6dd3f419426139e0dbbea1ae2aaab565d78ca74aec58f39f642bb91fd664915a66c038682d6a1abd3f2c7217218", 0xc3}, {&(0x7f0000000340)="d5a973c549d4b7ded43690ac4f9ffe69ee374d6143fccd354708a3b98af7ec4a327c9bc9252fd5bbb259aaa2d5245baadc1eeae96aa4f43056d1f00c649ce70c707db236f4591e685f6ebff797044185abde21d8883ecdc9fe03abe2bf3621444018cd61b6ccf2910c04429092f66a4e0d17f75f6aabf4b9862fa83ec74fb7d5715e4cabe993618842fa52ef18bd448b28575de1e61943e20bf80ac720853f0b6fe4dfcfc5c55f81f7f7dea7c1d5a9dc61e8730ca3f4af476c9bc669f45234dc08d93470420f5c786ebba962d846e8cc25a7b6ae46b25ddcc80b60fdc3839006e50b0eb691", 0xe5}, {&(0x7f0000000440)="d37e3ef1adb57e2049e9b0586c59ff35d1710cca0f74399d0ff81f8ab880a4dd42cf221035a293e1310c89c3f6ae8113f9cc74f39b3c7fd78c4ac03ddaf70bbbc1740bb9b4820613dffda975b74c14711984a128fd0a500311e43fec7d6ff9b9c4995fc3a8be469ecaaf877c2103f2b00af77228ca8e77025e0fa09a51ae6c0918dbc0730ba45d065754444b671999d99b9160eb5aa40ecfb6c6cd20093c8b5b6d924605d425f9c9a2dae17f09453b1e4c1a", 0xb2}, {&(0x7f0000000500)="8edb21e455ee11764a3a867ef6ddd45d5d8c92344367a83a50fd1e25a0e5d42e98c34bb5370d117fa5f0a0cac024d00e4527f4ff976fffd0ca55f0355ad8b78ccd7ca906d1001d6367ce24a76b85196c883e26a9eccddac48ca854266dd805e6e8089408972417e5395e84d2608f2ac3c29dd5f9dd1fa7780a43aaed69591e9fd1414d4876073ffda5c8388af8fb", 0x8e}], 0x4, 0xc) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0}, &(0x7f00000000c0)=0x5) setuid(r4) rmdir(&(0x7f0000000380)='./file0/file0\x00') waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:08 executing program 2 (fault-call:0 fault-nth:16): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 307.706120][T21643] FAULT_INJECTION: forcing a failure. [ 307.706120][T21643] name failslab, interval 1, probability 0, space 0, times 0 [ 307.718992][T21643] CPU: 0 PID: 21643 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 307.727830][T21643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.737937][T21643] Call Trace: [ 307.741286][T21643] dump_stack_lvl+0xb7/0x103 [ 307.745966][T21643] dump_stack+0x11/0x1a [ 307.750139][T21643] should_fail+0x23c/0x250 [ 307.754608][T21643] __should_failslab+0x81/0x90 [ 307.759369][T21643] should_failslab+0x5/0x20 [ 307.763945][T21643] kmem_cache_alloc_node+0x58/0x2b0 [ 307.769179][T21643] ? alloc_unbound_pwq+0x3e6/0x770 [ 307.774296][T21643] alloc_unbound_pwq+0x3e6/0x770 [ 307.779240][T21643] apply_wqattrs_prepare+0x1ed/0x630 [ 307.784653][T21643] ? vsnprintf+0xe8f/0xed0 [ 307.789201][T21643] apply_workqueue_attrs+0x9e/0x100 [ 307.794398][T21643] alloc_workqueue+0x77d/0xaf0 [ 307.799165][T21643] ? bd_prepare_to_claim+0x1e5/0x270 [ 307.805049][T21643] loop_configure+0x54c/0xd10 [ 307.809729][T21643] ? mntput+0x45/0x70 [ 307.813703][T21643] lo_ioctl+0x558/0x1210 [ 307.817930][T21643] ? path_openat+0x18e4/0x1f20 [ 307.822687][T21643] ? putname+0xa5/0xc0 [ 307.826771][T21643] ? ___cache_free+0x3c/0x300 [ 307.831487][T21643] ? blkdev_common_ioctl+0x9c3/0x1040 [ 307.837120][T21643] ? selinux_file_ioctl+0x8e0/0x970 [ 307.842305][T21643] ? lo_release+0x120/0x120 [ 307.846863][T21643] blkdev_ioctl+0x1d0/0x3c0 [ 307.851354][T21643] block_ioctl+0x6d/0x80 [ 307.855756][T21643] ? blkdev_iopoll+0x70/0x70 [ 307.860418][T21643] __se_sys_ioctl+0xcb/0x140 [ 307.864989][T21643] __x64_sys_ioctl+0x3f/0x50 [ 307.869590][T21643] do_syscall_64+0x3d/0x90 [ 307.873993][T21643] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 307.879912][T21643] RIP: 0033:0x466397 [ 307.883791][T21643] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 04:32:09 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$netlink(0x10, 0x3, 0xa) sendmsg$GTP_CMD_DELPDP(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x54, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, [@GTPA_O_TEI={0x8, 0x9, 0x1}, @GTPA_PEER_ADDRESS={0x8, 0x4, @remote}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_MS_ADDRESS={0x8, 0x5, @remote}, @GTPA_O_TEI={0x8, 0x9, 0x4}, @GTPA_LINK={0x8}, @GTPA_VERSION={0x8}, @GTPA_FLOW={0x6, 0x6, 0x2}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4044014) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) r4 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_buf(r4, 0x107, 0xf, &(0x7f00000000c0)="a2e619f9", 0x4) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) bind$packet(r4, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @dev}, 0x14) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8936, &(0x7f0000000140)={@rand_addr=' \x01\x00', 0x11, r5}) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 307.904174][T21643] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 307.912588][T21643] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 307.920849][T21643] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 307.928807][T21643] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 307.936782][T21643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 307.944738][T21643] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:09 executing program 2 (fault-call:0 fault-nth:17): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 308.034524][T21658] FAULT_INJECTION: forcing a failure. [ 308.034524][T21658] name failslab, interval 1, probability 0, space 0, times 0 [ 308.047351][T21658] CPU: 1 PID: 21658 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 308.056146][T21658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.066278][T21658] Call Trace: [ 308.069551][T21658] dump_stack_lvl+0xb7/0x103 [ 308.074140][T21658] dump_stack+0x11/0x1a [ 308.078356][T21658] should_fail+0x23c/0x250 04:32:09 executing program 4: ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, &(0x7f0000000040)) r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 308.082821][T21658] ? __kernfs_new_node+0x6a/0x330 [ 308.087880][T21658] __should_failslab+0x81/0x90 [ 308.092637][T21658] should_failslab+0x5/0x20 [ 308.097174][T21658] kmem_cache_alloc+0x46/0x2e0 [ 308.101964][T21658] __kernfs_new_node+0x6a/0x330 [ 308.106897][T21658] ? _raw_spin_lock_irqsave+0x25/0x80 [ 308.112277][T21658] ? _raw_spin_unlock_irqrestore+0x27/0x40 [ 308.118188][T21658] ? pwq_adjust_max_active+0x491/0x4b0 [ 308.123674][T21658] kernfs_create_dir_ns+0x5e/0x140 [ 308.128872][T21658] internal_create_group+0x138/0x850 [ 308.134171][T21658] ? bd_prepare_to_claim+0x1e5/0x270 [ 308.139516][T21658] sysfs_create_group+0x1b/0x20 [ 308.144363][T21658] loop_configure+0xa77/0xd10 [ 308.149047][T21658] lo_ioctl+0x558/0x1210 [ 308.153296][T21658] ? path_openat+0x18e4/0x1f20 [ 308.158060][T21658] ? putname+0xa5/0xc0 [ 308.162128][T21658] ? ___cache_free+0x3c/0x300 [ 308.166818][T21658] ? blkdev_common_ioctl+0x9c3/0x1040 [ 308.172232][T21658] ? selinux_file_ioctl+0x8e0/0x970 [ 308.177445][T21658] ? lo_release+0x120/0x120 04:32:09 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) ioctl$SNAPSHOT_S2RAM(r1, 0x330b) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE(r2, 0x5000940e, &(0x7f0000000300)={{r1}, "4a0afdd5a43182d55b18288062ea9aa7a5a6d2e490194494b570a2241658189db2e6fc25c25ef9b4db5dae528e02f63f3fa5311c13e9f2edb4b47dbedee0227268510ce82bbe36373e3afa6d1bc1f45cd71f0c2937b9b0ed6c5ed33a7998e7a132ccdb80c640f81939cf62aebca3e3b833c31fbe22398ac2ebec0b8b7ed97b0128babd5573ca3508fcf77406818bb85e3d2f6b49518199b1706552131aba34ee09b18c25a93f13fbf4a517b6bf23de3c6cb3b06a25b15ab18361345d6227767f100893c3a635704a1939dde1178bc3a324447541e3c2a758853eecf214c077c07470b9005ef88d72c0accc971d5e666b682a7031c46f048a2d37f17e76a1355de1f39fa9f1f35ba7ae0caca8e12e62d0769e9875e59925752bf77092d7a03f86e2c9a1e6daa29a2708422a97140098df6fb450b78777f324ffd80395d010c2a599282831afa333853c99be845cc654e6b77a05983640115208dd000f6b53353d3dfeb03dd2b0976d7d7c976207889c178b5dca62b6200845049eaaeb18b6bf219ecf6ff0e1a68fd87177369ae831747768f44479748587b1596ada0d2180518417d7b91e77cb83b4b35b2259384cecd54c715345b65805d0f26d2b612b592bf39c3cdeff2d35cbf3d0257fb5cf91e36c866664fa1db7f3ab10e6c55bb66019519668b5bdc8bf4e7ebe6d529218c9fe96406435cd898f896102ba0f37d9c154c914f8a13dd487f9a1f7dda84350dbdc9e22901b215653cd2320f0d916048f17aabe2783a08a366a92ddb13ac1ba853f85eedd0a13743a207a5508353b8196b4281fba7dff153f912008d5aa185d602074255d51e5563755416e6d4269269da39ef1b44faac9b9156d6b305d62f905fbdbe410e2405617454dde20a1aebb20254ffe87828cc0b0d4e3a3b3f038ee0ff6ffc7d0eb82dad494438dee36157b0aa3dcc974dc7037aabdc6ec54d8f5cf15dd29a32401f0d828b8f01286959cf220ed1ea127f21a86ae713e9f541be7050f125fb7bcfb0138b8f8b6e0dcb1fe8f4b920c2644bcd8c453c0efa384ec47e76fbf578101b2063e6171bfe311816c4d4db70748cd89de0c9d8b7e071970ce5bb7fdc07dc563c6ee2f387c022b3b0a6bc75beca6b554c257c79ee75cfed1f0a1c7333bef34696762328fefd1caa34e813145b4f5a8dd690b02ade02622a05399e7021c528feb426f1ac9bf58fa5321b992bd0168c50643d9b1de034d1a152498886e1a3d89293543ee2f4064dbc33503398bdea586f7bde2f03e4e9009b8b6ae53ff95044e3e0904b4d4d3bca648c149b0b48f28f0029b260d59d0dd4b7392dbd0f15b56ce0d13b048fdc5a3ec63434804531b275361d4a17096366daae89d258f37787b6b8aa93a8ef476dd4940339ec430b12e26addda7c891692e1677992f03c2fb016bbd305e4c041a5a7d920ec738f3d62e3a2029d1c216241a066ab9b9392203799b124037126d7deb327a9c2886ab9afc5cc491fcba2309a182e00a9b4e33e1530baf717a4a73aecd225a8851bb19c9a4a5f23127b1b04d5d235cbc1780c886182a7667f89564af9a355a7914edb11715f4cdc0c968bcc09d003ea4fc9531df9284e75d96a6d4fff327301ab3af332d41c029b46cad810cf19e9c7dba42be7abbaf996bf8026a9456c644394c627c1f4f814e544896d5dda866bea6216925daed7ad658d27b4ec83d1fb59a307f6ee20fa678d6ccc5b668f6014e5d4943e0372b0993b7ebe6be74560e58a3be4adf3600fef84a590e729729ce822e4394c4f7811aa987b13b0b1e58642cf3a3d3df8b70dddbf4db1b12f06e32736223a46196fb302bf95289b229aab0a35cd9a758c42a6bb598eea8510dd2061a7fab3ae66257f85dfd49f57003e652816f562e5b5a250fe374c43a3a1632ba6941f710129acb57ab31939870945fde8faa09ce881053a209830484136cc80b04b63011ad2fdc78babbef02e5bfebd80ba96b5782d795e6463e24348d30fdc518d2e2e6ea2362ab278be6fb9d52d695ed1eaf00f6b3229818a46ea5e291b7f619de214f7fcfae3ac3be6e12552dd7fc877739de6b8d9ff4bdaf09b07f9ce253434d239f99ac6b39dcbcc5fb061b43b9365296d52285bd22c775a82a344f7e0ec407f7bedfe3843e07fdff2ee22e3d728fccdff723ece783b5cf950b0ce869ccf607c3942e365a7df18c3dd8e1b5dcd176bb6777c089ea5c04cd6ae8bf20d4934dc9eb1120d42fb514ef27e21e2e56123ab844dceb148804d605c5da5e9e1a5decb07318295cc6e33f41c0c9559594c5c8307aebe741d5ec817df3aabd8b9bca9849e42cd101ab66e240957201ff9e43a72d3ddcabaa8ba00ab775120c8641cce2a7f89e39d5e24557c18997e25a52574d698dfbb08fc854dd4e3d9649fb753352049f77860fde99001139d3547dc712702dcbd26694c37cfa8d272bd2f22e15a0840d6abefd1186515355ddaf72c3136df7fc56ccdb6c94ed48694608f8bae036f0945450dd34568ec07813bf8b15c248116974dd2f64d3925093d40c8a95fc18b13504d11166bddb874be4d34a081e66278632763edcd254be51f340d7b62b2fc0ff47aeeb937d14f0b4285d162e2d370c13ca4720d228ff6efd9a7a48fcd9417d4c08d36c2e328c8740d0f8b70346508f8453a49a3aa1d71a5cd3bac3c70727ecd5dc82e27100e6d307a6d4683b3e2672f03cf0fc6d61ffd1e9e67fd305b9c25267233e03a3e89d53ace616f2d9c33c38d553f85ee4c6ba1cfbc4ae1515bc984579a0967ce6748571e7ad2aa8d905dd5bd22788dab2e71c05954d3f1d88ccc8a13e7901420d7d37ea8f0ceabeca39bf0bdb8f4154e358c57688e20ead38dce550dde77a2e869420d4430799de8da7fee6f08b0873764dfbfd655aa577822ea16961e9438c6928910162e801e3861d74518fa0927005246ce438ca80b69d4b6b89c620dee277b88e19b9570e8491ed7dc59521cc6c0e5af3bc1be978db25f3342fcaf3aecc5eda25fe9cdfc9b7ba8ca5207470f5bbefe40221934db96283f94e1324b389fe172b2d15f33e8897953ec38e6395656c3e75ce50bbc7c6a8fb8907128310111fb1825026b40815d6e64071072f5337c70779ed632e0a85314fc574af51ffb0bf4124077be6515942dadeec133160e16b6967f2791ba438c572724fc187a42933419428b277974cde612ff9057dea248de31735adfd9c932c8bade0b7aa1465249a3b194f0e6b3d61048645734b8e77438363e35d6b8c020f12e0ab9e5d779be60c765f35d0bad76c89f25c6c3cc77d060864b5b82c35da2ff927a181bc4e9ea4f75678c2c2e83d44c90b4368e092fb4a766501f860c24fc864c8dd121ae5ff01c29c1a6bd0da748d9e6e059ea3a723129ff12ab8d3a86a5eb4d33ddb2546815c79cb6b4d056797c280e921d5469bf166d16be97f0933153fc2c4fec2d61281f8ea5365827918def5d533951bddcb31e448b1f04ec02e5012b027bdbe1003bf66f993012e3326c18878a055f802f699ea61193f644ea014204902cac2efb443526c4f3af920ef0d740499e43ffe77a1979440661299f66b529724826128bcedc775816be194148e6cefc7e6b60ba27349eb54581513bc80521d9dccbe14e20b5db708d4cb0b9635dc14ef3b7ec5e5524dce287cf4820fd8603951939ae63e0a8b84404e45c516f4a569b8327d11fea382fdbdcd00a5d1957620af5c21505ac182df973a4400f9a0dd7063aece9e2358754ebe9a80c67551f6bc3fd76687e6338c3b30f38da1d48cf17b2825cd7cb7b68780e6b0a418861d350eec73e7f5247d691f6085a3d718b7a62c408a94e4a27e8f53dd0f816bf1f403e809625f0f8b978fbe6db08d2e89e60a9e5648322e06beaf4bfbb4947ced894582c6b479ab8cf5b1168e2f32a2d637aa5f0c912e57542082c83aa0f6c1e69808fd0cac67500f975319e5661a1aaecd5192082bb1b46083f54063e499ec1945de31637738b5bb62b56ef3cf3e666dfe5b300ab1fd1ff54d74c5aa81f06f445ba84e63b1c322ef1993e2f7dbf38ccfed398f325710850acbeea3b9ee4be258427f524970dc9276223dbd160ddb6be2339afc6622a7afc79d44e5c2f5a5d10308b3be1b010b46390a65ecaef36a3a9ee1dbe818ac142d05ed3cf0f1e920c27c0486181daae11c1a5baedef8a9728c56cae6415155547af06ff3cf2058e56527e11c6f0a52a57ae3a4402c6d48df5bdf7e9271eda80507329e3681e926833698e89adedb316d78b062387bb749b9fc13b0092fa39cfa149df3c61dff0e3866b816f96f5dcf6740d94d0ad52ebc190f9fdc6d3c9327893381f4df04093327486ac07d7950c63bb474c77d88419218c0aea1bd7f865b7a2e4fa6c3cfad571dde7b8e485dfbcca0b16348b9c4ffa3a2e07db8604133a3af3bc486aed4480974eaf721845d129380cd73d1416f0e9b825f70c4324738ff7c7f06c00e92152c2097ec355038c8243689bb24554dba8d003b06df1da2fa99c7f19886d88e68a3757913fe1b2d7bb392523891727c3f37af37b6216d3e4a9abcdfbf9c586cabf94e4422cceb959d72a5af3c724e8b096559df0605517f1dd9f1c8d359f3fec6ee0f55add53bd249542fec3bbfda677577c758c28a64c303a9ae242f37e31f2b5b613f1a49bef6a28a911e91061326a3a3e5501e5f433af9f1b40abe68a0e8e5af270a03a2c4779ef33715ca11b34db59661b12e755fd3c283f542732412793dd60e0649f32484330007062301bc52fedffaf41526ed55ef2924f4d2e510f464f664887886b56ced9bf3bfd3179f933a632322b749b48d88c448e0506811a454a7879ca54ff695be70b538e1bb2e016153938e9647665be9c5442cd730e9ffcfabfd4497ae2e8154bdbcb60a2c69cf695c2f44674c8e4d848c389c1e26342c6b8a19077a3674b7af272d3202fd5a6f7986643077bdc851b845226c4d81581180af365ce7b9c36c81291f2ad23845a1f23029ad3788be537e5e8235da78afcb51953a445d48a2816ee4c5c980de16dcc89ee8b70a008a0f4bf604828e85d6337f88080d313ace4e8d9e6b98aeff940e30c50b07899614b220a4fa6ab301929d7339cdfa99c9543b052ffba6a4ac9fcac3f7d322b65322c7202d14a4faea1ebc603646b30b0f954a255669fd42dcba3eb07d050464e6c2499477ce74b4b31ca9c762ab8ee335c30454c479bca8cef153376c68363e63ce7df0399f05dea48adb597f310f1cdfa562278977a87491f4e9a3718c7bfdf7ef612404f9803cb900b1d9dd462766ecaaa0e10459ac6d5f9642c7edea8accac7dadb72ba633f3108f709b9a1e5066c8f59076efcedd91a2ce139f81ea3c3c055cbd06481ab8b1abc6ae4467aa3cab52b63a0610b0bac64cf4ef0201ccf165cb87ed1c2ac48466d94ac1d616e20b83f6962782f0a541f5dd10e098d8670f1282baeb277e673ef1a1fe5bfc3f1ab8ddc4685e06509136298d6908143b918f84fe8d57e4b3542bde88cbca252437ed6c7549c551b24ca5ab0d11c25f468664124f498f3bd9602766e2c49fedd88808a6295e603ccc8c99866700d2402913da04430885874a07ece0bb482f2a4573b12962e7017df740c3069bf689bb537447350934948b4c7e498d848559df08fa0501b264ddfc18c3cc98dc4c3b15fd00fe701a7932652ae5aa157f04eaea4f8a8fd9c2413c1d6c6388ef2111f1c32f28b498cd23de56bb1ba60e7ba29ebf9dc681ea6a86b07bc2fe25e51a7b300a74ac128939a0"}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 308.181949][T21658] blkdev_ioctl+0x1d0/0x3c0 [ 308.186510][T21658] block_ioctl+0x6d/0x80 [ 308.190845][T21658] ? blkdev_iopoll+0x70/0x70 [ 308.195489][T21658] __se_sys_ioctl+0xcb/0x140 [ 308.200241][T21658] __x64_sys_ioctl+0x3f/0x50 [ 308.204829][T21658] do_syscall_64+0x3d/0x90 [ 308.209253][T21658] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 308.215183][T21658] RIP: 0033:0x466397 04:32:09 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f00005c4000/0x1000)=nil, 0x1000, 0x4d6e923aec519567, 0x4000010, r1, 0x7ab31000) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 308.219067][T21658] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 308.238777][T21658] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 308.247192][T21658] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 308.255164][T21658] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 308.263140][T21658] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 308.271122][T21658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 04:32:09 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 308.279095][T21658] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:09 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xf, 0x8010, 0xffffffffffffffff, 0x6e03c000) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:09 executing program 4: r0 = getpid() r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) r2 = openat(r1, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:09 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:09 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:09 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) mmap(&(0x7f000052a000/0x2000)=nil, 0x2000, 0x8, 0x4000010, r2, 0x6302a000) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r1, 0x40189429, &(0x7f0000000000)={0x0, 0x100, 0x4}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:09 executing program 2 (fault-call:0 fault-nth:18): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 308.585982][T21705] FAULT_INJECTION: forcing a failure. [ 308.585982][T21705] name failslab, interval 1, probability 0, space 0, times 0 [ 308.598656][T21705] CPU: 0 PID: 21705 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 308.607425][T21705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.617483][T21705] Call Trace: [ 308.620762][T21705] dump_stack_lvl+0xb7/0x103 [ 308.625446][T21705] dump_stack+0x11/0x1a [ 308.629744][T21705] should_fail+0x23c/0x250 [ 308.634179][T21705] ? radix_tree_node_alloc+0x154/0x1f0 [ 308.639645][T21705] __should_failslab+0x81/0x90 [ 308.644505][T21705] should_failslab+0x5/0x20 [ 308.649099][T21705] kmem_cache_alloc+0x46/0x2e0 [ 308.653948][T21705] radix_tree_node_alloc+0x154/0x1f0 [ 308.659242][T21705] ? should_fail+0xd6/0x250 [ 308.663762][T21705] idr_get_free+0x22a/0x5d0 [ 308.668336][T21705] ? ___cache_free+0x3c/0x300 [ 308.673195][T21705] idr_alloc_cyclic+0xe3/0x2d0 [ 308.677962][T21705] ? __radix_tree_preload+0x16f/0x190 [ 308.683512][T21705] __kernfs_new_node+0xb4/0x330 [ 308.688370][T21705] ? _raw_spin_lock_irqsave+0x25/0x80 [ 308.693813][T21705] ? pwq_adjust_max_active+0x491/0x4b0 [ 308.699337][T21705] kernfs_create_dir_ns+0x5e/0x140 [ 308.704459][T21705] internal_create_group+0x138/0x850 [ 308.709833][T21705] ? bd_prepare_to_claim+0x1e5/0x270 [ 308.715181][T21705] sysfs_create_group+0x1b/0x20 [ 308.720043][T21705] loop_configure+0xa77/0xd10 [ 308.724729][T21705] lo_ioctl+0x558/0x1210 [ 308.728978][T21705] ? path_openat+0x18e4/0x1f20 [ 308.733820][T21705] ? putname+0xa5/0xc0 [ 308.737902][T21705] ? ___cache_free+0x3c/0x300 [ 308.742640][T21705] ? blkdev_common_ioctl+0x9c3/0x1040 [ 308.748021][T21705] ? selinux_file_ioctl+0x8e0/0x970 [ 308.753509][T21705] ? lo_release+0x120/0x120 [ 308.758021][T21705] blkdev_ioctl+0x1d0/0x3c0 [ 308.762624][T21705] block_ioctl+0x6d/0x80 [ 308.767027][T21705] ? blkdev_iopoll+0x70/0x70 [ 308.771719][T21705] __se_sys_ioctl+0xcb/0x140 [ 308.776304][T21705] __x64_sys_ioctl+0x3f/0x50 [ 308.780983][T21705] do_syscall_64+0x3d/0x90 [ 308.785447][T21705] ? irqentry_exit+0xe/0x30 [ 308.790610][T21705] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 308.796774][T21705] RIP: 0033:0x466397 [ 308.800681][T21705] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 308.820292][T21705] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 308.828705][T21705] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 308.836685][T21705] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 308.844666][T21705] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 308.852783][T21705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 308.860753][T21705] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:10 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x0, 0x5c) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:10 executing program 2 (fault-call:0 fault-nth:19): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 308.964017][T21721] FAULT_INJECTION: forcing a failure. [ 308.964017][T21721] name failslab, interval 1, probability 0, space 0, times 0 [ 308.976815][T21721] CPU: 0 PID: 21721 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 308.985580][T21721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.995637][T21721] Call Trace: [ 308.998955][T21721] dump_stack_lvl+0xb7/0x103 [ 309.003542][T21721] dump_stack+0x11/0x1a [ 309.007697][T21721] should_fail+0x23c/0x250 [ 309.012126][T21721] ? __kernfs_new_node+0x6a/0x330 [ 309.017164][T21721] __should_failslab+0x81/0x90 [ 309.021995][T21721] should_failslab+0x5/0x20 [ 309.026493][T21721] kmem_cache_alloc+0x46/0x2e0 [ 309.031295][T21721] ? __cond_resched+0x11/0x40 [ 309.035999][T21721] __kernfs_new_node+0x6a/0x330 [ 309.040910][T21721] ? idr_alloc_cyclic+0x249/0x2d0 [ 309.045963][T21721] ? rb_insert_color+0x7e/0x310 [ 309.051102][T21721] kernfs_new_node+0x5b/0xd0 [ 309.055722][T21721] __kernfs_create_file+0x45/0x1a0 [ 309.060835][T21721] sysfs_add_file_mode_ns+0x1c1/0x250 [ 309.066206][T21721] internal_create_group+0x2e4/0x850 [ 309.071748][T21721] sysfs_create_group+0x1b/0x20 [ 309.076865][T21721] loop_configure+0xa77/0xd10 [ 309.081550][T21721] lo_ioctl+0x558/0x1210 [ 309.085796][T21721] ? path_openat+0x18e4/0x1f20 [ 309.090573][T21721] ? putname+0xa5/0xc0 [ 309.094644][T21721] ? ___cache_free+0x3c/0x300 [ 309.099327][T21721] ? blkdev_common_ioctl+0x9c3/0x1040 [ 309.104742][T21721] ? selinux_file_ioctl+0x8e0/0x970 [ 309.109976][T21721] ? lo_release+0x120/0x120 [ 309.114481][T21721] blkdev_ioctl+0x1d0/0x3c0 [ 309.118995][T21721] block_ioctl+0x6d/0x80 [ 309.123331][T21721] ? blkdev_iopoll+0x70/0x70 [ 309.127934][T21721] __se_sys_ioctl+0xcb/0x140 [ 309.132520][T21721] __x64_sys_ioctl+0x3f/0x50 [ 309.137204][T21721] do_syscall_64+0x3d/0x90 [ 309.141619][T21721] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 309.147645][T21721] RIP: 0033:0x466397 [ 309.151530][T21721] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 309.171274][T21721] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 309.179774][T21721] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 309.187762][T21721] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 309.195912][T21721] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 309.203888][T21721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 309.211961][T21721] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:10 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:10 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000), &(0x7f0000000040)=0x4) r1 = getpid() r2 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r1, 0x0, 0x8, 0x0) 04:32:10 executing program 4: r0 = getpid() r1 = fork() tkill(r1, 0x13) wait4(r1, 0x0, 0x8, 0x0) tgkill(r1, r1, 0x12) sched_setattr(r1, &(0x7f0000002380)={0x38, 0x1, 0x10000045, 0x9, 0x4, 0xff, 0x8, 0x1, 0x3, 0x80000001}, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000002300)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000000040)=""/86, 0x56}, {&(0x7f00000000c0)=""/124, 0x7c}, {&(0x7f0000000140)=""/148, 0x94}, {&(0x7f0000001300)=""/4096, 0x1000}, {&(0x7f0000000200)=""/133, 0x85}], 0x6, 0xd9f, 0x0) sched_setattr(r0, &(0x7f0000000000)={0x38, 0x3, 0x0, 0x0, 0x9, 0x1, 0xffffffffffffff16, 0x43e, 0x80000000, 0xffffffff}, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:10 executing program 2 (fault-call:0 fault-nth:20): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:10 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 309.445871][T21744] FAULT_INJECTION: forcing a failure. [ 309.445871][T21744] name failslab, interval 1, probability 0, space 0, times 0 [ 309.458540][T21744] CPU: 1 PID: 21744 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 309.467530][T21744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.477579][T21744] Call Trace: [ 309.480860][T21744] dump_stack_lvl+0xb7/0x103 [ 309.485445][T21744] dump_stack+0x11/0x1a [ 309.489590][T21744] should_fail+0x23c/0x250 [ 309.494076][T21744] ? __kernfs_new_node+0x6a/0x330 [ 309.494366][T21702] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 309.499095][T21744] __should_failslab+0x81/0x90 [ 309.499115][T21744] should_failslab+0x5/0x20 [ 309.499133][T21744] kmem_cache_alloc+0x46/0x2e0 [ 309.507557][T21702] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 309.512306][T21744] __kernfs_new_node+0x6a/0x330 [ 309.537339][T21744] ? __cond_resched+0x11/0x40 [ 309.542107][T21744] ? mutex_lock+0x9/0x30 [ 309.546418][T21744] kernfs_new_node+0x5b/0xd0 [ 309.551007][T21744] __kernfs_create_file+0x45/0x1a0 [ 309.556204][T21744] sysfs_add_file_mode_ns+0x1c1/0x250 [ 309.561564][T21744] internal_create_group+0x2e4/0x850 [ 309.566943][T21744] sysfs_create_group+0x1b/0x20 [ 309.571780][T21744] loop_configure+0xa77/0xd10 [ 309.576522][T21744] lo_ioctl+0x558/0x1210 [ 309.580779][T21744] ? path_openat+0x18e4/0x1f20 [ 309.585570][T21744] ? putname+0xa5/0xc0 [ 309.589631][T21744] ? ___cache_free+0x3c/0x300 [ 309.594345][T21744] ? blkdev_common_ioctl+0x9c3/0x1040 [ 309.599725][T21744] ? selinux_file_ioctl+0x8e0/0x970 [ 309.604926][T21744] ? lo_release+0x120/0x120 [ 309.609432][T21744] blkdev_ioctl+0x1d0/0x3c0 [ 309.613925][T21744] block_ioctl+0x6d/0x80 [ 309.618158][T21744] ? blkdev_iopoll+0x70/0x70 [ 309.622737][T21744] __se_sys_ioctl+0xcb/0x140 [ 309.627349][T21744] __x64_sys_ioctl+0x3f/0x50 [ 309.631920][T21744] do_syscall_64+0x3d/0x90 [ 309.636330][T21744] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 309.642227][T21744] RIP: 0033:0x466397 [ 309.646106][T21744] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 309.666065][T21744] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 309.674493][T21744] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 309.682452][T21744] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 309.690421][T21744] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 309.698380][T21744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 309.706334][T21744] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:10 executing program 2 (fault-call:0 fault-nth:21): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 309.879053][T21702] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 309.887508][T21702] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 309.940345][T21760] FAULT_INJECTION: forcing a failure. [ 309.940345][T21760] name failslab, interval 1, probability 0, space 0, times 0 [ 309.953005][T21760] CPU: 0 PID: 21760 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 309.961767][T21760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.971820][T21760] Call Trace: [ 309.975102][T21760] dump_stack_lvl+0xb7/0x103 [ 309.979699][T21760] dump_stack+0x11/0x1a [ 309.983932][T21760] should_fail+0x23c/0x250 [ 309.988366][T21760] ? __kernfs_new_node+0x6a/0x330 [ 309.993717][T21760] __should_failslab+0x81/0x90 [ 309.998544][T21760] should_failslab+0x5/0x20 [ 310.003055][T21760] kmem_cache_alloc+0x46/0x2e0 [ 310.007957][T21760] __kernfs_new_node+0x6a/0x330 [ 310.012822][T21760] ? __cond_resched+0x11/0x40 [ 310.017527][T21760] ? mutex_lock+0x9/0x30 [ 310.021773][T21760] kernfs_new_node+0x5b/0xd0 [ 310.026443][T21760] __kernfs_create_file+0x45/0x1a0 [ 310.031671][T21760] sysfs_add_file_mode_ns+0x1c1/0x250 [ 310.037049][T21760] internal_create_group+0x2e4/0x850 [ 310.042337][T21760] sysfs_create_group+0x1b/0x20 [ 310.047282][T21760] loop_configure+0xa77/0xd10 [ 310.051965][T21760] lo_ioctl+0x558/0x1210 [ 310.056284][T21760] ? path_openat+0x18e4/0x1f20 [ 310.061104][T21760] ? putname+0xa5/0xc0 [ 310.065177][T21760] ? ___cache_free+0x3c/0x300 [ 310.069863][T21760] ? blkdev_common_ioctl+0x9c3/0x1040 [ 310.075243][T21760] ? selinux_file_ioctl+0x8e0/0x970 [ 310.080451][T21760] ? lo_release+0x120/0x120 [ 310.084973][T21760] blkdev_ioctl+0x1d0/0x3c0 [ 310.089612][T21760] block_ioctl+0x6d/0x80 [ 310.093891][T21760] ? blkdev_iopoll+0x70/0x70 [ 310.098582][T21760] __se_sys_ioctl+0xcb/0x140 [ 310.103172][T21760] __x64_sys_ioctl+0x3f/0x50 [ 310.107759][T21760] do_syscall_64+0x3d/0x90 [ 310.112185][T21760] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 310.118076][T21760] RIP: 0033:0x466397 04:32:11 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:11 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = getpgrp(r0) rt_tgsigqueueinfo(r2, r0, 0x4, &(0x7f0000000000)={0x25, 0xe5e8, 0xffff}) waitid(0x2, r0, 0x0, 0x8, 0x0) r3 = fspick(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r4 = fork() tkill(r4, 0x13) wait4(r4, 0x0, 0x8, 0x0) tgkill(r4, r4, 0x12) r5 = fork() tkill(r5, 0x13) wait4(r5, 0x0, 0x8, 0x0) tgkill(r5, r5, 0x12) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r6, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) sendmsg$netlink(r1, &(0x7f0000000200)={&(0x7f0000000080)=@proc={0x10, 0x0, 0x25dfdbfe, 0x4}, 0xc, &(0x7f00000001c0)=[{&(0x7f00000000c0)={0x24, 0x27, 0x300, 0x70bd2c, 0x25dfdbfe, "", [@typed={0xc, 0x83, 0x0, 0x0, @u64=0x10001}, @typed={0x8, 0x3c, 0x0, 0x0, @ipv4=@rand_addr=0x64010102}]}, 0x24}, {&(0x7f0000000300)={0x15b8, 0x28, 0x10, 0x70bd2b, 0x25dfdbff, "", [@generic="84c8b81b92d1d8958d7b3b05b8ba323169673b58bd3168f4c22ff543957bcf16641ad6e1fee9bc7d488e51e90192c1bb79cfd23bec737812e3f9d7ed19884212e8274990a6c25c2d6d2f719a0eb477d3395c73ffac0249e469110089acd5427b39d9be26405e99d9072ed9466885571cbee055f8aebdd78596260aba54422d64aa7caa42dbd8757834083345f367031b1dfbb75422e44b72a6c5fe2297cd52c487c094fdf492295651e490e538103faa42ccbfe88026fe", @generic="e3b55b521fd36e8677456eea0f811925775286a61f112b73cae66962ac932f6a278c05c6ed9add9332481a53c523b9e910e7be3a39aa1f602db73b373df3c31184f3f4a2546f1febf41a2cdce6919e42abd5970f5ebfbc36473c", @nested={0x12ac, 0x9, 0x0, 0x1, [@generic="bf49885456e95593e73cfe7a7b857369da7646c7c948a9f3c618053bb6cf02931497fe0804f9c7638df77217db9bde4b0426379aa20994aa7cbded6bf659c5f7d8937923d5703428b63b183717a2fcd2708ba0ab3988a366a6e75d6eaf21e02f74b507e6c1aca5b0d3d4dc5e05e17902b2b07c184f6cabda2bb0ad01dde45667f50e2987b7d1759aed0576d4605562a0959c3dbae5425d7f32e171c1dc3c6390f39ab7af745ae5b88215f77fcb73fbac3c90dc8cdc3b5f428a1f4a2bac63011727c7cc941325a362a854ac93c03060050744c96b791984f53f6baef155a8ea10b35ba535a71ca64c601542706df23f31ae5dc67da25574", @typed={0x8, 0x5a, 0x0, 0x0, @fd=r3}, @generic="a01d87880c033cd97a2fa8e5091ef6fbaccc642d83dc20e639bff4068446f81eb56a643e949211e7e1931fa70320b80872389610e58275a89e27c22d333050aa8bca33631efad193072d0616a851898968b6d031b88fe8f02f6b9bb001b0a27a5fd38f9f87c0ee65a018c9a04c43563e747ddada4bc5be6278b01db2daf4bb2cd19b3b879b77b24b17dc8f3b5ebcdd9b54be498c587849f619f9fb43e5ec497486f9f0", @typed={0x5, 0x65, 0x0, 0x0, @str='\x00'}, @typed={0x8, 0x16, 0x0, 0x0, @ipv4=@rand_addr=0x64010100}, @typed={0x5, 0xd, 0x0, 0x0, @str='\x00'}, @typed={0x4, 0x81}, @generic="94904060c6a8f3ccb08c236e9abd7ccc9bcce688ed0d69c85e360c8848cdd326f985934e57f66a7d7a69c4d77198f3c27712244e0812c15a2e39a08f76b177d0c23aa8dfe0fb9f72d4044609a7ea69292145a14f56ef40aa3b7cc83ed8f52e1a4b9c701f8177bb85a794e15d1aa01c74", @generic="97e18dee1953d111aa974abeca9fbf32feaf47ffb8a67427371d97f9d7c9017f63cec783def947092756973931b5bb3ea8f5455317919c05c4f1c2b3afc9ed13aeffc6ff681623f725f073b6e7f817fa2970f9edd20a202caac4e09f9a6f1c2532d128d397bb21ac2f9b1824d0f095862f760bf804a1835620b9", @generic="4ccf48254dbdd8bf1f9ef24e9d4af6e780fb9390de50874c4f2618c01f1628943b088bed9c568580a8ebec66f9b907a879ffcdfdb0b5dafedc83d96f319c7967e72ae699559bbfd5f793eeb916dc47e5181ffc340263b7f7014adfecf08bf3e73eb579da8d3ec11d1529798c32eddf16fe7ebfe4d2b6ebca23955a6d86f928c713bb5f3341e49d5f25c41c696a1edcf6ee7cc15fa10084eac51f363e2e736aa4045fb43983f5401d6d11d865cbafa8e1b95c212766ef7f8b5031de190dd80de1cfdd7d6cdb2596fea35bd069e2ec9446b7f6f42a57515088d0cdf428dd7f5ca61763b3aa2a209b6831deb0cc3284ce043b87e6c67e147e110c38fb877a61d78649a1b339096bc625d53dbeddbc312022b6285e83840a9b7313dee77ea71693ed007af6d776cb99fcd3491724835c7f63416b2703441bc23a81fc5b54dcc8ccb9d74180cacc2d9f8cdf624f42d0fc88f34d6ce207345ad51b6ac6fe573e3c800715180ab3049f3e832a0ae7e01d05fc88787e154083810a71a939981349afb97ae2e406adf23c7f4900301ea23a5a1f224da60ab629ab6118c8e99b8d025de1530812caca72625ab22365aeacf0a5442ddeac3f943422681522b41a7f4f35d8ca265aac7716a799bb081870b70f3bf3587e3ffcffe397aa3d9384b8ea09ff60e15f328dd5b7466aa35ae1778b739b4afc664a6262f12ad842dc5815cd632b5c9706bbeab48d01f27759155f521eb4928c428849a87f5d8357c2da01b0a06fe0ea10cad65e4a8372b1970a03d7f25efe8c05faa366d0639da31dfff4db0422f7ee7f679df82b17b37d5c2e2cf66c0099bd4e5e71f7d5c5314010368308b1a79bd4c2969230c50c19f4b95d159ca235230102a9a8e8038beb8eaa43cb07f7459a3791046cb2960801b25c969f92cd5057337aafe2b762cd3b5bccdaa04f3fb4c1064c333f5f52e88158abb6a2b26a4a42f9730547cc2e2a595cfc02529e37e48d82e25887cdd3f5407d3e9b404d6c2e4cd748e63e7f2d0171bd506386f6b037030614de733ee381f7d001afee2308e6f54f5d20922ed63b3030c29120a6fedd404e5b1b83e55832474553b5bde17c0c0d15f427e351a40d8d43a9382f6c2a2c956269c0f425ce155c27b29244e49c34b598e104f42eaf9a0c427f8b33e1574e0415f0b8a4ce876ccbcf81cdcc265fd2273275652e1c0daa29c0b657b5a7574387e35e02977a639bea067dce143f3ad2ca51fd2119173a60802cd3a1dbbdb33522237bf9801eb39d88bed8c1674e6477a8dca3b807b1ce594383afb7ea7c5b9a092f74fb7aafe4015a1bbe1b1d704bc7a70f732f3b73b92803eb1faa0ee1eeea5158117db94b6b6dad8466e4e36fa4346d0601f8980a4edd66eab6d7af89fc26a92ebc4e9431bcac4a72ed6e06c150d05a50ad1e959ce94499bfb99d3df180ea3afe6227ea049130ee5395713d114b420b1efb9bafb708c04769fa6e350c1655d6336fa19ef9f83dc8955c1aef3ea81e8413a266bfd8bd7952efac6b7c4ee4fd1514ca6edaac741a3e6724f616a67da14b6b60521a96f85fafa827979a2f52bc6a2dee601abb1d002283d615aad45beacfc96ba8aa16d8e6f3ace17f7fb4ae1bbcda1bd47f649aad121737d679cd1bb1c2271d1f6051825141a5becd9c6c715b65284341b033c982d69fb2dbae577cf457588de5f24f7415426a514124ce18e69b6aa5065f007fd21dbd483546b01712ec5301b966bcd756fb58c732ecdbb53f6cfe0a6dab2f13508fc38055697cda545923de9e06f6fef708174d8ebe457512d7a683ec7de7856b9d45765c50a73bc3e3ad04a9f3182eeb8cea56e81075f5d9c4ed77836882ac483e85053abba23b622c1e1aae21cbfb6afb18f9e211a076ab2598f115a4a35ab449549f9a8e8534d94c73355c9db0e7a44b00f8449c1584bdf0a786e33873c840a5035de578173c5fd15f54d1b2bec9aa43ccbb0582d500f04c398960ce782b350da63e25641ce964b39ddf10022ffea7ef91a36ab8d01c20c7b2dfc1eee7be4d20c3728af3fc3f988edb8e715dbedef2428cf76882069a04d8b65a246055eb5f1cc03965805ea0e238998bbf1d9a61fffff05e24f2f9e63935684d82d8195a5f15d4192f8150525e1b0fb7121e798856d43e7b6bd1c417e483ce1e584eeaf85912c6326bfe090c1d224bd6be6037108957bcef853e3f928c1cf42abdf55e85dc6ff3cf3a58b5a963dfc5e60f8db7601332f45db4c4b8c8e491e86daedfdd7846dde987ffa36270d0fbd2b786b28ee7f37403f2dc8c0f6f6ed8af9a20602fe0d6f8e1723556e8588fdceb42369a40340faa9f7192f28f6d12934001f2cbabfc91409fe6aa432bf38504ee9f48398cf27e24ba11bb734819ff797d0cb9bc764a3c0e1488ba103572688b2705fa58e6476df6485a0dba46b8aac57c3ca92d7bbe007618a2a13dddf06acd445f053b393cde0cfd3fb81a2e7a5dbd546d0b23b847731736c7d7f20eaba8615387add35a6b9b04d3a2b59bf2abb8875f516845e8fb5ff6861a29c24eb96f3d11b411a8c2ff3ac36407563917f0a887c85135bfe00a2d469ff1363555517ee01eae917acdb581343726bb160df41562e933913fa108efd6b34ac7319f0d2207708773a5ded5805d2b774544187548777fbe356e38f98539eb5f4383c7d3521cdc598e398f1a6dc04fc982ab4bc21c7d536faab847897295afda2d342df29a31aeee22bec715f8aa3a81f84ab9d7181ef60443eb93413bd2c454a040a8226672aed9a96aa41b953d065924cf94f3630f120a3d6e2027ec71532ed225f6a58909194eee68f62601cc311d25763dce3da357a42d7e666e49854a23a3d403932dfa9c646f3a225f3704baa07fa80f2e725b4115769592a88b5e775e95b2db8a399415d0ae2624db3eecedef9c2f5d5291259735156693221cfafcc987b5daf9294112886fd020e0091ea5c4e4301b8f87e62da087abd42cca564d67a70b686b102519fb520bc7f8dc2e521e1b8c498390f026c9d55d9d37e8479096764f513697934d3e1f6c7fc1504128709e821653f04746994eedbf6b8a60908a213755afa1e26363fc62185abc67f3649fe6fd1283839e5cceff370df3e13139255abb89d3ead57db6d1d387b53ec5a0e1b0b017fa150ccf3ad94a7a1477af3caf0d2723cf4f5148a57ea230d18ce2e62062920839ca0a0c1999658766a1b3dc61516ac3d32b42a0ddb970e59304970697ecee030cab065520e6855f6d4b8d74b0b51a77ba9a603b6d5cdcff9ed4b98418db6a8550b6d0bffe29e42451568f8f2c7a20c820d5849d714ea2722e193ab5e4b62f37b67dae1dab281794f740e57cb7f2dbc4f0da6edb74e2166f319ef803039ab721f36f7681413a0627ee63487ce16a46b8c0a2a43771985dd7fb4c4ee6cf8d3ffabd60e483fdff76ad08f0335fa5f3d494340ef6d8131ba2419fc2864ba12f2c6b118b15f4a29e6a08316fb1ba963ef31f19f40a1201add4b86b1e58777e3ecf030052a90aeceeca58c0a19e0824a8840233d66f9a08c9f3b83b644132e7fbcf44a023befc01ec0815c58166101b4e542d39e7b92dcae0af5d32a123ab261a2883e1c930868c71faabb8575837463f0e5475bb85b0bfc5011b9d74a4b24445a97e87cca59eaa8d84c970f2028caa0e81f48e6904bf27f44fe6f18274b4056a495d6c777ab21bd8bdecf7793ddd8ae8495d3253e21e58ce884e99b2e16525c6214e1f31efe471068ba2cea8fc8eb5de25f1b5084024a865154413dc52e5ab3ebdd8dd58d7b99e05ba7ad2f716d69caa87683bcfe854531edf80cbaeb4178fc1825b7b62ae7e83e8486d98ed292e570a9b3c902a8768ff69974736838ecd47dfc2841040bde0709fe4bcfffbb4cfc6d07467964e91c8776bb01a9ae9113d8b3afc744a7a70bd87c8347e18cbef62693daa71260386bb5f1a47c47cb8e606f71860d8b0d843872c01eea23f63da4806e2a4fb6eb647e6575ff8b0ea7df83ae8f657096a828abf890a3f16924cb053bf6b6879cdd8154a1d4dbd555553d823ee3d17babe99751d588c7cb688a55ed505702d1c89ae17586c8bbd51f08e7fd4ca78eb560839a80304dd2df6992627911b3f3edce9806d5c414d052a76872d156a206375a786c73e4e8d8a669ba26b7e5fcc07ddae62f549084177e9930cadfa8dcbe23ee6eaed947d6ab2d7c0b12a6c0a6a857336ea3d226099587a0c91f12dc90e2b8eac07acc9a2069185aa7fff6f378d988226b5772e78ce77df094ee1845c05ca31c77bd18ec8ed18b90acd48b6315fce3082415284d92a09d4409f17909296a8bbfd3cf82859c92279342e737c44ea387accbbea453401ba59c097db5986d6e5a54e17c133d521b8b85189851ce26cf98adfd91d93887dc27a7bd37f984e8fb0099c8bd51637266283d7bc64f371426a51a178c740fe07eaae57ab5085f02df30ee6b935a3c9663775a949c6c514d8cd61128dea68c806f9ca6a3dd86bd6c4bdc5a88e1f17eac516761c7914d724eb14f2deab45ef329e747ce90f5771e8a82a735428151021c62e6f62d1ea37e2d7291491c908456205b94b89a2164f332bb9a5a425ceaf28eb3b2623081fa70beeffe097ec2c542fb84ba462fc64abadf46575dbfe6e1634334849d71f247e2fe36e0501afd025aca76ee367bfe5d878b4bb4a9231bfd56c2298a1c269ce6e9a2dd238e684a5f892f01059fcc2fbba5c066f48ba899b5ae519beb9547567a129fa3d7bf3dfe0389f863c53a262c71056dee044045097a55bbdfbdb466a36e9d5f901d60c234634307febdf3cbdc25b0cd11a1b2ae5fff442ecaa291232f35767942961c52da08c03c11722f2a183aebc6be138e39c4d7472071c8b171b9197d73f3e8b9ebed93c65a81b6ccaf59c02153ba6d28c54c99d7cae55fc2148e55ce116c5b3226c81819cde171ffee1a5b4b0cd2d314e3acc0c2390fb5371b133318f7107a225128210fc2e15b2ae511e8ac76f63a6665f2a7ae2b91ee647cd7bc478b5d213d8d0477757ac1cdb558519b14a112255f0ef444d905f7e2f94922bef43fe27f234d0531f6ec49ca433b396977dc5bb7f3f924e47fe2376bbd8fc313347f48995fd32b814285cf9c80736f9c3a7f32b05f7c56da826b73f4721eb19f870250f638556d471cf65923b7a5dfac97f7eb4fe13054ba0fe53f81f0daf3a0646444be6d6142b34f5fc466bc1ed8b792d4d397779876175aebc7a69ac78bd661bb6f5c1110030d6f13582975f97b3e0278748da1674d41163c72cf2282fe80d447f8d484a5395c7a5665daca772cdd58ad524ab6d570f4ae8d353c069c4a6ba8d7d2e3fbf38a294131c5b6591491d0af64d37b031442a6dd613a5322bc2284276db624252ac4e5d18563508f69e3e646da228273bede1683d851b7ead3fbdfb897326b31ef834a65249aa08d1abe25e1afca3cc18037f7c0baaebbfad525aa2857da6536b6be77dff49c8d9b83da8df28ac6a65946c48ec4770a5d1e72cb428a716f92db5c7ea1a50949ba60606c392ac2c6fa294452b4093670755a548cb95f652b79b83b8fdde900facf5e2096a970db68c0670726f104eb4b59ae0288fb5736ac92d565abf00fceb0f1dcc73891345fcfbfa12a9a68c94ed10c802968089d9285e55fe5ca804904ea768afea8bf5df5f9ab72d4a47d7b450906fdf9ac93569b337ead80de3120cfff64661ed7363256fb612dc0cac159c2fa8738022e1f44a35d8d66e0a818f16f27f7027c7c43d7e1caeee971b4a"]}, @typed={0x5, 0x6d, 0x0, 0x0, @str='\x00'}, @nested={0xef, 0x83, 0x0, 0x1, [@generic="0558374d9c1cba05dd72d0229fc9de9a147cab215c9910cbdd2211e9230db296e6c9371e300fa633012194fac04335dbe3a098644cfb5700ddfe3ac96ce91cf9147a7acfc4303932f50690d31ea473e8659a05300c3a083ce0485ab2d1f72ed100fb0207ca85f2143cb28b974c89382886986d487cbdd1daec36a99f70c0f2c403e6b83b323008e66bf938555f8150e61a75f226298b25fc5fff078e26715a4afca757886db418eaf1d1392a4671cc597f3dd3fabb515c6b13f683a32ab171398392ce8769a2be1e538e1a1b31c7130de29e4a1ec7080a3402097c9210ef4a421be55742e4a89f10d509bd"]}, @typed={0x14, 0x93, 0x0, 0x0, @ipv6=@private0}, @nested={0xd2, 0x47, 0x0, 0x1, [@generic="b32d66d710d4c008d3d00e0908eb905153885c390d53fd742c76b900f3ff1f6d2727ade5976ec3bd21fc3017442125b4e3f93b14fc6772607d8ae251a067c325d895dc1b91100333a036a7f2657045f0f0b98d63df65c501053c63154e0045cae083c29af4655ef6fce0f58115ce08131a64e98603934da2cd2588dcdf547a54e23937cc781825a8f7f4c67c27aeddf97bcf", @typed={0x8, 0x42, 0x0, 0x0, @pid=r4}, @typed={0x5, 0x32, 0x0, 0x0, @str='\x00'}, @generic, @typed={0x8, 0x5a, 0x0, 0x0, @ipv4=@remote}, @typed={0x8, 0xe, 0x0, 0x0, @uid}, @typed={0x8, 0x54, 0x0, 0x0, @pid=r5}, @typed={0x8, 0x23, 0x0, 0x0, @u32}, @typed={0xc, 0x1b, 0x0, 0x0, @u64=0x6}]}, @typed={0x8, 0x3d, 0x0, 0x0, @pid=r2}]}, 0x15b8}, {&(0x7f0000000140)={0x68, 0x1d, 0x1, 0x70bd27, 0x25dfdbfb, "", [@nested={0x8, 0x1, 0x0, 0x1, [@typed={0x4, 0x84}]}, @nested={0x50, 0xa, 0x0, 0x1, [@typed={0x8, 0x38, 0x0, 0x0, @fd=r6}, @typed={0xf, 0x82, 0x0, 0x0, @str='({,\x84})\'{+.\x00'}, @typed={0x8, 0x31, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x8, 0x94, 0x0, 0x0, @uid=0xee01}, @typed={0x14, 0xc, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0xb}}, @typed={0x8, 0x10, 0x0, 0x0, @u32=0x8}, @typed={0x8, 0x35, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x14}}]}, @generic]}, 0x68}, {&(0x7f00000018c0)={0x1c8, 0x14, 0x400, 0x70bd2b, 0x25dfdbfb, "", [@typed={0x8, 0x52, 0x0, 0x0, @fd=r1}, @generic="db738c6495b2a8dd3d8cb0273bc87e28cf2e15c591eebe55586e220218", @generic="fe9e954a8eb483ac53fa98bef483abb5826efb614b81dc498d41b0a6af3e649ff04fe07d71321a05aaf35e55e2c19a52e1f1625b9fd46e067487ec6cf5017f49e8db14755d49d5588358f37462b9e1bf9222cff217fa2a79e7206cc4b57a297b01a086dbfd4ed0e1585f35a2ec32eb15fedb89ee3a8b8f25902cf04dd3afb0586f259c4410a7", @nested={0x1a, 0x33, 0x0, 0x1, [@generic="84c0749fffe71e695f14b14029ad6e538440cbc91b75"]}, @generic="fb773f316b73c372fcd1cfd02f05d9a04a20141e82b338a083a97622e6f3f4c7d9b19059139801544d97b935f9fbcb2ca9dfa83c8cc6e82144aacca9f57667c07fe8fd0638d85244c428962b0f3300353a8da0d4fae4c67cf30f39172316f43523b38a30284c0168b2f778afd0912f33d45102d287f412bf8574e6", @generic="ffc484598e", @nested={0x4, 0x64}, @generic="f0fb7ecf5170a1b26ad7997fc00f91379007c8f626509a8edc1d8858dee68fcbd3ee5f5dbfae9d3bade1c7bfe5c987feee9b3336c2417b62198530705454a1c4c23a1cc9cf5d96c91e493ed14d342b84176b3e75ea219103ecbe1c48439bd07bcf5867e79a5a3be2352db2ea0a"]}, 0x1c8}], 0x4, 0x0, 0x0, 0xc040}, 0x24044040) [ 310.121959][T21760] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 310.141727][T21760] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 310.150123][T21760] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 310.158576][T21760] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 310.166546][T21760] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 310.174659][T21760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 310.182674][T21760] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:11 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:11 executing program 2 (fault-call:0 fault-nth:22): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 310.339641][T21786] FAULT_INJECTION: forcing a failure. [ 310.339641][T21786] name failslab, interval 1, probability 0, space 0, times 0 [ 310.352290][T21786] CPU: 0 PID: 21786 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 310.361084][T21786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.371249][T21786] Call Trace: [ 310.374528][T21786] dump_stack_lvl+0xb7/0x103 [ 310.379147][T21786] dump_stack+0x11/0x1a [ 310.383305][T21786] should_fail+0x23c/0x250 [ 310.387730][T21786] ? __kernfs_new_node+0x6a/0x330 [ 310.392766][T21786] __should_failslab+0x81/0x90 [ 310.397536][T21786] should_failslab+0x5/0x20 [ 310.402046][T21786] kmem_cache_alloc+0x46/0x2e0 [ 310.406828][T21786] __kernfs_new_node+0x6a/0x330 [ 310.411736][T21786] ? __cond_resched+0x11/0x40 [ 310.416424][T21786] ? mutex_lock+0x9/0x30 [ 310.420675][T21786] kernfs_new_node+0x5b/0xd0 [ 310.425273][T21786] __kernfs_create_file+0x45/0x1a0 [ 310.430388][T21786] sysfs_add_file_mode_ns+0x1c1/0x250 [ 310.435820][T21786] internal_create_group+0x2e4/0x850 [ 310.441115][T21786] sysfs_create_group+0x1b/0x20 [ 310.446097][T21786] loop_configure+0xa77/0xd10 [ 310.450798][T21786] lo_ioctl+0x558/0x1210 [ 310.455066][T21786] ? path_openat+0x18e4/0x1f20 [ 310.459929][T21786] ? putname+0xa5/0xc0 [ 310.464074][T21786] ? ___cache_free+0x3c/0x300 [ 310.468833][T21786] ? blkdev_common_ioctl+0x9c3/0x1040 [ 310.474213][T21786] ? selinux_file_ioctl+0x8e0/0x970 [ 310.479423][T21786] ? lo_release+0x120/0x120 [ 310.484014][T21786] blkdev_ioctl+0x1d0/0x3c0 [ 310.488521][T21786] block_ioctl+0x6d/0x80 [ 310.492840][T21786] ? blkdev_iopoll+0x70/0x70 [ 310.497476][T21786] __se_sys_ioctl+0xcb/0x140 [ 310.502068][T21786] __x64_sys_ioctl+0x3f/0x50 [ 310.506662][T21786] do_syscall_64+0x3d/0x90 [ 310.511144][T21786] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 310.517043][T21786] RIP: 0033:0x466397 [ 310.521006][T21786] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 310.540610][T21786] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 310.549151][T21786] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 310.557207][T21786] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 310.565187][T21786] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 310.573158][T21786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 310.581277][T21786] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:11 executing program 2 (fault-call:0 fault-nth:23): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 310.700606][T21794] FAULT_INJECTION: forcing a failure. [ 310.700606][T21794] name failslab, interval 1, probability 0, space 0, times 0 [ 310.713404][T21794] CPU: 1 PID: 21794 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 310.722168][T21794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.732371][T21794] Call Trace: [ 310.735711][T21794] dump_stack_lvl+0xb7/0x103 [ 310.740310][T21794] dump_stack+0x11/0x1a [ 310.744490][T21794] should_fail+0x23c/0x250 [ 310.749176][T21794] ? __kernfs_new_node+0x6a/0x330 [ 310.754224][T21794] __should_failslab+0x81/0x90 [ 310.758998][T21794] should_failslab+0x5/0x20 [ 310.763721][T21794] kmem_cache_alloc+0x46/0x2e0 [ 310.768493][T21794] __kernfs_new_node+0x6a/0x330 [ 310.773397][T21794] ? __cond_resched+0x11/0x40 [ 310.778295][T21794] ? mutex_lock+0x9/0x30 [ 310.782536][T21794] kernfs_new_node+0x5b/0xd0 [ 310.787156][T21794] __kernfs_create_file+0x45/0x1a0 [ 310.792267][T21794] sysfs_add_file_mode_ns+0x1c1/0x250 [ 310.797641][T21794] internal_create_group+0x2e4/0x850 [ 310.802927][T21794] sysfs_create_group+0x1b/0x20 [ 310.807785][T21794] loop_configure+0xa77/0xd10 [ 310.812492][T21794] lo_ioctl+0x558/0x1210 [ 310.816737][T21794] ? path_openat+0x18e4/0x1f20 [ 310.821512][T21794] ? putname+0xa5/0xc0 [ 310.825580][T21794] ? ___cache_free+0x3c/0x300 [ 310.830378][T21794] ? blkdev_common_ioctl+0x9c3/0x1040 [ 310.835765][T21794] ? selinux_file_ioctl+0x8e0/0x970 [ 310.840980][T21794] ? lo_release+0x120/0x120 [ 310.845506][T21794] blkdev_ioctl+0x1d0/0x3c0 [ 310.850019][T21794] block_ioctl+0x6d/0x80 [ 310.854282][T21794] ? blkdev_iopoll+0x70/0x70 [ 310.858871][T21794] __se_sys_ioctl+0xcb/0x140 [ 310.863713][T21794] __x64_sys_ioctl+0x3f/0x50 [ 310.868350][T21794] do_syscall_64+0x3d/0x90 [ 310.872765][T21794] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 310.878657][T21794] RIP: 0033:0x466397 [ 310.882547][T21794] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 310.902330][T21794] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 310.910843][T21794] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 310.919037][T21794] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 310.927006][T21794] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 310.935164][T21794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 310.943244][T21794] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:12 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x20c002, 0xc) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x8, 0x5, 0x86, 0xff, 0x100000000, 0x2, 0x3e, 0x80, 0x1f7, 0x40, 0x28, 0xce33, 0x7ff, 0x38, 0x2, 0x7, 0x6, 0x6}, [{0x3, 0x5, 0xc6d, 0x22, 0x3, 0xe153da4, 0x6, 0x9a7f}], "4609298e2a13145234164cc4e41db8e246f7989a2cbc70ad7b7fe2794c41f13ac3222b0dcca51f5dbfb0e3ea38686c9cab27b5557f9c6c621320be9b43309692845e861b872b90a72d7e25b4e605fd9fb2f6a29563db5a4349053f3429aede11d408ee8106c5f5e91b2c25392300fb7597fece056ddb7b3ebd1c3364daf8145b85f4022886c37f8473bf068dc84a19ef2217bbb3417b01402d0abe05a8c93ad85e559c899871b37ad4499f8d8d18cea8cd8d308cca480cc10698bc614d6b10206863139e8eeffa2f91b7683f0ec76064c5092cc26cbc72530236b924c75d4c0067a37136569204adba9ab3d375e49f2652a3585cf2b6aa3f1c6d8ff62044ccafcd5c3d6bfdf2dafc9972f1a9dff5a79825ca31536b8053921d158e3fc10006b95d54f27bb1b5a0858c0329129fd065375b9a23415cdc5311ec045752d0a8ed8e4e213b77673aa69ad731de4d778a71dd5575f29e7073e57f7d29c2b06b8768e4da66724c2a08b29b0b610e96c4bfda4fb4764f8e819af8be10957c936842fa84f9daa74965f71155bb1943a746783f90078e0c2595755ac850b3c23586f91e213a06a780d0c6ba19256cfd276dda677fa93f72e805f77ae54ab27fd895650d0de8e964458d31b3d55d08e9838e21bbd3a8086176509cdf477f7b91878914116b3503596f95e3cdfd444f2179ad422ed24b36780fa096f8e77bffb27e02e2918dc8b2fa0e2731ff05f8f05b790f4a9df7398c9e369a7a9d23e255897426b7ffba4e1ad13ec91625ee7c1986c31c24dd4628307f8008066fcdaa4b752990236a99884c43c6ca21b81e022f0066147a2f5498e0ae4c7e9252752bf40dc4fda4a2b7e67f031db284c51996caeda6ce2369afdc73009e099bb52e1aeddb5bd7b5f99d71e0831c33a0f8b76ff480b5fcd5dea6abae2f26e5d259257579b486d7dc0bc3ee8ea99351251c87467567a83a8499d118dc9b0b5c2a0a041e65a126d64cec3b8798c078aefbe096126feba2d890dba50bb7efd121086f71f2906cc47ca37d41c7aa31e739cf205307850859d1a2033482f0b79aea9723fa070355ca42e71b8c27e8bf10815411cc311a8c3f96d08a5e1bf83ec55734f2069db452a8e5206a065a4d2a2d2694a92edb4b94973b861bc4c37adc3dfb3c692724363e4e21692544e99966d6130db329685d1feb0d2f49bc3ce1a8367c7461d48b912620abe029fcb1d54cab3e588fece81d9decb9a43cc88217d36f9d0617e32f240aafa7d4ddc703ceeeb254aa20413244007b2b3dec55389521dff887b1e4bbc746505de9632dc7e62596608c6c305654c62b1049b96038e12d190636a59ab10826d330a36874388a29c5130ec615662dfc65e6b09ba0b2d7264113a6b9f12b8f0354e5d314d47fb20155c8335d2b8a3538b33cbb3384cfd3d0c65c94977006c9bb8e53f0c43e3a2a718761a5b14966042bc2a5aa67c4cb99d1c507fb395b7fb0f321a5a4dd72487f3ecbf60b0a500e8637e0caa0f3130fbbc37bc905dc28a96cd21dac4df151c81dea7220c83aad7745b0eb904f3b717b61a9076c0bf42f291adc21cd9ebd116f36efd0677c7959c5e60b366b49d76388500ce625db7c72417291c3a4b95e8ae353569d85c2f493fcb6e827d4841a05f7834ef6b9c478cb8da86d909e95d675a17b5ceb01b1a5b314bb2d5aca8c3dfc0e7632a329b30298246318c3cfb300a0e03bfee09ecc503b659faef4f6995244e838293360c83ce0034188d41bdf4e0d8035f35ae10b5e29e5ac44ff29c47ac082afd9e7272259d3a43ebb0f90487e2213786721eb791cdde66e72f612ecc2dd1bd535ceb16ca9cfaf072b010e91e5ef5c8c1280c0e8924bcb6b52cbb28049e92a375160d4667cfce07b4ab38347e2bbbd40a3fd4ae958e3aeb2c5a4c0b08174417fb8d50a44c241b1cc10f3d3abdc63593b722b5b7dd8264ab65972f157fdd80aadfb47045982160d178ff056d64f32b0b37d327bcf0a57bdd509cd4ac07d2205c09151daefea18ca3b040990f9c9049f5d5962046deee029ac937bc0e75213564ab1d95f628631453adcd93bf489efd15a2271fcb99feab6c250d2680c7c83b8b3ab9ce6b6b07f5f6f4f56c9d4615612d6eb7edd810a6e2504bcb412073586a2a215ece193f01af02cfca2e98df142a7a8453a739452b0276b6acc5949a9b70340926e579013cde60c41a2997b61fa67459b49dc77820ffdab6d11b2aa3297c683ce26277ad9bddacebf389fc754c99c2b8c199331910631192e876fb7ccb18f8e070091e15a5fac6940199585eebc9fb3061a7abb8d2946dc8fb59d3b70a7fd2b00792794d957d63dd8ff16cfca46574978f2520eaa909d44f75a904ae95fee742e463757f7b4c490f2b51b3c11463fef32b219149c615e7a269559cb6a44664965c66df99c18fa05ce601a7df9c24a461a1955d9bb4b17507148221258123fde41474d792be05c4786f58bc6975fd70e50305eda4aad36489623dae4d958da61cda443564d971692945a4ae87dd702ff8e169d874705d61e87c72f2789ffb8da4c6fee752d77143f2f3a8059ea89f20221303aa7cb786d9501383cecc049339178fc1119588550867f88f100b7b2cdbaddb03285a3bf691fcee9fc1988d7787612b43cec043645ed29bed0edd9e02af6aff279aebf40cd1f60530657620a92d581b886248b3c3071dd9e46822bcd340fabc061b9e0a4c329088b7f60b8f47ea8a94c58cf0b8a0be8f87ba27306a79f91727930903aa5668a34b3659db052c5f7c53cf6dc554d2d6e6dfa41352ec47fd874c044461fe6ce5477c0b71756036f458d1f72d7f0c862a740c81f724509c6bc10bc1657d1e9b56615d0b509e89c1f68602a1f48f214e83b52271ca4e879b633c4d21131367644a90e55429dfcd321b3d8ee7924b88c40b2f8c2bcb8165b5ada4b48298d5fe33a65129747fcdda23c9e9e07e7eb272be8bcebca0c9e43d3201e0f567e1b887e890d3a919026875a55e2a6bf43229f94eb66c2b877ed5b2f7fbeb185488e9d2ca2afba820879a5dd21bd6507838d7ba54d0fc1f9cf6751ca502e1e5e30083388e89e838f48781af1500236d23a3b77ba738361a852d42a551f0ac23c7eead53ca43a7067336f259636a692035b8befe70fa7a3c93854595006cc113ff883059c2abc240a35b1dd2cf080529b541d9df524a6548e8f815eae4ce838e02d1d688e0d5a02d11308d1337df40248130e0c9579a81c300cc64f288c521a7a3ebca9518e0fd0abf387e84ec21bfa31cbae49317b120a28d33b5f46193ccc2dc7346fd0dcb1fb1ad514cb55399b2298c2556ebc2ac05a9d5dde5bb4b18dcefce131985d747fdfc6aee6f61d34eec352adcbb39f101e68857a0dfd895ae3f944468a2875b3722df1df00ed1309cb2e9ffb7606b16cd1ea3bdcf30398df42ee9fae4e06e83b4e47fee68fb1845bc92a3077898e840f67267490002be8ac2eb36858ddfae1da426c5dc1daaba3cb32bffe2983211b2acdf940550c4f508de5990cb11bccbd066ffba9219a5feb258784976483c0360d075a6b8d607e113b9c40b45534c2611e2d31d3ef4876dc56f53591af38a8747606d6a44419b071c5ef6e33d84eb4731fad5b82cdbd19141f518f1056940ad7c0fb0911e0224c682736db3e77ea951886f2d2c140293ece8ca75b3f05b7fdd2781c791a8d1b1d9111495839f0933e242240900fa6467a7b1c11b7ee45d4458099c6a6fc6a975fad51f8c0d484e441f8491f74aa2276e01f3d32d17268fe176828ab35e9aaf55b47ee5514572c5a5940167e693137b9953f367d49d58bd67aefa52618539c2a62d2a36b20a94bff07189249f9b79b185b81ca53edf78bf872e6479cfae44b1c0a2b617cb7088dc6afc4cbe54f01bafbe9700df2ec1c992dc119cdc869cb117264af1944e6b5a0970ca8d49197a3e4a752cf14726f7befccef36e480d584a8199d96e71932b37c85754caee76e091369afe61858f3c9bec835c31bc37794d6270d1fe1319187945b303494e4063fc3bd4e3ce979d2305b15dfb9beda8162439ed88bb6c488895c6e450a2c7aed8d235e4e9b8614926b47fc29b7cc3e709cd5f56e07cd378bf6abef25d38f6971998353e621c84b2a8b83ce15bc0b534747e581bdfa5b0a6099a7d7cff31924c60bfe754a95e310edd7ac9a178400701bc70f936d47cd047a2a062334ee6e84ecc739934797c066becd75ff9f1837face74c498a2b564c4973382b36e2559758ed9e4393013f78f1bb37e93781c95b5202bf4bd93c8b3fc929b6b9f16fc6714c7505ac3f7c07844745d3e2e1c1b10fb0527a30f8ffffdc7dac759eaadca7951de965f54bd69c8a6185c379da0a019a728c41663b93dccb164a5e48a863b33176d982e361333a766c9f50a55913e3cef4f939f41cf8ad9292e28651e76fee6f0ae71abba7b2e81ec5537c204e2bc11021e32a7d4cf148bf4486bb9fb70496528c03e59ef0a8e595c48e18bb5c7e5cf997b52bbd0bc0d58a489a27618e69cafde158871245049a2b64a6650a4a9470f933e53261b065cdf3b49dd6aebbe39c4907fc10d8a0f8a5885f3bfff4ca4cdb41580575e99409990813b42b1b6f8e837aba4f1eba5b7e0e73636ff32991b96d18e5f38cf40801e680ce7480ed8d48e9affe758e48afdc946fcd11d72e58fbb228068637abd959b2b98edc05d4546ae650ab2a03ffe915a52eabf65bfcbd1f566733529b3697f1ee680afa523e7616b8668a9e2bfffd4c72fb9cefdd3a5a453039ce27e0b93e52c778e1b698d16fe65cfd392333af210e3fc48a51ef455545b7ebb75568b49506248b3a0d1bd385191a37f0c329b57bae76c7ebe0634eebe8b0cdcbd9765670febbfeae4dd3dbcea5bc9d5d83e100a0da5872bd4e5b855d1a4773140582749af070d2a40a7d496afd6c1fd2162b175b78d7171a790da94a28b78352d55b67c92dcc1e47c9eaf241f343626af04aa44bb09e4ba0dbf10c773033b7ef28a72a8a013ea48cfddd7018c35bb979a5dae1ad6642e56e394e2255cd4feb6c6f6eb52d1cacec027d840a6d3fe400f47a2f7c1545602e96662bffc5d7da8337f7639e2b4f51fe91d41192df12a6bf44d1962e37d77ae02332d399b03f721a6949ea052c887c4c155399de9a20b68caec3d4203535e71eceb5998a9320f61d5fb3643caf10eabd610fe08a21fcdac5d51d4aa48b218096010d76f5dd86a39cb43229555948799d024a391ba2af1a27975eccd789ab75189e0ee32cefa274a1968777fdf94e6cfb5543a032f54b79525a2eb13a27830f3636202acb753c0d9e02fc83681894281b9dc618c4add07b438738745c10aeb390ac607547609efcdb2796bd4665114ad6e5d83d7f66323e1500764aec2f142ca35ae208281499cc9f9eac079b576b5a078344e7fa15e20657e77d481fadc2a4fc1802624e4738813c067a53b375be4d73d2b1719b8e594294d256a1bf1c29c2b55e950da34c4c2b9ca2d1c5ae302e683954a41050d2a9ef708fe79289d1c0e8396dec71e2ca5c58cd02e66fad79e7ef75fac499fdf58971a13763b35d42543f86a3cd0c9d9978641e187053d2a669898b80533bed1c95ed3e3ae0222691dc34067cef748350e2e8e85f8817fb3a512456cf26d053134c9fadd4ca36a90c3902e74d3488f588ad3730a7c2d356304c0e493351f3bfd49f73fe512cb1ff169f6c140c010504bd6e9e471d0d8ee54accad51de703c33ed1d3c4a5f08975e20bd940825315d9a99bda5522a92eae5ecaff", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x1978) r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) fsync(r3) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:12 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:12 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:12 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) getresgid(&(0x7f00000006c0), &(0x7f0000000700)=0x0, &(0x7f0000000740)) r3 = syz_mount_image$msdos(&(0x7f0000000780), &(0x7f00000007c0)='./file0\x00', 0x0, 0x3, &(0x7f0000001900)=[{&(0x7f0000000800)="ebd99e9ddbc36c017260c71bbed91123f4b6fe54c1111cc4189c2026367cc608a96fc33f0604a9cce4294321390b4e8a42a9f4a304f9fdc55aafe8380af61bb9a40d4ef6df5c50ee47a282f115072eaaaf7d4b5e85bc500b09a58c440781ba0818abf268b05fac09a7b0aec19305086ae89d38e32bb7f7b72eb9cd72a5f75a84212a84fac229ae5ba36ec4d6965605a2a96b7168d40e4c2d24e0103b9af3510100f77d3f40fe6c45d7", 0xa9, 0x4}, {&(0x7f00000008c0)="2cff0221dbe96da0", 0x8, 0x1}, {&(0x7f0000000900)="7bc977b7e2880e4f565e70b427784475efb3fbd69b446ff859994320470e0b2e7d3cb5e1e956e0471c556419f92eeb1b9ace6d1b060d8becf1a9c219888fa07a3c8ed2d7bf253f8dfbd8996b9b3c891bde4f244f4b939706607086bd6f6b3bdcea7a94cb71d6ad2e78f39e6ea64359bb143c37f5a653726eb75fb6b4619d453f39822623a9d150c3aba2b7616b2fc374c18a9d1870906118cfe697f1f447a81e926c34f18e92a18e1e207f0043d380c05d9a514730560cfdcf9ca9b6f1c4e89b5d9849b6abf319a394986c8568c121c168f1bd9bae96a3688eb344a3a89c36e43cfe3c6d472dfafa2f0625201b65d8e676e6c232a6e3e4d296deaaa4a03513ef3199cb096cae7608e55b05abedb665379ccc2e0ee57e08758ff7c0fdb61be61c7d5679e9996547455dabaa22e67add857cb35290bbf3ccb197ea509b60b774752ead6c1f9fc485534b834d50e18989469c2bd807134d1de2c2d895727d18c34fd5134627a6e5a70fbfeabe5daf97a991cd3ab8411ff7c99cf28ebee819662cf68f98398bf773ea6fd6a36f63c9b707d3591054c1e8dcfc6361ae550314c3f56c5f9a283bf433fc638a2fadb3afcd59cb12496b89b39fae65a7ba40a537bf998969cc5e904d35ffd8e2f9dfcbeffd1373dd068dedbaa4f1defe4381a4905edddb667640b37a0be792af313636b9b0cbe094ba4a9af3037e0603d59269289d1fe1ff22d92be3058fee79478c6c38a63d7dd7cfd1af3524a62e379e297851e411e959c75029d00f2d6419febb97930c2088c5e8c7e2bea8b2746a3dbce5bddaccde85733091d0ba5f12899e7f6271361d7da22eaf8dfb8932250dc1e0daf37c56050f14e3ba8f229c7340338dbcebc28db203d1e9e26c15dd01a9030b056cbbc527ce821ca197003ee6f256a8b8170582c7c4fcb44099835fdb1998bdf8f2693244612be714e7286af73bfb19f1409ddfd4bc84ea74cf8c395dd311ed1c1eeaa94346a715dd5f60cd26584629e7e9907baec6a1c104e4c0a3b73899ad4169343d4df5042a37bf0b689c81b5a5edd453d29e65048fb044dc23b67947222a7e62ce5d4dc9acd82c94919d2682d5d63da95d7c7b506a0982ef035f8a23fd7e3020419b1621857ca24ec83ac7a423923973a67adb1762ffc07477bb175da26433c9f15d8701550e10b8a2e27a8f5ed84a95c142c548a6d674b58df6f03342209784254f166d381c3b72921781136dce9158b4f2d13e22c83998982c6b013043d8d1de0b087cbb8348b35b3bad5325f180494042da2012d79564b1d6d042f2086f8b7ab074301b54041ed7aa5f67e89e827cafce6f3933fb61040a2dd0d06d960903edb5e703ac9059779cf947926e9cb4c87c777dfee835d429fdc0b5172e434e15860a46002db977ce2f795ba8fc77f97107965d4ac51213bb6eca4ad6b9b9b1cac032398e4083e3413faee626fad2f7d72ee1a7b9525f78dbfa395867280c96d732c749dae1b73e82c8e5586aefed7c44941fa1a30e3f21932dc67e4848b4f1174e0cf11bcbdc0ba80727ed4d945b14feaa8518d19c48128ebfa5b70df987756a77c0659f738adc04a3073e7da07ac7d501fd1ee71d6d40e1a0cab5aa8bbfb3a3420db92268f3d866fcb12a2698c350f85aa4f3d05e792bfb28c5786939e3cc4c28c6b60bb2e392f5763a7450a4633f8d081cde23be16dd3644e46c4041db1ad881bfe252f3c31dfd784b605e8c585997b6f086d1e518a6377845fc5398db5779ef4afa99a07f35120fef165dcf4648d0dc4a06fb40c63dd6aa491118a0efe02bb568c1455eac3a7eb3a9c563c7f957909f7cb623030f101d9e13bfd44319bda11a7488bc96b2c04502537f824e119c1185f8690adec577e239007e06ac5821b9918923ccdbce4a8930ae7b24351d08c4b6b41180cb0fb92f5f806e107812bee35cf84fc4a9c8dda42be5288de33730d3e7f311cfa8f57adf642e2b3cfcd09b0870171ea364bfbb081c676ed93dc532591d1d251b2229684f22130fcd8bcb8c4156e1a549df6e32cedda255d74183788d8fed0e5ce1279820ec676eb7713ce865dc1e8a163ffa89704dc5f8da0ed234ceca53fe041b2d5bb52ae34c90a2642937a2bf6d41542ecb027225992245182498bcca6b0c7135e4e7e8e03208663fd1c380517b224f44e4148109b0fab7226b90f925a2f540bfb145ab847933fad0fd4446867f63b45d86ac17e6a52e71f7e13a18987271f16adcbd05b86baec59d27231cccf896c45594a75c95a87b7da6c9284fefd3e9deee8ab9537a8534dee6e8c8f6ef425104ae50f8dd46a668e370e9ecc503b1a12421a4d7dd834d5099790e639b30cdf287e77742c5bd991a2979152f2712bb2ce38653e9cf9bb0b78e2edd81660e38f0f82dd16f760f61a328a0ca37c76eb24292f1fdf17395b04f5fb6eef04ef48d82e7be2b3b272ae50e323811e962fa06a78380dc293a03708399c17576dc847566f8f3935766550ae553f25d84db9590ccbb8029f3c8eb8fd20511654c5e72d51df0042b5a225d31d66ca5cddadf5f7439392c7b29f9ee4af2d5d1faed50dc7896b85ebd29910be2068b5368b435cc58657b5b94fef214393d09c971d185123212f1277cecac1c163bf40e6d046e22c7385d012c3ef16eae496a5ed17f9111343296196d3d6219de4d2e35778745ad13456014ccee0b9d1aea81a01104604ec04754e467a72a5c069c62368b935b043babb8ffcab14344c346734b32a7b94ade96fb2e0f83984ac0e6d496f29335778f03ffb15c31efe51fdab5e683272f16325c0b6f9529d79c2294868f89d5e35fc43578619e906a5267e1dfce408201809e6b673f88f991a8ddad48cc1b9394019f98906043b56b762295b1e034b36581de6f3aed4e06961ec3d0567e9ef43a6dcfb744882417c19114a212540aa9f86a75b434c29cc9eef1c858c50aa0c5414ee194c31314e70ddd9b846bb58b0a73a20eac93475d07248c377e562e612d9bf01fa348d50e65ccdf257c7ac5d1ed55e945167d4116ae48a268656bd6efcba5340675f1475f18c1db4cd91e2c79bd0dc510c8a2e6c1e3d5b1cb8ce163da2a9cd3bfb1b130a16d5f950bcb398959a75f549bff014ca62647ebbf41ec3d7382968c34bd8585e763fe1d7f9ecdbc5ee98378c893b250a93a77964d024a9fd3482be0b8567eaf4772ad24ecbb0e94f32505b0524b1df0a3634d036d905bf5fd6894bdad82f1ba295894425f6bdc254d81a2ccf297c562cfbac5cd194a357c18fc2118c4716038dec29c466d2287456eece9c7efb67570c44b42a69f47db243e6da4ff11f93410ecd7cc5f74611a3a807d49b7b5d988566b7b3c17c3ef77c839679f036ec92dbd3a26f3b35e3d8fbb7abf9f710d10a8732f30c3feb59122479fb14dca237e43f96a0f9c92943e3766c43fa81dcabed3af71f024a3e2d82d86e0ae8a662b8c2337e5b3f70eefd55552345f3dcee6b0d82e1d4e8a75d1ffdaa68ec8ca278df8012e8b9895f53529a0bebd0593cabfcad7f2c24a7ddc6baed34444a49697be29a87f3fb5d79280cfa35ba33396eb280d3ae65671cfb3c04ff299284e29415c0b4ae7a1e6a71149e0db8d9cb7b37353a8b0013ec1a355283401ceb983f931d0f1492293bf9fe4a7cf31b9a347125475cfe0f561b55ebedbf3b2111a514cadfd681713002f9ea9887f151ba640ed436b7839bd097d7fa90dbd2d35ce147ee94f453acb0cd6f15fad74d0ab7c9fe97e72a9b77bc4d144b684b5bb2eb0b52d6e285298cc8af1c1d8a0c8e62df1981cc27e5840e0c2590164eb5949d82b058e89b18dd2e7977ecec0284d8eb89053519813bfd3813e0a3f2f8c4503b67fd0505c722e85e793ea2daff24bc5ac94e3b20f3d0a3a18dcd33afd5ba0009089623a9a3fb011360b8426c9b589da4d025269a75f601069631467a31e61327e863f07569cd93edc54b607da7ffad94c4188a3c5405d57f10de9d26653351e4f0f3243e730d92d98653cdf23f3f5f160b83cfcc2c58342f25c0b56ede7f16e0402ce28cbaaf37f27670eda4b7ae988a53620029ff91a58bb774e320c3ae37513843bfd9bc55d3362159ebfdf14eae37bb770e1718115a70a85d1a40aa9e3f0e8a79eb7adefd2e1953e6018b1d80bfa2a1b9a7c1c259ec35d18cd98611f7bed259a96982dbcb3682db78eb976c60594c95575bc436339e43d62d49691b09f16c7203057c062407c0ea732bd9e6c1c017e761f415e6c1aa1b51757e8e3411593655ee1aed58e8004a5277865cf3c9306c4cf327f045913608326302708a2e30fbafc8cb894338298f51d5a22567973b467dec30eed0675085b2bde2cd8da59a067140caf30bd428be389a2df0790f3f4db55a3fd02b108ccf0e2e2184ad1c73935044ed4baeb6d0281a8349dd6bc8b4d123898b950d8e5dad69937c19b9a6c83b0f460615eaa4301f9a21e5f7ced157111ca37ae5144765e7124b8f3e81416b89cffb1a2b263ca373bc925b54bdadb9c932fbaf22c7cd0c8434b9c1ef3a58b1d157c684879853cb2c38cb77621e13497946588d904a6f67072aa3738c733f33b63ded45e0c899d05f01453334405804a936709aeca6919bc40dfebe84254274bb133a38e6ab005e62ca7d92f89ac274385fe7aa42c2ecf61c6ff29dd5029856b32ca5dbb31922cfaf802f4f04f56309ca00e4e25cb530603d7ff5c8aaf9c7d2934372e20801b8c5c9b45588d1f249f05354bc61cec3bf85a68b7c4a03aa891837d3d8f3e3db3c33ed77408acced4ac143b876ef6331bfbd765960fd8bb38ef09d3523fef562a16c22e8ca111409574b9c4389725a2bc01340fe27585b3b20b6581440e1edf2a720ec4ad04dbe7dd067671d9fb736735a5bd94461f129d3d49e09e6258859d20fcf8305125e799dd2e3053367f074194ddf82a12bfc3b00556481bcf62249e61da5986106a174db1176ff3d4c045df2131a78bc1b85edd27f568f2311eb79e9d4baffaa0f89dc14d4f52664cafc0b3097363fff93f3a4e04994dde1b97a861e096fc1855b89fa356be4fc1a786a11e6b76695dcc9885a0ef6cf8bcd0660e880bd014ab09bdfbf6cc9dfba053798c8d9bbd4274f22e3ccf34b8056417f99caa6d3f9d82e11c94ddceaf5553afbd939850144664079c114eb2e46711c8400329b5b3f1f4c0b966522fed56e897602cf5cc3272ed0cb87aeb9a36dbcdd1e8c7e3e448e5beb2c17c16a7a6e7bb244211d0e7f662f1a6c64fadae173c7bbfadb55ed5382765c9e4f6cf298b5b19371ca95e83fad2916713c0820660df24b498ddb18595d69a48723cb1c6766813537eb46814c04b7d3f03522c636ab36ea47672a8a9586c71b0770438b9c48998ac234b336f658efa96bfeb434c6b65cfce942945f0bc37f0b670601c839c2db266f59b4f575008a7508e7fd29791212e9505922abc70667db100dd8b2039ff5fc67f3077a1c810f497f2ff4f1e174f2e43e1e43d9282e9e94e22b7e8f6783e03debb26ca7acf069cabbe6dbd633ae11fb16bee26c44b0c4859f8ec677e4e84755fee0b5730b98bf1514a6902cf59218e16b7e1488229ceb8469ad89e8ba06c2794edd402db3fb09c8353fc25a72b24244a6380c59326ced7f952952359c352c4e9b5e0d05aac9dbd75a1a02fbe335fad592673d47545285e33795456f6bf2518bcd93a9ab3baa5b90fce25eebc2bf7ad21725ededa2384f9821beb3032dadb8d6917dea74d66edb390c21541819963ecf032c16b2f6795e0207e59c8717dbe9b4ed6d6bd", 0x1000, 0xea3}], 0x800800, &(0x7f0000001980)={[{@nodots}, {@nodots}, {@fat=@sys_immutable}, {@fat=@sys_immutable}, {@nodots}, {@nodots}, {@fat=@check_normal}, {@nodots}, {@fat=@check_strict}], [{@obj_role={'obj_role', 0x3d, 'cpuset\x00'}}, {@appraise}]}) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r4, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r5, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r7) getresuid(&(0x7f0000003dc0), &(0x7f0000003e00), &(0x7f0000003e40)=0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003ec0)=[{&(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f00000004c0)=[{&(0x7f00000001c0)="c2b442c77690ca25860da575350865d38614eef6f9e42dcfd2a744204d", 0x1d}, {&(0x7f0000000200)="411127706630c1855a33952bfb11db3c", 0x10}, {&(0x7f0000000340)="09541135d1630aa2e64a832a4d7cbe2bbb2d1e3286a94729652562ce06b6c7179e8fa7c3a3ecf0822966af29f217cae914d3ca812356c89853d1c15eba3bd66aa031f969ed41a1a441195f44218a95f9361a063fe6c391aba88cc228669f022de4415ab131999709ba891f5aac5a2d78e38a24d2", 0x74}, {&(0x7f00000003c0)="ec897a5ad0c5fb68e8efd7c418a63976adf5bc42f36f135ca84f7c03d8579f157381eb1c5b2e86d2851d223f4e338e86e2146b690e93d18a1e7c0b34eaf7e379b52e4ccaaddc5db283f7b87da5d0f90b219a82bb7ef74f4e7155931663c2847442341bd2ce14765ab68f783fa291389b3eee5b9e2393020543035495542e6118730feeec9de03dcc9b4f7cca0e6d9b702a9ce13ee057a134e3c6a08e375b9302d5c526ebe2d801400b293ef224e5c23b29a3a4d32a99d29d0b233d18cb909e0a6a8d9b1e77bb4b359029c29cd05065962d9c806740a0628c01f36dd70766c5eec3c903d6645210dfc633ce794d3515dbd90a76d050cefa3747be458913129e", 0xff}], 0x4, &(0x7f0000001a00)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r2}}}, @rights={{0x2c, 0x1, 0x1, [r1, r1, r3, r1, r1, r1, r4]}}, @rights={{0x20, 0x1, 0x1, [r1, r1, r1, r5]}}, @cred={{0x1c, 0x1, 0x2, {r0, r7}}}], 0xb0}, {&(0x7f0000001ac0)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000003d40)=[{&(0x7f0000001b40)="dc3816cde84d5d5fb98af25b98166437a4e48ada3bfae428d4e5de40314e633151c6f6334fa2d0e5fd9f410a45ccc907854bda7d08c8bb627d4acdf0bda8d9d57746b43d9b6cd83ac0e02353ada4d9582726554af5", 0x55}, {&(0x7f0000001bc0)="b3935b3036f9e504cf121511a11f8764f961b6728b1f7b1b298ab6414a355d2eedf62886541da7d3aadf99fa78a2b05bff0b", 0x32}, {&(0x7f0000001c00)="1256088de6346d0e96eee0950221e39942c8877ccb98569625d1a123248c7419422f4d47125bb2526b00f96b8a637ed18adee1dd5abd06a006e1e0549d98b1d9777a95455eb6a78931c51fefce8118c1a6023074243ec3bce35a1a78a0810773040187cee61b2e60d44e22e2835a0dfa4ded2aa8fb0fe426a310f5772cccaac2a0891fa56fdcc7aad7dffd5c67ea68e025bc637bc340f2b813ef6274ad956faa0b1ba83fbb05a49bc01d05dd98691e4c22c88ec2ccf2e330207fe13fc321df9773cbdcead204f694872eab2d5d9a1dee27ca93bb62fb68c9b390687c041d96c12a9c717bc1d6a54455d930d5534b03a875190a2cc7d2c99684601e5cac12eeceaf0a472df3132f53b38bc19127da283202ea50fc286ccdd6cd9a8e2903d87c7c9863c0d2c1b3d7ed20a0e2425eaeb94d2fd2b9d70121f600e019e544d63958e7af0536c66a542be64f09919f08a3d2f6969886fbb585cbef305a06d8beddd46c417a838eb2f86cbf0a76fdf2eaf934d291b724d452874b5df5d671f9448c62b219d954769af471757cf67c6be142c1d90ceeae82b6fa7f1a6b9d0809094af7bb75e8b27d1991eec1f36949dd1ae76672fb05edc3c987ef8f71a5f304fe337d3d331aba84af577a4b61b8ee043ae9ded8efc9a81400a0ed44f2e7e8351fb93333525f6e78453c3662addb654e5b444fe5255bee3871f52648143bd7cf175d91d0727d9f560744da9152e7de692a9dd097a885828de231af9c2bed4ca2b47b88cd0c5b11775272612de3004e2185340e76619d32d3e7d255f675849943f8d03ad8c84bfc448e436c2b5e0e07dc6c5d8e768f82b0156064cdce96ab099d9ecb37e44c9e256d30239462dd11ef09faa1771635c8f64e26098f9190ac99217f5e127702deff372f04d9b75def42fb5cc25eed90fbb7ae34a09478575d4b1a04921c3953a2340c395e84b0df8a8cd68a210c9dbea55cd6bbdc4ed11c0de1e95f215a6b7382d4d3def7e8c3dd9488775e0b2ecb2b5dc3b693937d1e5c57301ad1e4ac7f610e6e17f1c84bc423f0434f20879a58f0b5db32b938f449520f5013e4cbef5a01ce9baa3d1590e6661918703935a9b398013f6b48eb75fb103327a18a0a344363846f5592d8c537cbd71aaa3cd269af97a0177372ba3b14be4b7d523f1bf53812d318f3a98d16abd0a559ec8ffb79aff2d378c31657d9f18c7c6bb3ef5b2c3d81d7b0a4298fb88059583c3077c7fe39ce9d9b4ed9fef962fd6b3bf2e2761d107af69ab702fef6af3273eef8d039ac4249bbb600592605bad043341935b4aa0df2c6c121036087e481e9fd54bdd788b2d1da9eea92054db40ae6634ab45f8e4e1841330fce289c58481900cce394f4ec239857265a2954de9a4e8dcd04c1bd47a57fd45eaa0509fa14d8c3115d92bdb96e0f91241170e2b6612bf94d9a17430f41a233f4c3a8f9e8b29ced6afa4b3dea60ee9165322da5018c591e16a3b772dcce5385eec2c336d7b4ff38618b69e2230c0b9970f57f1cb81eb30d3a636f06bb0f06185cb0a81de8ef2399d8968e011b94010c8ae8d0d52be6a775704a20ccec2c912a8008f1e82cd86ae59551bff3d4c2036492d5d92ce36da5fbf0abff940b95e014edc03a2bdc624b8dc027f0ec7fadacc9828a57f56c34cbb6e7c90a11748e45ff4443c65163c9d81fa176c32b3a90a3dc2186d02e1e8f8a869c20f4bcd551f747ce0d27672ac6faf05dec2b76c4170e8f5a185eba2c05e13b802af60bf6cb22d0872b34e1b2cedd4aea9062ae4e425c2e08ff3f7d61575ff2c8a479cc115ca21cca839620c241ee02846fa7b501b59d78efd1127915f594864d8b54b6b16d34c26f5c1af1839515d17d22d2829d3a920919823fe1922fe41a094637e843327b238a38404340a862032dc2fdc8f671eb38d195a5f270f840367ea385e802e92fac4aa078b73b45ff17aea6f3d465ed6cfc726b7eedf95fff0c70a0850257593259f66b9b10f7bb885037c315af2babac5486a8fb4fe927df9dccdc1c29ff53c6a07310a102c5118eb846e342b904470609159c1db7dee0348c0efda300ac11414706b13e508877cbbafe631f2e8b72ec4520cc0689659601edd2d4093cf0bab2c691580f0eec9ff4d90bb9d63855b181232aad31eeb2f502f6809f3b70a115047e31698623fe4a55b3b09f2d2c9debfa8cafd0d14a2ba8a539b6e3fdf5cd42e8ad47176e6ac22ff66069e17f41d949c55b1d99b1f98bd223e2d53ee019281d0ef0b41f8c39f56bf2f6779c04f05653c4a035fb1bf7a56ca1af9e45050d0999a4dffc798e8da40de5aa31c9e07048f17b94de77457a44956315bb6518d0a2b8735abf36a156a1f9986097d983a90f62f2a34f7688532eabc8c2b3a6c9d1bf31c409042fc6e43f0dc1b8345bdd38bd015f518843e5cce86c86ff0366af2fe6957186120785498f48c5caddcdf177c3b076d41ddfde22be2e72bc66fef72ac36b86d9065bf7e2ebb023c114c3c189ea9d833450e94d7b43b856dba316ca4bc79bb1c666f0ff94b78a15a36d43ca750044f226050197a5b288d0f1d4a55b027d9533c999d637fb1125990325e25ac20cdcd243c5a6d29a70a36b768b5fec750cfc1a4c87517a63c7681c0e7337ed2e5c844b17eff39ced91555dba9af068164cf9708f23cb1cdd39936e261e46fb07c2a71193b10ef3a48239933236857f92de7db4ebf1f968c8105966e1378de8b60a34c18dddff1734858513a1a7cfc1c7dc8a857ddc90b9c8fb91aff585b16fbf42aa6a969ea92136dc7f443f5cba43e022edada9f101fa2111e88435a5f73a141d5292e4f291f47fa98e54366a62d048d0f5096d3fb8f0d6dd477ea97f7bad23d670bf0d8202abe10acb4ef09e31edc1dcb03df644f2eb138cd1719dbee5d0cf92cea4c76384a7dd74ec1624a110447686428cf8d844521f1c7e43ce54f3d3e6746adb5495a0609c9212136bd72f1e4a7cbfa3649bd4b4be3a647d772f629841278e1f44f9b9402d59ca5f9cadaea88e4461037c8076179b37e6090e59c71d06014785205ff4164885dfcd250a1c3cc94aab5459ab1f79b5d47999fd14b5c659dba3d9d184a3f2f49b343c3c1f17a710d3192475ac6a390d9f777c8a3dabc0181ba02aba79f7885f359d404d3b8abf7858e78966102d37c543c22a75083d2b8cd29d828c21377c3fb675fd3f9abec7ddcc90ad511a94e7957841efec0fee0ce0aac39958e3c70c1f81a5093250484c6c559b79c43c48e6eaeecc83824c7b69aac23c01c63a2abed48013d174036e15b7640454b7cee8cd36263ab7f3f292880726fd16aad8b666104d8f3baacc4c1e9751fb43e2b08d824c4db6d4272f99b808e700f3f44de950f7779140208dfaad5fdcd8548534f84df8b76f6ecce07823a8d23687087e181bc92408d7ddb3b5ca9a9b35101ff797f0276d1fe2f20764de49a51cee19ff7dbae9593fef255d002bd355f5ef6123ff07ba5db742af740c4603951e3014694857ca63fd32167ba5c10d118b2f4e8695d4c1f3a4c45f943692811f6a7b3b7504d1bafed7f560fa88cf090a868873858aff8c981d5635cd8375d2118e1d8b5032c86c1b8be297bbd1b5e86b304075e99d9008b0319b8ee4bf088f17bf32176e5d7ec36a320ce03d905c8b9870e6f3c8354bd0bc0448766b3d82320af7e94748c26776c57b712156c2da58fd306a5563c88d4457cc38ba267a6ff4071109c6e45b6f8d179ba772581c5a95b925f738e639fdddc9e82eff065ec9402d819fb80adbd5c2e5ce930fdd24eeaaea5f2f604cd037384867d72cd1869b3e047789a6bf57348239818aba2226ae5a0848808aeeb43cf54ed7b71e87f54253617439e81a632c6084bc54ef5d1c9b8a65989bb18a80e48fb06c0b8cde98abc35497ac8e429cdd59a1c0c9ce7bd0ffdc2c73c4275aeebaa63398d50915c1e1aaace3570d16787e9bc0d459764d749349eb3604caf5893f67e4971620437bead08996ebba6c71fcc5a5f17ed619a3386176a1264244a523c28694a7151d681d2e291afd072a44740145ba44e335331a4fc3b74804db3058e0b7b567800f63a3841b96894d1d6fe70fe961fe890372e7c59081d5450ecb465d599b1ef3eec2c71dd1bbeb3162a40d7df09a5d326d1c152e4482396da0d712fbfd9cc285a1652b15a701090717b3e185c78311a478ef1ded3a4859393442a381380ea8ba53da2f965bfc3dce743facb3868ff8441834551e2bb6fa6ee1685ce4cff289346781c46dc1eda119c9a64a0898884abe41a83347f965b6a42533c34b7983b2d1325919a5f91b8dc4a415d814e522bd320a419437a09b457b0d1d32db520383cd83937829671c4b6e124d54a26516ae91c50588fb5cb8e4714f4033ef696950120dac2557ccf2dc9b47165f229a7cf4a29dec7127b4b28e82912ad10d1f9bef1266aa052cdee1439936a39c746b9a4c2352c54b0fb55c0b72ebad77984085f0e2490b02fe85c29943a38d8fb090657b5b834a4e5f8eb7aeb366ae74ca823911c970f04f1f252dca8230084ed8766ebd18487cbe284612566cd0a4f73851003e381ee8e325ff430e3e95a3cfbb1cdf8001d6ae70e9bb52342307711c759cb58effa2e27483a0ca6e0449b72b41b263026659562bafcdf04deee901de926f6fb41b45dde738bf820b76fc59b5fdcc033dd5f8e1b421ee7aa57c78e10a26ec9c4144274c94f6abda845fdf3a7eb798a7f2e1e91e1eddc103cdd5eef6dd050f70a28d2a71c8dd920847270d2d9ad4af3338cbe30d8852ca9019378a01bc92bb6f850a647f961e0b0cc0a5fb10c591e178123d86faf3f063e3ab3923760b810b81ba8f9f3c95d4a5a01777e4e7731d89bf5b0a86816d799fac05dee8c6501544387a98c3a078787a8bbfd8f8dbb0ba85c71d46fc8b3f13d66d31a5b289e8068edeefcd7ceb01dabecf6074dcb8b3e19a508a41ab06ad74a6d4891d09db0028573bd36ec39ecb41a4a68397c815ef0d10fae7fc1cb710b906d9380fdc5cb228dd74e8a3cc846cd3b0d7f864a2ca87a51681132c0a63cb228018bc3fb89fdbed0b75be91b027780f1d2b4819bb259591b6e4e15a797d6bc0aca64865c73b1f4eaa22dc5a62ae8cdfca631c977c38ff758d5a2ee4355db9c14249ad6d5ad178135862056b25fcb2826d5854be4c6215a2b478a1904bf9b637ba5088cec32eec1894654695d1ff235b0cae51be8678197097ba1380942738f18d8a1166b718d6dd87d9d169b6abd8396b7c474cf448e9ea9239da178435c82d2a090e5102c9e8cf5575d984f001b71ef41a0768494ffd54a0da014293c7fab637c9424b225351f3668b32d34dad0533363f182caa998b908dd29656b912fe59f9535aea453de0724621c357ec6bd635e7d05b69172a3429979b8d30208aadb2e60743c9089903d9a654b93214ee88ca658f5751e2885bf8cd8c76943f20103362524f508bd79b314644e4843ced000c8b1aaa921cf27dd2b1ac8935b08d5e59d0185206985acb6ee5427573c21d9578444dc0a9c70fce45179637fd4dd91ea1fc12d4cd9f5789013ff6bdc9dde0ef62113faf670842e585bf874630b3efdde55eda843fb5647d28e03a473ef15d05cafad5b11e9451ec8611bfa5b5763ffda3c985b3d24db1daa45a18433f971b54d33aebaf0961c85bca4867b2607fe4f11b01a0532bde54d009d65b6aa07e289ca0564e4127329571dab2c295b855ba26a5df3b1d01f2fbaed0c8086b5af7328a78e5b82b52c6f6f7653a6467c0e22c7eada3", 0x1000}, {&(0x7f0000002c00)="f20031c2088669091c21646c8246", 0xe}, {&(0x7f0000002c40)="bc7a9e2930956439c2622f9feead602ce3b0b233a0fb3a330b62b5dae6ea17657be5ab2c2e41003c4da706e5c32986eecf1b5a479a5055ba1d610e30c97cf4d12000e2f0f96e80d68d3f1691018d7949a2fddabad527e725c5e93ccd452c8ff234e83fe62150364749a09b085aa477a328908fa79be2a8de40cfa8497b710078b4da", 0x82}, {&(0x7f0000002d00)="1f7d9baa1f4714a7420cef0c6544e9", 0xf}, {&(0x7f0000002d40)="b129c16afb1d43003463548f1cfca88f384d530e23c2b973374ee0f02f8efd8360a23ffec9525fdaa3f7c568c3eadbffc8b7192a2a67b4f83f0973f8b4842b4c642df3922127871249dce64109a31ff090bf5fb482f30a2e1baec54dda14e858c19a4a73c8ab81be5df055d29d0ac9fcd116d79b36c4919e74d3afe1295c04e3123ef5986fb71b58fab8743e85caf7b44c31655b0834d1305445ed2cccf0852d6c13828ed6412d41b123f9b2f6d4ca70e067cf48167492858dd5f9a636aa2c836e5f58a5a6e8526f01a49bcb67316a670836f84c8e1c96b8678d662e84cba58c2447552bb6b3ecc16a20fa423c30d193363c9a9fc09b820a5a4423c04df883e19b31226495d4500a1cbe527cda211377a4d0cabe7dd0ebe257bd659485dac6867028b0654dd32ac2b51dd39f7776beb1723d889ed84d91143e2020a6a20b28cd5ccd8113ffdb86484a2b9084b75a39a28b61d1bd17d5f9d5c4238041594de2b70ce4939aa032fc6bf677780eb58c75673cb3b54b131bd65f132df92c2d08aa48246eb72ee977ecc434e5ae62a4bf15599d39e3d5d48db80e53a9893c46f024eee6d7aa4a14348797264cab279034b06859eac126a74c4f2042e3e602395fdee69144d3528e93941441087322d7cc0f6546d18ef79453497f53b257ce6b626c9d736aebd2327833fb334c39925dc5cbe2d9cb4e3befe03adb91857a41dc8c868bb0984bcb683c8f532a5b2613b9bc795a6eda47b365224d99ac1a990d520209383c8e0c9704aa5fdd1740fd4bb5d5110dcf11c4b8bff24bcdea45ad7b3b591e9df142e5d11a4a4d0ac9182ca3b5c189c4787c1596ba42e87655b070799be225ebcb4dcccddb5bd62d3819b29d3d01dd1b055ff3b75d59a534bad667a89db210d50a7cb27e9d73f57a57d895bd16090773ff3e98e1959e702bcea8dd62e6d00b798691cb05fc5b9f02ea39ea93e066e1b5ae468b2c3e1e62a345ec99853b798c7202a45d89d2280aac1098b5840c025cb0fd69e00917203108e7f1ea9c7edbaf21a43c6afeafafab4338c7f0dc986317b9ced8c6f30703a8884121780582e3f337f55c5a257d1d22ecfe8b387016a6fc66f380e06240fbc21c2823015cbee63fe8b9c780ee9cb8924e3d48e5003ebc6a116f35da9bb49a63c76b7d6f81165b623555253c7a6babb4b6ede588e9ac0dec55da8ce1a66d9c55a84eecd9799c39a324f59be1aa6a0b4c0434a82c4b9aaf5ac9bb960c4a9dc63d2eeb9dad387704874d43b5c4408a881b5a518e76df1e5c648313931a8bcc2f88349b787e38c93fd76441815298bd1ce7bb575e2c95bd207297db584ee3dbf63164256a7a43e0c31ded9941e12c5e3a8a591abefa4e12b0e0c825b8ef71a4a8881dda0ac4e38cb64a801fb597ca8103e466ee95538e5b93344c5a88113e8b68bdffecc10437cdbd52fe907823da288e9aced4ed490839334b4d22b6830171cd3d65cfe58d72d0f58d8eabc7d26ff5d40f03259b46d928cd4b86b948bf1441e538e50194165163ab59dd7b5a080c13e7969613a410cc47e23e3c01a3612c5ba687463b6826647632999ded26574ae3fcf07f0374009235159312ff3d4f46ccb8a4f91ecdb57e4da3e89757c82e10f4fda3556ee8e9630d8811575e076e8333d65506a0ff09b2393cf955c5f96534d51a39514dc71c34fa53034fe156170ddaa5923d6bc7d8c878e20b3ee5a725293eb123697dd807b844bede224d8cf83f85046f4430816697012286eb44d8378de49a23e0f570c7dbed932a49bfb8962c69f12eb30ecbf8395e670cbbde268d0e9a2b6aa739d654e49eae7200441ca561f98b32e0bb6e728581c6a54ef17f40552a7c7a4efd856999742ca68bf78cd0e98f27ddf7f50f38c4b4d8eef0c223476ec3ed2870acf271afb47a6428b5414e0f10bc70d8b88caa93af3a1a33985cc8de497d9285d274d93c0b72988c1dce889745a51919a305d1bf7875fd4dd9802bebff5e07e24103cef43bb7b457cc3263e2ab58c40fd2dd6a00bf70be667d9b82da2fe78c43eb28e8b5bf2692d3e2a79fd2d12bc2873e2640b86d9d78f8eac200821826a9c7e597137277d2abc7d4f1f1c3ef7ce00f072a117fbccc0b22d811cd83c7a15ec1d3a76184f365a5997e5f6303bc6ccebe5874a9911ac4f86bca1150534951ac85113b61b55ad0fee7132c096904cb8f9011b41934a7bb9c0c422648049c83e44c9eb5bd8435628fcb06e0f1e5feb2995458c268f650bfadc5408e5651ed748dcb8d489e9358e8244978d462d2d780ec1431b0293e6c0678f4a1d81c769eab8b45c50195e4c6fa873cea1c5d3aac87e2616b5fe6a93299014453ef3d7e6c55a93eb5e9def98cc4fbb79698946dd0374408775755319f959430b1d53f77c941eed8b4e3a9b2e3fdacc00adec7dd80b62ec8ab118d5fe758c380f939f182cec1aac6fc3fb976ce01af77363908cd3abc1fc8949a1660165f6a03900202e6c093d14ef8f18e1f07ce246a2a4695005a1ca7ffc0dc599ac1edbb6a92e394391df5be1b8674a8a3e41e13d9c2e21e2bf9db8e174de903d997650fe38f3956471b28350d69196c5ef386dee9983b65cd080bc815ce044dbfa7bc4ed4a33e6dd57f21928fc5209e558a7a096c7dd7bbc0431b279b978682fcfb65a3026f06e2fcfd422725ea8594c8edde07bd10463a1501d18c46b4388616aa6c4978bc2a7187b626d5e0e6d5f95bd5d825f8d024d9cca54a4d9e4eedae93d17bb4bedadd07585af8a7f0fae80609ac03bd4a7200e44f333a1aa6645e7659edfd31451cd3bd115b123c003d844e98d180e4e04e82d13728e7da4ecccdfe31ebcc4f89f86224072c419e60cc628e5118cbb63635f3e4ad3e85a3a42c63f24d8fc635a106ac20c5e8e65f9328a99118c053c19d1132b56564e07dfc42c62d15415c16fe9bc2643751a3a274af605c7aab432de3d581fc46c4fb373d377a98292afea9b6fb66bf2c6f67cd9bbc2f8940254d56cd33074129424ee0eb046eb1b81a82e6d47ece2a0411efa138d6f83cdccdf94cb72f796fe7c88dd239d903ba3c8389ea49e4584ad699e61d2afb71bdbc793a375059ad0f6f3a507a2ea24fcb491b839d66862776c6403216dbe7ec81067cf6c52d933db0ded8460dd8a02427731025f75e238e7683fbbe7fdfa8f9423d5375391b61790d69993e73a860232e8132d2c538d08b003d8cd1268f38abc78bf6e783e5218ccff53f704916b821942de6adfb670b756baeef2d5d5788d515d54b3b863f80ce8aa07b17af0ba5b508797183d3bbd703b584270fa77a3cfb3dfc17f1d44d37a4909ef3716b370fc5c172d91646bee6d767bdda9549302fc699a0f74f69d3fc9167194917668e7815c94a2de0b7e9b0c7405f1f006a6660ac1295d62e5ba8b69cf924e0a007ef22dad2d342dcdddcf185c18a0ffd9a3b534661adc362738384492653e262fbec2f48306478c80edb8ec6838f91cde0404e40a555c424ef1b3d41e7b9e268ceae6169e97c6b20f934337639ae20006cf85e35ec145217e208a55da47854870533172e10eda99deef546d301c48f6f1e597d597f045957cb955ca958a588da70757de73e9907aba65ec329e429eee66143febf2a4031a4f86e67f0c49ee809d4c1b5fe2e03d27c81a2133edfe5b2b817ec90f44edafa5664223da83add6c025e73473b2d29c8667accaf5cacbddf92d2379a9e17da3d8f4c7cb1cb84a6427d3a7593211428672df16f7f1d565000a8aa8e380a2e8a9def7ec91b662da5409dfdac2d8ec253f1ed2cf76b1ad34bc78215b64f7f547e1770c0b25deecb8585473bd2b5ec6f8cac6c186eea447595bab0feb81cb98955b1ce9541e2d0f0c6dd71b8e4aefff9bfd7aaf86dea6846f9a983a1a5a69d45b676b8d729aea35d013bf33a45fb1872709e3d61c761f0343d5e72b200a5d5ea8a27e1ee47a356433c140a9dc1a948a39a87f7bd51bdd37099d89eb55762feedba90ccd8399b7408bd70fbbf026825323a6529031cfcde74c05d68e97cbbf83c82780c98e21c21a879242660770fbe7580adc08e34ad3ee6c7af9392961e0fc623104c4c9c597e51eb2d29a88a582eccfe8839f758f11c7974d4a0d4c24ba9f66064ed6d713d0abdd267afb44f444184a00d71aa56cdd0eb55b4e7173aa76a8ad944c53b649cfcb9c7bc32ba247c11f12e945e2ea68ac5aba61acf776a984e8d67db163f15ff515dbeac213e76cee603b73669b74609222f10c748d71990c094d0ed3353af0ae38c2699b072c37f797188935395c9ae6f2e6cffd62f8d8c5dc636d211c0e610874317a05a5fe249d639635235bc7c0e27e5d409f44beb024e9e67bf7613fa93a58d5201a64c17c14b7b59da89010cb0d52229beddf31d37543a84524831a879a056c947629c01aacbe6e6206602dfb51de538e84280ded18fc2ced87855ebde06e46ea11f090f7d5da8cdcfb7ab10c53ea83fd28f6da74a836ffda280a75f49b6bb627da8628ac17aacc9dde59080b01def708a7f9b4443921b7ef67193e7ff07ad5757125a5f75d4935340bf91eac148b9995a8e6a54c293eb2fbde1dbdf720f6bee2355450b8bad77f494cc85bf3256a15d6757b07680fc70a1a6b533d3ad37c86faec5f405a7531486be1a2bbecade2e53a9af66c243d3f788f85406f2b77af4b4b43aa8e47afbea73a2eb80aa2a861dfec79e127b9bd32beb31e7779e4dffedc346c2d8f9ebfb0d7612b8e4fd63d99e36d6a34bf3b40602f112b2b2afb00dd75d1cf822ef36aac4d8c1b30f9398aedeb53bfa6341d695550ec70eaea535f85af94385032926742a49c596ca13be4fa0bc0d57776b0e6b183899a7f14784cdfb193b9191d5cd7dbed426a69ca43dbe7719cb66251d83fdfc25d575c7aca158961396ebf6ab03b913c93e85a64126e5cf5debeaa9796e3bf8a4a08d5bea691234e6c20319c2838e917369b53accfceb83408ff81790b4820ddbe2013ec3c9f028080c1ba6f5b7059d7e12500b00a4988c7c56c6ff9c6f322d594bfa7ec7ba83a5eb8563d3e3d334028be626fb91b863200f832ba541330762c689e20180fc8744ca200614e0629e8a6254e92d81c17c10b40b1ddc69ba80ccfbaa6567eee1efff38e64967cb6c268e9645a87b611ede7ad6344b86ae4dfde096ea82991f1adcc67e0f9bdcad170ff8a844838bbdcc1bcd63ee8e710677c5dbe9c0d8915eb84ca1a263596e38b789c5f3c29ab4a11ca6f6baf62eafc9290701101d584e16459487be7c6867d0e869e31d8cd7557dca87907e5616c9c83ac587ec42947084470a54717df4f926d71709c75b4b9d2028125206752faa6346f28b34f411148483b84e00e8f182d80a614beac07281efe0b960b387a760ea87d38493efa5380b0851f0e48fb125747102866d18dce43f0f731c007af0b79576bf64bf6dc2066da024514464c83630eeaafcf7930ea134d69de5ac21d07c95ddd23f301787bddab889ecbe79002283bccf068b15d52432cd1042a8e74d0caa9f64ae87ea4b9a33dc13922e11dc3000aa377083826a2dc3a538db8e1d2216778043fa2a8fbc22d8bdbade1326c6875d02843beea2a5d6f43756827845af4d233fba7bd7a6754a65aff30413b3191ee573ede0c3c42cebe7c52449c3b8e0a93d653e78aa2b3a7d8a762481d4045a3ff03c640f4d820da82fd3e8c762c8f45f0892ef4fa26f4c9221ee242c8e97070477e104c6b2da91b55242fad11a670e0e05d607862160881f234777cdf79e7e5363a39b9dc31896e65e", 0x1000}], 0x7, &(0x7f0000003e80)=[@cred={{0x1c, 0x1, 0x2, {r0, r8, 0xee01}}}], 0x20, 0x4080}], 0x2, 0x20000080) prlimit64(r0, 0xd, &(0x7f0000000040)={0x2, 0x4}, &(0x7f00000000c0)) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x0, r0, 0x0, 0x2, 0x0) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r9, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) openat(r9, &(0x7f0000000000)='./file0\x00', 0x0, 0xe2) 04:32:12 executing program 2 (fault-call:0 fault-nth:24): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 311.107580][T21820] loop4: detected capacity change from 0 to 15 [ 311.124163][T21821] FAULT_INJECTION: forcing a failure. [ 311.124163][T21821] name failslab, interval 1, probability 0, space 0, times 0 [ 311.133439][T21820] FAT-fs (loop4): Unrecognized mount option "obj_role=cpuset" or missing value [ 311.136857][T21821] CPU: 0 PID: 21821 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 311.154479][T21821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.164614][T21821] Call Trace: [ 311.167929][T21821] dump_stack_lvl+0xb7/0x103 [ 311.172604][T21821] dump_stack+0x11/0x1a [ 311.176746][T21821] should_fail+0x23c/0x250 [ 311.181169][T21821] ? __kernfs_new_node+0x6a/0x330 [ 311.186189][T21821] __should_failslab+0x81/0x90 [ 311.190966][T21821] should_failslab+0x5/0x20 [ 311.195464][T21821] kmem_cache_alloc+0x46/0x2e0 [ 311.200532][T21821] __kernfs_new_node+0x6a/0x330 [ 311.205381][T21821] ? __cond_resched+0x11/0x40 [ 311.210073][T21821] ? mutex_lock+0x9/0x30 [ 311.214323][T21821] kernfs_new_node+0x5b/0xd0 [ 311.218995][T21821] __kernfs_create_file+0x45/0x1a0 [ 311.224112][T21821] sysfs_add_file_mode_ns+0x1c1/0x250 [ 311.229483][T21821] internal_create_group+0x2e4/0x850 [ 311.234859][T21821] sysfs_create_group+0x1b/0x20 [ 311.239693][T21821] loop_configure+0xa77/0xd10 [ 311.244401][T21821] lo_ioctl+0x558/0x1210 [ 311.248638][T21821] ? path_openat+0x18e4/0x1f20 [ 311.253621][T21821] ? putname+0xa5/0xc0 [ 311.257838][T21821] ? ___cache_free+0x3c/0x300 [ 311.262519][T21821] ? blkdev_common_ioctl+0x9c3/0x1040 [ 311.267886][T21821] ? selinux_file_ioctl+0x8e0/0x970 [ 311.273106][T21821] ? lo_release+0x120/0x120 [ 311.277616][T21821] blkdev_ioctl+0x1d0/0x3c0 [ 311.282109][T21821] block_ioctl+0x6d/0x80 [ 311.286341][T21821] ? blkdev_iopoll+0x70/0x70 [ 311.290917][T21821] __se_sys_ioctl+0xcb/0x140 [ 311.295489][T21821] __x64_sys_ioctl+0x3f/0x50 [ 311.300161][T21821] do_syscall_64+0x3d/0x90 [ 311.304832][T21821] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 311.310716][T21821] RIP: 0033:0x466397 [ 311.314593][T21821] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 311.334222][T21821] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 311.342623][T21821] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 311.350584][T21821] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 04:32:12 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 311.358538][T21821] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 311.366500][T21821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 311.374466][T21821] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:12 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, &(0x7f0000000080)={0x3, 0x2, 0xffff, 0x401, 0x8}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) getsockopt$IP_SET_OP_GET_BYNAME(r1, 0x1, 0x53, &(0x7f0000000000)={0x6, 0x7, 'syz1\x00'}, &(0x7f0000000040)=0x28) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:12 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000000)=0x0) ptrace(0x11, r2) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:12 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x630802, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:12 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) gettid() 04:32:12 executing program 4: r0 = getpid() r1 = fork() tkill(r1, 0x13) wait4(r1, 0x0, 0x8, 0x0) tgkill(r1, r1, 0x12) perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x3f, 0x5c, 0x6, 0x0, 0x0, 0xe686, 0x2104, 0x4, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xbced, 0x0, @perf_bp={&(0x7f00000000c0), 0x6}, 0x1008, 0xffff, 0x5, 0x7, 0x2c58d0f6, 0xd31, 0x5, 0x0, 0x81, 0x0, 0x1}, r1, 0xc, 0xffffffffffffffff, 0x8) r2 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) io_uring_setup(0x4fb2, &(0x7f0000000000)={0x0, 0x7204, 0x1, 0x3, 0x21f, 0x0, r2}) r3 = openat$cgroup_freezer_state(r2, &(0x7f0000000080), 0x2, 0x0) mmap(&(0x7f000026a000/0x1000)=nil, 0x1000, 0x180000b, 0x12, r3, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:12 executing program 2 (fault-call:0 fault-nth:25): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:12 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 311.905727][T21869] FAULT_INJECTION: forcing a failure. [ 311.905727][T21869] name failslab, interval 1, probability 0, space 0, times 0 [ 311.918450][T21869] CPU: 1 PID: 21869 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 311.927236][T21869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.937290][T21869] Call Trace: [ 311.940572][T21869] dump_stack_lvl+0xb7/0x103 [ 311.945172][T21869] dump_stack+0x11/0x1a [ 311.949331][T21869] should_fail+0x23c/0x250 04:32:13 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) [ 311.953755][T21869] __should_failslab+0x81/0x90 [ 311.958524][T21869] ? kobject_uevent_env+0x1a7/0xc40 [ 311.963821][T21869] should_failslab+0x5/0x20 [ 311.968425][T21869] kmem_cache_alloc_trace+0x49/0x310 [ 311.973719][T21869] ? sysfs_add_file_mode_ns+0x1c1/0x250 [ 311.979267][T21869] ? dev_uevent_filter+0x70/0x70 [ 311.984216][T21869] kobject_uevent_env+0x1a7/0xc40 [ 311.989246][T21869] ? internal_create_group+0x7c9/0x850 [ 311.994717][T21869] kobject_uevent+0x18/0x20 [ 311.999269][T21869] loop_configure+0xb94/0xd10 [ 312.003958][T21869] lo_ioctl+0x558/0x1210 [ 312.008207][T21869] ? path_openat+0x18e4/0x1f20 [ 312.012977][T21869] ? putname+0xa5/0xc0 [ 312.017048][T21869] ? ___cache_free+0x3c/0x300 [ 312.021726][T21869] ? blkdev_common_ioctl+0x9c3/0x1040 [ 312.027100][T21869] ? selinux_file_ioctl+0x8e0/0x970 [ 312.032307][T21869] ? lo_release+0x120/0x120 [ 312.036871][T21869] blkdev_ioctl+0x1d0/0x3c0 [ 312.041380][T21869] block_ioctl+0x6d/0x80 [ 312.045711][T21869] ? blkdev_iopoll+0x70/0x70 [ 312.050445][T21869] __se_sys_ioctl+0xcb/0x140 [ 312.055066][T21869] __x64_sys_ioctl+0x3f/0x50 [ 312.059676][T21869] do_syscall_64+0x3d/0x90 [ 312.064185][T21869] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 312.070095][T21869] RIP: 0033:0x466397 [ 312.074046][T21869] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 312.093737][T21869] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 04:32:13 executing program 2 (fault-call:0 fault-nth:26): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 312.102241][T21869] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 312.110219][T21869] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 312.118192][T21869] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 312.126318][T21869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 312.134297][T21869] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 [ 312.208760][T21884] FAULT_INJECTION: forcing a failure. [ 312.208760][T21884] name failslab, interval 1, probability 0, space 0, times 0 [ 312.221682][T21884] CPU: 0 PID: 21884 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 312.230537][T21884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.241135][T21884] Call Trace: [ 312.244414][T21884] dump_stack_lvl+0xb7/0x103 [ 312.249087][T21884] dump_stack+0x11/0x1a [ 312.253424][T21884] should_fail+0x23c/0x250 [ 312.257854][T21884] ? kzalloc+0x1d/0x30 [ 312.262016][T21884] __should_failslab+0x81/0x90 [ 312.266789][T21884] should_failslab+0x5/0x20 [ 312.271357][T21884] __kmalloc+0x66/0x340 [ 312.275547][T21884] kzalloc+0x1d/0x30 [ 312.279439][T21884] kobject_get_path+0x7c/0x110 [ 312.284722][T21884] kobject_uevent_env+0x1be/0xc40 [ 312.289885][T21884] ? internal_create_group+0x7c9/0x850 [ 312.295350][T21884] kobject_uevent+0x18/0x20 [ 312.299854][T21884] loop_configure+0xb94/0xd10 [ 312.304589][T21884] lo_ioctl+0x558/0x1210 [ 312.308857][T21884] ? path_openat+0x18e4/0x1f20 [ 312.313740][T21884] ? putname+0xa5/0xc0 [ 312.317816][T21884] ? ___cache_free+0x3c/0x300 [ 312.322538][T21884] ? blkdev_common_ioctl+0x9c3/0x1040 [ 312.327909][T21884] ? selinux_file_ioctl+0x8e0/0x970 [ 312.333111][T21884] ? lo_release+0x120/0x120 [ 312.337615][T21884] blkdev_ioctl+0x1d0/0x3c0 [ 312.342119][T21884] block_ioctl+0x6d/0x80 [ 312.346448][T21884] ? blkdev_iopoll+0x70/0x70 [ 312.351142][T21884] __se_sys_ioctl+0xcb/0x140 [ 312.355796][T21884] __x64_sys_ioctl+0x3f/0x50 [ 312.360386][T21884] do_syscall_64+0x3d/0x90 [ 312.364800][T21884] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 312.370748][T21884] RIP: 0033:0x466397 [ 312.374633][T21884] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 312.394329][T21884] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 04:32:13 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 312.402740][T21884] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 312.410712][T21884] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 312.418766][T21884] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 312.426735][T21884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 312.434699][T21884] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:13 executing program 2 (fault-call:0 fault-nth:27): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:13 executing program 4: setxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080), 0x2, 0x2) r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0xa2981, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x4000010, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x0, 0x40000d9f, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) mmap$perf(&(0x7f000007e000/0x3000)=nil, 0x3000, 0x1000000, 0x20810, r2, 0x80000001) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 312.541813][T21899] FAULT_INJECTION: forcing a failure. [ 312.541813][T21899] name failslab, interval 1, probability 0, space 0, times 0 [ 312.554479][T21899] CPU: 1 PID: 21899 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 312.563340][T21899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.573632][T21899] Call Trace: [ 312.576928][T21899] dump_stack_lvl+0xb7/0x103 [ 312.581614][T21899] dump_stack+0x11/0x1a [ 312.585770][T21899] should_fail+0x23c/0x250 [ 312.590293][T21899] __should_failslab+0x81/0x90 [ 312.595062][T21899] should_failslab+0x5/0x20 [ 312.599570][T21899] kmem_cache_alloc_node+0x58/0x2b0 [ 312.604780][T21899] ? __alloc_skb+0xed/0x420 [ 312.609283][T21899] __alloc_skb+0xed/0x420 [ 312.613617][T21899] alloc_uevent_skb+0x5b/0x120 [ 312.618473][T21899] kobject_uevent_env+0x863/0xc40 [ 312.623504][T21899] ? internal_create_group+0x7c9/0x850 [ 312.629016][T21899] kobject_uevent+0x18/0x20 [ 312.633667][T21899] loop_configure+0xb94/0xd10 [ 312.638405][T21899] lo_ioctl+0x558/0x1210 [ 312.642659][T21899] ? path_openat+0x18e4/0x1f20 [ 312.647462][T21899] ? putname+0xa5/0xc0 [ 312.651534][T21899] ? ___cache_free+0x3c/0x300 [ 312.656299][T21899] ? blkdev_common_ioctl+0x9c3/0x1040 [ 312.661683][T21899] ? selinux_file_ioctl+0x8e0/0x970 [ 312.666950][T21899] ? lo_release+0x120/0x120 [ 312.671504][T21899] blkdev_ioctl+0x1d0/0x3c0 [ 312.676024][T21899] block_ioctl+0x6d/0x80 [ 312.680310][T21899] ? blkdev_iopoll+0x70/0x70 [ 312.684944][T21899] __se_sys_ioctl+0xcb/0x140 [ 312.689541][T21899] __x64_sys_ioctl+0x3f/0x50 [ 312.694130][T21899] do_syscall_64+0x3d/0x90 [ 312.698554][T21899] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 312.704452][T21899] RIP: 0033:0x466397 [ 312.708341][T21899] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 312.728000][T21899] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 04:32:13 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r2, 0x6, 0x6, 0x0, &(0x7f00000011c0)) setsockopt$inet_tcp_int(r2, 0x6, 0x1e, &(0x7f0000000000)=0x2, 0x4) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:13 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:13 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) [ 312.736513][T21899] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 312.744522][T21899] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 312.752491][T21899] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 312.760460][T21899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 312.768431][T21899] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:13 executing program 2 (fault-call:0 fault-nth:28): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 312.855734][T21917] FAULT_INJECTION: forcing a failure. [ 312.855734][T21917] name failslab, interval 1, probability 0, space 0, times 0 [ 312.868480][T21917] CPU: 0 PID: 21917 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 312.877243][T21917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.887301][T21917] Call Trace: [ 312.890586][T21917] dump_stack_lvl+0xb7/0x103 [ 312.895199][T21917] dump_stack+0x11/0x1a [ 312.899357][T21917] should_fail+0x23c/0x250 [ 312.903784][T21917] __should_failslab+0x81/0x90 [ 312.908584][T21917] should_failslab+0x5/0x20 [ 312.913091][T21917] kmem_cache_alloc_node_trace+0x58/0x2e0 [ 312.918889][T21917] ? __kmalloc_node_track_caller+0x30/0x40 [ 312.924853][T21917] ? kmem_cache_alloc_node+0x1d4/0x2b0 [ 312.930326][T21917] __kmalloc_node_track_caller+0x30/0x40 [ 312.935973][T21917] ? alloc_uevent_skb+0x5b/0x120 [ 312.940912][T21917] __alloc_skb+0x187/0x420 [ 312.945333][T21917] alloc_uevent_skb+0x5b/0x120 [ 312.950103][T21917] kobject_uevent_env+0x863/0xc40 [ 312.955179][T21917] ? internal_create_group+0x7c9/0x850 [ 312.960699][T21917] kobject_uevent+0x18/0x20 [ 312.965254][T21917] loop_configure+0xb94/0xd10 [ 312.970085][T21917] lo_ioctl+0x558/0x1210 [ 312.974334][T21917] ? path_openat+0x18e4/0x1f20 [ 312.979134][T21917] ? putname+0xa5/0xc0 [ 312.983288][T21917] ? ___cache_free+0x3c/0x300 [ 312.987972][T21917] ? blkdev_common_ioctl+0x9c3/0x1040 [ 312.993483][T21917] ? selinux_file_ioctl+0x8e0/0x970 [ 312.999122][T21917] ? lo_release+0x120/0x120 [ 313.003651][T21917] blkdev_ioctl+0x1d0/0x3c0 [ 313.008172][T21917] block_ioctl+0x6d/0x80 [ 313.012433][T21917] ? blkdev_iopoll+0x70/0x70 [ 313.017108][T21917] __se_sys_ioctl+0xcb/0x140 [ 313.021739][T21917] __x64_sys_ioctl+0x3f/0x50 [ 313.026340][T21917] do_syscall_64+0x3d/0x90 [ 313.030856][T21917] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 313.036753][T21917] RIP: 0033:0x466397 [ 313.040653][T21917] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 313.061222][T21917] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 313.069745][T21917] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 313.077725][T21917] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 313.085703][T21917] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 313.093676][T21917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 04:32:14 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 313.101753][T21917] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:14 executing program 2 (fault-call:0 fault-nth:29): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 313.192222][T21930] FAULT_INJECTION: forcing a failure. [ 313.192222][T21930] name failslab, interval 1, probability 0, space 0, times 0 [ 313.204954][T21930] CPU: 0 PID: 21930 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 313.213714][T21930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.223772][T21930] Call Trace: [ 313.227048][T21930] dump_stack_lvl+0xb7/0x103 [ 313.231722][T21930] dump_stack+0x11/0x1a [ 313.235881][T21930] should_fail+0x23c/0x250 [ 313.240329][T21930] ? skb_clone+0x12c/0x1f0 [ 313.244744][T21930] __should_failslab+0x81/0x90 [ 313.249573][T21930] should_failslab+0x5/0x20 [ 313.254076][T21930] kmem_cache_alloc+0x46/0x2e0 [ 313.258857][T21930] skb_clone+0x12c/0x1f0 [ 313.263107][T21930] netlink_broadcast_filtered+0x4fd/0xb60 [ 313.268913][T21930] ? skb_put+0xb9/0xf0 [ 313.273061][T21930] netlink_broadcast+0x35/0x50 [ 313.277827][T21930] kobject_uevent_env+0x8c9/0xc40 [ 313.282865][T21930] ? internal_create_group+0x7c9/0x850 [ 313.288321][T21930] kobject_uevent+0x18/0x20 [ 313.292824][T21930] loop_configure+0xb94/0xd10 [ 313.297583][T21930] lo_ioctl+0x558/0x1210 [ 313.301823][T21930] ? path_openat+0x18e4/0x1f20 [ 313.306638][T21930] ? putname+0xa5/0xc0 [ 313.310737][T21930] ? ___cache_free+0x3c/0x300 [ 313.315419][T21930] ? blkdev_common_ioctl+0x9c3/0x1040 [ 313.320898][T21930] ? selinux_file_ioctl+0x8e0/0x970 [ 313.326084][T21930] ? lo_release+0x120/0x120 [ 313.330583][T21930] blkdev_ioctl+0x1d0/0x3c0 [ 313.335080][T21930] block_ioctl+0x6d/0x80 [ 313.339314][T21930] ? blkdev_iopoll+0x70/0x70 [ 313.343964][T21930] __se_sys_ioctl+0xcb/0x140 [ 313.348535][T21930] __x64_sys_ioctl+0x3f/0x50 [ 313.353114][T21930] do_syscall_64+0x3d/0x90 [ 313.357651][T21930] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 313.363628][T21930] RIP: 0033:0x466397 [ 313.367503][T21930] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 313.387096][T21930] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 313.395490][T21930] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 313.403441][T21930] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 313.411419][T21930] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 313.419452][T21930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 313.427514][T21930] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:14 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x4000, 0x100) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/231, 0xe7}, {&(0x7f0000000100)=""/192, 0xc0}], 0x2, 0x2e02bf2d, 0xfffffffd) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = fork() tkill(r2, 0x13) wait4(r2, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) sched_setattr(r2, &(0x7f0000000240)={0x38, 0x0, 0x29, 0xf7, 0xfffff2a3, 0x3f, 0x5, 0x5, 0x80000004, 0x97}, 0x0) 04:32:14 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:14 executing program 2 (fault-call:0 fault-nth:30): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 313.650128][T21947] FAULT_INJECTION: forcing a failure. [ 313.650128][T21947] name failslab, interval 1, probability 0, space 0, times 0 [ 313.662797][T21947] CPU: 1 PID: 21947 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 313.671589][T21947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.681770][T21947] Call Trace: [ 313.685047][T21947] dump_stack_lvl+0xb7/0x103 [ 313.689712][T21947] dump_stack+0x11/0x1a [ 313.693919][T21947] should_fail+0x23c/0x250 [ 313.698343][T21947] __should_failslab+0x81/0x90 [ 313.703108][T21947] ? call_usermodehelper_setup+0x71/0x190 [ 313.708842][T21947] should_failslab+0x5/0x20 [ 313.713347][T21947] kmem_cache_alloc_trace+0x49/0x310 [ 313.718639][T21947] ? __kfree_skb+0xfe/0x150 [ 313.723206][T21947] call_usermodehelper_setup+0x71/0x190 [ 313.728811][T21947] ? add_uevent_var+0x1c0/0x1c0 [ 313.733661][T21947] kobject_uevent_env+0xb29/0xc40 [ 313.738692][T21947] ? internal_create_group+0x7c9/0x850 [ 313.744169][T21947] kobject_uevent+0x18/0x20 [ 313.748752][T21947] loop_configure+0xb94/0xd10 [ 313.753544][T21947] lo_ioctl+0x558/0x1210 [ 313.757799][T21947] ? path_openat+0x18e4/0x1f20 [ 313.762570][T21947] ? putname+0xa5/0xc0 [ 313.766661][T21947] ? ___cache_free+0x3c/0x300 [ 313.771422][T21947] ? blkdev_common_ioctl+0x9c3/0x1040 [ 313.776799][T21947] ? selinux_file_ioctl+0x8e0/0x970 [ 313.782445][T21947] ? lo_release+0x120/0x120 [ 313.786990][T21947] blkdev_ioctl+0x1d0/0x3c0 [ 313.791503][T21947] block_ioctl+0x6d/0x80 [ 313.795856][T21947] ? blkdev_iopoll+0x70/0x70 [ 313.800453][T21947] __se_sys_ioctl+0xcb/0x140 [ 313.805134][T21947] __x64_sys_ioctl+0x3f/0x50 [ 313.809900][T21947] do_syscall_64+0x3d/0x90 [ 313.814343][T21947] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 313.820243][T21947] RIP: 0033:0x466397 [ 313.824163][T21947] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 04:32:14 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x200042, 0x1) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x30, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:14 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r1, r2) 04:32:15 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 313.844037][T21947] RSP: 002b:00007fc47e284f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 313.852454][T21947] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397 [ 313.860438][T21947] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 313.868413][T21947] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 313.876388][T21947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 313.884363][T21947] R13: 0000000000000004 R14: 0000000020001480 R15: 0000000000000000 04:32:15 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) waitid(0x1, 0x0, &(0x7f0000000000), 0x2, &(0x7f0000000080)) 04:32:15 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = getpgrp(r0) ptrace(0x8, r2) 04:32:15 executing program 2 (fault-call:0 fault-nth:31): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 314.021089][T21976] FAULT_INJECTION: forcing a failure. [ 314.021089][T21976] name failslab, interval 1, probability 0, space 0, times 0 [ 314.033785][T21976] CPU: 0 PID: 21976 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 314.042555][T21976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.052610][T21976] Call Trace: [ 314.055892][T21976] dump_stack_lvl+0xb7/0x103 [ 314.060512][T21976] dump_stack+0x11/0x1a [ 314.064704][T21976] should_fail+0x23c/0x250 [ 314.069131][T21976] ? getname_flags+0x84/0x3d0 [ 314.073818][T21976] __should_failslab+0x81/0x90 [ 314.078602][T21976] should_failslab+0x5/0x20 [ 314.083105][T21976] kmem_cache_alloc+0x46/0x2e0 [ 314.087881][T21976] getname_flags+0x84/0x3d0 [ 314.092386][T21976] do_mkdirat+0x3b/0x200 [ 314.096718][T21976] __x64_sys_mkdir+0x32/0x40 [ 314.101309][T21976] do_syscall_64+0x3d/0x90 [ 314.105726][T21976] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 314.111717][T21976] RIP: 0033:0x4656e7 [ 314.115609][T21976] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 314.135241][T21976] RSP: 002b:00007fc47e284fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 314.143660][T21976] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004656e7 [ 314.151634][T21976] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000140 [ 314.159675][T21976] RBP: 00007fc47e285040 R08: 0000000000000000 R09: ffffffffffffffff [ 314.167650][T21976] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000080 [ 314.175632][T21976] R13: 0000000020000140 R14: 00007fc47e285000 R15: 0000000020000180 04:32:15 executing program 2 (fault-call:0 fault-nth:32): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:15 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') mmap$IORING_OFF_SQ_RING(&(0x7f0000615000/0x3000)=nil, 0x3000, 0x5, 0x30, r0, 0x0) preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) recvmsg(r0, &(0x7f0000001e00)={&(0x7f0000000b80)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast}, 0x80, &(0x7f0000001d80)=[{&(0x7f00000000c0)=""/25, 0x19}, {&(0x7f0000000c00)=""/238, 0xee}, {&(0x7f0000000d00)=""/4096, 0x1000}, {&(0x7f0000001d00)=""/116, 0x74}], 0x4, &(0x7f0000001dc0)=""/53, 0x35}, 0x2) r1 = getpid() r2 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) write$binfmt_elf64(r3, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0xcf, 0xf1, 0x3f, 0x81, 0x7, 0x2, 0x6, 0x2, 0x17b, 0x40, 0x390, 0x7fff, 0x80, 0x38, 0x2, 0x4, 0x8, 0x6}, [{0x60000000, 0x8, 0x0, 0xfffffffffffffffd, 0x8, 0x7fffffff, 0x0, 0x8}, {0x6, 0x8, 0xbf9f, 0x3, 0x400, 0x7, 0xf1b7, 0x6}], "0dca323dd1aed7def83174182e3349135b125506ac9e03953cfc9e96528db61188eb45dcb3a708a4eca60eb81999a32666b09ae2b922e5381015ff9fdb45539b820e54dde167277bb78b14b396dd23f4aaab9ffdf5abc25fbb627bbd4339e6b0ae09ac7e8b741358bdbf8e6529a57de93311d38039f1d32c1c64e18666bd20034f1ff26e3967061f8b8a17db689757a40ebab2bc84f797624879da05ef35dcf49c05b1e6a7", ['\x00', '\x00', '\x00', '\x00']}, 0x555) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r1, 0x0, 0x8, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r4, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) preadv(r4, &(0x7f0000000b00)=[{&(0x7f0000000040)=""/41, 0x29}, {&(0x7f00000000c0)}, {&(0x7f0000000100)=""/188, 0xbc}, {&(0x7f0000000880)=""/149, 0x95}, {&(0x7f00000001c0)=""/89, 0x59}, {&(0x7f0000000940)=""/96, 0x60}, {&(0x7f00000009c0)=""/37, 0x25}, {&(0x7f0000000a00)=""/197, 0xc5}], 0x8, 0x2, 0x7) [ 314.255633][T21988] FAULT_INJECTION: forcing a failure. [ 314.255633][T21988] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 314.268988][T21988] CPU: 0 PID: 21988 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 314.277750][T21988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.287831][T21988] Call Trace: [ 314.291109][T21988] dump_stack_lvl+0xb7/0x103 [ 314.295801][T21988] dump_stack+0x11/0x1a [ 314.299971][T21988] should_fail+0x23c/0x250 [ 314.304394][T21988] should_fail_usercopy+0x16/0x20 [ 314.309480][T21988] strncpy_from_user+0x21/0x250 [ 314.314360][T21988] getname_flags+0xb8/0x3d0 [ 314.318919][T21988] do_mkdirat+0x3b/0x200 [ 314.323166][T21988] __x64_sys_mkdir+0x32/0x40 [ 314.327828][T21988] do_syscall_64+0x3d/0x90 [ 314.332427][T21988] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 314.338326][T21988] RIP: 0033:0x4656e7 [ 314.342216][T21988] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 314.361826][T21988] RSP: 002b:00007fc47e284fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 314.370296][T21988] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004656e7 [ 314.378269][T21988] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000140 [ 314.386245][T21988] RBP: 00007fc47e285040 R08: 0000000000000000 R09: ffffffffffffffff [ 314.394748][T21988] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000080 [ 314.402727][T21988] R13: 0000000020000140 R14: 00007fc47e285000 R15: 0000000020000180 04:32:15 executing program 4: removexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='user.syz\x00') r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:15 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:15 executing program 2 (fault-call:0 fault-nth:33): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:15 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x0, 0xd9c, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 314.544710][T22007] FAULT_INJECTION: forcing a failure. [ 314.544710][T22007] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 314.558121][T22007] CPU: 1 PID: 22007 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 314.566884][T22007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.576940][T22007] Call Trace: [ 314.580292][T22007] dump_stack_lvl+0xb7/0x103 [ 314.584931][T22007] dump_stack+0x11/0x1a [ 314.589106][T22007] should_fail+0x23c/0x250 [ 314.593555][T22007] should_fail_usercopy+0x16/0x20 [ 314.598589][T22007] strncpy_from_user+0x21/0x250 [ 314.603448][T22007] getname_flags+0xb8/0x3d0 [ 314.607963][T22007] do_mkdirat+0x3b/0x200 [ 314.613523][T22007] __x64_sys_mkdir+0x32/0x40 [ 314.618150][T22007] do_syscall_64+0x3d/0x90 [ 314.622657][T22007] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 314.628585][T22007] RIP: 0033:0x4656e7 04:32:15 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="cf3aef7bf352e02bc2f82b5b84d0525b47946317818511857a", 0x19}, {&(0x7f0000000140)="d6", 0x1}], 0x2) waitid(0x0, r0, 0x0, 0x4, &(0x7f0000000000)) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x4, 0x1, 0x6, 0x7, 0x10, @local, @local, 0x7800, 0x80, 0x80, 0x400}}) r4 = fork() tkill(r4, 0x13) wait4(r4, 0x0, 0x8, 0x0) tgkill(r4, r4, 0x12) waitid(0x2, r4, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 314.632565][T22007] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 314.652735][T22007] RSP: 002b:00007fc47e284fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 314.661161][T22007] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004656e7 [ 314.669136][T22007] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000140 [ 314.677142][T22007] RBP: 00007fc47e285040 R08: 0000000000000000 R09: ffffffffffffffff [ 314.685133][T22007] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000080 [ 314.693305][T22007] R13: 0000000020000140 R14: 00007fc47e285000 R15: 0000000020000180 04:32:15 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r1, r2) 04:32:15 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:15 executing program 2 (fault-call:0 fault-nth:34): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:15 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) write$nbd(r1, &(0x7f0000000000)={0x67446698, 0x0, 0x3, 0x3, 0x2, "4b1db2d69d54c07a33e6d8c884fd3cc9b2abeb79e2ce0cd3774d58be074c9e981a7ab70d004ced715daf4ecea00404a11d3e37758c066b7a5c4530d2a36e8dd7aed8c3197b5bd0781a46012d954e64ee4f00895809d9fb98454cee0802fc2a9f91640509bb7c35f30e29fc35ed275108aec7ea9eda3256b99f22a2bd272c8937a9a0e039fd809b88647b67d0a1c8fd186522e3"}, 0xa3) [ 314.816735][T22032] FAULT_INJECTION: forcing a failure. [ 314.816735][T22032] name failslab, interval 1, probability 0, space 0, times 0 [ 314.829471][T22032] CPU: 0 PID: 22032 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 314.838418][T22032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.848472][T22032] Call Trace: [ 314.851753][T22032] dump_stack_lvl+0xb7/0x103 [ 314.856379][T22032] dump_stack+0x11/0x1a [ 314.860590][T22032] should_fail+0x23c/0x250 [ 314.865034][T22032] ? ext4_alloc_inode+0x27/0x300 [ 314.869984][T22032] __should_failslab+0x81/0x90 [ 314.874751][T22032] ? set_qf_name+0x230/0x230 [ 314.879347][T22032] should_failslab+0x5/0x20 [ 314.883918][T22032] kmem_cache_alloc+0x46/0x2e0 [ 314.888747][T22032] ? ebitmap_destroy+0x91/0xa0 [ 314.893511][T22032] ? set_qf_name+0x230/0x230 [ 314.898161][T22032] ext4_alloc_inode+0x27/0x300 [ 314.902928][T22032] ? set_qf_name+0x230/0x230 [ 314.907600][T22032] new_inode_pseudo+0x38/0x1c0 [ 314.912433][T22032] new_inode+0x21/0x120 [ 314.916709][T22032] __ext4_new_inode+0x126/0x2f70 [ 314.921658][T22032] ? __dquot_initialize+0x131/0x7e0 [ 314.927216][T22032] ext4_mkdir+0x28a/0x760 [ 314.931551][T22032] vfs_mkdir+0x2a4/0x370 [ 314.935810][T22032] do_mkdirat+0x11d/0x200 [ 314.940160][T22032] __x64_sys_mkdir+0x32/0x40 [ 314.944780][T22032] do_syscall_64+0x3d/0x90 [ 314.949264][T22032] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 314.955165][T22032] RIP: 0033:0x4656e7 [ 314.959266][T22032] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 314.978980][T22032] RSP: 002b:00007fc47e284fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 314.987397][T22032] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004656e7 [ 314.995375][T22032] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000140 [ 315.003354][T22032] RBP: 00007fc47e285040 R08: 0000000000000000 R09: ffffffffffffffff [ 315.011417][T22032] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000080 [ 315.019415][T22032] R13: 0000000020000140 R14: 00007fc47e285000 R15: 0000000020000180 04:32:16 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$int_in(r2, 0x0, &(0x7f0000000000)=0x75606f13) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:16 executing program 2 (fault-call:0 fault-nth:35): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 315.152848][T22055] FAULT_INJECTION: forcing a failure. [ 315.152848][T22055] name failslab, interval 1, probability 0, space 0, times 0 [ 315.165933][T22055] CPU: 0 PID: 22055 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 315.174694][T22055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.184749][T22055] Call Trace: [ 315.188025][T22055] dump_stack_lvl+0xb7/0x103 [ 315.192622][T22055] dump_stack+0x11/0x1a [ 315.196779][T22055] should_fail+0x23c/0x250 [ 315.201203][T22055] ? security_inode_alloc+0x30/0x180 [ 315.207769][T22055] __should_failslab+0x81/0x90 [ 315.212537][T22055] should_failslab+0x5/0x20 [ 315.217043][T22055] kmem_cache_alloc+0x46/0x2e0 [ 315.222253][T22055] security_inode_alloc+0x30/0x180 [ 315.227647][T22055] inode_init_always+0x20b/0x420 [ 315.232644][T22055] ? set_qf_name+0x230/0x230 [ 315.237241][T22055] new_inode_pseudo+0x73/0x1c0 [ 315.242009][T22055] new_inode+0x21/0x120 [ 315.246175][T22055] __ext4_new_inode+0x126/0x2f70 [ 315.251121][T22055] ? __dquot_initialize+0x131/0x7e0 [ 315.256325][T22055] ext4_mkdir+0x28a/0x760 [ 315.260683][T22055] vfs_mkdir+0x2a4/0x370 [ 315.264929][T22055] do_mkdirat+0x11d/0x200 [ 315.269521][T22055] __x64_sys_mkdir+0x32/0x40 [ 315.274189][T22055] do_syscall_64+0x3d/0x90 [ 315.278786][T22055] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 315.284732][T22055] RIP: 0033:0x4656e7 [ 315.288619][T22055] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 315.308232][T22055] RSP: 002b:00007fc47e284fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 315.316646][T22055] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004656e7 [ 315.324626][T22055] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000140 [ 315.332623][T22055] RBP: 00007fc47e285040 R08: 0000000000000000 R09: ffffffffffffffff [ 315.340598][T22055] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000080 04:32:16 executing program 4: r0 = getpid() gettid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000003440)=[{&(0x7f0000003500)=""/135, 0x87}, {&(0x7f0000002440)=""/106, 0x6a}, {&(0x7f0000000000)=""/65, 0x41}, {&(0x7f0000000180)=""/221, 0xdd}, {&(0x7f0000000300)=""/4075, 0xfeb}, {&(0x7f0000001300)=""/4096, 0x1000}, {&(0x7f0000002300)=""/122, 0x7a}, {&(0x7f0000002380)=""/144, 0x90}, {&(0x7f00000035c0)=""/4098, 0x1002}, {&(0x7f0000000080)=""/34, 0x22}], 0xa, 0xd9f, 0x2) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:16 executing program 4: r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000180)='.pending_reads\x00', 0x101000, 0x181) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f00000001c0)) r1 = getpid() r2 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r1, 0x0, 0x8, 0x0) [ 315.348573][T22055] R13: 0000000020000140 R14: 00007fc47e285000 R15: 0000000020000180 04:32:16 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:16 executing program 2 (fault-call:0 fault-nth:36): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:16 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000001480)=[{&(0x7f0000000000)=""/51, 0x33}, {&(0x7f0000001500)=""/80, 0x46}, {&(0x7f00000000c0)=""/220, 0xdc}, {&(0x7f00000001c0)=""/250, 0xfa}, {&(0x7f0000000300)=""/4096, 0x1058}, {&(0x7f0000001300)=""/176, 0xb0}, {&(0x7f00000013c0)=""/148, 0x94}], 0x37, 0xd9f, 0x4000000) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:16 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$vga_arbiter(r1, &(0x7f0000000000)=@unlock_all, 0xb) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 315.478587][T22079] FAULT_INJECTION: forcing a failure. [ 315.478587][T22079] name failslab, interval 1, probability 0, space 0, times 0 [ 315.491257][T22079] CPU: 1 PID: 22079 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 315.500019][T22079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.510121][T22079] Call Trace: [ 315.513496][T22079] dump_stack_lvl+0xb7/0x103 [ 315.518093][T22079] dump_stack+0x11/0x1a [ 315.522246][T22079] should_fail+0x23c/0x250 [ 315.526666][T22079] ? sidtab_sid2str_get+0x9c/0x130 [ 315.531774][T22079] __should_failslab+0x81/0x90 [ 315.536533][T22079] should_failslab+0x5/0x20 [ 315.541042][T22079] __kmalloc_track_caller+0x64/0x340 [ 315.546330][T22079] kmemdup+0x21/0x50 [ 315.550265][T22079] sidtab_sid2str_get+0x9c/0x130 [ 315.555209][T22079] security_sid_to_context_core+0x1cb/0x2d0 [ 315.561110][T22079] security_sid_to_context_force+0x2f/0x40 [ 315.567009][T22079] selinux_inode_init_security+0x49e/0x550 [ 315.572878][T22079] security_inode_init_security+0xd7/0x260 [ 315.578734][T22079] ? ext4_init_security+0x40/0x40 [ 315.583842][T22079] ext4_init_security+0x30/0x40 [ 315.588765][T22079] __ext4_new_inode+0x29a1/0x2f70 [ 315.593884][T22079] ext4_mkdir+0x28a/0x760 [ 315.598218][T22079] vfs_mkdir+0x2a4/0x370 [ 315.602468][T22079] do_mkdirat+0x11d/0x200 [ 315.607066][T22079] __x64_sys_mkdir+0x32/0x40 [ 315.611663][T22079] do_syscall_64+0x3d/0x90 [ 315.616118][T22079] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 315.622122][T22079] RIP: 0033:0x4656e7 [ 315.626051][T22079] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 315.646128][T22079] RSP: 002b:00007fc47e284fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 315.654540][T22079] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004656e7 [ 315.662594][T22079] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000140 [ 315.670567][T22079] RBP: 00007fc47e285040 R08: 0000000000000000 R09: ffffffffffffffff 04:32:16 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r1, r2) 04:32:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:16 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x1, 0x0, 0x0, 0x8, 0x0) [ 315.678549][T22079] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000080 [ 315.686613][T22079] R13: 0000000020000140 R14: 00007fc47e285000 R15: 0000000020000180 04:32:16 executing program 2 (fault-call:0 fault-nth:37): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 315.779199][T22105] FAULT_INJECTION: forcing a failure. [ 315.779199][T22105] name failslab, interval 1, probability 0, space 0, times 0 [ 315.791856][T22105] CPU: 0 PID: 22105 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 315.800629][T22105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.810777][T22105] Call Trace: [ 315.814067][T22105] dump_stack_lvl+0xb7/0x103 [ 315.818721][T22105] dump_stack+0x11/0x1a [ 315.822883][T22105] should_fail+0x23c/0x250 [ 315.827360][T22105] ? kcalloc+0x32/0x50 [ 315.831436][T22105] __should_failslab+0x81/0x90 [ 315.836242][T22105] should_failslab+0x5/0x20 [ 315.840764][T22105] __kmalloc+0x66/0x340 [ 315.844995][T22105] ? chksum_update+0x39/0x50 [ 315.849585][T22105] kcalloc+0x32/0x50 [ 315.853544][T22105] ext4_find_extent+0x21c/0x7f0 [ 315.858414][T22105] ext4_ext_map_blocks+0xd9/0x1f00 [ 315.863554][T22105] ? __down_read_common+0x16d/0x530 [ 315.868755][T22105] ? percpu_counter_add_batch+0x69/0xd0 [ 315.874368][T22105] ? ext4_es_lookup_extent+0x206/0x490 [ 315.879957][T22105] ext4_map_blocks+0x1be/0xef0 [ 315.884754][T22105] ext4_getblk+0xb1/0x3d0 [ 315.889162][T22105] ? __ext4_new_inode+0x2aed/0x2f70 [ 315.894363][T22105] ext4_bread+0x28/0x100 [ 315.898679][T22105] ext4_append+0xd1/0x1c0 [ 315.903044][T22105] ext4_init_new_dir+0x177/0x500 [ 315.907987][T22105] ext4_mkdir+0x329/0x760 [ 315.912371][T22105] vfs_mkdir+0x2a4/0x370 [ 315.916623][T22105] do_mkdirat+0x11d/0x200 [ 315.921033][T22105] __x64_sys_mkdir+0x32/0x40 [ 315.925647][T22105] do_syscall_64+0x3d/0x90 [ 315.930071][T22105] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 315.935972][T22105] RIP: 0033:0x4656e7 [ 315.939862][T22105] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 315.959472][T22105] RSP: 002b:00007fc47e284fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 315.968411][T22105] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004656e7 04:32:17 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x400200, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 315.976396][T22105] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000140 [ 315.984384][T22105] RBP: 00007fc47e285040 R08: 0000000000000000 R09: ffffffffffffffff [ 315.992791][T22105] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000080 [ 316.000762][T22105] R13: 0000000020000140 R14: 00007fc47e285000 R15: 0000000020000180 04:32:17 executing program 2 (fault-call:0 fault-nth:38): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:17 executing program 4: prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000080)) r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = getpid() r3 = pidfd_open(r2, 0x0) r4 = epoll_create1(0x0) r5 = dup3(r3, r4, 0x0) r6 = fcntl$dupfd(r5, 0x0, r4) setns(r6, 0x3a020000) r7 = syz_open_dev$tty20(0xc, 0x4, 0x0) set_mempolicy(0x1, &(0x7f0000000040)=0x9, 0x8) ioctl$KDSKBENT(r7, 0x4b47, &(0x7f0000000000)={0x0, 0x4}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x100010, r1, 0xffffe000) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 316.092484][T22123] FAULT_INJECTION: forcing a failure. [ 316.092484][T22123] name failslab, interval 1, probability 0, space 0, times 0 [ 316.105397][T22123] CPU: 1 PID: 22123 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 316.114248][T22123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.124402][T22123] Call Trace: 04:32:17 executing program 2 (fault-call:0 fault-nth:39): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 316.124412][T22123] dump_stack_lvl+0xb7/0x103 [ 316.124439][T22123] dump_stack+0x11/0x1a [ 316.124455][T22123] should_fail+0x23c/0x250 [ 316.124477][T22123] ? __es_insert_extent+0x51f/0xe70 [ 316.124495][T22123] __should_failslab+0x81/0x90 [ 316.124511][T22123] should_failslab+0x5/0x20 [ 316.124528][T22123] kmem_cache_alloc+0x46/0x2e0 [ 316.124548][T22123] ? iput+0x1bf/0x580 04:32:17 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 316.124619][T22123] __es_insert_extent+0x51f/0xe70 [ 316.124636][T22123] ? __kmalloc+0x237/0x340 [ 316.124656][T22123] ? kcalloc+0x32/0x50 [ 316.124743][T22123] ext4_es_insert_extent+0x1bb/0x19d0 04:32:17 executing program 2 (fault-call:0 fault-nth:40): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 316.124761][T22123] ? ext4_ext_convert_to_initialized+0xf50/0xf50 [ 316.124780][T22123] ext4_ext_map_blocks+0xf79/0x1f00 04:32:17 executing program 2 (fault-call:0 fault-nth:41): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 316.124804][T22123] ? __down_read_common+0x16d/0x530 [ 316.124902][T22123] ? percpu_counter_add_batch+0x69/0xd0 [ 316.124926][T22123] ? ext4_es_lookup_extent+0x206/0x490 [ 316.124943][T22123] ext4_map_blocks+0x1be/0xef0 04:32:17 executing program 2 (fault-call:0 fault-nth:42): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 316.124964][T22123] ext4_getblk+0xb1/0x3d0 [ 316.125062][T22123] ? __ext4_new_inode+0x2aed/0x2f70 [ 316.125079][T22123] ext4_bread+0x28/0x100 [ 316.125098][T22123] ext4_append+0xd1/0x1c0 [ 316.125117][T22123] ext4_init_new_dir+0x177/0x500 [ 316.125211][T22123] ext4_mkdir+0x329/0x760 [ 316.125230][T22123] vfs_mkdir+0x2a4/0x370 [ 316.125251][T22123] do_mkdirat+0x11d/0x200 [ 316.125272][T22123] __x64_sys_mkdir+0x32/0x40 [ 316.125292][T22123] do_syscall_64+0x3d/0x90 [ 316.125312][T22123] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 316.125410][T22123] RIP: 0033:0x4656e7 [ 316.125424][T22123] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 316.125442][T22123] RSP: 002b:00007fc47e284fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 316.125518][T22123] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004656e7 04:32:17 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:17 executing program 2 (fault-call:0 fault-nth:43): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 316.125531][T22123] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000140 [ 316.125583][T22123] RBP: 00007fc47e285040 R08: 0000000000000000 R09: ffffffffffffffff [ 316.125596][T22123] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000080 [ 316.125609][T22123] R13: 0000000020000140 R14: 00007fc47e285000 R15: 0000000020000180 [ 316.225461][T22142] FAULT_INJECTION: forcing a failure. [ 316.225461][T22142] name failslab, interval 1, probability 0, space 0, times 0 04:32:17 executing program 2 (fault-call:0 fault-nth:44): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 316.225485][T22142] CPU: 0 PID: 22142 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 316.225505][T22142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.225515][T22142] Call Trace: [ 316.225522][T22142] dump_stack_lvl+0xb7/0x103 [ 316.225551][T22142] dump_stack+0x11/0x1a [ 316.225567][T22142] should_fail+0x23c/0x250 [ 316.225590][T22142] ? ext4_mb_new_blocks+0x2e7/0x1f90 [ 316.225686][T22142] __should_failslab+0x81/0x90 [ 316.225740][T22142] should_failslab+0x5/0x20 [ 316.225758][T22142] kmem_cache_alloc+0x46/0x2e0 [ 316.225782][T22142] ext4_mb_new_blocks+0x2e7/0x1f90 [ 316.225872][T22142] ? ext4_find_extent+0x6cf/0x7f0 [ 316.225896][T22142] ? kcsan_setup_watchpoint+0x231/0x3e0 [ 316.225983][T22142] ? ext4_inode_to_goal_block+0x1bd/0x1d0 [ 316.226068][T22142] ext4_ext_map_blocks+0x1569/0x1f00 [ 316.226091][T22142] ? __down_write_common+0x42/0x810 [ 316.226108][T22142] ? __down_read_common+0x16d/0x530 [ 316.226126][T22142] ? percpu_counter_add_batch+0x69/0xd0 [ 316.226164][T22142] ? ext4_es_lookup_extent+0x206/0x490 [ 316.226182][T22142] ext4_map_blocks+0x70d/0xef0 [ 316.226203][T22142] ext4_getblk+0xb1/0x3d0 [ 316.226222][T22142] ext4_bread+0x28/0x100 [ 316.226241][T22142] ext4_append+0xd1/0x1c0 [ 316.226260][T22142] ext4_init_new_dir+0x177/0x500 [ 316.226278][T22142] ext4_mkdir+0x329/0x760 [ 316.226338][T22142] vfs_mkdir+0x2a4/0x370 [ 316.226357][T22142] do_mkdirat+0x11d/0x200 [ 316.226378][T22142] __x64_sys_mkdir+0x32/0x40 [ 316.226439][T22142] do_syscall_64+0x3d/0x90 [ 316.226459][T22142] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 316.226481][T22142] RIP: 0033:0x4656e7 [ 316.226494][T22142] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 316.226512][T22142] RSP: 002b:00007fc47e284fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 316.226531][T22142] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004656e7 [ 316.226543][T22142] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000140 [ 316.226555][T22142] RBP: 00007fc47e285040 R08: 0000000000000000 R09: ffffffffffffffff [ 316.226569][T22142] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000080 [ 316.226581][T22142] R13: 0000000020000140 R14: 00007fc47e285000 R15: 0000000020000180 [ 316.340349][T22153] FAULT_INJECTION: forcing a failure. [ 316.340349][T22153] name failslab, interval 1, probability 0, space 0, times 0 [ 316.340373][T22153] CPU: 1 PID: 22153 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 316.340394][T22153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.340406][T22153] Call Trace: [ 316.340413][T22153] dump_stack_lvl+0xb7/0x103 [ 316.340455][T22153] dump_stack+0x11/0x1a [ 316.340471][T22153] should_fail+0x23c/0x250 [ 316.340494][T22153] ? ext4_mb_new_blocks+0x70f/0x1f90 [ 316.340567][T22153] __should_failslab+0x81/0x90 [ 316.340586][T22153] should_failslab+0x5/0x20 [ 316.340604][T22153] kmem_cache_alloc+0x46/0x2e0 [ 316.340628][T22153] ext4_mb_new_blocks+0x70f/0x1f90 [ 316.340653][T22153] ? ext4_find_extent+0x6cf/0x7f0 [ 316.340723][T22153] ? ext4_ext_search_right+0x300/0x540 [ 316.340744][T22153] ? ext4_inode_to_goal_block+0x1bd/0x1d0 [ 316.340766][T22153] ext4_ext_map_blocks+0x1569/0x1f00 [ 316.340803][T22153] ? __down_write_common+0x42/0x810 [ 316.340820][T22153] ? __down_read_common+0x16d/0x530 [ 316.340841][T22153] ? percpu_counter_add_batch+0x69/0xd0 [ 316.340862][T22153] ? ext4_es_lookup_extent+0x206/0x490 [ 316.340879][T22153] ext4_map_blocks+0x70d/0xef0 [ 316.340927][T22153] ext4_getblk+0xb1/0x3d0 [ 316.340945][T22153] ext4_bread+0x28/0x100 [ 316.340962][T22153] ext4_append+0xd1/0x1c0 [ 316.340979][T22153] ext4_init_new_dir+0x177/0x500 [ 316.340997][T22153] ext4_mkdir+0x329/0x760 [ 316.341109][T22153] vfs_mkdir+0x2a4/0x370 [ 316.341129][T22153] do_mkdirat+0x11d/0x200 [ 316.341150][T22153] __x64_sys_mkdir+0x32/0x40 [ 316.341169][T22153] do_syscall_64+0x3d/0x90 [ 316.341193][T22153] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 316.341234][T22153] RIP: 0033:0x4656e7 [ 316.341246][T22153] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 316.341262][T22153] RSP: 002b:00007fc47e284fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 316.341283][T22153] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004656e7 [ 316.341297][T22153] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000140 [ 316.341308][T22153] RBP: 00007fc47e285040 R08: 0000000000000000 R09: ffffffffffffffff [ 316.341321][T22153] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000080 [ 316.341340][T22153] R13: 0000000020000140 R14: 00007fc47e285000 R15: 0000000020000180 [ 316.432400][T22161] FAULT_INJECTION: forcing a failure. [ 316.432400][T22161] name failslab, interval 1, probability 0, space 0, times 0 [ 316.432425][T22161] CPU: 1 PID: 22161 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 316.432444][T22161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.432454][T22161] Call Trace: [ 316.432461][T22161] dump_stack_lvl+0xb7/0x103 [ 316.432482][T22161] dump_stack+0x11/0x1a [ 316.432538][T22161] should_fail+0x23c/0x250 [ 316.432599][T22161] ? __es_insert_extent+0x51f/0xe70 [ 316.432617][T22161] __should_failslab+0x81/0x90 [ 316.432633][T22161] should_failslab+0x5/0x20 [ 316.432650][T22161] kmem_cache_alloc+0x46/0x2e0 [ 316.432674][T22161] __es_insert_extent+0x51f/0xe70 [ 316.432761][T22161] ? ext4_ext_map_blocks+0x10a8/0x1f00 [ 316.432787][T22161] ext4_es_insert_extent+0x1bb/0x19d0 [ 316.432804][T22161] ? percpu_counter_add_batch+0x69/0xd0 [ 316.432861][T22161] ? ext4_es_lookup_extent+0x206/0x490 [ 316.432879][T22161] ext4_map_blocks+0xa4c/0xef0 [ 316.432899][T22161] ext4_getblk+0xb1/0x3d0 [ 316.432918][T22161] ext4_bread+0x28/0x100 [ 316.432937][T22161] ext4_append+0xd1/0x1c0 [ 316.433003][T22161] ext4_init_new_dir+0x177/0x500 [ 316.433020][T22161] ext4_mkdir+0x329/0x760 [ 316.433038][T22161] vfs_mkdir+0x2a4/0x370 [ 316.433058][T22161] do_mkdirat+0x11d/0x200 [ 316.433079][T22161] __x64_sys_mkdir+0x32/0x40 [ 316.433100][T22161] do_syscall_64+0x3d/0x90 [ 316.433182][T22161] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 316.433204][T22161] RIP: 0033:0x4656e7 [ 316.433221][T22161] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 316.433240][T22161] RSP: 002b:00007fc47e284fa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 316.433259][T22161] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 00000000004656e7 [ 316.433273][T22161] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000140 [ 316.433285][T22161] RBP: 00007fc47e285040 R08: 0000000000000000 R09: ffffffffffffffff [ 316.433297][T22161] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000080 [ 316.433309][T22161] R13: 0000000020000140 R14: 00007fc47e285000 R15: 0000000020000180 [ 316.511018][T22167] FAULT_INJECTION: forcing a failure. [ 316.511018][T22167] name failslab, interval 1, probability 0, space 0, times 0 [ 316.511043][T22167] CPU: 0 PID: 22167 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 316.511141][T22167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.511152][T22167] Call Trace: [ 316.511159][T22167] dump_stack_lvl+0xb7/0x103 [ 316.511180][T22167] dump_stack+0x11/0x1a [ 316.511196][T22167] should_fail+0x23c/0x250 [ 316.511218][T22167] ? __se_sys_mount+0x4e/0x2e0 [ 316.511237][T22167] __should_failslab+0x81/0x90 [ 316.511253][T22167] should_failslab+0x5/0x20 [ 316.511290][T22167] __kmalloc_track_caller+0x64/0x340 [ 316.511313][T22167] ? strnlen_user+0x137/0x1c0 [ 316.511332][T22167] strndup_user+0x73/0x120 [ 316.511351][T22167] __se_sys_mount+0x4e/0x2e0 [ 316.511369][T22167] ? mntput+0x45/0x70 [ 316.511385][T22167] __x64_sys_mount+0x63/0x70 [ 316.511404][T22167] do_syscall_64+0x3d/0x90 [ 316.511452][T22167] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 316.511476][T22167] RIP: 0033:0x467afa [ 316.511553][T22167] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 316.511572][T22167] RSP: 002b:00007fc47e284fa8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 316.511592][T22167] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 0000000000467afa [ 316.511604][T22167] RDX: 0000000020000080 RSI: 0000000020000140 RDI: 00007fc47e285000 [ 316.511616][T22167] RBP: 00007fc47e285040 R08: 00007fc47e285040 R09: 0000000020000080 [ 316.511629][T22167] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000080 [ 316.511642][T22167] R13: 0000000020000140 R14: 00007fc47e285000 R15: 0000000020000180 [ 316.660269][T22178] FAULT_INJECTION: forcing a failure. [ 316.660269][T22178] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 316.660294][T22178] CPU: 1 PID: 22178 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 316.660353][T22178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.660362][T22178] Call Trace: [ 316.660369][T22178] dump_stack_lvl+0xb7/0x103 [ 316.660389][T22178] dump_stack+0x11/0x1a [ 316.660475][T22178] should_fail+0x23c/0x250 [ 316.660496][T22178] should_fail_usercopy+0x16/0x20 [ 316.660517][T22178] _copy_from_user+0x1c/0xd0 [ 316.660534][T22178] strndup_user+0xb0/0x120 [ 316.660565][T22178] __se_sys_mount+0x4e/0x2e0 [ 316.660582][T22178] ? mntput+0x45/0x70 [ 316.660597][T22178] __x64_sys_mount+0x63/0x70 [ 316.660615][T22178] do_syscall_64+0x3d/0x90 [ 316.660633][T22178] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 316.660657][T22178] RIP: 0033:0x467afa [ 316.660671][T22178] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 316.660759][T22178] RSP: 002b:00007fc47e284fa8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 316.660781][T22178] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 0000000000467afa [ 316.660795][T22178] RDX: 0000000020000080 RSI: 0000000020000140 RDI: 00007fc47e285000 [ 316.660807][T22178] RBP: 00007fc47e285040 R08: 00007fc47e285040 R09: 0000000020000080 [ 316.660821][T22178] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000080 [ 316.660838][T22178] R13: 0000000020000140 R14: 00007fc47e285000 R15: 0000000020000180 [ 316.756506][T22189] FAULT_INJECTION: forcing a failure. [ 316.756506][T22189] name failslab, interval 1, probability 0, space 0, times 0 [ 316.756529][T22189] CPU: 1 PID: 22189 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 316.756549][T22189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.756593][T22189] Call Trace: [ 316.756599][T22189] dump_stack_lvl+0xb7/0x103 [ 316.756621][T22189] dump_stack+0x11/0x1a [ 316.756636][T22189] should_fail+0x23c/0x250 [ 316.756714][T22189] ? __se_sys_mount+0x91/0x2e0 [ 316.756732][T22189] __should_failslab+0x81/0x90 [ 316.756748][T22189] should_failslab+0x5/0x20 [ 316.756828][T22189] __kmalloc_track_caller+0x64/0x340 [ 316.756849][T22189] ? strnlen_user+0x137/0x1c0 [ 316.756867][T22189] strndup_user+0x73/0x120 [ 316.756903][T22189] __se_sys_mount+0x91/0x2e0 [ 316.756923][T22189] ? mntput+0x45/0x70 [ 316.756939][T22189] __x64_sys_mount+0x63/0x70 [ 316.756957][T22189] do_syscall_64+0x3d/0x90 [ 316.756976][T22189] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 317.844781][T22189] RIP: 0033:0x467afa [ 317.848682][T22189] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 317.868324][T22189] RSP: 002b:00007fc47e284fa8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 317.876732][T22189] RAX: ffffffffffffffda RBX: 0000000020001480 RCX: 0000000000467afa [ 317.884685][T22189] RDX: 0000000020000080 RSI: 0000000020000140 RDI: 00007fc47e285000 [ 317.892639][T22189] RBP: 00007fc47e285040 R08: 00007fc47e285040 R09: 0000000020000080 [ 317.900680][T22189] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000080 [ 317.908641][T22189] R13: 0000000020000140 R14: 00007fc47e285000 R15: 0000000020000180 04:32:19 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x444100, 0x0) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000100), 0x290000, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r5, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) sendmsg$netlink(r2, &(0x7f00000001c0)={&(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfc, 0x2000000}, 0xc, &(0x7f0000000080)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="380000002c0000082abd7000ffdbdf257a69d131df73149c7659fdc264b49553ded57b8f79dfeda200"/56], 0x38}], 0x1, &(0x7f0000000140)=[@rights={{0x18, 0x1, 0x1, [r3, r1]}}, @rights={{0x28, 0x1, 0x1, [r1, r1, r4, r1, r1, r1]}}, @rights={{0x18, 0x1, 0x1, [r1, r5]}}], 0x58}, 0x800) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r7, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) r8 = fsmount(r3, 0x0, 0x0) dup2(r7, r8) preadv(r6, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) write$binfmt_misc(r6, &(0x7f0000000340)={'syz0', "8c8f927c27ddde98923c0a287f500488185a86bb975eb2dd1e111691386db9b0b76346a6c9ef51ce2c73190c690af3900c7469a818c223fb9cd87db1fececb0b3499371c1cb00282dd53fbb38c594f895daea67a66de29f47f379d15712963c1f0180094a7e89e3d9d0ca1abdd4a5de9a0faa9a38e2482296bf0c530acbd98d94b8ed2bccdbff3e7aa54991eb34d6289fc921c74a9e1b47f4375f896f7a1c899a37af4d8d7b534"}, 0xab) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:19 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:19 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 317.970030][T22148] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 317.978431][T22148] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 317.990908][T22148] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 317.999288][T22148] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 318.011231][T22148] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 318.019627][T22148] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 318.061963][T22148] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 318.070434][T22148] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 318.106283][T22148] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 318.114667][T22148] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 318.142906][T22148] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 318.151385][T22148] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 318.163497][T22148] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 318.171876][T22148] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 318.197558][T22148] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 04:32:19 executing program 4: r0 = getpid() r1 = fork() tkill(r1, 0x13) wait4(r1, 0x0, 0x8, 0x0) tgkill(r1, r1, 0x12) migrate_pages(r1, 0x4, &(0x7f0000000000)=0x10000, &(0x7f0000000040)=0x1) r2 = fork() tkill(r2, 0x13) wait4(r2, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) ptrace$setregs(0xd, r2, 0x5, &(0x7f0000000080)="53166f823e82c1fd36f21b7c1eee2e255dd0c6a96658c857e60b52ba69013c9613b3712c232017a7ab70d72d5f68d1bfd825fdcfeccd2b3a302c1fe29ffa2ec00177ff50391da6537a3218afdb3152a6986d1a1341d86a029500310a766b19449aee820bbb6715998eb9997087a623b48acf4f349de878f582f7dc9f284d671eab6a37fcc789cfc69e9ad475c4864c6bc84f4f4339696b87251825e94618ad0483") r3 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:19 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 318.206014][T22148] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:19 executing program 3: ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000001c40)={0x0, 0x0, "6ca8a9a7d987f76518cd4c38a3629e390500000000000000b4685c1a5f040000000000005aa917ff34e568fc8e723d6bd2fa9c02dba4972280509826a4c067a0ca6de307075412797115cf6f86ab25d42dbefc51670ada10605364f983695d0b377a080037cadf786c42517e4c1767961928bcafd06a0e69f978d7087186b0590a08b6bd4a4781f57221bd7f69f6b5f2a902cd8f94e88b0ed4dda03f000000e633c992afd85f025a60e3d4f4a6c961d28482391abea933031f58e705a66343c02f4349aadb7f077ae17ffca17bf34e998d644b722b62b173b1fbe825e5a8aa9be3fe5a54c450cf41f0c6fdfbe7306fe276327a2e1e55acb07c0a38b4c000", "b484a092631ff2cf435a2953c0c0a08f0341f29dae5ffb32f4cc41d005bded8c033feaa74f63fa99cb524f312c7aa433b6fb660003e2a777c340aa6cf64c022dea111af4a335cbfbe5b772b18ed713eb66376aaa5768f3b0ffda54fb49574aa809315fd2a8da870131fcb4048bdadf2c358f2e5604ccc0e4b858518d01a7bf3fec2985392472bf8ea8759bcfe76f35d2db40a35795b5ac672778356361f762ebdfdff2a84e502e65a4409a774bc0ff6da63b474c815dc10e2d75d0f063dfb24220a2fff57b40f2c294e0fcabbd2551ca8d32e5d227875abab6b2be7562bdd726ff73145bf07c29407668dd57a530b341d964f44df938fe1d507568cf236aefc64869b4aa242429ee762d7b63cf90ba65485048b776b088221a70dd2d7821ab7bc17c6163530fdd25307cf9492342b246c715561ccc36956153f5ff22f4a2042b48de1d765dec43e8e3dd4abb587480e84d36c6b1e64f7fef0f71441c1d3681bbc5ee2ecfc325b52c5362798e3e8fa25808ab55e2861037a2ade4bfb0cf07da8286dfa72d8be934bc732b95bd5ffc43c11b90c1a7ba620ae63268dd3c9a54533cd930531cc894841cedd29e0a901ff3b352eaba0209a0b428e80e9da5afc5c900a5711bc0b9c4ae405a45dd66098b9b62128bb128eff317fb331a9155b6c5db0e14d4b3db444845d923ac67b11f648a66bae7fe222fce1c5bf67b48c48a6ec3621939664faddd0cf3c41ad63b54a6a30a85f19db8ca7c0c2e94d9703b9212da6540c758c399f6ac299d0ebf76badd6d1ea7242ed5154ff7037a366fdff1cedd964421691b6d9b78862851f1e65263847b5ec30c3bcb0a9dbff31b910b195f62346cedc82ad0d81fc24a38c405ddbec685fdb88bdc2fbe58aaf995337f4c2b1ca698f253a44581aa03f5fd15ec2b743a917decdfaa103261f8fd1d978b0962292ed2368464dc855def9da5196b14ae40b97343daab85bc4484f742cee761dbc8fde4b1bc62dc90a2e5249c13287f8ff2ff8fd3c71f8c79a96798acd3df0ec9cb878b97c5d6daaf82bf70cfea78c5eb98b74fb72c4991f1af6c51590fc9a8814f6a45ac904d725d33c19c90f393858adc6a9e6085e8ac6feb3a68940a3a1a06e8c4ad84e718f8bd3ea00f90852d61e4dc6797259a7f4bf3b063db5c84213492036c91bb7f1f513e8f6e6b578d1410a40fb6fb396f63536cb9c8fb90201550422acce5126d305ff4f813ec6e7e619bd3c4ab85b4a53fda58fa393327663d26883a87015f1bdfeb0de48826f2de57c1fe71e3bcee0f1fdbdbe3fdf9f41f0a8e2f9f836f9a623d97531b44d547d9f0008a4a766599e76bb35b756c60e2c237a2966a05a8a2139dd03ae898e771d00c770434d0a93994437314334fcae44de3305a1178de37015309c0361c922e6932db528ae7174d3f7f38e495b4284e0c85cd182871e7a3d4f4de150e9d3ff063a0e89c34a15400af99ee27851cd03a36a2594e8a81dbb9203eac5baf458046fa14c6b669fb505eecd60c10b872baa1e63bf33cf2f13c4b00dfc890ccd40f430da385bff8be5490deaeed6e9a85e9b41b1783d40728f061881d40605f7de3d2cc75bbf44cafbe82cb38ad6b238ded5daa117475390473dd783e3587829847f29e211a94a7e1ac3034302ee3115ebf95d1cf259e95b60526097dba53610b4feadb716d13abfd467bd62d4834120e5f6752f24f63bfb6642ec3b744d21ebfa525e79ff6681b67be337e425b29e4e12e1bf01c3893abccc2fcded9c41d17284cdfd178576aeb8f65bee211856ab833392aba729504805c1d9cb11b0595d4325a42ba21330dd29cb5c24e5ab1229a05e00ed7c57cb199195311628b29900caab8e462b5314b4d1a55a3d9adb855c248f1532509dd913df5931535c7858ed02942a519ab278bf342a9689592d178fc1e2d1f0cb624d4293e6be4dd500c20303716dc47a0a25f3ea5897549348c2b9bc81100000000a4b8fa33a59bc3f5ec0c331e738a0bf551ddd02a0d5dc332e5ea5ef5cb14d2b31e00389d2b4f866fbd517db54caae174345590ef74895de9741c5d9c70002cb498e09010b4ac36224148ff7cdec8eec6140e446b0a6d9d103f0c52e70c630e2830f01dc7d913695040b20bd40c72b21ba97767bbd21cb9b5a81b101c6ce95fa8f7ee5a2ac8fc7964a1ae8e7a131abbfddf7be6f6040865777b0235151c7a5cb79d137a3ec85f1f949abb8277b01a4fc9b0814252e754d69f5ce0d78e06c7930f43c32c5256f6e26dee7155775a86015b68785542d2956dabff0300004e2ae6c450fcdbe57d5d73a7df163c0e90c0f55259767d3e1a7dcb78913c01714c7fa0ee2de01a5faab4f6903c711b0f0c03d29de59f0859207ba8d3ad5ec7d405ae7e48e8421a1c2bec2653feb9f9a1026f9991abdc55c97bda3df40a433b31d0642db67b5c45f27791c9be49f1ff2f69e5bc2001479e13dbec5aa246ce365c27f03c63ff198222e449a32492d75444862d7ea2cf129d4dfb0a414d619e71a1a6dc9751b1607c8dc44fd70c16b46afbf8de577353f534d600f644ae77af0ef5cd056a1ebc96e014b9bc4c37963aa85bfdbc70c5d305d1aebc0bbb48797ce99d68cd53e3757c443f31c119f4b7852db65f7f1ffdfbd229eb34677c4d2622ab7f31cd1b05dcc495f2f3ee9a03804d9d3a316f5ef496ecb29d33d70e9642e5f64ae6563ca7eb73c98ea1a6a75c853cf5e5d401b1eb3c4735bd38576c4c5284636f3416e063dbda321e8ee70137a3d6a16ceeb0d6093b2aeb82b1bdbd9e501de719aeb8946ebbea4739a6cce65d254159177970068cf420e6bb3cac1ef5591102ed3b506160d9fb7b442f9fe146ae79eda9e632e68d41d0438f80a77b890ff0cd205958e09ca308afc89d8279fe9edf53bd4b8851cba7424ff11722384b287350dafc2492ef53e306e883371885f7762cecbe9a147e2d0102ea8257cc8b44e822b4be0be4a1b6f0ccabc1265cfcfa8450f60f1ae9fc5add37165bea76c110c7a299a0bf2717ec56fcf1e7adcc1dfbb59dbe9aeccbfa81c3bb9afb58651605b562b9b58e27fb08112a7afd536ca851c45ca6653520ed282ec6b1e37845043d5ccafcad6711f4af69998cb31bc55bbea8fbbef5367148dc301d04b3fb931b7a9c4eef97d5752606170f69e025659db48d2b78d9a40beee5382861b77244789a26b2a5971a5f336d0e7f9070323c5a6775200ff00ded4700e2549cc057738ea5764ef258647aced05bec6f7ca6fb7a420892cf8ff3ea8c79f9d12ba2da768341d9102422783ecc28ed34c783e1e0813c28a2b9c0b8459337f2f7e2d4ddd95f542dd253ddfb1fca97af24e633257c5f63982da9e23daeb4b3533ec8b50273bd9a6b26f6d2a76b9a5cd76bfc6532f78d757bc39a78f7337b0c202dfde82b5c44cc0aaa6ac4040b879161d875564790fc51ae105f762554fa00d9bfe786b99ce6243a61c474b81895696d6ef773fc6cfd896b122a7bcc650dc6d954cdf42f68ec7d69272d8c103c4e0d722310f34efe146917d77f5ff5c90b13b8b44341eebba882aad711ce164bf761afc7c9075ecfc9b4900b86a748059c7ba3cbb8e7dc7f8fdecae45525d171c8223301e284c18e176546e2972a2241882361a576c03278f789389bc49af18a95280432ed0ea87074a1d639933f16de0a22191f8fb237a681b52488d841d7b986c389609bdb3ea48daeaf8b4f30b88601c3d952bd631cdb4a2e01129ded29717e247213dcacc9821e9e7d2001c656bfbf0ae6875f1209b03401b153baf9f669258f823889934c5acc22d2d4010000006b5ac60bebcd85800de2b5976b753171df5db57372a184c9e2eabd7dc52b04b3eaa2e35163c3cb3c7bc14c64a11a28c21a570bbd11c90c1e69586404c9cbd18c0e87f1d11c3e33b297ad970c6cde513d47ee0374252760aa414d630c257f8cb8edb83cb506152f7fd3ac383d38da88d98b971a4df93f38b5de18dc08b3b3367a11185674cd0925bec393d6f9d9c2a2fce5931146de9f22e9eb3b01d3c2774088a4f45c71416d9f19a3b1fb3daeb44f06ebf7691902e34ff7fdf544c9fe2634301e019159bb874aba4b8928f294e2004779ec4f524b8e8ebfb6c0b243ecae124be9bcf09b0010744c63ff1fba48a4801678059e1e7a56f4dd8e0e6006818d4cd364445a1ae8ad797f804981356c111c450c190f7a5f29953a8381a04f03916b04184af8124add9deafcd97833f888c67daa1d1ef07290c0b368d705196e4c85edc625de9c1fe93e6266f954b5b2da2b47b26381f1abdb25ba6c3393bc47cea3c6f560836de2931fd4a7ae4aec7738aa078553c5028f5ae224ae3c98b6a75f0714eac7e528bf1d502b03dc2c46208b33956fda24692d824c66ad7e3b59a3b0d47112318a73f6a6682a47ba05b563cdfde7d0aa91d7150d2586f62241da08930974d85dbf8b4d03c6d3b98c0ca910e162d75f8db78a15992578f490d5c01cb723886bdb92c6137d078548ee5c77dede38a774eeefdeaaa981e8ee3a38b3fa5e828a3891252ed0b1fc7693b39639475947d396eda5f5f52752072e2fd5d16625981e08e66cccdd7b04df6985943d3d2c02ea288b5ed5be1360bc887af979f94f47868891a57d037b41f4b4192bc01265b5aa7c495e68306b440b8538ce392915a997a2796e6dbe305c339d21caff31783f8223abd3f60e665d01bf642b10187ceb9412ea8a0700000000e5fba039d1d021226cf685f7f2cc3bb98468e1f511f217411c61ac40a76135e414448ba738f5ee1c5f16a5b09b5751aa78aac72a34ef86eba00d6097ed448cf9322e5f79b5916c950bf3abb9ca85b8a4eb9695c05d465b74f0b50285943b58e80bcb89ae83bfb3091c7d2271653667f2c149c11eee1e66dc9cd160304b49c22408000000000000008131ab27121fa9f96bd87c955f7b8966d42847617d40e19e90572169b3666d110b5839b75b6c3bbba01cc880ec4f78eca719275ee6335fc3bba834421e7965c08b27af1fd3f859cf02151fad4e5f391aefd7634616a9eac454066e3b4b465bb5b1b2f3cd96536be0b53d71cd909c7d57cd1cbd1dd3ab5059da37972498dffa95b2c95916b9860eff36ea140f8556bde8474a93a4e0302ea1b3d91e93cf3d3ac9a49e52571ccd1ba117a800d276dbbbe47ce3838744ba2bf859c3973f62def70b3f6610eff2cf683b36cae506d9bca5575df11c6bd61bb0bc8118dcb54b90dccb4f141f2f08e1a2056746242d5f5830c63aa6f11818ce60afacc6ff25ecec0637862da9753d71d0b846dbc4807a70bd3ecb412df82bd8f3628678818d77c253e8f48cb35dfba2b8d62e65173e21d7eed9ed9e1f4d3563f284aafc93a75f24f7eddb96f7d107671c00"}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f0000000280)=ANY=[@ANYRES64=0x0, @ANYBLOB="09000000000000000200000000000000ffffff7f00000000ff000000000000000000000000000000050000000000000009000000940c000003000000010000004508000000000009000000000573ca5c12f10000005700000000000000000010000000000008000000000000000000000000000000cbc0a19c695d77ef571a67f26ba9899c3899bf899d12e46c2f2422b5c7e2247d13f1674cbb08b931600ca42b16114093f432cd9394e83db021df11bbe39775b0a8ec680664617e585697dc69af40487c0dda4de8a6f457f95f29126ba1a112265893fcadbf992feea18d83b4d8c8bf9da3caeef1f9c448a520034130326019f26c85ef4c00"]) r1 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3c43, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x965}, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40)={0x0, ""/256, 0x0, 0x0}) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r5, 0x84009422, &(0x7f0000000fc0)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0}}) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8914, &(0x7f0000000180)='lo\x02\x00\xecv\xf12Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r') ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ') sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000001400)=ANY=[@ANYRES32=r6, @ANYRESOCT, @ANYRESHEX, @ANYRES32=r4, @ANYRESOCT, @ANYRES64, @ANYRESHEX=r1], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x40025) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000052380)={0x5, [{0x0, 0x0}, {}, {}, {}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0}, {0x0}, {0x0}, {}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {}, {0x0, 0x0}, {}, {0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {}, {}, {0x0, 0x0}, {0x0, 0x0}, {}, {}, {0x0}, {}, {}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {}, {0x0}, {}, {0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {}, {}, {}, {}, {0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, r4}, {0x0, 0x0}, {0x0, 0x0}, {}, {}, {0x0}, {}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {}, {}, {0x0}, {}, {0x0, 0x0}, {}, {}, {0x0, 0x0}, {}, {}, {0x0}, {}, {}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {}, {}, {}, {}, {0x0}, {}, {0x0}, {}, {}, {}, {}, {0x0, 0x0}, {0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0}, {}, {0x0}, {}, {}, {}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {}, {0x0, 0x0}, {0x0}, {}, {r2}, {0x0}, {}, {0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0}, {0x0}, {0x0}, {}, {0x0}, {}, {0x0}, {}, {0x0}, {}, {}, {}, {0x0, 0x0}, {0x0, 0x0}, {}, {}, {}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {}, {}, {}, {0x0}, {0x0, 0x0}, {0x0}, {}, {0x0}, {0x0}, {}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0}, {}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {}, {0x0}, {}, {0x0}, {0x0}, {0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {0x0, 0x0}, {}, {}, {0x0}, {}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {}, {}, {0x0}, {}, {}, {0x0, 0x0}, {}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0}, {0x0, 0x0}, {}, {}, {}, {0x0, 0x0}, {}, {}, {0x0}, {0x0, 0x0}, {}, {}, {0x0, 0x0}, {0x0, 0x0}, {}, {0x0, 0x0}, {0x0, 0x0}, {0x0, r4}], 0x1, "d3c7dbea00020b"}) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) ioctl$KDGETLED(r191, 0x4b31, &(0x7f0000000080)) r192 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r192, 0x0) pipe2(&(0x7f0000000000), 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r192, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r193 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r191, 0xd000943d, &(0x7f0000059980)={0x10001, [{r169, r91}, {r152, r185}, {r68}, {r142, r63}, {r65, r92}, {}, {0x0, r182}, {r186}, {}, {r145}, {0x0, r58}, {r148}, {r24}, {0x0, r33}, {0x0, r58}, {}, {r131}, {0x0, r110}, {r159}, {}, {r188, r126}, {r172}, {}, {r54, r37}, {r10, r0}, {r173, r44}, {r9}, {}, {}, {r61, r119}, {0x0, r168}, {0x0, r171}, {0x0, r67}, {r147, r120}, {r17}, {r117}, {r155}, {r52, r111}, {}, {r89, r137}, {}, {}, {0x0, r146}, {}, {0x0, r36}, {r124, r25}, {}, {r138}, {}, {r3, r165}, {r123, r187}, {r34}, {r74}, {0x0, r153}, {r35, r21}, {r30}, {}, {}, {0x0, r170}, {0x0, r154}, {r26}, {0x0, r174}, {r180, r113}, {r10, r133}, {r118}, {}, {0x0, r69}, {r148}, {r20, r11}, {0x0, r84}, {r66, r50}, {r104, r106}, {r55, r87}, {r24}, {}, {0x0, r83}, {}, {r116, r79}, {r77}, {0x0, r184}, {}, {r105}, {}, {}, {0x0, r114}, {}, {r81}, {r139}, {0x0, r31}, {}, {0x0, r174}, {}, {r95, r41}, {r132, r88}, {}, {r117}, {r13}, {r175}, {r183}, {0x0, r150}, {r93}, {}, {r100, r143}, {r96, r63}, {r16}, {}, {r130}, {r130}, {0x0, r103}, {r107}, {r164}, {}, {r161}, {r144, r82}, {}, {r75}, {r26}, {}, {}, {0x0, r140}, {0x0, r0}, {0x0, r189}, {r102}, {r34}, {}, {r160, r60}, {r24}, {}, {r177, r62}, {}, {}, {0x0, r178}, {r128, r45}, {0x0, r57}, {r78}, {}, {}, {0x0, r122}, {r180, r67}, {r167}, {r32}, {0x0, r39}, {0x0, r163}, {0x0, r64}, {}, {}, {r136}, {0x0, r189}, {}, {r34}, {r12, r190}, {r183, r101}, {r70, r14}, {r160, r86}, {0x0, r153}, {}, {r127}, {0x0, r185}, {0x0, r87}, {}, {r40}, {}, {0x0, r154}, {r107}, {r18}, {r180, r38}, {}, {0x0, r90}, {r65, r47}, {0x0, r62}, {0x0, r157}, {r49, r80}, {r131}, {}, {}, {}, {r15, r151}, {0x0, r0}, {0x0, r76}, {r85}, {r129}, {}, {r28, r29}, {r85}, {}, {r56, r166}, {}, {r77}, {0x0, r97}, {0x0, r115}, {0x0, r156}, {0x0, r41}, {}, {r98, r94}, {0x0, r53}, {}, {r167}, {}, {0x0, r141}, {r162, r7}, {r173, r179}, {0x0, r125}, {r173, r113}, {0x0, r72}, {}, {0x0, r108}, {0x0, r103}, {r46}, {r42, r181}, {}, {r55}, {}, {}, {r134}, {}, {r129}, {r109, r38}, {0x0, r59}, {}, {}, {}, {r158}, {r130}, {r17}, {0x0, r135}, {0x0, r73}, {0x0, r50}, {r68}, {0x0, r8}, {r152, r121}, {r112, r133}, {0x0, r25}, {r48}, {r51}, {r71, r99}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r176}, {}, {}, {}, {r43, r23}, {}, {0x0, r57}, {0x0, r27}, {0x0, r8}, {r149, r19}, {r22, r47}], 0x40, "9e4d358ad9cca6"}) write$binfmt_script(r193, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:19 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:19 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:19 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x3, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:19 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0xffffffff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000000)=0xffffffffffffffaf) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000140)=0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x7, 0x80, 0x7, 0x7f, 0x0, 0x0, 0x8030a, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x14a869c7, 0x2, @perf_config_ext={0x101, 0x1}, 0x40100, 0x8001, 0x6, 0x7, 0x1ff, 0x3, 0x1f, 0x0, 0xc8, 0x0, 0x2}, r1, 0xb, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:19 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x4, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:19 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x5, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:19 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) 04:32:20 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:20 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x6, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:20 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(r2, 0x801c581f, &(0x7f0000000100)={0x6, 0x5, 0x200, 0x99, 0x3ff}) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) inotify_add_watch(r3, &(0x7f0000000040)='./file0\x00', 0x400) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = fork() tkill(r4, 0x13) wait4(r4, 0x0, 0x8, 0x0) tgkill(r4, r4, 0x12) timer_create(0x6, &(0x7f0000000080)={0x0, 0x15, 0x0, @tid=r4}, &(0x7f00000000c0)) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 319.147552][T22210] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 319.155999][T22210] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 319.167989][T22210] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 319.176323][T22210] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 319.207120][T22210] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 319.215548][T22210] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 319.228626][T22210] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 319.236621][T22210] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 319.281322][T22210] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 319.291425][T22210] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 319.325164][T22210] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 319.333560][T22210] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 319.345024][T22210] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 319.353448][T22210] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 319.364532][T22210] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 04:32:20 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:20 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:20 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x7, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:20 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000180)=0x0) r2 = fork() ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f00000003c0)={0x4, 0x80, 0x0, 0x3f, 0x20, 0x0, 0x0, 0x7, 0x800, 0x12, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, @perf_config_ext={0x8, 0xfff}, 0x40400, 0xbee, 0x200, 0x0, 0x9, 0x6, 0x0, 0x0, 0xffffff81, 0x0, 0x5}) tkill(r2, 0x13) wait4(r2, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) timer_create(0x4, &(0x7f0000000340)={0x0, 0x9, 0x4, @tid=r2}, &(0x7f0000000380)) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xfffffffffffffffa}, r1, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000180)=ANY=[], 0x208e24b) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r6, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r3, 0x8010661b, &(0x7f0000000200)) fsync(r6) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x69, 0x5, 0xff, 0x0, 0x5, 0x80, 0xb, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x64d, 0x1, @perf_bp={&(0x7f0000000000), 0x8}, 0x6622, 0xac8, 0x698, 0x0, 0x1f, 0x7, 0x5, 0x0, 0x5, 0x0, 0x7}, 0x0, 0x3, r5, 0x0) [ 319.372882][T22210] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 319.384354][T22210] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 319.392362][T22210] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 319.404301][T22210] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 319.412734][T22210] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:20 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000001300)=[{&(0x7f0000000000)=""/189, 0xbd}, {&(0x7f00000000c0)=""/90, 0x5a}, {&(0x7f0000000140)=""/130, 0x82}, {&(0x7f0000000200)=""/157, 0x9d}, {&(0x7f0000000300)=""/4096, 0x1000}], 0x5, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = fork() tkill(r2, 0x13) wait4(r2, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) rt_tgsigqueueinfo(r0, r2, 0x9, &(0x7f0000001380)={0x1a}) 04:32:20 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x8, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:20 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x9, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:20 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/dmi', 0x40101, 0x62) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x4040, 0x0) pidfd_getfd(r2, r3, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:20 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$TIOCNOTTY(r2, 0x5422) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:20 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:20 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xa, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:20 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) sched_rr_get_interval(r0, &(0x7f0000000000)) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 320.316912][T22309] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 320.325267][T22309] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 320.336463][T22309] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 320.344830][T22309] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 320.356168][T22309] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 320.364586][T22309] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 320.377914][T22309] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 320.385976][T22309] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 320.397626][T22309] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 320.405596][T22309] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 320.416655][T22309] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 320.424730][T22309] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 320.453500][T22309] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 320.461929][T22309] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 320.486475][T22309] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 320.495050][T22309] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 320.506276][T22309] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 320.514620][T22309] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 320.525671][T22309] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 320.534105][T22309] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 320.545269][T22309] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 320.553578][T22309] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 320.564647][T22309] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 320.572691][T22309] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 320.583746][T22309] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 320.591744][T22309] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 320.603655][T22309] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 04:32:21 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:21 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x6, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000540)={0x2, 0x80, 0x3f, 0xd7, 0x3f, 0x80, 0x0, 0x1f, 0x485a, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x1, @perf_bp={&(0x7f0000000500), 0xe}, 0x1c09, 0x2, 0xffffffff, 0x3, 0x800, 0x8, 0x7, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xf, r1, 0x1) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) preadv(r2, &(0x7f00000006c0)=[{&(0x7f00000005c0)=""/255, 0xff}], 0x1, 0x3f6, 0x5) pwritev(r2, &(0x7f0000000480)=[{&(0x7f0000000000)="f99de3ad96d706104059206cfd493d5af910a3594a09707b35a65129e939f1dd", 0x20}, {&(0x7f0000000200)="87ed1c5f74b49a5cd5cd2340ae38bb36028beca667dd5b67949383501b08a246a059e30daa9f9ec99b64e8bab72ca8e496fc46a3c8caeb8e774f8dcf55e1bc394a6c11c6ebcdc73a4e07719f405183a1af837bca0970ae4cbbfa5495f41f68da194029a15af16f1d463ddce7adf62977a9c5831e6844f3fbfca3ba29f3f5ba87a061ff35f65895538f5fb0ead167b51cff573e4ec6b5c89fb287d41e93672df136e7803eb3c339ed2d71fdafe90d8aaf7c", 0xb1}, {&(0x7f00000002c0)="fadb095a14df9eb5ce59b2bb1d73e2d857e1f5b24f78efee4952698bd081734e51ee00661162e13ebc322afb31e69d2d1e8d360d2cf19b5d8955a9c4d5bd51952ee7ae5383ce8e933259fe9691577ff8af27d59df3b961b05f0ca5bb14086cdadd613e8ea39aab6f5294481f32b46e30b45ab10e57e3dc5d39024ab963d184eae2852789cf620908fcf65f2f8d8ff2162d9085ba489d507da5eb7a6c90c54d2014d0a4b31be2bcc57b2130cdad75c182b2", 0xb1}, {&(0x7f0000000380)="524525f585f01b4b34be4a501a77d126dcf20d168d97f6d07222c97b9452faea9e120bb79b59ffe24baacffa0acc3aa97474531d646d9f4510c41a977dad1e50b16339ff801862885f8a2165451cf0fb7e7261694133e3c22320f40321520bfc2650f692b049f67cf0ca846b14c62560d21e21f00b64f2eca793d74828df9d1c1442f2879d824e837540d1cfdb6b36a23fcaa13c1cdc988065e03738315638df87162dc05552ff1f0d3f930adfc83e7acab3e0969a0d07058b62bfa4b83bb0ad07a89602d2bab7eca089c308cfdd3dc8f410f3fc56d6e6f8503ad8942a3ca6948618a064010c", 0xe6}, {&(0x7f0000000040)="96ff6d4cd4e2afa4828f2dd10a9d0159ad24c1d4af2c7a813e236bfd365833599a1b295f0e333379d69641fe2737bba418ccf5efb9406c8bc4adc442357c8cccb9c692467fe0713a2ce261995792494e5c70bbc8d10688b0e514936fe80e4ec98c8f24072bf9da4a05f92d1fe8f37bc8882c7c57b53a37395a59", 0x7a}, {&(0x7f0000000140)="aa8d87a63e5c48154e08a0e179e9876ad196deef007ac4a919b5bf8208f357c080f143e5e19dfef07e50a4e86185efcb74846bf57e8492145864133d7a8a4aa78c14d2f29231133bb14cbf26cbfb1a070e1d92ef18eaecd47b8df2baa129e90398d787ffb01093b9a1c10f", 0x6b}], 0x6, 0x4, 0xfffffffd) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:21 executing program 4: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = pidfd_getfd(r1, r1, 0x0) openat(r1, &(0x7f0000000040)='./file0\x00', 0x0, 0x80) fcntl$getownex(r2, 0x10, &(0x7f0000000000)) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) 04:32:21 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xb, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:21 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 320.612099][T22309] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:21 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/104, 0x68}, {&(0x7f0000000080)}, {&(0x7f00000000c0)=""/67, 0x43}, {&(0x7f0000000140)=""/178, 0xb2}], 0x4, 0xf9, 0x542) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:21 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xc, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:21 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:21 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = accept$unix(r1, 0x0, &(0x7f0000000000)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000300)={0x0, 0x0}) rt_tgsigqueueinfo(r3, r0, 0x17, &(0x7f0000000380)={0xc, 0x4, 0xfffffffc}) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r5) inotify_add_watch(r1, &(0x7f00000001c0)='./file0\x00', 0x14000000) getgroups(0x2, &(0x7f0000000040)=[0xee00, 0xee01]) sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {{}, {}, {0x4c, 0x18, {0x7fffffff, @link='broadcast-link\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x40cc809}, 0x40810) fchown(r2, r5, r6) 04:32:21 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) r2 = fork() tkill(r2, 0x13) r3 = getpgid(r2) ptrace$getregset(0x4204, r3, 0x1, &(0x7f0000000180)={&(0x7f0000000140)=""/32, 0x20}) wait4(r2, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) waitid(0x0, r2, &(0x7f0000000000), 0x0, &(0x7f0000000080)) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:21 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xd, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:22 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xe, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:22 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:22 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = creat(&(0x7f0000000000)='./file0\x00', 0xcc) write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0', [{0x20, 'cpu.stat\x00'}], 0xa, "d642bab066abe709749d76a7435baa8e33d84bcf5e65a0eb9a8e4e7a5da6d5ae6c6aae1ab399fc8c40109a"}, 0x40) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:22 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x10, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 321.523943][T22386] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 321.532327][T22386] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 321.544024][T22386] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 321.552394][T22386] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 321.563888][T22386] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 04:32:22 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) [ 321.572265][T22386] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 321.586670][T22386] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 321.594712][T22386] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 321.606287][T22386] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 321.614412][T22386] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 321.625490][T22386] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 321.633669][T22386] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 321.677665][T22386] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 321.686097][T22386] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 321.721502][T22386] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 321.729900][T22386] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 321.749316][T22386] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 321.758302][T22386] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 321.769611][T22386] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 321.778223][T22386] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 321.789639][T22386] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 321.797703][T22386] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 321.808923][T22386] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 321.816915][T22386] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 321.830444][T22386] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 321.838561][T22386] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 321.850663][T22386] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 321.859122][T22386] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:22 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:22 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x200000, 0x0) openat(r1, &(0x7f0000000000)='./file0\x00', 0x42002, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x8) 04:32:22 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x11, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:23 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x58, 0x28, 0x69, 0x5, 0x0, 0x8001, 0x200, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1663, 0x2, @perf_config_ext={0x6, 0x5}, 0x14941, 0xfffffffffffffffb, 0xffffff05, 0x1, 0x10000, 0x9, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffc344}, r2, 0x8, 0xffffffffffffffff, 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:23 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x12, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:23 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x22, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:23 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xdf, 0x7f, 0x3, 0x40, 0x0, 0x7ff, 0x40, 0x8, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xffff8e0d, 0x2, @perf_config_ext={0x6, 0x3ff}, 0x4000, 0x80000001, 0x78, 0x3, 0x3, 0x9, 0x500, 0x0, 0x6}, 0x0, 0xe, r0, 0x8) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:23 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x25, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:23 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x48, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:23 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) sendfile(r2, r1, &(0x7f0000000140)=0x8000, 0x2) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x42, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x2, 0x2, 0x4, 0x3f, 0x0, 0xffffffff, 0x80270, 0xb, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xc6d8, 0x4, @perf_config_ext={0x8, 0x80000000}, 0x8100, 0x0, 0x10000, 0x5, 0x400, 0xffffffff, 0x68c0, 0x0, 0x10000, 0x0, 0x80000000}, 0xffffffffffffffff, 0x9, r3, 0xb) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:23 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:23 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:23 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:23 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x4c, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:23 executing program 3: prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x1b) keyctl$session_to_parent(0x12) r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:24 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:24 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x68, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:24 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) r2 = getpgid(r0) sched_setattr(r2, &(0x7f0000000000)={0x38, 0x3, 0x40, 0x7, 0xffffffff, 0x9, 0x2, 0x7, 0x81, 0x6}, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = gettid() syz_open_procfs$namespace(r3, &(0x7f0000000040)='ns/uts\x00') waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:24 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000352000/0x2000)=nil, 0x2000, 0x4, 0x110, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:24 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x6c, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:24 executing program 4: socket$nl_sock_diag(0x10, 0x3, 0x4) r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:24 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x74, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:24 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:24 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = dup(r1) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r5, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) prlimit64(r0, 0x7, &(0x7f0000000340)={0x7fffffff, 0x1f}, &(0x7f0000000380)) r6 = ioctl$TIOCGPTPEER(r2, 0x5441, 0xa71) ioctl$LOOP_SET_FD(r5, 0x4c00, r6) preadv(r4, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000180)=0x0) ioctl$NS_GET_OWNER_UID(r1, 0xb704, &(0x7f00000001c0)=0x0) sendmsg$netlink(r2, &(0x7f0000000240)={&(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbff, 0x4000000}, 0xc, &(0x7f0000000040)=[{&(0x7f00000003c0)={0x148, 0x3f, 0x100, 0x70bd26, 0x25dfdbff, "", [@nested={0x60, 0x66, 0x0, 0x1, [@typed={0x4, 0x88}, @generic, @generic="fc3a28a411a28694857027686e0e7d758889d862facd55fb5c3ca7d22926e71a7d4e169e6dfde0e2f4fb1fe29a5f6b4b62340483388ebaa68f1ebcd17a9f343f7403fa0380569fb999ea33a543c9aaaaa36dd7e87ee28f4e"]}, @typed={0x8, 0x82, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x40}}, @typed={0x8, 0x29, 0x0, 0x0, @fd=r4}, @generic="3379b37521154d310428056f55294fa10b99f576369c80a4864906edfa06447eac4936fe8182bd171b7b5b0ec335a96c1cbd199992cc4ef8269307fbf1accde2b9bce4bc1c4aeedca08064f767940bab3fa3f1a89b68400f6842c5d92f2740d69903b0d3c184150d4a680a499fa671142456f3047e3c20713bf596ad3a69abc8a864201b5bc6c4b98d6a3ef8030468a9b97c86d5693583a3e9ea19b349b8ead66b2e80e943b4cc80e08a513173633b4f0b35836dad7751f93d57d2b7a5e7b86d5dbb3785e884"]}, 0x148}, {&(0x7f0000000540)={0x1e0, 0x2b, 0x1, 0x70bd2d, 0x25dfdbfc, "", [@nested={0xa6, 0x4a, 0x0, 0x1, [@generic="cf6cfc5ee09bb27b7074adf85682533d6f1c2e58af8daca1d335c95b52133b1eb9edc9cf5335bc73ff63b13d39c3171d9f70696c6a7fc2451801cf92dd6ff90dbb768cec892e0cfb0b2ba2b26b8c128983efe47909ab54332c0d8230e713e0d28058bd885c7eb9904aa3322e6e7e847154b24f18a955f387a99359b97cb8060fa6c1b956f67685e1ff2bed0252d9eead0a1bae1d92faa4c8a324651c6d52e468833a"]}, @nested={0x1c, 0x2c, 0x0, 0x1, [@typed={0x8, 0x83, 0x0, 0x0, @u32=0x3}, @typed={0x8, 0x13, 0x0, 0x0, @u32}, @typed={0x8, 0x79, 0x0, 0x0, @uid}]}, @nested={0x10c, 0x78, 0x0, 0x1, [@generic="ead1749413cdd3bcbe4b5f5e795cec21d27f5f0e663b8d7b2c51a660415ef9238c28524147623f8c56d2a50fdedc4f6acf1e3462de7185c9cc5a927fc414401badaabf527cb127978017a486bfe8840d518827f7790dd06c5d146e0689", @generic="bd976111244f21cd6b89adc4a9a7c234098ad3c962808e2d20dd8acc24c5204ba3e2aa96ac2d7d2a029df2de40791806a5f0663f0be9f4c1de36f6067565be01e2c961cb2d028edc5f8369c5e96866c2617266120e9f347dcb96a1a7fa1c432a0cc3cef018b44720933ec8026cef344e00b59749803be8c716939f8078ee3d644d2f96a1e20b14b192082f46828013c1b78f6936baaa1066841e680eb416b29bb2af768bffcd6ce5260ddd"]}]}, 0x1e0}], 0x2, &(0x7f0000000200)=[@cred={{0x1c, 0x1, 0x2, {r7, r8, 0xffffffffffffffff}}}], 0x20, 0x20000000}, 0x20000000) 04:32:24 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:24 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfc, 0x200000}, 0xc) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:24 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x7a, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:24 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:24 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000280), 0x20081, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) write$cgroup_freezer_state(r2, &(0x7f0000001400)='FROZEN\x00', 0x7) waitid(0x2, r0, 0x0, 0x8, 0x0) pwritev(r1, &(0x7f0000000200)=[{&(0x7f0000000000)="6fd504a009603d0ed89dfdba19a39d0c081662715c2df4d101d5e82bcbac26485c5f94e3de0992944f3b85d4c8830dcaf0db728a4b017229222d273f3c7d23d4b7200d62250ce32bb73d56ff04f70f5cf61f839cb3f3bc1d2c4b245f3f191b6f2c5f0c2607d29dbc85cf6b366df7fbeaa7f6f5e5b4661a47fa55d3ae", 0x7c}, {&(0x7f0000000080)="ca43dfb47d5caa5a5e2d49b6b84c8d668e93c0395ad9e9781ac8e9b275c1f4940875cdff789c918e19f6d441f5db2629c55af3d7aec2990c05a8efbd8192b793677c6f341cbbd4ee37dfc0e893072281961ecae79cb089ccce07887eb42882ac00c3096858e3c5c6bf8317180dd7573b18b820015bf48208ae7200d5bb694d7a2a33399b898182f8a1930e77aba6554912d569e4e58ed3d8c8ef088010d0fa78387a1eee72225766b0050b06c64fabb746a12b8de7af8ff02b6d2bbd137835e1f79c646f86581ebe3175828ca09b289ef554162e749eb387107c5e9e98", 0xdd}, {&(0x7f0000000180)="9c844861cbfff27f12efd15b023b8f83ea8e60c1eb978d9b6917", 0x1a}, {&(0x7f00000001c0)="4bad12a89566497297dbfd9b5f9fdc9396d54e2f526bd62d8b2c17b7729c503f6d90382325f4d15daafab7e4a376ad", 0x2f}, {&(0x7f0000000300)="299d92489761f92abeaef781a065bbfc72cca8058984db40c40fa39acdfefbabbd3957e3ae3f05af95cc6ed6c75df8c62363607f95159f3f652c51704e671d8f440d732a1c77f71842915625bf13291a8248db86101a0f3ba29bed3b0342aa9d9b7be0ca831cc569490f35338ff09ae4b997416b0ac7f1a3856bd01f4f0390e3bb2fc8e454a91d33bdeacf6e19bbdd01476af517b78db51b7417394a0342217342f87b580ca8ddef9b25932db8d298dba40eca58b738d5dbc160ad7a18b73bfc0a22b2e7b9bdf8f4c480e8d8fd26af62d8e04a2243a0f52a21eba49cec17b35878038307f19474090520c887df1810baaa054f60cefc396f58cef5c99b54377cec2f43a99184506617e32fc8d6ed7538f356fd9f6e9f3496e7447e62b80e5db6e719c39deb3deaf688be6576491f3ed87601180c600aea5f0ec316248e13eb5f55b62399da6fff175a2d1504e60f5cb197badb72a3b90985323866981b9b3a52e0dd3bb334d3b31c404a8baabc96f93d0418ea14e63ef0b3a129cf1dc797121b7bd7612908ba50bd718cf44ed477853ce47f39313d386ee3f34102e87bf1121919008af773ab0fbec9e7180f056c8f9c9e753217e28d2bd5902f330ad95f28e2ed7a77af3e460caea3b1692e8ae8b2b3358441a15adc145fa4ca8cef9f4dd266a8790bd80af32fe6568f1661af654d954f1468f28d49b2323a7aa254277b41aeaffe1c7ed56cafc17fd52c9461fa5152187178a4759077cf7807b58bcb127cf82281b7be8b062cd000ff5ccd9203bc6f5f7c800c108219e791e85e4209dff58c07c86dee39ec370117805f6664fba324827aabf5f78469b7fbfea4c35f0392854f2a0272d49ce4c73429b907fed697ad1f88e2c5371014782be4e559a8b841b7775cfb9954eced86800fff977bbf5d367fdb57f73fa7fab5e9c3fd42b6f106ca4958a955a83450b0754967c1fba50c9461f5869b1283e6b259b7221b51b00a2b187e40b533a7f775e5c662c3fb7343e2792fe6827730e9911974d0b9311acc6ee2fd69964a7710d2497438a6aa7c4e1ad19e91c265bf0ea3fd8fd91aa4d1d8908ecb6d749b6b384d57cda75b27c056e6bd7a57d3b7aa4771222d4f454c9df65b75cb5932616d853c5060e0b3b17a7454d86da3fb5f81304dbba49b49e5465c3473e28472a0848c1e075a6f3d5b1a9a9f9257293beb735b8fd00d4afbba9b789053c6243c7a47ea819a2bc67ab0d53b85dc4cca70120932cc0cb28c72165b8d7fc7e226ce0322069d36915a2e78e790b7b88f685ca33e4bfb4996348eab671eb2eca37531663ebf54e3ffc7e45112a39e8425cb4d0fb1ba83e9dce1825c36f7ec729ca9bb6ec59f27fde561dfb14aee0f44039227f4245b999eb5e3295a0d8fbebadb58ee3dc7ed5b1e0dc2a430b756b1ed1c2fa6cfb85b03134c5cb497bc96671a5b96046e757ed88a159edf87346e7706c0e34f02c641c97d8bd881ba50a24360352a9619c359eb228c5cda2efe502be0b66db40f76cc2a07dc507f0084e01dcde445aeee8f6787dcd2064bae32dbab49dcd512bb52b7c699aaaf97b89cc8499daed6ffa79a35db64fda1abf50ced9102cc6b99cdf216638850b6918c2dcd5e06930b56773ed932cb697f1e75d2caecfc48ef36501c09988595d3640e6d749880267ea248db40637ca9fd988a4f8ba12d98986cb5d0f5bb5288c227e7e398f2c986989fe9f379eeaca2e4df59f4e317755562e1cb833dcb0be33e0a97f302656b3f9ce713e2aadba99e4c5fe9b8430e9a11d29795377dd71e1c4f79963782a0099771d7db2069d14d7b0d5759a351f75da0f6a8885428d790ad31f090916086f5467616f6fa3c268fe04fd3f4fe321c7247b7a1c60355725ff3458ef4fa6c33294a4db72c1f48169e3f83fafc4e9eb1bc5fa7aa6efd336516b6ecab1d87c36a77b650717ef4a00f944005d7570f8286c4f5818eaaef0b5708b442ed48ec68625d5bfecd07522f67c46903680b0181a6cbaa8e6ad7a88c94d767b26464d1073ecf81ba8fbbdc3b11f2f5d32e7ea80d06f0a9616916a36b1071c6a5b73302dfdf6852d512b4a05190e6180272fc2369743f94f7aaa91cc086a03815fa3ae673aafa9b236503d220745d6611b7f228abbaf4d49c40255fdef472dd2cf7c6086b30b1104239d6558b60d6e600a18b3ad606c5d4e4818995a352ae2ffd698e5190c394065c656e277c25bdf18ce33a7ea1a489886d6a3b5193dadc7309a9e184bcedf8cb35f468b45e747f229876464bab5a4f58f01c7087235c62faf41ab792b6b90d52631520ecd6be7bb59673e08bffc92a5a065337bfbd1e9b6dc2c027fa52e3bbee8c9b5103da2ee4658e70ec99174919ca0f0d43d47c364414e804edec1e4f8b11587cf93e2f6866deb36197407d511aa59375e273a3d4bca18c8ccb47f2abb4c7a909044b7fd00d12729bc42194e2acd3eca205cb04dae09da98fa0c9816f074aea6fe8824e8bef20578bcc05d26ff3ead274820c6aa60a30cb202566c02be17377e51b66c25a9e6f75b74652aa99c94a7df809cc10dde8980de884242d9f8d5e74cd7503844ff5920e575d71680518f6e728e9acf38808fbfc24d63ce40ce4256f814ce52d3c7929d3f361259257fecb63cb2be58b7d90cf9b2eaec8ebb5f1c130cb3cda5970d770524dbe0889135904faeb6a48c4666baca526054012f40fa171fc4d73e64dfeea41b6be5a17c52a728f529ea7753a2129f3826b58cc409367823c2d8ceb1b76c70fe4528c9edaaf32bbc67a2ca4451f538ad0e95aaaf5076b16126983823815c179e49b4ecdb7a0365553f810a388845000bb872d84f13daaa0f3f53432c943e406b49022704d1a96b4c117751726f3a284bb5dd344a2f0ad798e50bd1e5d9cdd5f49c8326db1d542dc8d89877634214327a9b9263212eb9e5d31995b5df7f5eb0b090bed996c3384081dea358a25880a8c493dd11c63a13c5beafa0a2050ee1ab3ee4c81f7d9e1806695e02bda9f19a62199fccd56446840043a20b74662639170276884ceb189d642ba61e02c079fd5d9e09e4ecc1d1ab66a6813e76d8157f88fe0a5a6e49c7d7d0cac4ee14ec2c00893223a7b470f916067f807fc1cf55cb9a039ce17b31c988384f2c350e94e156ae2c6760945ab2c1248dcb350ea1ffab5c76a5ce823d54f0ebe4ed127a11da5d781a0dfee3189a52cd1a756d23e87ed12c1ed549e769dbb4db7e4c8726a77de2ce8f3a0af72fb5e7213ae0046de7d05a6041cfcda255e4784225c01f492daff296a2a91bbdd21787e4be0d80857844793deebcb4d08dee6d74062fc9d363d949f7aabd38c5da0b61ef4f19f38c07a45df95584f10400f4d73b0def765b12b81b93ad8550dacd94c596581fba385780f8f5d68eca6661f8fe5390e0631942ffb7079f54b96245b0ffda4b7bde62f2299ae2c37520754e51401de5314076f767d541c661d89b3c8c2edfe59927b1dc8eb93fbf548cdd245daf42b93de9379adc5f7e84e02bacda5ddc94fc1cc1dc1c0be68b7a1ce001d9eb027feb32477b656cba0dcccaa6fdd3377c10b0cc2b7749f07e68e40fbf6b35cfc357f6f4ecb0c60b1e1952d4621df09053d8ae571b38de03eed103b803f8a212e1a398ddba48cfdd18f76ee76a6d02cca5e968ce0832ca79c780d05785f727e58cdd143f17c90dbd4474e65194f3e468886cb36962f667a229b540bcd44da77376be00b66b65fb41cca9bf22c93b230bcc702019b16c24d09e003030bc2be821c29e6ee0972d7a7bb3638178e1eb951bdec17d26a63288a1a077a84e3e40258e0181b8eec480bb72c25f86a086f6af52170ebd95e35575e91304368e7156395492883de846c1b376e0c2df7c29e123a86de2e4c4a24f5dc3e361f51d3d06c567b2083b1a1f9256196984856f09b1e37551a8f129a92f90e4e5b8081738f0b5bb1836d59ee117935a89b09c9bb420544bc632d876c6bc1691a511b6344f93d788d89304e355a01a34b21b38745c5eab63377f6ecddc6c387b398fad3d69a7c203b89ac67b382a1d27f1e19edf4aae818aa297427162f037dee9534a3048fedfa94406b93a801a644a60a8ff4ba3f3f38ea4a1ae0524434645a21e697cd51f2fab4df2403f52ef1c276730b94bfe8e43600670abff760f71e3a9922046497fc9f29fe4e136fa0a1bc2995b24e114185b976d409bbc7adc25097c27e477a497fb869d14ee33e0f60d918cc09987694eeafeeafaa7e820ae42ac6cc74199e28bea120c0ed357dde54f14db82b6ae7f72c7c541fd84097d11bbe10c3d09b5d44813239336ea3190a0876626bc19d0b2657cd48afdd00d50bd965c9a39052978e88df39e8f60b1ae6188660029f1d1e129e1b41dd4afd6bf71bbf0b03c2828862649bde322a1a64941c8f279065a442b4cdf3e146956e1f2822a8b90d5f14e3a706e44d2a99c3f3228fb45f83c37bc4e499f2381e25dc4636e2e531b7460f3444616e5223d8f585de4206f4d10f5c3e9e7ebc594b6b048722d58d3a847984f331663c04d2abfb3b873bcb6689ff3b53a3de8526f434e542d61ac4587da18092ebb8bc2456e070712662df1a32b5abdb2d793c7f6bd2eaf9015c6aba1ccf145b34160ad8d59eb3f159b1a061ffe30338577a7b8d37925799a5696ef8c83c0f4fea500d946faec589a28848e4082dd80ac83aa3a2240dcdd9706999a7a6d4a8b36fbca1f6cb8e616cf1434871f79b53f1a9c80fbe6835403010c356bc805372ee8a68193cc48eecf69058b1585459b21da69ab9b66d44c5ac5da26beaa812d8334d0f7e774fa0837f995dca44c3d61a57e9ecc3477bb1062eb48baa057ae70874025c277b686c5b3648da2d06e53e8bd41efb94e54910b5bb4966f59eeea4e6f6bbbeba4505b31f8629f554ac53716d2edc4a116678f9c22a3e0529619b2c03cb409d73c69187dde6e91bc1cfe7725bc0d223a2073e3732b4a68bbc0000c983fdce282e1ba36fc818eac3d3ddc5b08ffd3f6b1772e2949513e878ec3a8403489a34f6a379dc4a02f83b629304aa164e50d4a3c7e19d2a75734bf31f0a6350a8228980a374f0084bdc3a4a8165b13f4a3da11eaa50a04a106b511c0a14e6103a7caf4ae8cfab9eb31f8401100ee7ea3b6a1a06bd39140526bd124f687528efb7f79fd8d3ed24115dcfb5d305d6ac461dff8b1b582e544f768f59fe266ed5156da8e0c926ab3e86ccec463aecaca598051a121d9e05c665d8525107e530c867c7ee38b9d9c71063744ad8d98d860493e79bc4aea000db74d247a8d1ae620b68551535c1973c003cede5baf364ad2416f1e86432d691eb6ece14c8ce4d7815f6a6a0214176c6df34bd11f6ac7f8e105d08217c8a817a87a8f7ebee78fe575749a4c0647c70e91eddd01d4fb4de7539c057ec79ba1d98aec28dd913ffba10a52ba9390891c71ec20e9c9cd52a0e51c00e2bd59bc5000f47da014d39a4049d35c69a7f53acf77fef533b6a1df27e0af8e94991f62bd8206203375888f3f9d84bf73925bb279a2ce8da8ec8455a3470a201f97f31427bf8faf2eace384f7babaa54f98cbb2d1124bcb6bc67d3a1701d0928061771f0878ee17eb7dcaf9df66c0017868f822c5a6293b25c69aa0360398a7b856d88f16f470bd510d1ec44c33698dcc735aa4326efa05ff46ca57316713926bf3e02f80812ee066aa17064f8df942c8af3448cae3efe47a416eef6d432b7a0cbc59cb626bfd695ef0677ec4b6e32f754c3e036d0862da72f20e0432452c8c578810b75e2", 0x1000}, {&(0x7f0000001300)="080e22781579a23d8b978aec80ae208ca876f4d4cea28301ec7b5dab980656f4c24327922a0f1b430cfafdcae1a47f10f3eb110c82c94ec4c3d9ea6b1eda14846623e3092c020e41847e889aa5b46b64fb73bb1bf8a4ef99470ec8830938575d4dd9bc656497c14b2382ffd4b76b0046ce2418bab52ceaf5929aab667eb16ecd220e84ddb6572e44a4b5615ac0332d949e3bdec0abde573c82a0963f666f68ba6f6eb813788828417224465cde945869a5c5a4f11a6f7cb6dc525003717b3f17ee4e6bcbe1eb87a6cea00728a44799baf3b0dc5d119d779a479d11e29175a4d7", 0xe0}], 0x6, 0x7, 0x7) 04:32:24 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfe, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:24 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) unlink(&(0x7f0000000000)='./file0\x00') mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) prctl$PR_GET_THP_DISABLE(0x2a) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:24 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8982, &(0x7f0000000000)) 04:32:24 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000040)=0x0) sendmsg$nl_netfilter(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x98, 0x4, 0x8, 0x101, 0x70bd25, 0x25dfdbfb, {0x3, 0x0, 0x4}, [@typed={0x8, 0x31, 0x0, 0x0, @pid=r2}, @generic="f3474a7be42871febc17e66cc1e2eda7ac919299d32e9edd9d69bfd39d878daf1e86b66a375121275b0fa3e297ba7a8d33e3356ce8a2a375345c09f44d2728beb182098a56bfe494f1d1ec05e09026eaa1b340fc67626f1199e7dd7d629807b29986558e8f2a75cc252ea6ed5965ac8a8afcdc1012d8f730fa"]}, 0x98}, 0x1, 0x0, 0x0, 0x4}, 0x20050080) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:24 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x1d4, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:25 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) unshare(0x42040400) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = pidfd_getfd(r1, r2, 0x0) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000002e40), 0x20000, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r6, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) r7 = memfd_create(&(0x7f0000002e80)='\x00', 0x2) r8 = fork() tkill(r8, 0x13) wait4(r8, 0x0, 0x8, 0x0) tgkill(r8, r8, 0x12) fstat(0xffffffffffffffff, &(0x7f0000002ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmmsg$unix(r1, &(0x7f0000002fc0)=[{&(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000200)=[{&(0x7f0000000100)="41d739b330d90df0b7824afa2ab279a70f161fccc02c8b8c9f1aa1d38154d6bb16e056ba99abf550193e74d82253d80ef1f597bbc4cabc7452766b252630572c8cc1b7a9a985aeedebdc57a9b6081235dade131530efecf13a3bc0149039d2c1b42123e85a72d40fa56eec1e9ac165b3e0ad555bec82c3280222b497b1a9a2a96c24b90101ebf7d96ed5d51a2bf52d440e44ddfe0b6ab6416c437e148b26d610b78f3a89003b1cc876b7313315c5fe7f3e3c9ff01d7c7d8889ca7a87730497a15ea5d2dc2e36f74d5611649b6083725189a17bbbcb73fd5df81c7df22a505df32ee96442d3992a00c47f2675e0f136ed28", 0xf1}], 0x1, &(0x7f0000000700)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r2]}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r2, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xc8, 0x20040805}, {&(0x7f0000000800)=@abs={0x1, 0x0, 0x6}, 0x6e, &(0x7f0000000d80)=[{&(0x7f0000000880)="97931f2235dc840fa8b3938e30ca77b58d97d12e9485bf595ea6cd831c6c1ae7c7910cf4f73e7fc37a2b4c8fd3cc8ccc5d1967fb129789bc92e05abbca5121e7f094c2bfff07a9b7ad1186dfa1ab10e35c6b91c6b748e5a38e9aea469bd8303aa2b61d68ee851a6941d42167a9e47128d1a33a923288591327ed8b21bcb3a1d5bf6d6c303b", 0x85}, {&(0x7f0000000940)="8788fb3203ce6e3c7af1b1e2678585d4a1bffc1fa0ff6d75037071733279acbaa74d899ec785f207ca411e54028a390b56efba1704a0877b494675211b8fabda910be1a35cf5c5705b4631743a3b2847156a52ed2eba51e3726644da0e3651c327b77dce2a5dc57a9dfb45aeb73e39db776fc12b74218e5d687ee7162da87d5ed1da2b7c5d88665edfc8306d32f20c5660e8be10e7d7083ea4fe4182d0ce6b6363c6268d39b541bc0ae620fe6845824e84402a5efc78af467cd8", 0xba}, {&(0x7f0000000a00)="c9f506eb42787055928a6e82ef5c0fd1e1888ec123424587109fa8ceb5fbd285b6d19f60587bcbb6030fde7a76c0d5a07219b62dcc30981f7dfa5711743b648a7845fafe668dd50f7555779bdd68800e22bf83568d783c6640f9c4aabf2e89365b58281b71832906e9c9f19e52bc8683b7021d360b0be1893458abda90605e1a0efd879a4df6", 0x86}, {&(0x7f0000000ac0)="f58f4e80056f4c6e4d15ea211722c9435a17012ba7518df727053ee97fe644ddc82247a57363ac2782c83c485aa3a88930a3d9bc78448caeffce3256f6e66db1e24296b76585351762382fa9aa22dbc2c1037989e0d14133f2ed83d1dbc2a8ce3b19332a31a9c05bc16986a1607fc981be4c9c6c5cede9b92ff22fabb8e058b5057baecb7404585e970f4eb23c8d0548182101a11291ec55f0314255b27210ffc52d3fa0e39058440f30452ddb9838d0ead66f876bb713203594e17a5c0364ac4a587179704efc1434d8db59215726315d450c5e9d6788b7da6d", 0xda}, {&(0x7f0000000bc0)="19e7772356303c85e5d11cfee6c206b81e0236236ca7bcbaaa0b9d2043f15772b4c6fb5d294f142393e773222575266fb2a1f6afb5fdbab040b21d28d59de5531af13880d509b30d0ed712cbc9c53b0820e6b153cb93b819a6dc59e12a16c5e721289b91fae5f7117bcfc6b955", 0x6d}, {&(0x7f0000000c40)="fb87f52d2c890bd88014e1f2f344104d0718a1321c49aafe1a0c6a7b0858d6be0a7cfab2ad7f770540df121fe82103708add8ffb5c48e11b142b2294a761f1d62c02e7126df995e1a1add6bd68e9792f99166ba6f7ea320e4484f8ab501a0065994a183d6a2b8023b35ec3a873", 0x6d}, {&(0x7f0000000cc0)="154d798df5bd9085d3fc966eb9d40bd9597c14f2c630870bf717f11a201b53c977e9b19fdf35686d6e4910459b91d722f42a871ff10b2c0e0a9ca3bc5e3f3ed16e2211159ee267915b1d25534e0f22f09231c0536e9e8a79ad0b2d6d208b02fb7f27f76e4b93653bbf6371a07e631521ba5aeafd2a94373c4469303ae73a48640e09afa3f21e4f3f9c5dde77183521a6705581466c8b45562b89cc4e54a3b3dbc3d67d847cad8f7b25ee62f6dc155b32174b73b83447f1fc8b1134", 0xbb}], 0x7, &(0x7f0000000e00)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r0, 0xee01, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r0, 0xee01, 0xffffffffffffffff}}}], 0x60}, {&(0x7f0000000e80)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000001200)=[{&(0x7f0000000f00)="3a834d9ad134020d3b75f5db641972a6f0b36fc32d8eb6f151450a3b5e31c398a5dbac4dab6b715545123d8cd6799f50a8b0c4e9f3df088b1d5e457c2c2f159836dfd98fffc1c389729683e75b86b24e3a13ec033bae65c39108045eee0292b0ddae4b8a37237dd78894aa1a3338b563559e212ad7bf4a54cfa5d9eb85691fdc51c9944d52418b46573f661385d0c5223804ba76869ce03f69ee61843d3898dc5936ff8f2673760430", 0xa9}, {&(0x7f0000000fc0)="c7483b74d02df0e1", 0x8}, {&(0x7f0000001000)="02fa9e630a07111822c084ba575d3b7abfee32e1cb55e8dc573f8093296c8953fa210c55ffd7ea1949126777503ca1ad46fd27641215a3422bafffce08e8be8f7d179ea59864c41d1cbb0f42fd476715bd466781ab6e9aff5c41e0e22a8676b8b660ff9c37c030b8e463a822ee13b84dfb834fa65e9d1570bd0caff49e40fab5f7fd20d55e6358e4c474f75dd337232a57b1848df3e156afffe9495db17b50fdc18dbc3b4e659352ba5761fb84e29a57bda179c1698d33f65fd542cc5d97484676a4112675c5f353586de2d4f38bc4cadb151c08d2a2f195832d2b055f21c6", 0xdf}, {&(0x7f0000001100)="af08b8fb6e4157f2b883861bb2809ed79f293e5c9f908f138a0ef9764079ca2ca62cfd172c1931ec95e42c06d116edc4e43ecaf5635be37e060e116b1ea72c2464f5a80b2710ad578f3633b6dfeb308f7e374dd75bb711caa8a3cd6c77f20c4732e674ca8a396902b65934d4bdbaa0b916ab0cd7e4f04ba6560d1df379f7cc952f7e3d595e561142be0d6c7ea1f4b1d463366982a2d714f37171bd29948cc0789f90f460e580f6d5fcb99f2443fafc61f10d9768396e1214eae9e122a0fc295b7dbb186c91ffea8236e32fe67e5e39368297a068d83a436e", 0xd8}], 0x4, &(0x7f0000001340)=[@cred={{0x1c, 0x1, 0x2, {r0}}}, @rights={{0x28, 0x1, 0x1, [r1, 0xffffffffffffffff, 0xffffffffffffffff, r2, r2, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {r0, 0xffffffffffffffff}}}, @rights={{0x38, 0x1, 0x1, [r2, r2, 0xffffffffffffffff, 0xffffffffffffffff, r2, 0xffffffffffffffff, r2, r1, r1, r1]}}], 0xc0, 0x2400c000}, {&(0x7f0000001400)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000001780)=[{&(0x7f0000001480)}, {&(0x7f00000014c0)="8dabd5ce081581ce02df84b57dfd1835ae9227b420a5d208203aadc73ff0bb5fe637cd5c5fd85dd63b2aa16178f06930dfa516d38f3b8266d8b89748348efb3eeb3d67a9bb7b47dc6db2", 0x4a}, {&(0x7f0000001540)="952f682d07570e407cbb4e438230e6623a0b9bf5d77b620fab61f6eed5405b80da0eddd7449d7ccde7e0431b29f088934cc27c31822e3ee7ec505b67b540fecd3872d49339d298d7dbf8552f13b97df7c6968d14457a05651c5a2c7e3f029673ec06a35ee0ad95ef061e0576fab811d8e3a750c000939afe9716668ab79fd15b6f062161cefa60e8fb4d4fa688b855a0a4be0030c5cd79a510de9b", 0x9b}, {&(0x7f0000001600)="9e0ac484decff423f02eefbf3c0c2d4e61906e024b5aa642b52b01146e6a1d68f913d21ebab748275bf8721d5a806b2ef6fa844d0c2b016f0de0eeb7633510b15b08a2249e53eb1e637edf643e4db82a0885fecfe2589082cbb60d7ad7cf0363f151566541d2c64bfb0c2845fb3ffe78b97a1db2858a53ba3579b30c2ff0b0c9d6d877786bd27b352c2c5557978ec3cf4300da8314ff1c60e2c848d0228507986004e060f7b5b43c44723615c6984e31cf1305d45d343811c06c8afef1358a1dce4c556a0f0c6da0f83b480376fc", 0xce}, {&(0x7f0000001700)="316c596e9665fcc1c4148d", 0xb}, {&(0x7f0000001740)="7a0b6a1caaea17db", 0x8}], 0x6, &(0x7f0000001a40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r0, 0x0, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xd8}, {&(0x7f0000001b40)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000002d80)=[{&(0x7f0000001bc0)="e2c3e37a14c18fa2af771e2f1a24bf79528624d6d53c71ba7d36532701fd43c4107739d239760492388250b4db1f613b99d1a2edda3defb0561ecb19a1c3b583e4960f4110e839c51a60c44af32352625ba774fca8983de71fab33dc91c454c58afceefd034b31cacfe5a6632b9576893fb93aea6d", 0x75}, {&(0x7f0000001c40)="4398c5798ada0b7289716b56c5dc9d71f263456cd169e95e914fbe354115b609027ed2f9b0773fdb18c99f3105d6804c95a6d76fd955f506f545c60c51718cf7d058de7d10d6cb160f", 0x49}, {&(0x7f0000001cc0)="a65b13732487816c249ed1a1d71fbb0a6a8c29a00892d2b4896a347533731917e7200a7229ff0155b9e4e361e94c6f8e90e9bfdfc1f575c7d292d1b6409a283ff4f2a219ecb36b20fcde7b60625d9925babbd60193c43bec64e49670682e5a8c0fb69714f4aa8ee8dd2b833840c0fc69d9fb345dd09dec527061ceab1b3af2649493441e8757c01f62ddb92461409366e4419c830a114434c272d369f2e7607e906ece667edf73119b02b1f129d2b804c1621416062807e2e149d199d24069c4fe7bd3706892a2e455fc23a9c4647b408ea6c02ea9129b1e1d7bcb04a5a95de63ac2df3783f62fc714f2b717ed0938adebd5c8c433c5c45f42f85ea9a5159af2c31aa167c46020a0e8d665fd3a5e1c910f9aa03d6d5241b68fcc80436fcd209c158cfd30d3e00a1b5502ec5f3742077690d9b91ddc22b5bd0351610ecd78c4bcdc0749cab6824e16f06494284b8fcb63f02e33fb040a796e093d32bb6dbbc0726e0bdc6285db82ec0a931f2e550e5c7cddc89206b62a6a07472f63d25187e3a76fb106131c991a50ef47502314d3e98a774ebe4266d67669f329529be844bba82873e44bfb29415f5981eb26ef17bd36bb01294c9cd207750edfc6c26863a4f27ac5f44c9857dce30243856b6b742e4402ee2b298f34ac43a70b80073fd3a68b28c86cdb8f6e5d8e4270de27ab19a6067e77a9ffe2b7d3c08c69b74214db073bf91d9f98aada28eff5b8819d62e00008651764e4008ad9aa7af349ef6fa5b4e26dac0b92a1b3be121f782a11932e0261b1cc95ffafa5d9ba9295de0428d7730d4c10264ec3b4918f13f95757539484152e69fe192394005fecbc7ba45c38d471bf03a1578385779e0cdbdf09da28c62bfe97ace5f4588f0c563e0953a16f26439de73bbc06b88023ec2b914d1ec11574902e91c7089161ede3c1fd91bd3d12dd7d1a68aaf6d2f673476e89b5f981697564fe7577103716a543eff254544aa3cdec52161df62abae4a19117078264cc7eedaf23c4ea85a94d44d0eea1a65dd9c3d7460db28050530e20602fe248d33a8acdc54b77edd4a31f0116d9d00f0c9837754dde28de56c86fc23d5ae114cddfc89d0e33a6c0b2bc0a39c65253decca4ff833988cd77a26e2fa79e9c0d53eae643892edbb5a53cd2dc8deb7dcfbbf0143c23900319f6de6deeac4aaccb0e60845fe215d559138813d48771a2fd6cee874830cfd0c3794334e83652b9b60279cae30b5f410faac43b066a8d1e4ed6fbc4dcb7fbc87fc5fe74e40e429d4195a9e5b61d560517debb7584744e395ec5e27ef17bd9f9474a57a8515277ea482188a0020bb0166db46f4000b07a2af670b9f4d8804161fb5293232039631e4862b1c680957f58cc48613202140464698e660b3c30f3c23f5e05d6999495f403748fe8511295887488f7b9463773fc1727037b63feb11047a12e33fca1ec3dc9e8cc4253389e997afae6ccd74e89ffc344b9bf5a8e925accfd9d95be4dbf32bdc80c10a7eeae62170123e5153a27a6dbe1f9760f0bf5096a2303cb144d6c1329e962f793b4cd8fe6d0ca9ffa58648dc1a7159c7e7c82ad80333c77098c080e05dd6df6ec6095b4d04d53eeafdb7f41295bb65c388f17f2e2c268d65b7f959eb17dd95c76a84cfb78259fb9067aec47c51808b631c644a4c8cc704a897ecca58df34af8ac5a7af31ddb4ab6940ecd1c4681f5fa6005ad0899f22c0d4ddb9083051e37e4f36f2d265553e29f7a5f43b6c0b788f56468d03b5e84c8851f2da551822aa4da9c6bc1bbcbd1bff2b95a9227b140866d656b7a3f7e467f6a01b5c128f5999178df627328207eb7d377ec934091138b992fa54fbb90a5b5ca6d69659082271137ac09b2574552a7eada8f3c61d81ba2d0e7edfb61e368553206766a09eeae1b8343d4576cf63ec722cc2a263c223682996ce192f56e3c99396237b245a18e87de3a8cb0286e32f047b1cfdf5cedd2826d7925e8622c73bb82954d788d951342fae5666acc981f95456447fd655aa292157f06ac65f256928e665127b855269d6899469c9db850e044d2fa21c9127b7a92297c2b3d6d601033ece7c7841ebf4cd806bf47bdb25d2e3378dafadf5a00e3139cef38acec54c7c7adbdfd844b699c3e12ba6de81a1afa4dfa6d67041665a8965575650805227911443144db483ae189791682e7f4ee867f1b7bdfb799af8e69f921c36e7bb4a2d80dda0adba343da0c2eaffe1b04f2d8b7de72cdce1fe8334e67a0ccf2b54a28407e6f8340d56803f3e27d766feadb219c6a7a728130f22a7f82f5e59e0d2572c4c3b967f024ef78d5d20b7b0cf054097088eb3776895b4de16dcce77d260bc8af9570029d25fae2295b288800634f59d1bdbcf4546e8e8a5105db70d5f09beba992d05b264fbc9a25c94c969236bdf68ce6cadee85f6bc31ce41bf41cd1f4c8e9d1db0926a7807266f3be31fc8ac04ebf0e6b28f0e0d51b84681eb22a7f1b348ab30d79ac5c335c59bce8eab0d18c0ece419a04c39c5420ce05565f36b48b6583cbc613f5f7605d55f1cf6982e44fd80e1f124d8a5d3d35418f261f1bda20fbd45bacffe4d6d09481d8274719c25d531c375090ca932c383e74ffea5da0cc78f7e584c350f9c3c3cfb9295b97c3753ce29b119635815cd5695e5dbcf5b5694622512ba2681bc16b0ae1f51d061cc5f9eab057faf903b088a87b21c70cb2a51f77daed7cba9e9b93f9eb1f242ccfcef6a23fd1d1dbb9c7caca1757896c68b9815f4727c6e3028a12ce255d486714b7bdb7d4b90d7e5cd15506065c4205cfcff658c4990f7f76e749fda89544624fc23b79b9b138f6f829eeec8cdb205d6f4643e40d87f8bd0422cf01ebd3ea4a49156198d2b072d34fee49db60684edd07641b741f68525ae93abcba15a2f4178794d0377eec90267071f387d21c0dd6e3f582c5f5e7966c4aa9163b01d6e3d179095474ae558b59e4b9e4307011d3346d8a2501da34d4dc33306a4af8e2e705779a1a72654d88dab5a25a19451e3260b93c878114dfecdf6f63e54e7fe145b1e43ce9629e31e23c17a92b652ba46498babf9e06c4ba339d3cdebcb7577a3dcbfe8a5dfee9a8bb9ba2d1e9fa99b711d977f80e7411c312a743bcbaac478ec774478a55ecdab9a8f7d52d0994c30afb568c877c81703ca9326dd5a728128269325ad9407e43fb0f99dbc3c8b6ca90136b6e1771d0eabb4e5df1db53491415dc83adc81700a002db674c8f73d5dc5ba8dbe534bef3692ed6c290e9141228f6fb859afdf1013efd50b2c5ac56a1d509bec60c4f7ea212871337a6e3d8e6450419979631b591311dd87641662d7e59b30063edad9407812702e88d4113a0195bc1a4c07b59679bdff8713054fe70a157189c90dc1ee53978427f3b13f84be9aea116b0924ba793626a491ca4a575759efd1fd2e010440e9d16b90dac2a048c73bd27f60ddcd5565584c6c9741d31b642d7de9876814282adf8b55f66a1a324f54ed54fb3daaa86a8f894031926190904847ddd8eaca7177c21c4b94138eb8ae010181c85712cd86b35ade2f67e2349d98e1bd879501b6cbfb5ad346ebdb3d5eebde23964b9b1a2bc960725bba56aa19e82453c2f285e2767e5def15e5d983225c2bd93a3ec93ad76ac3393e6f01b6f6afccb549155b59b4e7dc7990faafe361a6c0e8848c937534b7e0b6194cf65c2656188ded915c21829dbdd981067185144fd4a784e4666b7f4fb51d7d61d73096838c909dbf078cfee39e1abec0e1412966f9f3060149cd2c99fb3f12e9aca68f685840b3257408f2aceb5f233e0a64b587076292654bf9a9af6fa72f1dc9a155fa72bb21c0eb60a2b31b8f634bf16149e484e79b2e9e78f0a87ae57b97fe7c256550812d634ef8a728768f7e967a6fb4fb568b9c6f04ad8fab9396de4a7638fee79cad7ba8b36e60b08728c9fadd69d87a48da6357739c3285b587f1e69576be7c834da48d9cb74b563dac4e068ecf96812cacf921b0218d05ebb0bfbf220a22e7b4f440f255dcf56a91a093a0e029dd89d56a4951099b1abe7588a62c5748f4985db25fa18b3f2a1a870e6b4dee37b9fe90f50f5d9b6c4f491276c0be54474fa1fe37f3742b0948eb68c3aebe9456a04edd2c6fadd2e7620a0ff8e018de41ed15c7befaf022724e5014596ca15dfcf818d1bb6c0c4885e67a00f1b20b13a5a4cbc5e24bd2ed5e69c82843c8691f6f6d70468a70b83aa96029c620df5a5616e2d3ad82b97982260d28ac2c24f046896636c059a5d7ec851f4bca40d9d5edd44f86f8848ca0bffe8eeb3c6e598e833d64d1670d8b390e28b6bd2d2e7a9d1641874653c032777fae6bbddbabf21c18d4cb9bd18e7b5f25f736d4967f3eafa72f17de5f0587c39327f3a9417fc43e67d01b34697d4b53bfdc805048c11875e58db2cf475d0f5b07c5967591cc747169b634c2cbe40dfacbb6f89a9ce2b8c1f7f82fde4263e7954011eaad28286caa4186937b7b2866bcaef2641c14a722a0658b066d042641caf797df3e73a0e3800c4fe8bdfe5c3b9e65672a3f062da6530d84531096cf5cc83ddb2394539208238037e589635ac6a24e5cae2ed595a59f99a5e2ea00d4497835399d0e4484e1b09b7f7ddcd6b3940346aecff857cf15c1a6c5e1be77838f29e0df21faaaed7ed43aa36b56e98ae9c89a599dee926b7c233fd937e78c88ce76a9a0dbd24c807a7bfe50261c3dfeeec0f07046e6a34743e0983e3a1c2cfee1ca47cd2fbd641515a91f5c1a6e69fb649c6112d387402fba3a7756b7b7d1e5160eb2209d177902bbe5dfbe080b99aaa472e73a5b4c0d83a309f81832b8107061aab2071d3636eae937919e895c7b3b8597b6dd17c65de7d79ea4746e586fbc1abc99a46d05ccb85812da4314ebc75d774b56124644c729cd4ad8f0d836605e0dc6dd9f81b13d717b949ab772e405a61cf8248d14361b14506c7adfe9e3b156cef1ab973816e2745439e639f4b01670721c6f9733acf7249dcff27895459bc1a3c67594fed441b46063ce9edec379d39fd7bfc74932fc5ce89279ef6f2139255dc7270411c6325ac49b929d498e720d31091009daa1f31bead082d123c3aef76860f6fda8f302c8479a69fe750a75d2c6de5f5718e9fe3deb038d5ed302e2e69c248af00e1fe599ae4d77ec382eb55d2e243778ddba45e39fc22767046bcbcc22242152f826f7ffafcbdeb3b404369bcf87a1f8eba3a5659a8056a96cd85202ff28cfaa76694622264f6ebfa8c7d5bb1fda9919f4a5c6d52e3d909d025c38c6a88f10fc97d8113bab26f10dc3a42a6e58c98dd62a1e93f643639cba95c557ed3b6d0a1f2a4c6e77ce91e30e4b651c28137de41fa35cbe1524c9c4fca708d6583b79b43ed5b74deab4aa0feb2683a1c760093d9fd3f501f8076df821af7582c6abdda2d36bacd4f48078da6f68c27c0fd7ac23d532f76bd7ea6e3175774a62bb757632bd082f26e4dc764000ae0a7732fabf0fc6e5f0b21899ee505bbcfc9e050cb7ad8151b3d76d1225a6e8b5bc8ddcbf367e28ee908b61ccee16bfd3c4a783c3c7c5035b2a4ab05f8e225d73425aba9d12a47849ab7e4bd0380a18dfd0f328561754c1a64fc8cb1ea9ec7117d6d3c69f603ba331b689006c9da626678abcfbb9d1fb36217db872cb0dfba8989bf6ed499fc96c38956bc435934f23c5d4149c090ad09b0c50f98d3dd4f216071100ed84e23a11d58824460663164166ab2136e4ad124125701506280f0cd9d87e565da3919bfa73acd11b258d9ad82", 0x1000}, {&(0x7f0000002cc0)="f9e3d98bf5111767d8c92257b15a51bafbed05ac71976c12550f", 0x1a}, {&(0x7f0000002d00)="32a294af183336bec157bb011d0a836359dcae4d7d51d665a0f53c4a4cefee55639cc2b0970440e9b37a5228c687d3f1f26d03ddcbc7ef6b44e10b00f8c150609eee1eba", 0x44}], 0x5, &(0x7f0000002f40)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r3]}}, @rights={{0x18, 0x1, 0x1, [r4, r5]}}, @rights={{0x20, 0x1, 0x1, [r6, r7, r1, r1]}}, @cred={{0x1c, 0x1, 0x2, {r8, 0xee01, r9}}}], 0x78}], 0x5, 0x4000000) setsockopt$IPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x41, &(0x7f0000000000)={'mangle\x00', 0x2, [{}, {}]}, 0x48) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:25 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x1d5, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 324.515724][T22623] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 324.524077][T22623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 324.535900][T22623] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 324.544244][T22623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 324.555844][T22623] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 324.564283][T22623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 324.577633][T22623] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 324.585717][T22623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 324.597654][T22623] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 324.605960][T22623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 324.617416][T22623] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 324.625385][T22623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 324.638310][T22623] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 324.646646][T22623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 324.675467][T22623] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 324.683914][T22623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 324.709123][T22623] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 324.717489][T22623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 324.728882][T22623] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 324.737230][T22623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 324.748515][T22623] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 324.756960][T22623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 324.768097][T22623] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 324.776053][T22623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 324.787216][T22623] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 324.795205][T22623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 324.806311][T22623] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 324.814551][T22623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e 04:32:25 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:25 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:25 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000000)=""/186, 0xba}], 0x1, 0x6, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) close(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:25 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x1d6, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:25 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) [ 324.825806][T22623] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 324.834237][T22623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 324.845970][T22623] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 324.854404][T22623] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:26 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x204, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 324.986443][T22711] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 324.994942][T22711] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 325.019703][T22711] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 325.028095][T22711] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 325.039955][T22711] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 325.048405][T22711] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 325.062602][T22711] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 325.070666][T22711] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 325.083876][T22711] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 325.091913][T22711] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 325.103825][T22711] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 325.111838][T22711] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 325.125486][T22711] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 325.134051][T22711] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 325.168655][T22711] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 04:32:26 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 325.177114][T22711] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 325.210972][T22726] loop2: detected capacity change from 0 to 1 [ 325.218575][T22711] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 325.227215][T22711] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 325.241487][T22711] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 04:32:26 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x2010, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) shutdown(r1, 0x1) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 325.250000][T22711] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 325.262236][T22711] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 325.271011][T22711] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 325.282890][T22711] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 325.290918][T22711] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 325.303304][T22726] loop2: detected capacity change from 0 to 1 04:32:26 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x229, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 325.310320][T22711] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 325.318491][T22711] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 325.330233][T22711] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 325.338253][T22711] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 325.350764][T22711] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 325.359344][T22711] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 325.380922][T22711] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 325.389443][T22711] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:26 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800000, 0x100010, r1, 0x0) r2 = socket(0xa, 0x5, 0x6) preadv(r2, &(0x7f0000000280)=[{&(0x7f0000000000)=""/216, 0xd8}, {&(0x7f0000000100)=""/65, 0x41}, {&(0x7f0000000400)=""/236, 0xec}, {&(0x7f0000000300)=""/235, 0xeb}], 0x4, 0x7fff, 0x8) tkill(r0, 0x1e) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:26 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x400002, 0xed535d146e79bda5) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000100)=[{&(0x7f0000000000)=""/50, 0x32}, {&(0x7f0000000040)=""/150, 0x96}], 0x2, 0xd9f, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) faccessat(r2, &(0x7f0000000140)='./file0\x00', 0x40) ioctl$BTRFS_IOC_FS_INFO(r1, 0x8400941f, &(0x7f0000000300)) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 325.436472][T22741] loop2: detected capacity change from 0 to 1 04:32:26 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x189) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x1010, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 325.517138][T22741] loop2: detected capacity change from 0 to 1 [ 325.755491][T22703] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 325.763937][T22703] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 325.776389][T22703] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 325.785180][T22703] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 325.796285][T22703] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 325.804694][T22703] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 325.818152][T22703] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 325.826129][T22703] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 325.837824][T22703] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 325.845858][T22703] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 325.856931][T22703] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 325.864895][T22703] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 325.877497][T22703] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 325.885813][T22703] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 325.913978][T22703] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 325.922431][T22703] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 325.945734][T22703] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 325.954099][T22703] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 325.965168][T22703] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 325.973710][T22703] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 325.984846][T22703] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 325.993202][T22703] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 326.004415][T22703] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 326.012415][T22703] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 326.023609][T22703] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 326.031599][T22703] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 326.042733][T22703] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 326.050812][T22703] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e 04:32:27 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:27 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x22a, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:27 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x200000a, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = syz_mount_image$nfs4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x4, 0x4, &(0x7f0000000280)=[{&(0x7f0000000140)="020888c906fda6f02bf73559b6a8ba9fa5c926245bb3c979d9985a9c7cb5cd78ca0b37f0c422668b9272c3973515c8b24db7bd8565f2ccad68c14ce1f079dcf216e85aa2832ba8edf601", 0x4a, 0x101}, {&(0x7f0000000080)="e846bf", 0x3, 0x7}, {&(0x7f0000000200)="1c881df9616abcb4c821eadb40087d6db93ee2e2bfabcbb81f1051e53efd8fae36fe1b2307a60e742d0463689077ad151843065ea635d36021", 0x39, 0xfc0000}, {&(0x7f0000000240)="86ca9b73f4edc8e94903503dffb016a0516fa3", 0x13, 0x401}], 0x40, &(0x7f0000000540)=ANY=[@ANYBLOB="24212c6370752e73746174002c5e2d295c5b3a5d2e002c63707c4eae89b9790073746174002c6370752e73746174002c2c6370752e73746174002c6370752e73746174002c2b2d2f2c6370752e73746174002c646f6e745f6d6561737572652c66736d616769633d307830303030303030303030303030646132231c9961d5713a4c15792c636f6e746538743d756e636f6e66696e65645f752c646566636f6e746578743d73797374656d5f752c6f566a5f747970653d63"]) pwritev(r1, &(0x7f0000000500)=[{&(0x7f00000003c0)="9cd943c27762782db66842176e21276ea7aedd891e5a67c3bc093b7ea034127171670db8bcd645d7e780001939098edea8cc0d31d99f53b56acb0d364fa49ce014ac7fb2b760b870757f5016e3483e396080c95710d9aba1247e7b0a9aa24d0ef4b3cc30284118ca66173a862e85c4f08eb7abc6dbca22703b764c96ca93fcb5485421142543efcfe6372680c4190f102956f6ca6f63026715467d362f93e8d7b4f39d8776d042119b27caffdf371fa453e7da52cd885eaaa5baaed10c50", 0xbe}, {&(0x7f0000000480)="6e24a06271a814ebd41ae8d9ffba67286837e3d4ca1bd75a3b691f6f735c13e480e27966b09686fae53ad029c6490b02e0d095e7de8d4512c70d96d2d7c2363be8cb30f559dc0e3666", 0x49}], 0x2, 0x2, 0x7) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) fsetxattr$trusted_overlay_upper(r3, &(0x7f0000000300), &(0x7f0000000600)={0x0, 0xfb, 0x104, 0x2, 0x5, "8432dc020ea8c78ef26ade9203f03442", "2bcd8242d0c1ef75abcf064d415eafbf0212b8a71298d9defbb56ab3d7fdc64b3546d751817afe4efaa4283020583b10ed28911df7afdfd4bc86590344f125f14c966c2b2509410acd6dff60da174e62e7c5734f8ca346cb42df8496868b4909cebddcd22e4edf6403fd3d2ea101acb994804c916cc750891f7678201d0f8c2b127e6aebbf46f399afdf47c4605ec709346bb591d27879ea6a3798fc2d3d59aebf21def5a51de8d913569302c0cecc47d6c497b4fe566ce87cafb4d775f7477283109ab0e28194b21db9304fe7a39a740d1c68eb44e6e90c88eacdfc080dd021c106cdcf04744af41523750740f3f8"}, 0x104, 0x2) 04:32:27 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x58, 0x28, 0x69, 0x5, 0x0, 0x8001, 0x200, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1663, 0x2, @perf_config_ext={0x6, 0x5}, 0x14941, 0xfffffffffffffffb, 0xffffff05, 0x1, 0x10000, 0x9, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffc344}, r2, 0x8, 0xffffffffffffffff, 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:27 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:27 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 326.061994][T22703] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 326.070340][T22703] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 326.082056][T22703] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 326.090881][T22703] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 326.147679][T22775] loop3: detected capacity change from 0 to 64512 [ 326.156494][T22775] nfs4: Unknown parameter '$!' [ 326.167593][T22781] loop2: detected capacity change from 0 to 1 [ 326.220193][T22781] loop2: detected capacity change from 0 to 1 04:32:27 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x22b, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 326.312535][T22799] loop2: detected capacity change from 0 to 1 [ 326.403538][T22790] loop3: detected capacity change from 0 to 64512 [ 326.410555][T22790] nfs4: Unknown parameter '$!' [ 326.423388][T22799] loop2: detected capacity change from 0 to 1 04:32:27 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x300, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:27 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x30, r1, 0x421c5000) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40)={0x0, ""/256, 0x0, 0x0}) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r4, 0x84009422, &(0x7f0000000fc0)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0}}) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r4, &(0x7f00000013c0)={&(0x7f00000014c0)=@pppoe={0x18, 0x0, {0x2, @random="3e84ff7e58f6", 'team_slave_0\x00'}}, 0x80, &(0x7f0000000180)=[{&(0x7f0000001540)="eff3f7bf90e6eecdd3f15cd7a4bb8417b8f00740f90eb4b353272a82850cdb091ff18614d47db1201abd2f72148e75186c6a3f7faaf7a1195e660f0134a5e450967ba239e26e6f3b5e3431e5ceb791869f53c0670eae9698711362659f4673ae0cc7b2fedbf50bb8d5ff95368d4079770ad1b6ce6130f0990b6c47319acdfbe2d0de071a1d0fcfe39f2cb5fcd3eb69321cd83633a63f87f3c1a6a621ff16a6a189ee4348fee0caf86afaa12d645b38d7b4cec431d2dabf7d36254016c9f243975a2ac95b3cf55d76c56c020a305350b9225119bca5ff9b3c1310540708d6326fb95e178acdb227d312c440b87704ead6e81389d4cfb0d13941", 0xf9}, {&(0x7f0000001640)="37203fc29a3c5983daadff9d83915e1ba344b0dbc5fe045d9f028db3861c12440ca79055dc99f2d99b0086d4421a1187ba8c053f4c3429bf4bc79baa4ec09196b71ce894d399f20e9e502de83699f3b6089fabcf1e9c57329ed716a9446eb61934ce96c40ffce6818430e895b8ba62091263ed86", 0x74}, {&(0x7f00000016c0)="b6754cc7484a1f5f1baa47f247ed63a83e85f82786fac54d76f0774be6d7d0e0a2b3ed1808916adbfbd50989207636a45591c4c944438de2372d6516444ea9d2707e8b796e740202bf16a29e8a17b307f3fa0634b3dffc27ad874749275f3f44f10a67e0d75742b2e9099eab781ca889be8c21cc815be1280330e53dbe48705700522dc7fecb66e8282e1e0b5a5d5d4e67be8fe9dd1b3f677cb2f100e6ce", 0x9e}, {&(0x7f0000000080)="55fb12e1cbb11c052f77ddfb33f3130608f7a8e205b58653a833507ef1000174c7eeb5f844e1aadf990613", 0x2b}], 0x4}, 0x20004000) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r') ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ') sendmsg$NLBL_CIPSOV4_C_REMOVE(r6, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000001400)=ANY=[@ANYRES32=r5, @ANYRESOCT, @ANYRESHEX, @ANYRES32=r3, @ANYRESOCT, @ANYRES64, @ANYRESHEX=r2], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x40025) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f0000000200)={r3, 0x0, "578e6dda74c021ec28a6a2dfee0729e39773ea5cf5ec2ad5b865776cb8c04544a6173af3f3f8bfd282df8dfe4238d1eef088b3bcabc586579947e388123e44fc647d120bc633e76b88df6b3691ade3d04a3ee087b90dd1b8319cff2e92d48e8e1c50ae2d5c95556a68f1b5e258764a864b4b13cb720c35918334a4df118ab0be0564d0a98226a6d25e8ba97ef2e394bb5f62e8e1f438ef3b62d7a51535cea888b51aab32f5219fbb20d9275d413d998f0ea00620f364f8901808d1bced1a6633b905f78f2ff3be9b03e2f29074b6e2298bb46025566777dba2ef170705b26ebccdc73b4e829994759d1b24fe987b67fdadac329030a8879189d5a66ac9146684", "bd783a2720f70e1b60f8dc5ca5c92b8344165b634194af21c17b7edd9e39f641c5c70568d650b5e26cee007c45bceda789e2002f77c852ab2ab6a31436f6d61c9e79d60a5b12e5de63ce271413897fc1a94c10f53fb212bab7e863f426697b343e46cf4022f81e62127a157a8aa21a53a1c91f6f3bdddad4f8465f50e0b41c23bdd3a655a47c8d59882c8d70f0ec9adff13de5ede0f8433c1481ec3f973ddfa20aebd619b25b73a16aa4191046cea4ae56ba1ca68dcddd5a52e664f8b7bfeda33304d015dfa706dc328201de520dee052f9fa4f7f8f8bf093ae331bb647058b1b2e2d3a2e5676f5b3a22c6a95d82c88ac7c0e773468dc24dbeee2cd9152630d12c5b83dbb39cd69ff408a71c71ccc715fbec6426c2a5b3db16320d6f2e84bbf69596257d245572d59617ef2b8955e4b4765188bc738b81753ab5d719a178bb91d9cbd6e9b5ebb98b208525ed3b19577ba9e401318dbbf18c9f2b73626ca2f75a36696efc1ee554f2a9be12478c9954d72a2a71a5f9886f8a1ad3c05921a1dc0e479989f2f21a6ad81730184d416967d8cf825afdeeeb5f156cc7718ad56effa6a625255076c0637acec264bc8ad51d675b18bd8e4b4e5aa1333e32a72d977cd20bec0f860f7f82bfb3c930eb4403d3b81640396298134ce6edbc32c0e3b6de97885546765583a13efc1e77ec1bc7593aa5ead10e05bd0c849109cb4e5f772efb7fe95fa3931fb51f8ffb88bce7b52c51c5905314f3bb6e938c0f6edbd676c45645eeaaff2aa498444fcd1437fbe3e5e14cfc0e0020136d79db4886acf9519033360fe6fe5a8eaf7f0eb61dd4c64daa4bc1815267738a91235434eba972caf115f3e40c22289bd651847b87182b97253c7091cdb090cd07166d279cb18082da1a9f309348f5ae6adc781b4f05160e4966f148c800ba45c6948eba444e4417860652a58db510d4cac3e493dc85135430a9f2b61a6402897a1b6231b78b2605095cad2b58df8769b06d1c49b9bd4a47ea1e9b2b5c4b63e9537b061219109f6027908cbc95dede266dd4137b2d22ad7e96cfd56d43276f99c0b6bfe85d0e2afa6963267c048469785f7729ab19111c042685b69b8fed70717a0706f3f43f7cd459605596a633bbfa98a1158eeec1e9c47cf4f6e9e6a3f8eaaed327818879a8549597c3209ff4688f6fa79ba1f2e32ec1db58f31e832c8c1cdb6e6d3b8f32faf71fd6a6455d05044a2a862bfc505d763ae0ec01580acec7dc76ed8392ebb69ce78dbad2960ff20502a29e2e5d5325066536516b28ec06d47624a5914f34f07dd1a02331c7327eeb73d0e61ab4a780679c922fea54d61a71016069ee57f648270bae661360b2384a577b24da757844247add34871fd05167f6f3cb40dca2db5e265532b7251d4f66cec16aab1e5f5a7a0639f613e6ba83c93e3bd99c84050291ac253cf4fabeb9e7d2148e7924a5e8e44861c57be30b4fd2c41a92b65c5346a899d73171c5229e6cf3312dd036de3843508d6fa08ff83f4708e0865d474ed278c75b04493c603c279a28abf19f6da341018f3b82952ea4b1751401b067f0525a5dbd5a4153c1174c413c6a6af6f877e72748e567fa5950c172deb7969ad726d43b9026dbac5835736020c6ba98c9e69a82c9dab7e0973005727c7de6b4094c7796986d615126479484f5335baf24fa3e281d62a4842ea6087d96251a065d1a4b58b18614f776feb54752e5e4766f21e04c471ff8e0114306526ee84b7626f9c6ff957d641a67c500d2d26be68fe2b9e9a88c467b8025d7952c635024ef6ca372000d8c9ba09cca579401206d78091957c15617f20f5fc14262ed76c030b0cbededa40ff0d4c392b9833136db6f199d8e93b8735ccd118687c06e383fea477d996ae0192c356dd665b4ddf3028a6afc510e9730718c63cfd6e850e8944fae989eaa64b5b78619981c10ec3dadca780d5680e273f6d0413288c648425e5e36744c40879d7b0d2d154b5914f345845cc0ea512f8710c14f501f223447474312713a30198cfa56d400bf751a181fd998380e52ef8c8ce47eb36470f2636febe11ff15effc3a7018932f03304c2216a64d4542b45b3de1ec53edb2c35d677d02d0c096e071ab608d21646a9f09c469f9c2c5efd5100a550203b3b257864bb1a805f8a89cbbd0eadff114a65127d04cc6fd3400530f8e072ba0eccb8fdef7763c0302506276978a548aa18bd86c8eb3974d446ca222b2ec0262b88ac4f72127e4a78c4e4c67098791d7754492b1a569f44c184d260f400e7b93715a18d7978088dfba9764b8c2a30464ba2ea76c90d393792e00070e098c3d6ec5c36a3a29a001121a72db25439196fae26baf319793d9779c4d9b0272d734c741e2be0713b9456d588455579c370fe77ea48cd25e6b5e75372ca6b9c2229fa8675d476cb7f102bf395cbad30e04dfbcaf4a0db5c5a6762c8463a4366be01524ba5cfea9a5df991380fe552215f3654389efbf2ef6f40b6c78fd248befb4e38d889c227d7514feb13c3f66bb252cc97b5bf3159d313e015bf88a7eb70413d53088fe18b2c8362e6ba2cf18b44ef567170551f9de266e785a17d6d25204a89e84ffc87a6d23f11323bd4dc478646968527fd5b183501f4373420502b41f1be51b2a3b7995009c343b7c2915efc949db211cb16c1fbf18121e4bcff8d3e9c8af188ad906137fabd052580840f61b55c558f6f8e6d7f12b39e9fb55fa00e224a9ff66e95f23303c0bb30e4a5f2dc5c9a4ab228fb1fe2fca590a7e42076c7052740d45f3b316175944d85fed77f23223cc2179762122396f81d8173783fa401217f84913de339bb90dcae09cdd8be74eb179ea5b9c22f1eb9ba7c893e6c62e3af87735bd3423a3281b2f1f7a95f4315d04ef84da4da47b0e987f966b283f796d07ffb26b295c8bef500071e876b9372cb6f443b93a3ac97e7373be672a46a63b4944c9c8bf514b293f48e0f8488dc281ca02ff8ec23ec71db3e903825dcedd767d2c14d76c0d4508254c2bdec0e39eff0cf9c18b6359e1c799683bcf2893e6e4fab7ec9c806385eb2b247eae46806e3e4340a4634584d706e924cf0a2b03e21db87de3cbe007ffe5d2b62847cd039883fc1f43f99af49d248813f02449af3c415d25f53b67597ea89a1391d2fada1f74c72e2bfd6053e9bad262d856eb818e6f9281f4e3a04ac24a719c5af25cc78bd70cfa63f85565c765209a187b9f50532c15f35c9852bfec4758e42c2dfb82fd3e12672bc28f929ef19d524bb6345816d1056c4ccc46f5957dbdc1dc513e26344929b749c010eef3021be464161ee2995c4171513252d00a529204620389304a1b7ed33478f7a6555695b83605843832a61f529f120c4753b5cef0187a4d72fb96e1c92f2a649d4b46642dc6aa95c507643f85f7da3e3b8000334c37447377995dfc0019d67ab6c20e4542fb51005b290cc343091ec06975fa3aa67283828f7d4a703853954f4027436914cb3afbdc1f7d9f165abd9eab80c16ff43d160412f9076279d7514b167190c6d5e39ab6d492be9d42073200dfffca1d3a6b295d06d743c8997aebbba1760c247cf255034eec25c673e3b32b8591d3182ed477a96519f7d738831e96728a3551d726338a6bd5714b686aded8a6ebd3c9fd3fc3b8768bd3027ee26dee80552755d509504b7e484c4172db1803bc97f0dd0c71419206215ac63bdcfd6554cba5fa5aa858c9b76b3282b48068ac9ade7075a532dbf9b5953785943cecc67745fc35655b30a9b6e00396a4244886f08c9b46d6064d53cce1ce68834f221507aa0373e1a3619b29a2d292b5c8c937b5d00157263b33dec2ecf30fb2c1db5d877739d33e28c0525ff5ea76850fbfa294585c9f84f39c1e8adb1c7750a1be0770632a399bb365b9faf7e3bf5f0667c4d1019cb535842a2b2502e5ff31b54cb6d7e6e8fedc34962d3f149fb1ac556af3bb8748c24cb4bf589bd2d8451a7d8ea7b8ba19e718432e16d5a6771dcc63fa68151b1458f3ba210d99e09caf7755cb32c261ce46a2442b4536e61e54f76282b8b0cad6b3a0d76617c7454546b57b207ddb11b89af5781091f532375e22d42fbd419c149a267893dbc6e58da9be771ffb3b9c7bc2c16b772410969aa3c26083d26be503be01c68966ee0019cad07445377a02a87fbaec252ffd19334fc9c591f22f5a3c07e5e53c91d53511b5d72ec06f9d1c75c99d3bbf7c0168fc55aed4ce12a14d4629ebb866434de6e7a395bf644ceddabc7a662f995125ff0aa26f3adfe99780966660e036dd4348e3f3c925711e96ef56dfa09684855421d629084075b63cd2118f615fb715aa8994c80541a4ab1b0ee06d8d77b09b680971fe9fd80c2a387a1a0e243e57310fdd18e0f52dbf10d9b5d1fa3c8e70f5a0487deea6a956ab228c7ef8b1cba1221c8aaeb7dfd31e242ebcff43b5f5dab503fd1bc92a6896b61fae39e77f7d2175bbed097fd1416aa23786edebb069f30fb13830e6048d5fc6e70f5669028523edaff3990986205f0437833ae8c7621207af3a519c95e877f1df7aefa4f10c8e3b4147ef6f1cb72af6bdc55496a04eaee40d17b7d6463fcb6b4e0d921b0c6935750148ee90828b9b45689d82bb852c622d33517d9bd7ee3664d989218280a3835642f4678de1814fd7939b047809d28b507025eba9bc826d36fe98367d1ae4654762473188fae3ae0d3d66a55fb831a2071b84f019c7c4e438f3779e756119963b668470c2905def8c8d62b3b5c199e85238f39c67f75ce28012766b177e66a996089647afa3f3603e820b8b5b2d47f8d046ac3c5b0d3ac6d9bb777f4c08754e6687ec322636a9104f703995522a9d84072c330ac5e3dbb98fcd5bdfd195d1779ce05dd7a83bdfb01228a55608bd3dca5ad3ce58806c18d90fdf1e46dbb03d89e95cf4710707c66653138805d52d01ae736d889612334c647c92d26f8b0f441a65d98ab1665d663b06f7b9d05386738d460b9bfcb0f1166df72a6c5b84820e83403d5d1c5e001d15b06771f8ec7ea5d3707f8634214383836f31df92ea6d4664508591ebb2d88cf1fa536461c3b8ca6076a06eace06dc8f64f5a839091082e74fffdf33895d93c11c213aff20494fa7acc3a6126e00d7047770d23c924a5f8673b9b1ce7659d787b796f79561bae02ebfdc7debf4ff019a99d00938aecaae46d9369db64419cb1e5e1e89bd50cc3b900b66ff9dac20e32c358c99a37c98081de93d435140ff392ec93359f461c6016d717e56e4c8e41927ae2aea7ae07c45e6fe6e5728628638a4d07ccde61fcd18ae28dd668bd9b7f9e8c75f15d7f75424e875a6076f87753adee9c0380ce2fe50243dbae0a70c5f3ad2d22165e12e2d8aa613d4994a582e1402aa57a655512f69416327a8"}) [ 326.517274][T22816] loop2: detected capacity change from 0 to 1 04:32:27 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x402, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 326.578166][T22816] loop2: detected capacity change from 0 to 1 04:32:27 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x406, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 326.665840][T22832] loop2: detected capacity change from 0 to 2 [ 326.705030][T22832] loop2: detected capacity change from 0 to 2 [ 326.776958][T22841] loop2: detected capacity change from 0 to 2 04:32:27 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) perf_event_open(&(0x7f0000000140)={0x3, 0xfc7a, 0x9, 0x4, 0x33, 0x1, 0x0, 0xffffffff, 0x9000, 0xb, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0xa7f, 0x2, @perf_bp, 0x401, 0x200, 0x1, 0x5, 0x0, 0xc6, 0x8, 0x0, 0x101, 0x0, 0x7}, 0x0, 0x80, 0xffffffffffffffff, 0x0) [ 326.834348][T22841] loop2: detected capacity change from 0 to 2 04:32:28 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x500, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:28 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:28 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x58, 0x28, 0x69, 0x5, 0x0, 0x8001, 0x200, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1663, 0x2, @perf_config_ext={0x6, 0x5}, 0x14941, 0xfffffffffffffffb, 0xffffff05, 0x1, 0x10000, 0x9, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffc344}, r2, 0x8, 0xffffffffffffffff, 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 326.991299][T22863] loop2: detected capacity change from 0 to 2 [ 327.010725][T22773] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 327.019217][T22773] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 327.031040][T22773] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 327.039400][T22773] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 327.051766][T22863] loop2: detected capacity change from 0 to 2 [ 327.058728][T22773] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 327.067080][T22773] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 327.080910][T22773] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 04:32:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x600, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 327.088915][T22773] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 327.101803][T22773] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 327.109808][T22773] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 327.134580][T22773] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 327.142614][T22773] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 327.155570][T22773] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 327.163966][T22773] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 327.208789][T22773] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 327.217371][T22773] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 327.258764][T22773] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 327.267128][T22773] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 327.288526][T22878] loop2: detected capacity change from 0 to 3 [ 327.295168][T22773] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 327.303533][T22773] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 327.314804][T22773] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 327.323170][T22773] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 327.334449][T22773] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 327.342453][T22773] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 327.347360][T22878] loop2: detected capacity change from 0 to 3 [ 327.354354][T22773] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 327.367920][T22773] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 327.379254][T22773] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 327.387276][T22773] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 327.398856][T22773] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 04:32:28 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:28 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc3, 0x3, 0x7, 0xff, 0x0, 0x94, 0x40000, 0x4, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xce, 0x7, @perf_config_ext={0x0, 0x9}, 0x1804d, 0x4, 0x7ff, 0x4, 0x1f, 0x800, 0x0, 0x0, 0xfffff001, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x9, 0xffffffffffffffff, 0x1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000080)=0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x7, 0x99, 0x8, 0x80, 0x0, 0x6, 0x48242, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x3, 0x1f}, 0x200, 0x4, 0x3c, 0x1, 0x40, 0x3, 0x8, 0x0, 0x33c9, 0x0, 0x8001}, r3, 0x9, r1, 0x2) 04:32:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x604, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 327.407208][T22773] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 327.419343][T22773] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 327.427840][T22773] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:28 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x58, 0x28, 0x69, 0x5, 0x0, 0x8001, 0x200, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1663, 0x2, @perf_config_ext={0x6, 0x5}, 0x14941, 0xfffffffffffffffb, 0xffffff05, 0x1, 0x10000, 0x9, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffc344}, r2, 0x8, 0xffffffffffffffff, 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x700, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 327.512913][T22901] loop2: detected capacity change from 0 to 3 [ 327.547965][T22901] loop2: detected capacity change from 0 to 3 04:32:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x900, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 327.608088][T22916] loop2: detected capacity change from 0 to 3 [ 327.656343][T22921] loop2: detected capacity change from 0 to 4 04:32:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xa00, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 327.735693][T22927] loop2: detected capacity change from 0 to 5 [ 327.778084][T22927] loop2: detected capacity change from 0 to 5 04:32:29 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:29 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xb00, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:29 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:29 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x402000, 0x0) pwritev(r1, &(0x7f0000000280)=[{&(0x7f0000000040)="a0f1e51eb7f5fe8ba38df760a359636000b4839005053e946e8f2b1d7af8d48fcae3fee00328ecd1", 0x28}, {&(0x7f0000000140)="f3a25d2dfd5f9a89730d9b821954bfcd5e2c107408c49c99a7d3ee777b8f9d6bb917099a559b709d44caac292a6f56450789af6b5b25f3971eb1b271327d3339e2a5f697e7326fd28368e9f4884cd55a468be383a273fa05a6b8f2d52d91ed8062c26d52a8", 0x65}, {&(0x7f0000000200)="2116d0ade665f4ef27302e9f26cddfde385e810a26a94095a93b4818be296d25a32781978e2f088f488fd9744d8bc0478b0b81fd24d7517a0e4d62b49a9c2f6d73c4e62d9ac9ec272d161f817af5a5a3fe2ce895e4fd6f973a87b709dbccc8caa76b0fcf08f2726e59eabe3eeb2cffba", 0x70}, {&(0x7f0000000080)="ea05890e3b9297a488ee03230ac660406bfbf1417940931db92d086b01bf2c5ebaa0", 0x22}], 0x4, 0x4, 0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) ioctl$PERF_EVENT_IOC_DISABLE(0xffffffffffffffff, 0x2401, 0x10001) [ 328.148639][T22942] loop2: detected capacity change from 0 to 5 04:32:29 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xc00, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 328.200439][T22942] loop2: detected capacity change from 0 to 5 [ 328.274846][T22958] loop2: detected capacity change from 0 to 6 04:32:29 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:29 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xd00, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:29 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x58, 0x28, 0x69, 0x5, 0x0, 0x8001, 0x200, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1663, 0x2, @perf_config_ext={0x6, 0x5}, 0x14941, 0xfffffffffffffffb, 0xffffff05, 0x1, 0x10000, 0x9, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffc344}, r2, 0x8, 0xffffffffffffffff, 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 328.341106][T22958] loop2: detected capacity change from 0 to 6 04:32:29 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xe00, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 328.411869][T22976] loop2: detected capacity change from 0 to 6 04:32:29 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) sendto$packet(r1, &(0x7f0000000000)="ecf30b1b1d454df5b13062a9495e63f89a8ef01b33bc27758bdbb3cec7f4a055a79b467cd633ef1a64c14305492c13d072bbfaf9c40912cb32ccc7b1afd99853eaf1719ce7916087ad41ebab0386a75d018a2d3966ec1a7c69377785e61460ab1c2c5c5f0c0077ee41aa95a55c34bb4208bce151a4e636846b37ddd26947dc4a8e36df106e7e182b54ecd0535ac70d24a9b6cf6a4533a950774ba8610456744ecfed40d7b06a5bd71b999e99ac16010a08551900792c8fe28c0b0d70e66d70", 0xbf, 0x20, &(0x7f0000000140)={0x11, 0x8, 0x0, 0x1, 0x0, 0x6, @random="0a8d6a234f3d"}, 0x14) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) r2 = accept4$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000200)=0x14, 0x48d87bea7b04019d) fallocate(r2, 0x8, 0xfff, 0x1) 04:32:29 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x1020, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 328.485546][T22983] loop2: detected capacity change from 0 to 7 [ 328.523475][T22983] loop2: detected capacity change from 0 to 7 04:32:29 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x1100, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 328.583130][T22997] loop2: detected capacity change from 0 to 8 [ 328.620676][T22997] loop2: detected capacity change from 0 to 8 [ 328.706985][T23006] loop2: detected capacity change from 0 to 8 [ 328.755639][T23006] loop2: detected capacity change from 0 to 8 04:32:30 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:30 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x1200, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:30 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:30 executing program 3: mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), 0x108b054, 0x0) r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x31, 0x8, 0x61, 0x0, 0x5, 0x20840, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0xffff8916, 0x2, @perf_bp={&(0x7f0000000000), 0x2}, 0x8500, 0x10001, 0xfffffff7, 0x7, 0x10000, 0x800, 0x0, 0x0, 0x1ff, 0x0, 0xfffffffffffffffd}, r2, 0x4, r1, 0x8) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) r3 = fcntl$getown(r1, 0x9) perf_event_open(&(0x7f0000000200)={0x3, 0x80, 0x1, 0x1, 0x3d, 0x9f, 0x0, 0xde3, 0x2004, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x4, 0x4, @perf_config_ext={0x2, 0x10001}, 0x2080, 0x8000, 0x0, 0x2, 0x100, 0x3, 0x100, 0x0, 0x401, 0x0, 0x5}, r3, 0x5, 0xffffffffffffffff, 0x0) [ 329.015318][T23020] loop2: detected capacity change from 0 to 9 [ 329.060947][T23020] loop2: detected capacity change from 0 to 9 04:32:30 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 329.158574][T23041] loop2: detected capacity change from 0 to 16 04:32:30 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:30 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x58, 0x28, 0x69, 0x5, 0x0, 0x8001, 0x200, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1663, 0x2, @perf_config_ext={0x6, 0x5}, 0x14941, 0xfffffffffffffffb, 0xffffff05, 0x1, 0x10000, 0x9, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffc344}, r2, 0x8, 0xffffffffffffffff, 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 329.216892][T23041] loop2: detected capacity change from 0 to 16 04:32:30 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2010, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 329.318400][T23058] loop2: detected capacity change from 0 to 16 04:32:30 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2200, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 329.377413][T23058] loop2: detected capacity change from 0 to 16 [ 329.474576][T23072] loop2: detected capacity change from 0 to 17 04:32:30 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2500, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 329.561099][T23072] loop2: detected capacity change from 0 to 17 04:32:30 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x2}, 0x0, 0x0, 0x0, 0x0, 0xf1, 0x1f}, 0x0, 0x0, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000180), &(0x7f0000000200)=ANY=[@ANYBLOB="04224000896876c2bc2d9a7baeb58cc2d8"], 0x11, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) vmsplice(r3, &(0x7f0000000040)=[{&(0x7f0000000000)="b98ce7e7adb9754ff475835a023b450f6a9f1e4abb5d6d2f0f2c236a113de2211b5b456460a9fc0f5ecd1d049e893749ce4b633bf7168e72a5967a", 0x3b}], 0x1, 0x10) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r4, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) preadv(r4, &(0x7f0000000140)=[{&(0x7f0000000340)=""/199, 0xc7}], 0x1, 0x2, 0x7f) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @dev}, 0x14) newfstatat(0xffffffffffffff9c, &(0x7f0000001480)='./file0\x00', &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x4000) sendmsg$nl_xfrm(r2, &(0x7f00000016c0)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x40a00}, 0xc, &(0x7f0000001680)={&(0x7f0000001540)=@updsa={0x134, 0x1a, 0x400, 0x70bd29, 0x25dfdbfd, {{@in6=@dev={0xfe, 0x80, '\x00', 0xf}, @in=@dev={0xac, 0x14, 0x14, 0x2e}, 0x4e21, 0x0, 0x4e24, 0x1e1b, 0xa, 0x20, 0x0, 0x3c, r6, r7}, {@in=@broadcast, 0x4d6, 0x2b}, @in=@multicast1, {0x80, 0x3f, 0x8, 0x6, 0x5, 0x3ff, 0xba, 0x9}, {0xc23, 0x40000000000, 0x91, 0x400}, {0x100, 0x4, 0x7fffffff}, 0x70bd2a, 0x1, 0xa, 0x2, 0x9, 0x40}, [@encap={0x1c, 0x4, {0xfffffffffffffffd, 0x4e24, 0x4e22, @in=@rand_addr=0x64010102}}, @address_filter={0x28, 0x1a, {@in=@empty, @in=@dev={0xac, 0x14, 0x14, 0x16}, 0xa, 0xfc, 0x3f}}]}, 0x134}, 0x1, 0x0, 0x0, 0x6000}, 0x0) preadv(r5, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_DESTROY(r1, 0x5000940f, &(0x7f0000000440)={{r5}, "4b5e5af3c1d096d5644dbedc73d188042b39ed3dce62be8dfa88472507b35d407114dc11813430089354080649b130ebecd058f58f188d89827271dc3a3bb2826a63f7b2cd60c14499b527115bc607c59aea063ea95667403233af5603b582e06594b20f095f9875d762f7ae774ca031b1acb240b8c07cde11386055bf8a02400adba54ba339031174cbf35fbc38a806b4af9e663eb202dd5df407a31d6236a4899cad84979c8b91996d957ec23533184e41a3682985a1fb80a547fa14816361237d96a495668de77b3de879040bde973b07243debb667255ee44088e68db2e2943bc67a0811e8520b43a249835761ca7dfd7272febf0ff7d3cdfbea25acc62965887bdb547b3609a23c67bcab45ebf012743c36103b65e3a07dacb50b1f17578b56eb7f8610cee40643408a5dbde8fdced49d8fc47f94d268f4b7f3e101b78d42908651a44783c58385a14828190c8bf5bbeb26959e32c879e629c02c03b7798a6729d13d0ea9e4ccb1944d6b80f86ca73d30f9ac7b74a53d0e49f889b61e6805c63a6d7be2e07c6332b296eaed4976e30d5024e5e3f5729d23ba82a4d40d9625471afeb3f85954c201ced4607bbf10a54fae4025d7ab5385680246324aee910307b626448056445cb4e777a9b8d0087ddcb5cfb754b83817dc9ee59a8d61bd15591436066618939a0b95d559ee1a4c34e39408ebe6f294312d0eb13df589c79aeb3e770c49f9344353e75a565dc2abebf957eba6919a49ed81b9f04e60acc8bb01a4132a218a8b093fc39a64f68f1535165a9f0cd37cc7b7f8b6376ef986d4e350642e7bf7312aa7e7fefc0f8d71591f01ee46b65115af3da111bd22993058e950aeadf62c73971538c29c91b407e3b278a5f733fb9ba36d13d79b00c9c06981834fb22edc8308f9461493a9b9a20b395dbcc985086c62efd40fedd19d6fb4d9dbc01e84a7278e27c4351649ab9aa8802b85c4541a398b877258d189e35b25a5575eb79fbd4c83b57c167a93d37c9f3eb5486fe7c15f677cbc09a602acf9dbe422285908ba652c030a3c5b1e4294156db3bf52e809437687a1aeb3379093a4e9e2682ba477788c02c6abd1e7700dd8083e5368fdad447ada8a4efbdbbabfe629819eec5233791687d5fabefb2cf8e7d0df3f8fc99147e87049c8aa2816d82350fb9163b1f425870a59413a8fcfc303d256c363ee8aef05f7a3d223a8d5b6d6e29bdd42c1ed5ab7eba45ebd020e8a43cd2687bfe85c0f1414c1edcebca90c933a9ef72b0802e0a2e7ad9e3459e9c68f3d1f131331c2afebfcb139f6956147e49cbfaf601109ceefe8901d3806de28656fc50155bdb770a0745184611a00242410aafdc3d2fdff053d1bbfc35181500362d5500b3314628a91ff749f30b23b81667822c352c73dc39a2f53f4944b22dde935460d3cfe2c0250be8ce02f2bd9b95d88b2734b425d067855750f2ef7a138f497228d0350cafdf4050dde1cd60211dfbf6498e853f2a12ec102f7b4acc33cc3de5056400a6b90f225ba944c5dea0d41e41545f5e224e1f4051f229842620d07e5037d49a38957b4190b7e2f18975eee10cecfade8bf3259dffd29806a81a2d0398783d45b364738a594ac1eaed745447139b1e172e71853d75c51c44cbe41a9943d04fe85c9989a9de40c2ddfbda9dfa24e8e0a63ec56d3faad498306ba67e58a0565b227b80b90f94d3fd2373712b51e72f882304e85d837ee151621e4d79cb5a231bf6ea16c1814b7c08c12ebd286b1887fe7b61c5cd0a5921e59d2be75de2242a8ccbe2a2d97a91c249104fffbb8a954cbb5648c54c786d4d58ccad35ae5e24c068d84cee579d026fff38a1c468f524fc24a4fd3807a0a7fa1b1987640c6272e4b5947bb6e5d386805a3ae87a85eeb375910a6376e9a2e80d8d7e07357c10137fe4f3958ab82a2b857b22be74bef6f11a8f4c22f8c1e60eaf3ef3df19f9c4278cb7cf26399bda7dbd8e44050aa236e26d9b64d71be1d336390d81696a72484010242285b57621b8184679d700f3c3bf7eef8240cd4f2dbd774dcf1e28f00a2053d19fa69e4faa61d561e3adc9d03c2cdc7520ddfa3b0efb7504e5c7a05383cde5b5491456347c606aabe23b41e7594e0ab33a0118819b64910a952a129f19ac5b94197a2180d0a9b277fa1b75b358d8354b19bad12bdb5e22203ba696fc0baff1182250401a54be8eed6b1eee304e3a61f048d8a0b0139947781438d7f1ce05e82d7acd9647fefa9b054ed19dcb9e9eb8013970a559eb02cfc51c68b70dea4f874573da9882c270fb004b19ad0df73748240ac40d101f8b2e64e5364dbe312fc14f9bfc023912b3e07c9f14ed05f01db601f6e93925bc09f8f84a77c138974c467e422de64e4d7c7afeec324d78c3ac9f6e466094f5d823d1ac7caaa77f440b84192827bc1edfd5a078d734fd1a0ce71b225d82cc2c3f7cf9ec1a0dcacd68b46a12289551749459bd6ff25a2be7771edbfcd3caa983aa418caf67d645eb2b398df30fd38ab26fec376ef67fc81cb3f28d01d2eed7513ba531f2d3a089de53af3357b6aa63e0c0bf4b4593bcd1e8d33b28142d1abdd389361ff10ba888a99a615668ea6f9a320b8f920896c151431a45f4538f308aa09120d03821262f8fefb92b73f3dc4a2ffbad5be0051c1441a3270aed8e391700f01fd9b7ad70b80b32c7a02070f91b9a228f7a5716b9af42e32d54663cc3f3a2d10cdf09f3f3215f88d4d35a8daddf0cac3c6433e0c50dafec0cdd50d1c91799365b09f90611ae5d8c33918303d128bf115d9f046af169ae705e9ad03c10e9921d8f149457e13ec14189aeea48872ea6a9ed0b3de114aff1bfc64fdef9448724aacd574ed95ccc742787430e729940cb4bc298068678da19aa9a291043cd12a87fe729f68d2f7fc23d17c42ca8613e81c301172590ad70c60b30146435a0e572dc45c4211d340065b6b8e07128735f3a43f3e2022c5d9fe1f795248069f2f125a69c8a3732b9507aef65da1dcda0c16b5a5398da43a6e9785824f4452ec4f8257e1dcd97969c082fe1943f3d3dde536bbf7f0d34d69bb10645a4c7e8f921b92f236a078e8ffebb6d48cb4acf33d30bf29d7c021ddb91cecffe30e60ccb2307ba1f7c01709ca7d2e7ff7352412b7a4bea0a216b4502b32fa584c467ac5700e1484a4fc2844aa8af9ade31ae26dc4e59fc560dfba3b934e72eef079b95d371aceaa092e545b5a25d373e063491fcdf92c4a125cc437116d59010c6e5897f078f18ff2d7f04a13de81e253eb34147ffdbf28e205ff13b7a497cb9583a21bf749d7dfebcfd21336b7ae97a65424cf9872579cc99a5b68b392b777482a5b43bd207097bc0a359d86238bb2b85982463e4b55111de0b80b70ac6147d7c67ad0ca501fd009c567c8add753d279b8cbaef92a5c8d4c96361446884eb5b09b85c57ebb1ec91cf6008ed6f454b779c0da2588353b4bec5729e5fe131c5a34d2ed9ffce83ad137da43343fb11be7919b4d9e91542f3577b5c168ca0e9760efa50d08a327b4bf9d3e918c5cabe526d34f4e895729b13c7b496e94de9eb92c822a7eaeacff13b092507ffa6ea947003c2521933a28e592714d6c61ab35249441b67165b1478c92fab2ed2652f7451d3a259f95a97c6a0668e31da061adc687cb00eff622191f98192c4b7d26a4b9b06583272b8de1b376af9faee45d35d3abfca344b9180bbd04723e87f1357ad52fec791185d7cad42cc03c729c2a28bd3555495dbe1769d35383bd488b026dd032c4199101e3b26d50e17c1e729fb93707d4bffb26bc505820e98fa80a544ce3b943b8ae0dfa725f5d083d19c567d413ce09c2c67a549b8fa5138fcb557a06c213b8d6afc8ac129de00bc57f7da2d7369d37d5ee3aee13ac1112502e2b294d0cb1a4e379eaeedae3abb0718bfa486c0f407252dee0a4ea1ce8dcf4326d7f947346e12e1ebbdf6c29ea71b42d38165aa82b0e9cf1d3c3b6cadc52885637dedab41cc966c8280a6fe82ea8af0318584c4f9263b5eb0fa4be000e039027c82a5b5aaaa1ae6eb3dcc2df7f78d467decc9892a9291ee05f465c8cbda404fb080930a9b30e45c312b24455d0613675995f8e7ce29e441002fdc859c703b187857bac0a11218a5eddbcd791b55983d0002f9a3865b56735884abb925820b48f54294e51dd5cf98f949814ec21ba45f75c9d0bc42ce49ffb6b2d6a091c673dda9fe9f387cb288b0805c6aaacad85cc9b3b01dc4d99da33a67a19cce2a6a5738d2c55f6a9af550384e8644aa1f9a7496474b47702bd4d2aa8f8a50ca400a2b1ff61ee9d2389004d776616df35083f06d930809befa818cfce1aa41a3d60c5b5e86de9314239c75c3b8328f3ec419114f12145763ba4c2d66e6c50be2f866d393b5fc43e7322e1b23e423956fa7c5771240667e487ddd51f5d1ab2ef7372cff7ced6871398cece4ab21b882beefd0a1165a73e2ec5eb6980ab74593ed750824e5cc890a4abb7083ddab97f68cfc1aa2151e9334134d612108081f6db6fabe1a400f7a5e84a9ee9dd92c26afe3141f8ce98ec8afcf94d81a0b2a79f55195e5f42372cd7723bb0a6f624d3350297ca58dad905c8a729dc15854a1f6e9afd2f6bce579ea9d10e12b36b348a2d861dc422c4e52de68cfd7e6f50294039bc6a8b885053b9c198314575fb37a26a0569ac3dbb766736026c2c4bc6c8cb02a68549980b5b543742aea77ec8977b2c41fa482645338b4520ce790fb5962996d504ff91c03f1a6e5227df883bc15d46336adff7f93484ccd47ee674bf92e22d553ed77089dea39bda2a690cf3db3d87dbdae426fd30e5302f3fa76bc01e75d25207408661484381f34a8e5132a9b6e4416d80ff8566b415e0370f6cf34d7e787f76d252d2e97c448eebd58580c45d43d65ae77f4983cd8f389274bcca3dd81ff6bbd546f4d7a11d34b0089344b265ebf4267a95d5dc96bb5355d9f5b6f8229c8fc99b7be05f54b2d3b84a66746206f7004f57b33bcf8638e237c479e8f37f45bfdf3d79b1190e7b386a5977fee5c15526de25d080acf0c585c415e47167650d7321d1e9185b605bbdce94b853cc8f75ae530a1533475d3084dc88da2442b1470fe8a0bbb3728881efd0247d939efb7338ceac48f635f392700f750a30336769eb330d91f75b2221ef5d7e34ec26a8c2625e7edd49ba5f3f8b824338da0d7f57c43ca0990f6b191673690604a7434668be93995477828ebabc980d65c09ff97413c7dbba3be52bf3880319c1aa3686d572fbce4477d95060cc6bc0f5e29b764cb7482adf4e1f0be1280761be6ee6c5040df4c6e7ab9b15d0e21f1a883fb80ca3c344a8c9f19d6d3b670a5e17cf70778a6c5074bcccc99395e6aacb5be7f559e266ab31fcb432746f838021a20bab5d7d7601d80c119ea40b7585ebfa2aa584176e853e6708ac836300366b0b08459d67a43d7aabc31d2408859ae31902733a2973debfd96cd1f02f3f978ff30faf703765d40b65a1e058147f6d3f75a6d4d7b8ddc356fc9bb0f68bc3b6857042d39e6cd39770c9085f92258e1ca845fdb8294f47acf689399ef1a2ee32010bcf5639c1520d62e5cd9ab03ae5ec78bc9ad0da1b6dbd255a9492f1e0e29c2048261de62cdff3bfd4eebfb1ff716f78d9548d63dc13496c58221b752b8b3577b3d1202252269c6f270f33503b20d07321dce4b8170c4e7a2730ef1d091b71714c31f59d4d1143442e2fa6b34d73767751644ee8f7013fa347a5490e2181bc2f4b1f44392f3d4e"}) [ 329.650295][T23081] loop2: detected capacity change from 0 to 18 04:32:30 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2902, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 329.792727][T23092] loop2: detected capacity change from 0 to 20 04:32:30 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:31 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) [ 329.861085][T23092] loop2: detected capacity change from 0 to 20 04:32:31 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2a02, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 329.969944][T23108] loop2: detected capacity change from 0 to 21 04:32:31 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2b02, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 330.041328][T23108] loop2: detected capacity change from 0 to 21 04:32:31 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x58, 0x28, 0x69, 0x5, 0x0, 0x8001, 0x200, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1663, 0x2, @perf_config_ext={0x6, 0x5}, 0x14941, 0xfffffffffffffffb, 0xffffff05, 0x1, 0x10000, 0x9, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffc344}, r2, 0x8, 0xffffffffffffffff, 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:31 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 330.147941][T23121] loop2: detected capacity change from 0 to 21 04:32:31 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x3f00, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 330.230479][T23121] loop2: detected capacity change from 0 to 21 [ 330.340839][T23142] loop2: detected capacity change from 0 to 31 04:32:31 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000)="198f412d2cbcae3b1ca7ea09b2e86defb08a75652361ea48235579401250cb93548468a9ff7be99fd6ba8a436b17b6f1bee52a3a7119ab06316248ed0a37389824a0a0ef03b4fb668742608856f022b8cfc5d7f6c1c591367dd506", 0x5b}, {&(0x7f0000000200)="17efec257c8ac759302311b17fb0e3c8bcd77ce621c3a5d97f1b9efa6f691e8724eace893ef9043916b70fbf1217e9ae61e2955960f04e07ad18a9a2a96480f4570b185827812f5f78735ba69da82cd3557de6987c065866f5f38563367f9ff003497d3a40c37c4bd9585e0c797e17dd02fe88c814f3862e409603fa2a53d10ca6334b357e22894e18b581083784a64ee0e70007bce3c1ca66d090164f3e5f20030b895aa3be1e6c114ec34b4439c61041a8be210034868df26ee975036e64ddbb645235c662ed5f19468cbd0c9d8c3f315e82d6ed48a5d4d72fd3097cbce96d424d383de871b2008097001fea32fe9146b633e0fb9e83feb1c15fdeabaffc8c6791e4c739ab797b8926a59e936f2f643675ebf3155680cb3086852a6a493e5eb615d708b1b5b092c2d8e8a844ccb420b08c6a168a2c1ec31f4a75f6cca8e65422c3cbda781036499c739e902f3a95bad060c9780f6aab443e82865a16c996f35eb468d7742ce872c82968bf8b2aa7d907eaaa794abb664c1bf5316c804f65107fdbb61394b3cc5918708724c5a75a9d21f540ce935fea2fd79305188ed1ef702e7877d39fa0522fec07c81f083f7adf4fb0f12ddc42a5bf45331eb93d4471f8888db6d8ae368d6a26a247bf268d2d8ee609a63b0d3a9feda4551465d7da27f5b5061bb07069f65a607bcc21dcf4e838c877a2272d55d9357f67de38802b2a58ec6045740e285b323acd694ae85e98697c171c5a2c5d0c63c3ad7c1edfa6c0faf78afa539d14d2696a0740106ed660f55075fa014322cf5b98f33b30964f04edb8d52d0a058de01929a78cd67e2399080cf289a3d139d6c87f1948a43bb598ada9bc854503d6c4db685034060bf99152cbda9a8a9b1a05688d6723d729aab1ccc3d573e8724ef57d042ab544846afdc6f314341703e2ba7a71c2133189469cb1a93a4e6750c2bf62a2323aa2c1bba445ed1410f4d9f7074823726aff9ea7307e29cdea32f0588d7f17a4409838552274f61156cacb3464ce012a9c7212f799d4c1323e255d9689b7a3255e4cea7d2907ddb50ed79332345c2bf0921c603b14ec4352d246e54bc2ea8443b32272463b6c01ab8146a894b64da023426db94d3b53cece4de2bc19bc26a9506a89bc6be5f2587a60e89c42e8aa993e10bdcc5843a34388b2e273f5234ff39812256394e04ba3ebb628a9898c92db898638867ab0009af1b9c34e4ab460ef25b8db146a19cf2394b09a9c83a2f462ed7a9f4f4a584868a2e34c404bacc840760f68a4deca62592eebfd15911215c7792181ed6abe208abfefac283a2c56ed0f52426b1f006c1172b35ed2fb07fde4298d506b57af03fa56eb8520c269d0718b31f62a46813768d34635ee57a5a9744810c0e79d65a14fac24eb7d978d7c3e884e62196d95bbca0200d28447c5604ba83eec1dd9ee577f5488ad78e6612064f30f9a5cda1b649c357fae888b0a081ea2fdf167e43fc4f9b783307c36ffdcefe7e369fae6dc225d75095a1c5b07607bbeb54263e3619af9732ad151939d4925665fecb2b5900c1ae5afe0384d2ba3b7d1d193508eecccabe960c45104bbc66044d46e961ee42c18b64be6205bad780e6b449881d565105a1de84dae6eed0dfca2fee975b03fa8bd62a4266f0fa744bb7ba6a5b7a8cb82378639f18bf6aa3cbc5450a0a58673cb121362c0e6fe02ab7035b48df804cca92997b8b63596d76f4d192f984afdaa7add94e0879f262af73795625aa0dc13450cdcbcb984e3d4aad4298c942be46458b584c428cd3712ff3f51b9d8a9b51f3ef51869519543aa6892854affa8c21fdc6b904862a47f2e8593cff3ae428c59443286677007160a22ac5e3a3546895835d550824f64e10400078c59f66093bb9d549b9a67f0a513aa86d90aa0c08cea3e4f074bbd0485f0c83ab882bf28c7a1d45eec2c942cfa38afe66bf443d98bfaee772d2f095807515ceaa3b18ebcd272b3fb659808ffdd8157c878f4000466c8be8abb06848f9719864b0d60cb41b95382317045181c925f9addcea10a3998f46f6eedafe27b178885c5428cd61a55860dbcccd7b10a9a5ff1d12911c8f811d4ef3ed9325439d78b395dc8b87ee2a246131cc1e120d34cee6b6d47fe07396a3e6c73f8dad14a96f99c23f5ab79ffe904ee17a531ec62fa8eff0f919425f7a92230b1a8773c4c9d418e9120d6b65757c51932571569240e4fa010c4c51ef5c3c3c11879bc56c8adbf7f6bbd1f22d3ac2ba8e2fa3b00e7f25e428955ef7363f54e859f556e1eafb6065e52c4c62879aee36a93d8b5c3a365a654bc4952df9a432b3d0ade9ab52037025652e35d5c28194ff4a6fb5dac3f57e44143cd0cab7598f4cf2804c0b564063efd167ebb58e36500c132b48d57182de03fecabfa1281d2c56d68e0507d654735176caf61f19926649f58ceb101e737dde8ca9ab123f4ff829fc308b2f70db8126d5d15c1929e5d222e0d2726e1c327e587dc5cb22d2e224b0375c1e8502f7a90aae714ecb6af04ed76f3acea65c7f5d2b5f07395510072b517027a6517eb65a5ff35c31e8c2ac3534bc8695eacd3240c8fa8c0b820b402d1a3ae13deb4904f068735731f66fa0808d09ed43240399c5794a8f8514a073804e12ca6220938f9f19d93432d98298234449e09a60362591f98e49dc46eea998b4efbdc3a5942d2eb3923b0f8956bf3885ec4724fa2cb2a59afb58c19a4e5804f2545294ac28d4357ebcd9dc36c3f3035496bc26cb15b77b0c4d7211e7be4cea350c97d7291dd08f51af76f6a22d922a7245a94757d789ef61c8260f23b7d9315dccd88d70a093893c78b7b286df566b27d045c10b1d48f10dbe65215c6f8661cacea13acb678dcad30943c27f3e782a57c73bbd904e28f156e79881f264ea3745c64a28f667c507b98f87d49b0a7877f72e3d92c70b14a577629468c169dffb39224fabd98845e5d6a58603f9ac3fa15ee648f33b1007fba74ce347a58d139747cc978a57dd732397b89547250340b271c865d938503c7f9012e276824424bb3e5ed1546f3a0a4e8b0b9ba531cc5afb2bda510455f689272fbfee9ceed582fb5a0d780c8174f8ba9c56cd5afed501129311f812932b4eb85e041bd1027628eb5d59fd9e11c6761d603899e49982ac73936287e4116f7845cb2644a4e05660560b103f54995b47bf549ffe0bc1a54cd88bbd82b351661ed7ad79597279d05ea36da82c41174b8138c2659a1aaf92bf9274e61776bc4e3591b9adc8e4fa9c6adf00d5dc4393f4c18a6811dda7ab84db243cc2a16a3769d5a384532aaa03eaf2926437a95d13929c4b7b48cead82a74bf2ec1b94bdc81bf69e63ac60a8e6ebd0efd8baf4ddf632c9129a289bbea2a5dbfb06828b4de6d72a9e829ee1fa572c3e9232997ec747eeaa9c62ec44db393e895967b4e4bc11917ad34907171db071e975261d084c5d5ae6f19a76f1e50c8f56000537409c102b4a61f52bdbd20b62555f255d8428b612ba68819236f5539a996d253df46dd447586fabba04e0d3331b516341262d883e8e2be80625ddfbaf8ee632423529715c00e2aabd61984a29ba3f2cde423edc25ab8d94874580466ce3b34a19def756dec69d76448781c8ec7cf49f1ccd40949ccd974130a47b029cb6dd14aa2d242b1dd433529e11016f74b628f11550220acaf3122c4c15b1796a562a72a9f8b47a6c8399f9d06a1b1d190906c18d46501545e6d9a7b77eefe75f0628b71468951c2f34100a22aa8e238ced11b140ab81a5bbded41e1a638cf4cf9435b0603c35c26c84120ef75516451929c27bb760ce4467875188cf1b00c9f013385b7f00435c65469e3e8dbea7721016adccacc1a869835ed21a8a72f0e55c24c7178b36bc78e2924a7b7408c9497845d7bbf6925397ee95e37b375f46ad3e3e473bb4458c240165adebc6a304a37eaad8e3aa5ec6ae7a06ad396808506d4b3c5d5124e0e55a2aedf991b05848067f58311d37a7f0bddcec36c6102921047560105716f0dea00cd298bd85d594c172f2b1ed540ec68f62dd28c35099e2b6bc5d41e673c8a19819a2908b75ce8f81d80db3d29efb1ffffb95560f83fb09adccbb8dfcd90402ae5ae79087609c697c422e070e83680c99eda99c21d7da4602feb129e462bae2eb7b6f633748b47777f761f86d69cd5fc86ea80f5acda4e7bd811c05de106528da3af5fafde97801ec9aeffbf3504cf6861587e0b6ca3c615d4e0b1d2057eab88f9421d1710c84da1d13fe576086528eab238ef536c04f4207c2d1bd9ca0b2a3f512c1defa82451fb886a354544400a2e70b030024edabaf94098ea01034467ee1e8ec0bc9154a13b2b29a61bae54da6f804937f9bd8a5bbe2afdc8d7f11a58c48064c97e0daf10c642fc6c3518d44791d3e38baaee363d13440592504228d8022905577e624e8d41c70fb7a1038a2a4d743a74717c10604fc658b57cdb18651eec6991baa9715b3f62ab14aaaba29989f6bf228d12bdbaf06331f42a13bb7832a6e10fc3a42e949cac927a24f3484b5bdee9d8baf4cfa2dd1ce21d4a2661e37bc5c0891dfc4e8b200c697ed9324708a7ec1049da27cd96f50e2b397106be56925ba25821361585fee4a5fbc6ddbe980646e783febe49979a9b149beb7acbc24eb2f359dfc9bd6846b21954d64fd6ef71b8c744aae05931f1fdbcf0ec354875d083da9318de3851dcfbaa75b4ce1ecbff230cb06963c062f6fd789b1fce1a1c6898a5f1ee394a1ef343877988401754d6adde9b7df4011ae3a9266f287a719688a72ec148141e8074fdf294cdf52e92bfa393d8eefee75462f58ce5caf011dfccfb53d38f770191c7444a6a89f75a2343edafd5f2bd3b81a39563b18619b98d9a57204afbea6b09d11f8e50ca6b00246f5f796e44cc4359ff6180b1e2607e62cdf608f19016ddc8c05df81f473ad761e3351b20825dade968ebc5484c697371ed556519c0e3ee645a18ef9b22a88687f46cf565769eda75b5e9f74442f18ced4fbd3d1af88a05c11710ba9b71884fc8483832e905ba17394158737736dda2649320177622416078fa9ffd7c25f005b1d72801e600bba44e26bcad7d7b3279a7c5414023c031b0623435e3eea384f704cea188f95df22e6a9b205e6044936b56a502cace44a246fda24dde6cb468849f0738d7310f23cf17c00de8f498125c1cb04d634f6942a023808b9ba7931fca806015334d911ad2c0bbc50d215ba3501ea4a7b72de3a2cd01c49f0199ca5a614a617de2ca3831277f4ed7b2de92f243024d74b6f7d0935a84200f1922b46d8acbd6086a796ea1772d8e181275fa609ff64d4cc6d5c9f3b9ec4b13ff6ff4ee03fc68ac77f22b7d9edec88c0d1aaedd21b82ed57cb809a433762247641b378b3de7cb3995f70fc72de2def92e05c1d26ccb8e08c250e554463746aad64ca97de54950a36af19ef0d8568725d96f82e447970c7981231c1540a332ccb8735a39ca80edacc53fe10ac94afd49d0cf686f4645b7c1fa68c21b5b751db57535b01b83dc0f6c4674ae9ed337fb5f3dcba2fddd5522e2ccef104874ab136b839cc2b6dd5c3fbdfdccb32aa59721f827bb76ae3b331906062187db38c503423f956272f726cb83423422e5bcb0aaeb0f2a133bf0eaf28f3f2bdf57b29c7d416b80d4c08402a5e04da5f6b8e7bc7aadf4e312c54d57c72adcfaf170323f72d9839b6c5583e2e4fd22b99204755c81afc58589ae7b9d5388f772dd97876ffe56dcd785ae019017a844c1844cfd33d8a3f9477bb6", 0x1000}], 0x2, 0x80, 0x7) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:31 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x4000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 330.401285][T23142] loop2: detected capacity change from 0 to 31 [ 330.513569][T23155] loop2: detected capacity change from 0 to 32 04:32:31 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x4800, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 330.591147][T23155] loop2: detected capacity change from 0 to 32 [ 330.681059][T23164] loop2: detected capacity change from 0 to 36 04:32:31 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:31 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x4c00, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 330.756758][T23164] loop2: detected capacity change from 0 to 36 04:32:31 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) [ 330.862980][T23176] loop2: detected capacity change from 0 to 38 04:32:32 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x6800, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 330.930896][T23176] loop2: detected capacity change from 0 to 38 04:32:32 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x58, 0x28, 0x69, 0x5, 0x0, 0x8001, 0x200, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1663, 0x2, @perf_config_ext={0x6, 0x5}, 0x14941, 0xfffffffffffffffb, 0xffffff05, 0x1, 0x10000, 0x9, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffc344}, r2, 0x8, 0xffffffffffffffff, 0x8) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:32 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 331.039112][T23194] loop2: detected capacity change from 0 to 52 [ 331.099582][T23194] loop2: detected capacity change from 0 to 52 04:32:32 executing program 3: umount2(&(0x7f0000000000)='./file0\x00', 0xd) r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0xff, 0x0, 0x0, 0x10003, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x40400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1be35, 0x100, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0xbf, 0x0, 0x81, 0x20, 0x0, 0x4, 0x10, 0xa, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000040)}, 0x40900, 0x9, 0x0, 0x8, 0xe3, 0x591, 0x7, 0x0, 0x2d94}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x8) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) openat$cgroup_ro(r2, &(0x7f0000000080)='cgroup.controllers\x00', 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:32 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x6c00, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 331.215132][T23215] loop2: detected capacity change from 0 to 54 [ 331.293592][T23215] loop2: detected capacity change from 0 to 54 04:32:32 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x7400, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 331.407254][T23226] loop2: detected capacity change from 0 to 58 [ 331.480903][T23226] loop2: detected capacity change from 0 to 58 04:32:32 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x7a00, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 331.601769][T23235] loop2: detected capacity change from 0 to 61 04:32:32 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:32 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xd401, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:32 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$INCFS_IOC_CREATE_FILE(r0, 0xc058671e, &(0x7f0000000140)={{'\x00', 0xdf}, {0x9}, 0x80, 0x0, 0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)="af02f749c7b8a6c958aa3f4e33f458b7a9273af58a2e746b2e3cd8137f129cf4342a08e770f3d84dfd5bdefa357d84509559088b0814266d01091cd395f0a61babca6c621785e712350af1e182c004b8ec132f0c2eaab1716d16dcdfc2889d083ab8d84f1648b2341ffdbe2577396c9503abffe0520a7916306241abc1eabec1ea97cce0f93f633dc7504ad27ef8c6d9606b9b1ab50983bef359ab14653ea08405d35bd8560fea3f9342af305389562ae2938824c28c96061ad834e0b38a7634fe0b68bff26a239d32ed0c019395f71c20b4efad0d0d875a73d471e448b5a002258229cc2b", 0xe5, 0x0, &(0x7f0000000300)={0x2, 0x133, {0x1, 0xc, 0xa7, "50811bfed30e534da16d4a5d35d55d901b89906cbfbf898d5992fe6d6b9eb705e5a1683598a650f3e51761e5c00ae0f6087c037d3171723068847080c87680cf7e011df62e0c8e62e376c058057d51b414a2d3878a9b6319bb243dd1d3f2acf901943b682b998056fe0e6d0f9298f6f3dd96be0adb90801498be65568ba2b3635146e9b7b6ba888e9cd9dd488d66c6ca72543e3ebfc4d5a1216b0eabe245fb9cfa28db3bedd976", 0x7f, "2cb17e5951a6a2b2eba5fd582a8957120cae5cea8acccc3a1489db43bed8d6052a0ead99ae565dd51fd51aa5aec1499c47664263ce2b43b5ed8cd01ab31a2fa81938b6c71ad9ea4efe76a4871e59e6291d255a60d00e6fcad5dd95f3eb4402532cad4450897f72cea0f76f316e04a2b9839dd5b2026506d7a373efc07bd471"}, 0xf2, "911a826c33e9b08a34170823896301acc289c84e2fbd5bc05a6082967e2affdbb12066bf324c51e6482a5d993417f3471c377a49f12aa78562ddd09386b312d3f402c2b612718ac5cceb6b22e3480fa4d8c5b9d2e62ae7364d683116850b420d29939364b53376ee3b1ee2bfa1f9817427dba36b61fb48f6a5d497c750deb548d90fb5fe19918da04386065a3c8d9e663ee7884b322962b7a492108837b801c47e1b73c76a8e55d71dc4931c0eef1fb85f2dab58d4ce9742b5d9c6a48e1453165d96a4a579ed2e74af7667e693146e0c56ff0611ec58e314d7d61022380ff0acdc18b40ce573ae6b5ae3694fc39a123d6b40"}, 0x231}) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r1, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 331.681398][T23235] loop2: detected capacity change from 0 to 61 04:32:32 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) [ 331.763882][T23250] loop2: detected capacity change from 0 to 106 04:32:32 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xd501, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:32 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x58, 0x28, 0x69, 0x5, 0x0, 0x8001, 0x200, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1663, 0x2, @perf_config_ext={0x6, 0x5}, 0x14941, 0xfffffffffffffffb, 0xffffff05, 0x1, 0x10000, 0x9, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffc344}, r2, 0x8, 0xffffffffffffffff, 0x8) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:33 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xd601, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 331.890819][T23263] loop2: detected capacity change from 0 to 106 04:32:33 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 332.018662][T23276] loop2: detected capacity change from 0 to 107 04:32:33 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xedc0, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 332.080396][T23276] loop2: detected capacity change from 0 to 107 04:32:33 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000000)={0x1, 0x0, [0x0]}) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 332.188684][T23290] loop2: detected capacity change from 0 to 118 04:32:33 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfeff, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 332.312902][T23302] loop2: detected capacity change from 0 to 127 04:32:33 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfffe, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 332.362656][T23302] loop2: detected capacity change from 0 to 127 [ 332.447493][T23311] loop2: detected capacity change from 0 to 127 [ 332.512942][T23311] loop2: detected capacity change from 0 to 127 [ 332.576847][T23240] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 332.585195][T23240] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 332.596343][T23240] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 332.604708][T23240] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 332.615770][T23240] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 332.624174][T23240] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 332.637447][T23240] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 332.645422][T23240] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 332.657094][T23240] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 332.665070][T23240] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 332.676186][T23240] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 332.684169][T23240] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 332.696978][T23240] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 332.705321][T23240] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 332.741705][T23240] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 332.750156][T23240] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 332.775672][T23240] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 332.784037][T23240] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 332.795187][T23240] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 332.803614][T23240] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 332.814846][T23240] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 332.823180][T23240] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 332.834382][T23240] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 332.842472][T23240] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 332.853609][T23240] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 332.861613][T23240] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 332.872765][T23240] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 332.880773][T23240] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 332.891860][T23240] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 332.900379][T23240] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 04:32:34 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:34 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x20000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:34 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x58, 0x28, 0x69, 0x5, 0x0, 0x8001, 0x200, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1663, 0x2, @perf_config_ext={0x6, 0x5}, 0x14941, 0xfffffffffffffffb, 0xffffff05, 0x1, 0x10000, 0x9, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffc344}, r2, 0x8, 0xffffffffffffffff, 0x8) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:34 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) [ 332.933746][T23240] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 332.942307][T23240] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:34 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 333.038266][T23328] loop2: detected capacity change from 0 to 256 04:32:34 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x80000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 333.087336][T23328] loop2: detected capacity change from 0 to 256 04:32:34 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') ioctl$CHAR_RAW_FRASET(0xffffffffffffffff, 0x1264, &(0x7f0000000440)=0x7) preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) read(r1, &(0x7f0000000200)=""/238, 0xee) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) r3 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_buf(r3, 0x107, 0xf, &(0x7f00000000c0)="a2e619f9", 0x4) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) bind$packet(r3, &(0x7f0000000000)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) fstat(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@mcast1, @in=@private=0xa010100, 0x4e20, 0x9, 0x4e22, 0x80, 0xa, 0x0, 0x80, 0x21, r4, r5}, {0x3, 0x1, 0xc2, 0x8f7, 0x0, 0x2, 0x0, 0x7}, {0x7f, 0x8, 0x6, 0x2}, 0x400, 0x6e6bbc, 0x2, 0x1, 0x2, 0x2}, {{@in6=@dev={0xfe, 0x80, '\x00', 0xd}, 0x4d5, 0xff}, 0xa, @in=@rand_addr=0x64010102, 0x3503, 0x4, 0x0, 0xe1, 0x5, 0x10000, 0x5}}, 0xe8) [ 333.184803][T23353] loop2: detected capacity change from 0 to 1024 04:32:34 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x80040, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 333.280733][T23353] loop2: detected capacity change from 0 to 1024 [ 333.375384][T23369] loop2: detected capacity change from 0 to 1024 [ 333.439766][T23369] loop2: detected capacity change from 0 to 1024 04:32:34 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x400000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 333.540802][T23379] loop2: detected capacity change from 0 to 8192 04:32:34 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x1000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 333.608588][T23379] loop2: detected capacity change from 0 to 8192 [ 333.705531][T23387] loop2: detected capacity change from 0 to 32768 04:32:34 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 333.768801][T23387] loop2: detected capacity change from 0 to 32768 04:32:34 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 333.856620][T23395] loop2: detected capacity change from 0 to 65536 [ 333.864480][T23325] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 333.872961][T23325] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 333.884057][T23325] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 333.892379][T23325] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 333.903458][T23325] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 333.911806][T23325] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 333.925132][T23325] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 333.933257][T23325] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 333.945054][T23325] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 333.953061][T23325] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 333.964223][T23325] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 333.972323][T23325] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 333.985233][T23325] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 333.993598][T23325] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 334.002149][T23395] loop2: detected capacity change from 0 to 65536 [ 334.060267][T23325] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 334.068787][T23325] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 334.098692][T23325] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 334.107052][T23325] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 334.118102][T23325] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 334.126450][T23325] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 334.138003][T23325] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 334.146318][T23325] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 334.157510][T23325] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 334.165594][T23325] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 334.176721][T23325] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 334.184864][T23325] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 334.195956][T23325] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 04:32:35 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:35 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:35 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:35 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:35 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2040000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 334.203966][T23325] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 334.215138][T23325] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 334.223474][T23325] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 334.235352][T23325] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 334.243773][T23325] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:35 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 334.345342][T23427] loop2: detected capacity change from 0 to 66048 04:32:35 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x3000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 334.400158][T23427] loop2: detected capacity change from 0 to 66048 [ 334.500362][T23447] loop2: detected capacity change from 0 to 98304 04:32:35 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x4000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 334.582550][T23447] loop2: detected capacity change from 0 to 98304 [ 334.678584][T23457] loop2: detected capacity change from 0 to 131072 04:32:35 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x5000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:35 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x6000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 334.816726][T23463] loop2: detected capacity change from 0 to 163840 04:32:36 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x6040000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 334.946622][T23469] loop2: detected capacity change from 0 to 196608 04:32:36 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_bp={0x0}, 0x50008}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000d, 0x80010, r3, 0x5ba27000) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/usbmon', 0x200840, 0x2) [ 335.057008][T23474] loop2: detected capacity change from 0 to 197120 [ 335.176700][T23416] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 335.185085][T23416] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 335.196275][T23416] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 335.204618][T23416] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 335.215788][T23416] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 335.224219][T23416] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 335.237473][T23416] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 335.245458][T23416] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 335.257274][T23416] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 335.259461][ T25] audit: type=1400 audit(1626582756.344:56): avc: denied { execute } for pid=23479 comm="syz-executor.3" path="pipe:[50329]" dev="pipefs" ino=50329 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fifo_file permissive=1 [ 335.265241][T23416] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 335.265283][T23416] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 335.308841][T23416] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 335.321582][T23416] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 335.329960][T23416] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 335.402645][T23416] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 335.411130][T23416] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 335.436959][T23416] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 335.445435][T23416] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 335.456565][T23416] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 335.464888][T23416] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 335.476145][T23416] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 335.484529][T23416] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 335.495653][T23416] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 335.508937][T23416] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 335.520097][T23416] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 335.528130][T23416] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 335.539186][T23416] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 04:32:36 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:36 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x7000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:36 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:36 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:36 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:36 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0xe5cd6000) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/ptype\x00') r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x420000, 0x0) kcmp(r1, 0xffffffffffffffff, 0x1, r2, r3) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 335.547197][T23416] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 335.558330][T23416] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 335.566855][T23416] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 335.579112][T23416] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 335.587969][T23416] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 335.666728][T23496] loop2: detected capacity change from 0 to 229376 04:32:36 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x8000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 335.800062][T23517] loop2: detected capacity change from 0 to 262144 04:32:37 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x9000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 335.870775][T23517] loop2: detected capacity change from 0 to 262144 [ 335.998654][T23526] loop2: detected capacity change from 0 to 264192 04:32:37 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xa000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 336.070921][T23526] loop2: detected capacity change from 0 to 264192 [ 336.183615][T23535] loop2: detected capacity change from 0 to 264192 04:32:37 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xb000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:37 executing program 3: r0 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x10, r2, 0x306f9000) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 336.250474][T23535] loop2: detected capacity change from 0 to 264192 [ 336.362709][T23550] loop2: detected capacity change from 0 to 264192 04:32:37 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xc000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 336.455629][T23550] loop2: detected capacity change from 0 to 264192 [ 336.516477][T23492] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 336.524900][T23492] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 336.536005][T23492] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 336.544344][T23492] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 336.555439][T23492] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 336.563774][T23492] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 336.577542][T23492] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 336.585734][T23492] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 336.597546][T23492] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 336.605559][T23492] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 336.616626][T23492] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 336.624593][T23492] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 336.637290][T23492] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 336.645611][T23492] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 336.708693][T23492] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 336.717143][T23492] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 336.745369][T23492] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 336.753750][T23492] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 336.762711][T23561] loop2: detected capacity change from 0 to 264192 [ 336.764893][T23492] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 336.779710][T23492] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 336.790772][T23492] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 336.799197][T23492] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 336.810375][T23492] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 336.818376][T23492] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 336.829593][T23492] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 336.837593][T23492] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 336.848849][T23492] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 336.857350][T23492] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 336.868519][T23492] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 336.876858][T23492] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 336.897629][T23492] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 04:32:38 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:38 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:38 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:38 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:38 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fork() tkill(r1, 0x13) wait4(r1, 0x0, 0x8, 0x0) tgkill(r1, r1, 0x12) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x20, 0x7, 0xff, 0x20, 0x0, 0x401, 0x200, 0xa, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x6, 0x100000001}, 0x40, 0x7fffffff, 0x8, 0x8, 0x401, 0x3, 0x6, 0x0, 0x56cf0a83, 0x0, 0x4}, r1, 0xc, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f0000000140)=0xc) wait4(r2, &(0x7f0000000180), 0x4, &(0x7f0000000200)) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 336.906032][T23492] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 336.939816][T23561] loop2: detected capacity change from 0 to 264192 04:32:38 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xd000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:38 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xe000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 337.019960][T23586] loop2: detected capacity change from 0 to 264192 04:32:38 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x10000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 337.096621][T23594] loop2: detected capacity change from 0 to 264192 [ 337.196486][T23601] loop2: detected capacity change from 0 to 264192 04:32:38 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x11000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:38 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x12000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 337.311892][T23607] loop2: detected capacity change from 0 to 264192 04:32:38 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x20000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 337.451398][T23612] loop2: detected capacity change from 0 to 264192 [ 337.581606][T23617] loop2: detected capacity change from 0 to 264192 04:32:38 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x20100000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 337.658293][T23617] loop2: detected capacity change from 0 to 264192 [ 337.778186][T23626] loop2: detected capacity change from 0 to 264192 [ 337.840018][T23568] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 337.848420][T23568] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 337.859545][T23568] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 337.867905][T23568] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 337.879066][T23568] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 337.887405][T23568] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 337.900954][T23568] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 337.909028][T23568] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 337.920749][T23568] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 337.928745][T23568] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 337.939808][T23568] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 337.947783][T23568] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 337.960209][T23568] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 337.968582][T23568] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 338.001307][T23626] loop2: detected capacity change from 0 to 264192 [ 338.027860][T23568] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 338.036295][T23568] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 338.060807][T23568] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 338.069214][T23568] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 338.080360][T23568] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 338.088706][T23568] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 338.100229][T23568] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 338.108560][T23568] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 338.119738][T23568] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 338.127787][T23568] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 338.138894][T23568] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 338.146864][T23568] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 338.157980][T23568] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 338.165932][T23568] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 338.177005][T23568] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 338.185313][T23568] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 338.197220][T23568] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 04:32:39 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:39 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:39 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:39 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:39 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x208e24b) r1 = syz_mount_image$nfs4(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0xf000, 0x1, &(0x7f0000000140)=[{&(0x7f0000000080)="b3b06bf5a6d9783ccebe7f4e0f922e4b5e62ed994d88ab03d725ab17ab8b43b84ffc5085de92c5771e25f03619d0d8a00b", 0x31, 0x8a}], 0xa0010, &(0x7f0000000200)={[{'cpu.stat\x00'}, {'cpu.stat\x00'}, {'%$\\-#)&('}, {'*{\x00'}, {'cpu.stat\x00'}, {'cpu.stat\x00'}], [{@fsmagic={'fsmagic', 0x3d, 0x9}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@pcr={'pcr', 0x3d, 0x31}}, {@fowner_gt}, {@dont_measure}]}) openat(r1, &(0x7f0000000180)='./file0\x00', 0x103441, 0xa) 04:32:39 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x22000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 338.205612][T23568] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 338.272271][T23649] loop2: detected capacity change from 0 to 264192 [ 338.283353][T23651] loop3: detected capacity change from 0 to 120 04:32:39 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x25000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 338.316894][T23649] loop2: detected capacity change from 0 to 264192 [ 338.353419][T23651] loop3: detected capacity change from 0 to 120 04:32:39 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.net/syz1\x00', 0x200002, 0x0) sendfile(r1, r2, &(0x7f0000000440)=0x3, 0x5ee) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) perf_event_open(&(0x7f0000000040)={0x4, 0x80, 0x50, 0x3f, 0x80, 0x81, 0x0, 0x0, 0x20068, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0xfffffffe, 0x2, @perf_bp, 0x820, 0x6, 0x1, 0x7, 0x7, 0x80, 0x8001, 0x0, 0x5, 0x0, 0x401}, 0xffffffffffffffff, 0x7, r1, 0x5) write$binfmt_script(r3, &(0x7f0000000180)=ANY=[], 0x208e24b) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000140)='yeah\x00', 0x5) listxattr(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)=""/10, 0xa) r4 = timerfd_create(0x9, 0x0) finit_module(r4, &(0x7f00000003c0)='cpuset\x00', 0x2) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r5, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) sendto$inet6(r5, &(0x7f0000000180)="a739", 0x2, 0x40011, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @loopback, 0x3}, 0x1c) 04:32:39 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x29020000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 338.473360][T23676] loop2: detected capacity change from 0 to 264192 [ 338.621653][T23686] loop2: detected capacity change from 0 to 264192 04:32:39 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2a020000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 338.687604][T23686] loop2: detected capacity change from 0 to 264192 [ 338.790123][T23695] loop2: detected capacity change from 0 to 264192 04:32:39 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2b020000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 338.916508][T23700] loop2: detected capacity change from 0 to 264192 04:32:40 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x3f000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 338.998503][T23700] loop2: detected capacity change from 0 to 264192 [ 339.098240][T23641] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 339.106691][T23641] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 339.111871][T23709] loop2: detected capacity change from 0 to 264192 [ 339.117781][T23641] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 339.132573][T23641] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 04:32:40 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 339.143774][T23641] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 339.152188][T23641] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 339.166187][T23641] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 339.174185][T23641] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 339.185862][T23641] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 04:32:40 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) [ 339.193984][T23641] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 339.205088][T23641] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 339.213097][T23641] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 339.225690][T23641] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 339.234045][T23641] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 339.308495][T23641] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 339.316943][T23641] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 339.360146][T23641] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 339.368542][T23641] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 339.379714][T23641] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 339.388567][T23641] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 339.399638][T23641] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 339.407996][T23641] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 339.419138][T23641] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 339.427368][T23641] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 339.438467][T23641] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 339.446474][T23641] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 339.457697][T23641] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 339.465668][T23641] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 339.476803][T23641] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 339.485206][T23641] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 04:32:40 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:40 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x40000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:40 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:40 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) perf_event_open(&(0x7f0000000040)={0x4, 0x80, 0x50, 0x7, 0x1, 0x4, 0x0, 0xf, 0x80, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_bp={&(0x7f0000000000), 0x2}, 0x8210, 0x3, 0x3f, 0x4, 0x30, 0xfffffff7, 0x7ff, 0x0, 0x3f, 0x0, 0x7}, 0x0, 0x8, r0, 0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) mmap$perf(&(0x7f0000ffa000/0x6000)=nil, 0x6000, 0x100000a, 0x10, r1, 0x9000000000) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 339.508454][T23641] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 339.516905][T23641] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 339.615206][T23731] loop2: detected capacity change from 0 to 264192 04:32:40 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x40000800, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 339.680243][T23731] loop2: detected capacity change from 0 to 264192 [ 339.799876][T23746] loop2: detected capacity change from 0 to 264192 04:32:41 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x48000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 339.890293][T23746] loop2: detected capacity change from 0 to 264192 [ 340.032589][T23755] loop2: detected capacity change from 0 to 264192 04:32:41 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x4c000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 340.090743][T23755] loop2: detected capacity change from 0 to 264192 04:32:41 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x68000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 340.157619][T23762] loop2: detected capacity change from 0 to 264192 04:32:41 executing program 3: recvmmsg(0xffffffffffffffff, &(0x7f0000003f00)=[{{&(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000000180)=[{&(0x7f0000000200)=""/138, 0x8a}, {&(0x7f0000000080)}, {&(0x7f0000000140)=""/8, 0x8}, {&(0x7f00000002c0)=""/79, 0x4f}], 0x4, &(0x7f0000000340)=""/84, 0x54}, 0x10001}, {{&(0x7f00000003c0)=@generic, 0x80, &(0x7f0000000440), 0x0, &(0x7f0000000480)=""/240, 0xf0}, 0xfffffffd}, {{&(0x7f0000000580)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, 0x80, &(0x7f0000000900)=[{&(0x7f0000000600)=""/11, 0xb}, {&(0x7f0000000640)=""/165, 0xa5}, {&(0x7f0000000700)=""/210, 0xd2}, {&(0x7f0000000800)=""/215, 0xd7}], 0x4, &(0x7f0000000940)=""/4096, 0x1000}, 0x2}, {{&(0x7f0000001940)=@ax25={{0x3, @bcast}, [@bcast, @remote, @netrom, @rose, @remote, @netrom, @remote, @null]}, 0x80, &(0x7f0000001ec0)=[{&(0x7f00000019c0)=""/113, 0x71}, {&(0x7f0000001a40)=""/82, 0x52}, {&(0x7f0000001ac0)=""/181, 0xb5}, {&(0x7f0000001b80)=""/14, 0xe}, {&(0x7f0000001bc0)=""/124, 0x7c}, {&(0x7f0000001c40)=""/202, 0xca}, {&(0x7f0000001d40)=""/111, 0x6f}, {&(0x7f0000001dc0)=""/248, 0xf8}], 0x8, &(0x7f0000001f40)=""/109, 0x6d}}, {{&(0x7f0000001fc0)=@in={0x2, 0x0, @loopback}, 0x80, &(0x7f0000002080)=[{&(0x7f0000002040)=""/33, 0x21}], 0x1, &(0x7f00000020c0)=""/60, 0x3c}, 0x7f}, {{0x0, 0x0, &(0x7f0000003340)=[{&(0x7f0000002100)=""/154, 0x9a}, {&(0x7f00000021c0)=""/4096, 0x1000}, {&(0x7f00000031c0)=""/254, 0xfe}, {&(0x7f00000032c0)=""/48, 0xffffffffffffffa8}, {&(0x7f0000003300)=""/41, 0x29}], 0x5, &(0x7f00000033c0)=""/207, 0xcf}, 0x8}, {{&(0x7f00000034c0)=@nl, 0x80, &(0x7f0000003600)=[{&(0x7f0000003540)=""/169, 0xa9}], 0x1, &(0x7f0000003640)=""/130, 0x82}, 0x487d}, {{&(0x7f0000003700)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000003a00)=[{&(0x7f0000003780)=""/208, 0xd0}, {&(0x7f0000003880)=""/229, 0xe5}, {&(0x7f0000003980)=""/20, 0x14}, {&(0x7f00000039c0)=""/1, 0x1}], 0x4, &(0x7f0000003a40)=""/46, 0x2e}, 0x5}, {{&(0x7f0000003a80)=@l2tp={0x2, 0x0, @remote}, 0x80, &(0x7f0000003e80)=[{&(0x7f0000003b00)=""/165, 0xa5}, {&(0x7f0000003bc0)=""/229, 0xe5}, {&(0x7f0000003cc0)=""/80, 0x50}, {&(0x7f0000003d40)=""/27, 0x1b}, {&(0x7f0000004180)=""/219, 0xdb}], 0x5}, 0x9}], 0x9, 0x40, &(0x7f0000004140)) r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0) tkill(0x0, 0x0) ptrace$setregs(0xffffffffffffffff, 0x0, 0x0, 0x0) tkill(0x0, 0x0) migrate_pages(0x0, 0x5, 0x0, &(0x7f0000000240)=0x10001) perf_event_open(&(0x7f0000003d80)={0x2, 0x80, 0x9, 0x43, 0x0, 0x80, 0x0, 0x20, 0x22, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xa00, 0x2, @perf_config_ext={0x5, 0xffffffffc82b2084}, 0x4000, 0x2dc9, 0x81, 0x9, 0x5, 0x7, 0x6, 0x0, 0x3}, 0x0, 0xe, r1, 0x2) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:41 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:41 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 340.304287][T23772] loop2: detected capacity change from 0 to 264192 [ 340.327116][ T25] audit: type=1326 audit(1626582761.415:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=23770 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x7ffc0000 [ 340.357396][ T25] audit: type=1326 audit(1626582761.415:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=23770 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x7ffc0000 [ 340.382702][ T25] audit: type=1326 audit(1626582761.435:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=23770 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=278 compat=0 ip=0x4665d9 code=0x7ffc0000 [ 340.412615][T23772] loop2: detected capacity change from 0 to 264192 04:32:41 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 340.472742][ T25] audit: type=1326 audit(1626582761.435:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=23770 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x7ffc0000 [ 340.479020][T23730] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 340.505025][T23730] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 340.516177][T23730] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 340.524495][T23730] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 340.535621][T23730] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 340.543973][T23730] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 340.556506][ T25] audit: type=1326 audit(1626582761.435:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=23770 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x7ffc0000 [ 340.557158][T23730] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 340.588439][T23730] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 340.600038][T23730] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 340.608069][T23730] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 340.619126][T23730] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 340.627118][T23730] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 340.639682][T23730] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 340.648075][T23730] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 340.661085][ T25] audit: type=1326 audit(1626582761.435:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=23770 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=101 compat=0 ip=0x4665d9 code=0x7ffc0000 [ 340.687060][T23730] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 340.695507][T23730] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 340.724099][T23730] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 340.732549][T23730] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 340.743613][T23730] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 340.751974][T23730] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 340.763111][T23730] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 340.771453][T23730] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 340.782749][T23730] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 340.782789][ T25] audit: type=1326 audit(1626582761.435:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=23770 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x7ffc0000 [ 340.790746][T23730] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 340.790786][T23730] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 340.835194][T23730] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 340.846677][T23730] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 340.854843][T23730] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 340.866305][T23730] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 04:32:42 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:42 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:42 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x6c000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 340.874621][T23730] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 340.886667][T23730] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 340.895080][T23730] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:42 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x74000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 340.988877][T23802] loop2: detected capacity change from 0 to 264192 [ 341.003728][ T25] audit: type=1326 audit(1626582761.435:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=23770 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x7ffc0000 [ 341.123687][ T25] audit: type=1326 audit(1626582761.435:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=23770 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=200 compat=0 ip=0x4665d9 code=0x7ffc0000 [ 341.154819][T23814] loop2: detected capacity change from 0 to 264192 04:32:42 executing program 3: r0 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 341.195676][ T25] audit: type=1326 audit(1626582761.435:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=23770 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x7ffc0000 [ 341.230087][T23814] loop2: detected capacity change from 0 to 264192 04:32:42 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x7a000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:42 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) [ 341.356911][T23827] loop2: detected capacity change from 0 to 264192 04:32:42 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x85ffffff, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 341.428851][T23827] loop2: detected capacity change from 0 to 264192 [ 341.535780][T23839] loop2: detected capacity change from 0 to 264192 04:32:42 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x8cffffff, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 341.587623][T23839] loop2: detected capacity change from 0 to 264192 04:32:42 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) ioctl$FIBMAP(r1, 0x1, &(0x7f0000000040)=0x80000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000080)={0x0, r3, 0x5, 0xed0, 0x73}) [ 341.686361][T23850] loop2: detected capacity change from 0 to 264192 04:32:42 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 341.750307][T23850] loop2: detected capacity change from 0 to 264192 [ 341.840254][T23801] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 341.848696][T23801] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 341.860015][T23801] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 341.868348][T23801] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 341.879403][T23801] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 341.887833][T23801] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 341.901659][T23801] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 341.909665][T23801] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 341.921454][T23801] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 341.929511][T23801] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 04:32:43 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x97ffffff, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 341.940566][T23801] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 341.948593][T23801] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 341.961022][T23801] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 341.969834][T23801] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 342.010046][T23801] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 342.018508][T23801] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 342.046624][T23801] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 342.054988][T23801] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 342.066053][T23801] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 342.074368][T23801] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 342.085524][T23801] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 342.093854][T23801] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 342.105036][T23801] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 342.113915][T23801] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 342.125084][T23801] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 342.133083][T23801] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 342.141749][T23872] loop2: detected capacity change from 0 to 264192 [ 342.144342][T23801] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 04:32:43 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:43 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 342.158846][T23801] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 342.170096][T23801] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 342.178438][T23801] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 342.190716][T23801] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 342.199586][T23801] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 342.248795][T23872] loop2: detected capacity change from 0 to 264192 04:32:43 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) fork() tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:43 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xbb2348dd, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 342.386241][T23892] loop2: detected capacity change from 0 to 264192 04:32:43 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xc0ed0000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:43 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, r2) 04:32:43 executing program 3: mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000000, 0x10, 0xffffffffffffffff, 0x7ca2a000) r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 342.517300][T23903] loop2: detected capacity change from 0 to 264192 04:32:43 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xd4010000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 342.567257][T23903] loop2: detected capacity change from 0 to 264192 [ 342.693177][T23918] loop2: detected capacity change from 0 to 264192 04:32:43 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xd5010000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 342.770244][T23918] loop2: detected capacity change from 0 to 264192 04:32:44 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xd6010000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 342.855175][T23925] loop2: detected capacity change from 0 to 264192 04:32:44 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:44 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0x71ad}, 0x0, 0x3, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 342.982353][T23937] loop2: detected capacity change from 0 to 264192 04:32:44 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x0, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:44 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xdaffffff, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:44 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) fork() tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 343.191779][T23953] loop2: detected capacity change from 0 to 264192 04:32:44 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xdd4823bb, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 343.256879][T23953] loop2: detected capacity change from 0 to 264192 [ 343.351339][T23967] loop2: detected capacity change from 0 to 264192 04:32:44 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, r2) 04:32:44 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xf6ffffff, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 343.436766][T23967] loop2: detected capacity change from 0 to 264192 [ 343.567628][T23978] loop2: detected capacity change from 0 to 264192 04:32:44 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xf9fdffff, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:44 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xd, 0x11, r0, 0x5b53e000) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000000)=0x1000) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x208e24b) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) open_tree(r1, &(0x7f0000000040)='./file0\x00', 0x8001) [ 343.710833][T23986] loop2: detected capacity change from 0 to 264192 04:32:44 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfdfdffff, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:44 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xbdef8a34923af663}, 0x4010, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:44 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 343.841678][T24000] loop2: detected capacity change from 0 to 264192 04:32:45 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfdffffff, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 343.908663][T24000] loop2: detected capacity change from 0 to 264192 04:32:45 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x0, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 344.038489][T24015] loop2: detected capacity change from 0 to 264192 04:32:45 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) fork() tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:45 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfeffffff, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 344.120199][T24015] loop2: detected capacity change from 0 to 264192 [ 344.230956][T24033] loop2: detected capacity change from 0 to 264192 04:32:45 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfffffdf9, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:45 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, r2) [ 344.284646][T24033] loop2: detected capacity change from 0 to 264192 [ 344.367803][T24041] loop2: detected capacity change from 0 to 264192 04:32:45 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfffffdfd, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:45 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0xff31, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80003, 0x0, @perf_bp={0x0, 0xc}, 0x14000, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = socket(0x36, 0x4, 0x6) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x4010, r1, 0x0) r2 = fork() tkill(r2, 0x13) wait4(r2, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0xf5, 0x6e, 0x6, 0x37, 0x0, 0xbe1, 0x1910, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x11b6be46, 0xe, @perf_bp={&(0x7f0000000140), 0xf}, 0x14, 0x7, 0x401, 0x9, 0x8, 0x2f, 0x8, 0x0, 0x3, 0x0, 0x100000000}, r2, 0x10, r0, 0xa) perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x6c, 0x81, 0xff, 0xff, 0x0, 0x8, 0x20000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_bp={&(0x7f0000000000), 0x8}, 0x4000, 0x9f, 0x1, 0x0, 0xfffffffffffffffe, 0xfffff277, 0x6, 0x0, 0x2, 0x0, 0x7}, 0x0, 0xffffffffffffffff, r0, 0xb) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000180)=ANY=[], 0x208e24b) r4 = syz_open_dev$vcsn(&(0x7f0000000340), 0x88, 0x400) perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0x7, 0x7f, 0x20, 0x40, 0x0, 0x9, 0x0, 0x6, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000280), 0x4}, 0x100, 0x1000, 0x200, 0x6, 0x8, 0x0, 0xe3ea, 0x0, 0x10001, 0x0, 0xffff}, r2, 0xffffffffffffffff, r4, 0xa) open(&(0x7f0000000180)='./file0\x00', 0x88080, 0x183) [ 344.492496][T24051] loop2: detected capacity change from 0 to 264192 04:32:45 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xffffff7f, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 344.553955][T24051] loop2: detected capacity change from 0 to 264192 [ 344.668309][T24065] loop2: detected capacity change from 0 to 264192 04:32:45 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 344.710464][T24065] loop2: detected capacity change from 0 to 264192 04:32:45 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xffffff85, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 344.826117][T24079] loop2: detected capacity change from 0 to 264192 04:32:46 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xffffff8c, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:46 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x0, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 344.894670][T24079] loop2: detected capacity change from 0 to 264192 04:32:46 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) tkill(0x0, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 345.040131][T24094] loop2: detected capacity change from 0 to 264192 04:32:46 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xffffff97, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 345.140207][T24094] loop2: detected capacity change from 0 to 264192 04:32:46 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x1, 0x0, 0x0, 0x0, 0x4, 0x4092e, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000140)='ext3\x00', &(0x7f0000000180)='./file0\x00', 0x4, 0x2, &(0x7f0000000200)=[{&(0x7f0000000340)="be93001cf32746018882e757389dd989f73d52ce856b5bd8dd3786ac97e08c718c18890207751f7af135a4b4da2f8f2d5409ce5e8f0ce4ab60e8b3e1f2ff6e227090a71c7bc2f35b27d350404e3fc7a98904f481193cd3f6ca241e6f02fbcc92e3afef6f6c9480f5218bdc44d4e7edcecea7956583e639ae2e4e39cb23c38ba46a68fc430b51e7299a0a8bbb19", 0x8d, 0xfffffffffffffffb}, {&(0x7f0000000400)="049499f0fbebdb62d87dcf2c17f130c5e87c5bd863af7a7bd15ca3056fd3e774560a3752e48eb8187747650b19ab5305ce2567a2c831d72ae023c2883db52ef98e1dd5f71d8873786e787ccc09a2860eb61dc5f323a48f9657bb17d646a4d55e0d035ae07059361ebd76c1f3da85fd405f4d408d8d8f1566912ba228c3764d7e6cfb451d9bea174d7e5476c1581b6093abd71a3569b5358c104619e48d04633861e2b1128d28496bdf7d2afcfeb6f08c44248f0f9b09b4653043c129d30c21fe03b15ba13c788e94ef3218be23274f6cc5533bcc718c003638f516cd5b807e85f58915911b709ca9adf548a87cf13e4e", 0xf0, 0x10000}], 0x1000450, &(0x7f0000000500)={[{@nodelalloc}, {@oldalloc}, {@usrquota}, {@data_journal}, {@usrquota}, {@discard}, {@min_batch_time={'min_batch_time', 0x3d, 0xe}}, {@dioread_lock}], [{@fsmagic={'fsmagic', 0x3d, 0x7ff}}, {@measure}, {@fsname={'fsname', 0x3d, '*$}\x00'}}]}) ioctl$F2FS_IOC_GET_FEATURES(r1, 0x8004f50c, &(0x7f00000005c0)) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) write$P9_RWALK(r3, &(0x7f0000000000)={0x64, 0x6f, 0x2, {0x7, [{0x0, 0x1, 0x1}, {0x2, 0x4, 0x1}, {0x4, 0x2}, {0x4, 0x2, 0x5}, {0x80, 0x2, 0x8}, {0x10, 0x2, 0x7}, {0x20, 0x4, 0x1}]}}, 0x64) [ 345.262636][T24114] loop2: detected capacity change from 0 to 264192 [ 345.272974][T24115] loop3: detected capacity change from 0 to 16383 04:32:46 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xffffffda, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:46 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, 0xffffffffffffffff) [ 345.307966][T24115] EXT4-fs (loop3): VFS: Can't find ext4 filesystem 04:32:46 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfffffff6, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 345.375815][T24124] loop2: detected capacity change from 0 to 264192 [ 345.503507][T24135] loop2: detected capacity change from 0 to 264192 04:32:46 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfffffffd, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 345.552882][T24135] loop2: detected capacity change from 0 to 264192 04:32:46 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfffffffe, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 345.656102][T24142] loop2: detected capacity change from 0 to 264192 04:32:46 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x1000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:46 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 345.713351][T24148] loop2: detected capacity change from 0 to 264192 04:32:46 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x8000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:46 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, 0x0, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 345.827184][T24157] loop2: detected capacity change from 0 to 264192 04:32:47 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) tkill(0x0, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:47 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x80000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 345.899243][T24127] loop3: detected capacity change from 0 to 16383 [ 345.906583][T24127] EXT4-fs (loop3): VFS: Can't find ext4 filesystem 04:32:47 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000000)={0x0, 0x0}) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x804, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, r1, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0x9, 0x0, 0x8, 0x4, 0x0, 0x0, 0x202, 0x1a, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x8000, 0x1, @perf_bp={&(0x7f0000000080), 0x2}, 0x10, 0x5, 0x8, 0x5, 0x4, 0x992, 0x3, 0x0, 0x9, 0x0, 0x48}, r1, 0x10, r2, 0x3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:47 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xedc000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 346.008827][T24179] loop2: detected capacity change from 0 to 264192 [ 346.148095][T24185] loop2: detected capacity change from 0 to 264192 [ 346.229727][T24185] loop2: detected capacity change from 0 to 264192 04:32:47 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, 0xffffffffffffffff) 04:32:47 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x1000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:47 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 346.394654][T24194] loop2: detected capacity change from 0 to 264192 04:32:47 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x40000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 346.502794][T24200] loop2: detected capacity change from 0 to 264192 04:32:47 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x100000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:47 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 346.636033][T24206] loop2: detected capacity change from 0 to 264192 04:32:47 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, 0x0, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:47 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) tkill(0x0, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:47 executing program 5: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 346.763862][T24217] loop2: detected capacity change from 0 to 264192 [ 346.819558][T24217] loop2: detected capacity change from 0 to 264192 04:32:47 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0xfc, 0x0, 0x0, 0x1, 0x13d, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc2}, 0x0, 0xffffffffffffffff, r0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r1, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) fdatasync(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) getsockname$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs, &(0x7f0000000080)=0x6e) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:47 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x200000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 346.939597][T24243] loop2: detected capacity change from 0 to 264192 04:32:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x204000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 346.992954][T24243] loop2: detected capacity change from 0 to 264192 [ 347.113270][T24253] loop2: detected capacity change from 0 to 264192 [ 347.167144][T24253] loop2: detected capacity change from 0 to 264192 04:32:48 executing program 1: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, 0xffffffffffffffff) 04:32:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x300000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:48 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) openat(r2, &(0x7f0000000080)='./file0\x00', 0x200400, 0xe6) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x3, 0x6, 0x6, 0x2, 0x0, 0xd85c, 0x80000, 0x7bd5b7531c1682fd, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_config_ext={0xe91, 0xffffffffffffffd0}, 0x0, 0x200, 0x6fc4, 0x3, 0x401, 0x0, 0x8, 0x0, 0x5, 0x0, 0x2}, 0x0, 0x4, r1, 0x1) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 347.291134][T24268] loop2: detected capacity change from 0 to 264192 04:32:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x400000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 347.341465][T24268] loop2: detected capacity change from 0 to 264192 [ 347.451182][T24280] loop2: detected capacity change from 0 to 264192 04:32:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x500000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 347.507245][T24280] loop2: detected capacity change from 0 to 264192 04:32:48 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, 0x0, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x600000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 347.613063][T24288] loop2: detected capacity change from 0 to 264192 04:32:48 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() r3 = fork() tkill(r3, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:48 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 347.755876][T24303] loop2: detected capacity change from 0 to 264192 04:32:48 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ipx\x00') syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r1) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0xd45) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x604000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 347.810166][T24303] loop2: detected capacity change from 0 to 264192 [ 347.941992][T24323] loop2: detected capacity change from 0 to 264192 04:32:49 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x700000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 348.009862][T24323] loop2: detected capacity change from 0 to 264192 04:32:49 executing program 1: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x58, 0x28, 0x69, 0x5, 0x0, 0x8001, 0x200, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1663, 0x2, @perf_config_ext={0x6, 0x5}, 0x14941, 0xfffffffffffffffb, 0xffffff05, 0x1, 0x10000, 0x9, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffc344}, r2, 0x8, 0xffffffffffffffff, 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 348.112615][T24332] loop2: detected capacity change from 0 to 264192 04:32:49 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x800000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:49 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x1, 0x0, 0x10, 0x0, 0x1, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xff, 0x80}}, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0xe01a73d3c1f02c9a, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r2, 0x4008240b, &(0x7f0000000140)={0x3, 0x80, 0x9, 0x38, 0x5, 0x9, 0x0, 0x9, 0x4c022, 0x4, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1f, 0x0, @perf_bp={&(0x7f0000000040), 0x9}, 0x4008, 0x8, 0x9, 0x3, 0x2, 0xd7, 0x1f80, 0x0, 0xffffffff, 0x0, 0x80000001}) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 348.189703][T24332] loop2: detected capacity change from 0 to 264192 04:32:49 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x900000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 348.267182][T24345] loop2: detected capacity change from 0 to 264192 [ 348.387347][T24356] loop2: detected capacity change from 0 to 264192 04:32:49 executing program 3: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001740)='/proc/consoles\x00', 0x0, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f00000027c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000002800)=0x14) sendto$packet(r0, &(0x7f0000001780)="03f79b5a26d57b90d720e6648268872a8f24e7034a72d3f5f5b959ce8f668a944e46176614fe08bdab23bfe9fa2a09ed7240e5c9aa58b17e64d15782b2c613484d5424b0995a308104218a8656b24997b365dcfd72497d044bc97581bfa0f981252f73e35c7fd3dc9aaa3b4cc3ec7a275222056d001de325357670fe0536f28a95e5ed2ac427f8d425868988ac899a4da8986f6c3118008c341f5a793ca64aa0a4f9e08980a0f7ed68db31e2b42e8ada7a5c54cb584b4dab96da52a9049baf3471480a04ccc5fcdfc6640578d684152eaa74f2f9a0d92e30c38d6ca338cf9c9737858e02d37c6aa68a74e82d0b43656bc1bc32c4f74a89ed3d840cce207a8f77ce63e846d1172a69dba74b901454e611219595c983a8d1a964bbff3293e3dbdc849d4cc1b9e32610be7b4912ba4ed1b1a04223b88a46ff67b109e275408ed88476edbc97d3687d1a2279f13a382dfb41c6f793e4bf3a857f807b8b0742318a4b971c95e3e6184f93e040ee191407696b52677b0106b1dc8e564045675631be00c149b392cbdc2d4cefbe0d4a1de59713691fb72ac639aabdaeb62763ed238978884fb5f48d12807fee282da9af95bd2b4c541cd1b21a0ff22ffcd34b27c5337eb73d1ccbbf81f60e57361ef292eabb0f62443c462e5dc2d810b992943feaf55eb5b7d46b4f148afcfc342058ab5276708862bdccceb4f95d38a98646497c9f7fa0657d36ac64d46169da6fc735b9c8402306c2c0fd308ada1ce260a2707d5f1f52877439f3df6ead720667a5da6eb52143eafe99dd1216055e016ac82c01763a74f73ddc815124292f9d08804d228d306275a9fd80f6ea8f9777b5dde73ec1fe396252b9ba3acb5da067e00d70ca5c1a707f20df56b90d444d390e7d7f9e9cb7b269ce90000f6f87b2162a3f925f1e3040a7135eeb7d5b911e4740bf11312de4688ecf5084f7baafde383c7e1636ba3cdd644c283e0b17cb4863aaed4aa817e35bc037785086f7aa9c6a499638a2ec86a1bdaa1ce9a3a62b84c7342329857451f4506e006d2632e75f9a423e1dd9379df7242405844fa1be1b57ad5cfff5f21b6968ec3e6dc6a16138698b3b75d35619dcf530d582f9106a3cbb847362e4ee39892e0a8f86fa10513f215a372686ac099444801412210f313adfaaa0747705eda7d1ecd21547b9a17a472e760b926c38f6a6bc34260b3e61ad3c6c29fadc9a5c944bbc7a14ab5fc536e207c932cd4fe394ce2bd5628ce32f18a09974f14ba6e0b7bc40d9c27ccacbbf964cc9cc51503dfad52158d6ff772091958b6bce6ae4951efd3ee7c668987e0b108179ec0c73f4dcfb728f8a0a763b2b6a407fb0a0825258734832408d9ff70c367dbef5b314694ad7c23e2a2c154deae1d29fc7f6a2aed0544f76f916f096e992115208c099dd70ac7a353a18e3e09e86fd3061a751c0edad19b21804ce90e749015cf2bc213e6f85399f587cb8d15e0bb5b201a9520e57f8c1f056780867a15aae175d1ef4517ec57538ed48d2200bd1b699211ce461c168b0cf299d1d0c665b3755f2eae78d4f659dbb860ea4f24a008d78f2ab120d9d74dd6899fb6ca73c1c03a2e3c31dbd62560cbaab9f867ba89785784792eda26a08081eb4d0395636804574e2a66deacab6561eecd98129cd2a5e79ca438bc53437b2a3a9fb28a7be9916d88d5b9b470bc7fabfddb1f82ff5c0ee69b7ae0aac562eb52dc9566817a20b78b0490cbaf2d179529eec4ed1ec311bb4fc5d926ac6d21867c24e99b4c763142164ffe626e355e3b23bf455a80edd2a51228435a5026b40fcff2cf4c7c219da0513661ce32f2539d558bd30d017f492374b0509a07cffa7fe89255027543ba7a1ed55ee30f4cb0115ab93fda48c2fd67dd79dd270e9a1ecc6e25e1f3031bb4d0fd47359badc86e66e341fca5c396413b8364be40550f63ca30a812870dc5bd63c034b49c5ee02ce495f62a966a863c1906687d1fda6ec6de692b4bcf0c59d02cfabfef39c81e6eb1d1a3fc4027435e020baebe89314bbb7886b65a57bfb70fca16a0c377b826cf16bd8aee85dd5e32bc310b528b72f92c7420e6b3c772f12fc8a203607919f7b820318b9ad8581b73b8069fbf0ec72ae1252151ab61a91837de4804daecf659cf4713ec2c5ba455def7fefcfe37b44e193ca79a48cd3b41f5fa33e2ff72a81fddecf870aa330f22c595ab5b4e86e3ca26d6c16e55c27dc4e71512cfe1972ea53c1e628b63b9d11350d4669e4f79c00481b780ec183948e1f4128859836afe0951c2100fb42ffceb8b87e717bc519a789a0988739ee5a43836570aaf36c2275d62fdbfc8739f9cee811883dac9e571ce7c4bea0d86a11070212d8ee857c227b6c61a6d3db87ddfb96539cf0c8e3545eea97bb46b85dd168d06d3612a4d276e37a59720f7a0a98c5fcfe7493161e4419f6495a05d41b9099f2e7cda6d4d2e51a869e82eeaef1b81fc69775d1b323aafca783a0b8e9f303bc01fcb0630f69dab72804303eef9cdfe7bce2f7aec3d973049c4e971b39eb6c79df73c80d4a6b2a860cdb53a82b9cbbc8740dc85bec3aa480b0b30b99dd72bad2fea50aa3c16edb40b5f50c5864b74959f8026daebf69e04503ba8434c16a0301265772454f0adbf2e4fb566c646a9271b87064acbb3d381a21911c4ef5c30418a9bdcce58d5ff43ee15ff856b809054fd5bab175b393e9221cd4b9014cae8e347689fede2bdc92221efc6f529d7cf740dd80ea75c0f565c467324305f30cb89849a5280f4a82bfdb4459ccda111497367c88a382f6aa236c1f1d64f437ebe6f49c3801c0dddb0d47e840a9bcae3ac4f35a834e5478d179d2876d3136ab9eb65522954373c54fa591e7c49ee07dec67399d22b69b4ba37d966eb17096e46a9750e35d4d03e63f5be0f50827460397c150a4a2847d35029abd4e4feabee4a2cbcdc5ff2dff637ed91f03b4cbc54763f3720e7f0e0694ade18953070b270f7e49ccd7dc83bb5d8ece7c3975f946f97cb060f0a6464129cb4fbc86af75faf8371eb1d15caf93a4e5bf36f9f01826f125b63172037280cefc9b97ac4d76ddb2dfe653c027e7af8f267e3ce302fd703ce9c0c442bcf2e2d6c8dcdb3e960b31d6310b1682060582ac6fd6fbe089333f47f2da7151c817a3d4632a497bdce105c96c581a9cec3396ee191ff99cfa1aec2e30b9cf052576ad5e34f8f50ba7e08127c041c7063371d4d09b4de5332d410dbd889a4ca9be860b5719ad8f28a30b573e4f5437a6d3345b6ec187f8efe1c0eaa07c30944e58f063212a5952294f0efb619331b337714958501b1c215cd03e98af9cc192643ad0e0220d7a80a3a36cb5b84b1ff56fbee21e6f6f65098e8346fbc3ef6605aece8b4794d1936bcbd190323166f58fd4b8b391ac54515c98d957a097b40093be9ab79bcd486670ea058af699abf7b4d67ca733efa93d518db8a6da95fc39de562dd5a619706b82f76836bfda3febe71bb40242edb1bac1d694036f9b68a3c487e6b2c1c0e58af78dfcd728024c0b832e1eada402c9a20ba97333990fcebb2ed44d62e72ad73c3cce56fc669abc6530580403a189f15716f17af97dfe1e011f47f0a931c9365fb518773234197621e4f2d1cdd08e16f4f2e9f47e1d6bd585d1c04a552b06912ea61654d5f7d58770cccd4f18ce3e2f714192d30cbd3625878c3686c6c22ac9eda38e8d07e93765f2e428a7ae9530c89e62454284eaa12084bc17255a2dc2ec05d3bbfe1a2a665a3f4962fcd17186f0b18974f21794caf3b699315836e9934711a0ac82973c426281c592ec991a19a7686924b6cad1598d1e0633e5823be1d032905999dfb659dec810bbd9e93335e7eca5f7f0ae303b8aa0dc8d61f62c0d3d6e41704c8ffba7ba1a7520367957a7801c83e7a623c94eb87e7d87a19f7ba19e604f591f51e579f5227b55bbfcf20da8141f3ecbc638505b80a8ec4be7d96a66cc95adfdabcfae093583254d7356a19f32403e4cb67926f4e772ac0974a234b86070cecafa478ac4ef21bef3e14445268bcaa1304003288f5676f143fc770236247ce87254337d78ed8dbfa85a975d77af20d1cf9bc571d2b29ba2aeb305afde57c6055199c239f6582b904c81c8ef49e5f5b47ce9baa796ef8da1535ff39cdf42dbd882ee7927fba6ee0b7bb18604b0686e71ea1b46d904f5e60063cdbc2794270b0d916b831c78828dc51604f1aa47dac1149f94a3a5bfe377de46207e04c853b7768723e0963019749541f2a2805f9a061bc8ec26b0a74ed90fd8d2479f0df00689719cbd75466d54fa2ed58e24def0ee0700f9e6e1b3d479a92b621562782a0c87758aa1773b429b5cef8ed58a2527a32ab06d473752cebc69d80e343b2c97bf3c1674b9c63277169059ae776bd7c40ae30264091546f2c46e21da0b1c816259219d96dbbf8dc0af7af4e58668594d16f7e1f053527e97347e69d923cebd2cc7970303b43c92b6a46d707f411ca4d041bb836e0597bec71875e677875a1df0fb498a73bf411863bcdcba219d230d20d5aee53f249faf87dd74d23ddc50f154f7fb79d353accbe91d8eaef9fe84c6f66d4d927b0ca4a0359ab31f43c6deb01a95c02ecafafee4084573b0b8a76eb551c8aa8e1bedd34dc94bcccb2a86ea92004689b2042f89326de1c6a9f2ecee087715bc5342f54a934ca13a7c69b75f576e4987e7b653c5aac38f52935e97fd4f1d22fc36a6c62c1718d0fc531b9b12f86698efb9ac140152c7eef3e32fb5b457b07f6560e0c37244b0ffb730d44f16cb261d2934e7deff38c247806b13e7b430a1a025e7d6e6364035adfb61ce4fec35effa14a2b19e5d8701bd81f1bf7bc300fd6b144e7d2aa8230563aee112b4f97d149f0cb5caf9c987e0850b562abdade5e8912b8a8e9c4f988e55ffd93123d4478a09470318bd9d8c3c4686ce6a9a54ff1225c7973e45255e678bcc41b4a9dcdc8dfcbee755b402fccbc5e634e8320fc3a5cf12a9e87291ed72aa98d2a45486b1902a4a980843e87a3bd5c67e512f3652007130a4f9dd347e186d4593651a80161385a628d75f6ecd2011b73e6d14fe3a1882e91b8a5b12a822a2d67311625f510694a920173df6468bad12eff69cfaacff8160dce05cbc502bd6c6c52bcfc3a55e39f0011d5509e099aa2d8cbff82e06ba2e1d231bc991d3b16b73e2807660de3c2916b0884d2279db929c8936587413d819ab81e9e8f12b436b958f25fba75bc03a828807435d203a96bc5d597d8bbe87f7a170bfe03fbb4b4fa6e662463f103f092fc1654e2a0f47094ae55f997d215e81ea37566a3b35c0bbb05ff2385881c7aa28cb4b7ad8db03d4fb4b82d14dac1d48802decec73ca1441ab5ebc434f00beef5985692a8af5a94f64ba70c762a7863f0f8abda7f27058afa7035ba2208b4afceb04f7a6a91d9ca61c3e91eae07784611821347cffa367d331fb054cc418d0d8b1b41688401bee96538e1b7f17b119b122c50deb8ac09158783c76e02efbf38834650c698e2931f17fb9b11ad73bbb1a8d33f768e85681d32696431e509c4f4116d476e074546304fed1797ec57e003960bc76b4653a4ad8e6b8244951dbabc8d25896eb3bb81a364fc545da5257da259b624c79870d1ff1c691ac6f49b2dbb02c884fbe180103cbbabace1677e0b065f005a89c8e60bc426b18344bce6d1c72249bd6b3f23df242ad6fdbb63956ecdbf8a5f6f49edd3eb1b60d007c4e624b2afe4b26b573544f2097d61b6a283892ea79e822b8c3194ba92896dd450eecb0cd", 0x1000, 0x4008004, &(0x7f0000002840)={0x11, 0x2, r1, 0x1, 0x3}, 0x14) r2 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r2, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 348.452299][T24356] loop2: detected capacity change from 0 to 264192 [ 348.486581][T24289] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 348.495044][T24289] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 348.506196][T24289] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 348.514535][T24289] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 348.525594][T24289] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 348.533929][T24289] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 348.547424][T24289] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 348.555417][T24289] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 348.567042][T24289] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 348.575012][T24289] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 348.586055][T24289] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 348.594089][T24289] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 348.607042][T24289] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 348.615373][T24289] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 348.679685][T24289] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 348.688123][T24289] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 348.714533][T24289] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 348.722897][T24289] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 348.734272][T24289] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 348.742606][T24289] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 348.753667][T24289] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 348.762097][T24289] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 348.773259][T24289] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 348.781252][T24289] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 348.792337][T24289] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 348.800334][T24289] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 348.811381][T24289] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 348.819367][T24289] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e 04:32:49 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:49 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xa00000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:49 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() r3 = fork() tkill(r3, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:49 executing program 5: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:49 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0x8, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) sendfile(r0, r1, &(0x7f0000000000)=0x1, 0x3f) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 348.830539][T24289] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 348.838981][T24289] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 348.860443][T24289] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 348.869074][T24289] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:50 executing program 1: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x58, 0x28, 0x69, 0x5, 0x0, 0x8001, 0x200, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1663, 0x2, @perf_config_ext={0x6, 0x5}, 0x14941, 0xfffffffffffffffb, 0xffffff05, 0x1, 0x10000, 0x9, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffc344}, r2, 0x8, 0xffffffffffffffff, 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 348.954399][T24385] loop2: detected capacity change from 0 to 264192 04:32:50 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xb00000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 349.016892][T24385] loop2: detected capacity change from 0 to 264192 04:32:50 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xc00000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 349.090101][T24398] loop2: detected capacity change from 0 to 264192 [ 349.183293][T24407] loop2: detected capacity change from 0 to 264192 04:32:50 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mknod(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)=@v2, 0x14, 0x0) truncate(&(0x7f0000000740)='./file0\x00', 0xff) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x100000c, 0x4010, r0, 0xffffe000) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:50 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xd00000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 349.241171][T24407] loop2: detected capacity change from 0 to 264192 [ 349.349103][T24421] loop2: detected capacity change from 0 to 264192 04:32:50 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xe00000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 349.409530][T24421] loop2: detected capacity change from 0 to 264192 04:32:50 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) preadv(r1, &(0x7f0000000740)=[{&(0x7f0000000200)=""/225, 0xe1}, {&(0x7f0000000300)=""/226, 0xe2}, {&(0x7f0000000000)=""/181, 0xb5}, {&(0x7f0000000140)=""/81, 0x51}, {&(0x7f0000000400)=""/225, 0xe1}, {&(0x7f0000000500)=""/167, 0xa7}, {&(0x7f00000005c0)=""/92, 0x5c}, {&(0x7f0000000640)=""/231, 0xe7}], 0x8, 0x7, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 349.488307][T24430] loop2: detected capacity change from 0 to 264192 [ 349.550483][T24430] loop2: detected capacity change from 0 to 264192 [ 349.794974][T24379] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 349.803358][T24379] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 349.814457][T24379] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 349.822853][T24379] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 349.835037][T24379] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 349.843371][T24379] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 349.856520][T24379] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 349.864546][T24379] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 349.876316][T24379] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 349.884308][T24379] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 349.895438][T24379] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 349.903437][T24379] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 349.916334][T24379] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 349.924654][T24379] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 349.987889][T24379] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 349.996347][T24379] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 350.020650][T24379] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 350.029256][T24379] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 350.040319][T24379] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 350.048670][T24379] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 350.059712][T24379] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 350.068150][T24379] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 350.079278][T24379] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 350.087528][T24379] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 350.098739][T24379] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 350.106761][T24379] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 350.117991][T24379] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 350.126142][T24379] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e 04:32:51 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:51 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfffffffffffffff, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:51 executing program 5: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:51 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() r3 = fork() tkill(r3, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:51 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x3, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open$cgroup(&(0x7f0000000240)={0x1, 0x80, 0x40, 0x8, 0x51, 0x32, 0x0, 0x4, 0xc0170, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x1, @perf_bp={&(0x7f0000000200)}, 0x4000, 0x8, 0x34b5, 0x0, 0x0, 0x5, 0x4, 0x0, 0x4}, 0xffffffffffffffff, 0xf, r0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x4, 0x7, 0x58, 0x8, 0x0, 0x80000000, 0xc01b4, 0xc, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x9, 0x2, @perf_bp={&(0x7f0000000080), 0x8}, 0x200, 0x200, 0x8000, 0x7, 0x8001, 0x10000, 0x400, 0x0, 0x7, 0x0, 0x1}, 0x0, 0xc, r1, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) mmap$perf(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x1ff) ioctl$sock_ifreq(r2, 0x891b, &(0x7f0000000000)={'bridge0\x00', @ifru_flags}) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r3, 0x8937, &(0x7f0000000040)={'netpci0\x00', @ifru_addrs=@nfc}) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000c, 0x13, r2, 0x85a0a000) 04:32:51 executing program 1: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) wait4(r3, 0x0, 0x8, 0x0) tgkill(r3, r3, 0x12) wait4(r3, 0x0, 0x2, 0x0) tgkill(r2, r2, 0x12) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x58, 0x28, 0x69, 0x5, 0x0, 0x8001, 0x200, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1663, 0x2, @perf_config_ext={0x6, 0x5}, 0x14941, 0xfffffffffffffffb, 0xffffff05, 0x1, 0x10000, 0x9, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffc344}, r2, 0x8, 0xffffffffffffffff, 0x8) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 350.137214][T24379] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 350.145600][T24379] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 350.157577][T24379] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 350.166036][T24379] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 350.233871][T24455] loop2: detected capacity change from 0 to 264192 04:32:51 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x1000000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 350.299933][T24455] loop2: detected capacity change from 0 to 264192 04:32:51 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x1100000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 350.366680][T24480] loop2: detected capacity change from 0 to 264192 04:32:51 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0xfd, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}, 0x0, 0x400005, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x200000000000}, 0x0, 0xfffffffeffffffff, 0xffffffffffffffff, 0x9) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x11, r2, 0xfcfbe000) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000340)={0x1c44, 0x100000001, 0x4, 0x0, 0x0, [{{r1}, 0x3}, {{r0}, 0x5}, {{r2}, 0x1ff}, {{r2}}]}) write$binfmt_script(r3, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 350.462060][T24485] loop2: detected capacity change from 0 to 264192 04:32:51 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x1200000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 350.530635][T24485] loop2: detected capacity change from 0 to 264192 04:32:51 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2000000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 350.638896][T24501] loop2: detected capacity change from 0 to 264192 [ 350.693895][T24506] loop2: detected capacity change from 0 to 264192 04:32:51 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2010000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 350.747109][T24506] loop2: detected capacity change from 0 to 264192 [ 350.802434][T24516] loop2: detected capacity change from 0 to 264192 [ 351.075262][T24456] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 351.083895][T24456] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 351.094973][T24456] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 351.103361][T24456] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 351.114422][T24456] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 351.122807][T24456] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 351.136497][T24456] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 351.144523][T24456] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 351.156255][T24456] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 351.164964][T24456] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 351.176219][T24456] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 351.184286][T24456] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 351.196931][T24456] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 351.205412][T24456] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 351.263234][T24456] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 351.271738][T24456] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 351.296547][T24456] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 351.305140][T24456] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 351.316290][T24456] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 351.324630][T24456] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 351.335855][T24456] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 351.344245][T24456] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 351.355345][T24456] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 351.363342][T24456] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 351.374428][T24456] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 351.382414][T24456] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 351.393482][T24456] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 351.401460][T24456] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e 04:32:52 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:52 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) r3 = socket$inet6_icmp(0xa, 0x2, 0x3a) sendfile(r3, r1, &(0x7f0000000000)=0x3f, 0x5ae) write$binfmt_script(r2, &(0x7f0000000200)={'#! ', './file0', [{0x20, 'cpu.stat\x00'}, {0x20, 'cpu.stat\x00'}, {0x20, '[}'}, {0x20, 'cpu.stat\x00'}, {0x20, '-'}, {}, {}, {0x20, 'cpu.stat\x00'}, {0x20, ']\'\\%]('}, {0x20, 'cpu.stat\x00'}], 0xa, "9e3fb8e9400d081c7412514f3cee48a9fb04ccbb34c84c8eecf4350e7ddbf5c4a5653ec4d81e30a09cb9e4a87d43e0adcd77780c1f0a6ad04ca58b21041f814d03099dc4899719c6b94b185bb75d22a8200d845171e329cb8a435af44e065bcbe547ab46452ae5e31795f7d21c05e8bbcdb692b34d744abda5601114c85e9e061ee6d8d45ac9222b668a5bbdaba397b31a48ec5bc125fbb5508e4d950226db03c30f410d2dcc68cd02edc9597c74b48e0e8c8cd5b75f3464002e098cc00706"}, 0x10a) 04:32:52 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2200000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:52 executing program 5: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) 04:32:52 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) tkill(0x0, 0x13) r2 = fork() tkill(r2, 0x13) tgkill(0x0, 0x0, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:52 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(r1, 0x13) r2 = fork() tkill(r2, 0x13) wait4(r2, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) wait4(r2, 0x0, 0x2, 0x0) tgkill(r1, r1, 0x12) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x58, 0x28, 0x69, 0x5, 0x0, 0x8001, 0x200, 0xc, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1663, 0x2, @perf_config_ext={0x6, 0x5}, 0x14941, 0xfffffffffffffffb, 0xffffff05, 0x1, 0x10000, 0x9, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffc344}, r1, 0x8, 0xffffffffffffffff, 0x8) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 351.412589][T24456] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 351.420912][T24456] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 351.433181][T24456] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 351.441816][T24456] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:52 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2500000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 351.516645][T24536] loop2: detected capacity change from 0 to 264192 04:32:52 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2902000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 351.607341][T24545] loop2: detected capacity change from 0 to 264192 04:32:52 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2a02000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 351.684377][T24554] loop2: detected capacity change from 0 to 264192 [ 351.720363][T24554] loop2: detected capacity change from 0 to 264192 [ 351.827025][T24563] loop2: detected capacity change from 0 to 264192 04:32:52 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20, 0x3f}, 0x60, 0x0, 0x6}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r4 = dup2(r1, r2) move_mount(r3, &(0x7f0000000040)='./file0\x00', r4, &(0x7f0000000140)='./file0\x00', 0x3) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2, 0x40010, r3, 0xfc25d000) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r5, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x81f8943c, &(0x7f0000000200)) 04:32:52 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x2b02000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 351.868266][T24563] loop2: detected capacity change from 0 to 264192 04:32:53 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x3f00000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 351.949618][T24577] loop2: detected capacity change from 0 to 264192 [ 352.338529][T24529] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 352.346963][T24529] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 352.358019][T24529] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 352.366610][T24529] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 352.377779][T24529] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 352.386209][T24529] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 352.399840][T24529] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 352.408140][T24529] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 352.419820][T24529] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 352.427886][T24529] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 352.439062][T24529] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 352.447031][T24529] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 352.459717][T24529] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 352.468047][T24529] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 352.532675][T24529] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 352.541093][T24529] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 352.566695][T24529] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 352.575374][T24529] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 352.586499][T24529] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 352.594813][T24529] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 352.605952][T24529] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 352.614260][T24529] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 352.625443][T24529] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 352.633472][T24529] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 352.644583][T24529] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 352.652565][T24529] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 352.663712][T24529] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 352.671954][T24529] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e 04:32:53 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:53 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x4000000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:53 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8012b, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x4, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) openat$cgroup_ro(r1, &(0x7f0000000040)='net_prio.prioidx\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x200200, 0x80) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:53 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(r1, 0x13) r2 = fork() tkill(r2, 0x13) wait4(r2, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) wait4(r2, 0x0, 0x2, 0x0) tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:53 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) tkill(0x0, 0x13) r2 = fork() tkill(r2, 0x13) tgkill(0x0, 0x0, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:53 executing program 5: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) r3 = socket$inet6_icmp(0xa, 0x2, 0x3a) sendfile(r3, r1, &(0x7f0000000000)=0x3f, 0x5ae) write$binfmt_script(r2, &(0x7f0000000200)={'#! ', './file0', [{0x20, 'cpu.stat\x00'}, {0x20, 'cpu.stat\x00'}, {0x20, '[}'}, {0x20, 'cpu.stat\x00'}, {0x20, '-'}, {}, {}, {0x20, 'cpu.stat\x00'}, {0x20, ']\'\\%]('}, {0x20, 'cpu.stat\x00'}], 0xa, "9e3fb8e9400d081c7412514f3cee48a9fb04ccbb34c84c8eecf4350e7ddbf5c4a5653ec4d81e30a09cb9e4a87d43e0adcd77780c1f0a6ad04ca58b21041f814d03099dc4899719c6b94b185bb75d22a8200d845171e329cb8a435af44e065bcbe547ab46452ae5e31795f7d21c05e8bbcdb692b34d744abda5601114c85e9e061ee6d8d45ac9222b668a5bbdaba397b31a48ec5bc125fbb5508e4d950226db03c30f410d2dcc68cd02edc9597c74b48e0e8c8cd5b75f3464002e098cc00706"}, 0x10a) [ 352.683098][T24529] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 352.691421][T24529] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 352.703766][T24529] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 352.712223][T24529] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 352.767462][T24594] loop2: detected capacity change from 0 to 264192 04:32:53 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x4000080000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 352.820922][T24594] loop2: detected capacity change from 0 to 264192 04:32:54 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x4800000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 352.919545][T24617] loop2: detected capacity change from 0 to 264192 04:32:54 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x4c00000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:54 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000140), 0x82200, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x1, 0x1, 0x2, 0x0, 0x400000000, 0x80100, 0x4, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x9, 0x1}, 0x800, 0x200, 0xd091, 0x7, 0x1f, 0x1, 0x7f, 0x0, 0x2b9fca83, 0x0, 0xb2}, 0x0, 0x10, r1, 0x3) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='freezer.state\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x20, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xb, r2, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3, 0x20010, r0, 0x9df8b000) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r2) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7c5b6786d1f4303f, 0x50, r3, 0x46134000) write$binfmt_script(r3, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 353.011260][T24622] loop2: detected capacity change from 0 to 264192 04:32:54 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x6800000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 353.081641][T24633] loop2: detected capacity change from 0 to 264192 04:32:54 executing program 5: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000), 0xffc) syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) dup2(r2, r3) [ 353.195796][T24638] loop2: detected capacity change from 0 to 264192 [ 353.245817][T24638] loop2: detected capacity change from 0 to 264192 [ 353.618455][T24596] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 353.626809][T24596] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 353.637873][T24596] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 353.646197][T24596] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 353.657249][T24596] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 353.665585][T24596] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 353.678638][T24596] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 353.686658][T24596] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 353.698269][T24596] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 353.706250][T24596] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 353.717335][T24596] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 353.725295][T24596] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 353.738245][T24596] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 353.746582][T24596] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 353.792054][T24596] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 353.800483][T24596] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 353.823991][T24596] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 353.832368][T24596] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 353.843460][T24596] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 353.851915][T24596] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 353.863161][T24596] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 353.871492][T24596] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 353.882595][T24596] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 353.890670][T24596] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 353.901770][T24596] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 353.909854][T24596] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 353.920981][T24596] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 353.928952][T24596] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e 04:32:55 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:55 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x6c00000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:55 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000006c0)=0x0) r2 = perf_event_open(&(0x7f000001d000)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x80, 0x3}, 0x10802, 0xffff, 0x0, 0x0, 0xf969, 0x0, 0x7ff}, r1, 0xffffffffffffffff, r0, 0x8) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) r4 = perf_event_open(&(0x7f0000000400)={0x0, 0x80, 0xff, 0x80, 0x4, 0x8, 0x0, 0x9, 0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xbc33a55, 0x4, @perf_bp={&(0x7f0000000140), 0x1}, 0x81, 0x2, 0xff, 0x0, 0x2, 0x64ef, 0x4, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xf, r2, 0x8) preadv(r4, &(0x7f0000000180)=[{&(0x7f0000000480)=""/155, 0x9b}, {&(0x7f0000000540)=""/78, 0x4e}, {&(0x7f00000005c0)=""/164, 0xa4}], 0x3, 0x3, 0x7f) r5 = syz_io_uring_complete(0x0) pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r6, 0x2405, r2) r7 = pidfd_getfd(r3, r2, 0x0) r8 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r9) statx(r3, &(0x7f0000000080)='./file0\x00', 0xb76c104ffccb857, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x20010, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[{@aname={'aname', 0x3d, 'cpu.stat\x00'}}], [{@defcontext={'defcontext', 0x3d, 'system_u'}}, {@seclabel}, {@smackfsroot={'smackfsroot', 0x3d, '@'}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'cpu.stat\x00'}}, {@pcr={'pcr', 0x3d, 0xb}}, {@uid_lt={'uid<', r9}}, {@dont_measure}, {@fowner_gt={'fowner>', r10}}]}}) r11 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000700)='/proc/self/attr/fscreate\x00', 0x2, 0x0) write$binfmt_script(r11, &(0x7f0000000180)=ANY=[], 0xffffffffffffff39) 04:32:55 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) tkill(0x0, 0x13) r2 = fork() tkill(r2, 0x13) tgkill(0x0, 0x0, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:55 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(r1, 0x13) r2 = fork() tkill(r2, 0x13) wait4(r2, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) wait4(r2, 0x0, 0x2, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 353.940406][T24596] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 353.948751][T24596] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 353.960870][T24596] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 353.969301][T24596] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:55 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x2, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r1) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r3 = open_tree(r2, &(0x7f0000000040)='./file0\x00', 0x8000) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r3, 0xc0406618, &(0x7f0000000140)={@desc={0x1, 0x0, @desc4}}) r4 = dup2(r0, r0) ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x3, 0xe, 0x1c, "7c2fc236bc38c90e24ef18b1514c934c9ee2ac841439b52ddc0aee29bc501927ef09e169a984daecbfacb99118d67e493ab78b248fdd16b34e48e947d0939abf", "0774f1630941a50878ed866af79690612bd04f39fb6c56d5d7f772d262c04e9524cdc3cf288c2082f1c6607200ab063ff51121779a9affaad51ddd66938aeaeb", "67ecd0785609145781cbc27ff34c2fdb1c35facd3bca086b91a93ab34fbdf7fd", [0xffffffffffff95f6, 0x569]}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) ioctl$PTP_ENABLE_PPS(r5, 0x40043d04, 0x0) write$binfmt_script(r5, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:55 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x10, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 354.021563][T24666] loop2: detected capacity change from 0 to 264192 04:32:55 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x7400000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 354.069685][T24666] loop2: detected capacity change from 0 to 264192 04:32:55 executing program 5: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:55 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x7a00000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 354.139528][T24686] loop2: detected capacity change from 0 to 264192 04:32:55 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0) [ 354.250746][T24696] loop2: detected capacity change from 0 to 264192 04:32:55 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x85ffffff00000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 354.319567][T24696] loop2: detected capacity change from 0 to 264192 [ 354.368404][T24712] loop2: detected capacity change from 0 to 264192 04:32:55 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) r2 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000140), 0xc4000, 0x0) fgetxattr(r2, &(0x7f0000000180)=@random={'user.', 'cpu.stat\x00'}, &(0x7f0000000200)=""/245, 0xf5) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x1, 0xb, 0x17, 0xc2, 0x0, 0x8, 0x44018, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x40, 0x0, @perf_config_ext={0x7, 0x7}, 0x20b0, 0x101, 0x66bf, 0x6, 0xa2ac, 0x6cfebfdd, 0x2, 0x0, 0x1, 0x0, 0x9}, 0xffffffffffffffff, 0x1, r3, 0xa) 04:32:55 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x8cffffff00000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:55 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(r1, 0x13) r2 = fork() tkill(r2, 0x13) wait4(r2, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) wait4(r2, 0x0, 0x2, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:55 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:55 executing program 4: r0 = getpid() r1 = fork() tkill(r1, 0x13) r2 = fork() tkill(r2, 0x13) tgkill(r1, r1, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:56 executing program 4: r0 = getpid() r1 = fork() tkill(r1, 0x13) r2 = fork() tkill(r2, 0x13) tgkill(r1, r1, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:56 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x97ffffff00000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 354.888757][T24725] loop2: detected capacity change from 0 to 264192 04:32:56 executing program 4: r0 = getpid() r1 = fork() tkill(r1, 0x13) r2 = fork() tkill(r2, 0x13) tgkill(r1, r1, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:56 executing program 5: prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000080)) r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = getpid() r3 = pidfd_open(r2, 0x0) r4 = epoll_create1(0x0) r5 = dup3(r3, r4, 0x0) r6 = fcntl$dupfd(r5, 0x0, r4) setns(r6, 0x3a020000) r7 = syz_open_dev$tty20(0xc, 0x4, 0x0) set_mempolicy(0x1, &(0x7f0000000040)=0x9, 0x8) ioctl$KDSKBENT(r7, 0x4b47, &(0x7f0000000000)={0x0, 0x4}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x100010, r1, 0xffffe000) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 355.028143][T24750] loop2: detected capacity change from 0 to 264192 04:32:56 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="cf3aef7bf352e02bc2f82b5b84d0525b47946317818511857a", 0x19}, {&(0x7f0000000140)="d6", 0x1}], 0x2) waitid(0x0, r0, 0x0, 0x4, &(0x7f0000000000)) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x4, 0x1, 0x6, 0x7, 0x10, @local, @local, 0x7800, 0x80, 0x80, 0x400}}) r4 = fork() tkill(r4, 0x13) wait4(r4, 0x0, 0x8, 0x0) tgkill(r4, r4, 0x12) waitid(0x2, r4, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:32:56 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xbb2348dd00000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:56 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(r1, 0x13) r2 = fork() tkill(r2, 0x13) tgkill(r1, r1, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, 0x0, 0x0, 0x8, 0x0) [ 355.141316][T24773] loop2: detected capacity change from 0 to 264192 04:32:56 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xfffffc0000000001, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x3}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:56 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(r1, 0x13) r2 = fork() tkill(r2, 0x13) tgkill(r1, r1, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, 0x0, 0x0, 0x8, 0x0) 04:32:56 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(r1, 0x13) r2 = fork() tkill(r2, 0x13) wait4(r2, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) wait4(r2, 0x0, 0x2, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 355.734406][T24721] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 355.742761][T24721] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 355.753906][T24721] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 355.762315][T24721] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 355.773400][T24721] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 355.781738][T24721] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 355.794804][T24721] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 355.802782][T24721] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 355.814469][T24721] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 355.822548][T24721] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 355.833665][T24721] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 355.841648][T24721] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 355.854074][T24721] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 355.862398][T24721] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 355.919008][T24721] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 355.927456][T24721] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 355.953654][T24721] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 355.962051][T24721] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 355.973097][T24721] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 355.981437][T24721] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 355.992513][T24721] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 356.000907][T24721] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 356.012068][T24721] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 356.020080][T24721] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 356.031627][T24721] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 356.039639][T24721] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 356.050716][T24721] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 356.058821][T24721] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e 04:32:57 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:57 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xd401000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:57 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="cf3aef7bf352e02bc2f82b5b84d0525b47946317818511857a", 0x19}, {&(0x7f0000000140)="d6", 0x1}], 0x2) waitid(0x0, r0, 0x0, 0x4, &(0x7f0000000000)) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x4, 0x1, 0x6, 0x7, 0x10, @local, @local, 0x7800, 0x80, 0x80, 0x400}}) r4 = fork() tkill(r4, 0x13) wait4(r4, 0x0, 0x8, 0x0) tgkill(r4, r4, 0x12) waitid(0x2, r4, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:32:57 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x1, 0x0, 0x0, 0x0, 0x1, 0x107e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) [ 356.069905][T24721] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 356.078321][T24721] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 356.090915][T24721] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 356.099366][T24721] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:57 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(r1, 0x13) r2 = fork() tkill(r2, 0x13) wait4(r2, 0x0, 0x8, 0x0) tgkill(r2, r2, 0x12) tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:57 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(r1, 0x13) r2 = fork() tkill(r2, 0x13) tgkill(r1, r1, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, 0x0, 0x0, 0x8, 0x0) [ 356.151632][T24811] loop2: detected capacity change from 0 to 264192 04:32:57 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xd501000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:57 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="cf3aef7bf352e02bc2f82b5b84d0525b47946317818511857a", 0x19}, {&(0x7f0000000140)="d6", 0x1}], 0x2) waitid(0x0, r0, 0x0, 0x4, &(0x7f0000000000)) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x4, 0x1, 0x6, 0x7, 0x10, @local, @local, 0x7800, 0x80, 0x80, 0x400}}) r4 = fork() tkill(r4, 0x13) wait4(r4, 0x0, 0x8, 0x0) tgkill(r4, r4, 0x12) waitid(0x2, r4, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 356.206014][T24811] loop2: detected capacity change from 0 to 264192 04:32:57 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(r1, 0x13) r2 = fork() tkill(r2, 0x13) wait4(r2, 0x0, 0x8, 0x0) tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 356.298517][T24834] loop2: detected capacity change from 0 to 264192 04:32:57 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xd601000000000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:57 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="cf3aef7bf352e02bc2f82b5b84d0525b47946317818511857a", 0x19}, {&(0x7f0000000140)="d6", 0x1}], 0x2) waitid(0x0, r0, 0x0, 0x4, &(0x7f0000000000)) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x4, 0x1, 0x6, 0x7, 0x10, @local, @local, 0x7800, 0x80, 0x80, 0x400}}) r4 = fork() tkill(r4, 0x13) wait4(r4, 0x0, 0x8, 0x0) waitid(0x2, r4, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 356.366927][T24834] loop2: detected capacity change from 0 to 264192 04:32:57 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xdaffffff00000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 356.426061][T24853] loop2: detected capacity change from 0 to 264192 [ 356.484514][T24864] loop2: detected capacity change from 0 to 264192 [ 356.989356][T24808] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 356.997851][T24808] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 357.008970][T24808] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 357.017299][T24808] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 357.028372][T24808] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 357.037061][T24808] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 357.050327][T24808] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 357.058319][T24808] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 357.074623][T24808] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 357.082746][T24808] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 357.093843][T24808] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 357.101841][T24808] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 357.114408][T24808] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 357.122759][T24808] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 357.190185][T24808] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 357.198612][T24808] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 357.223009][T24808] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 357.231447][T24808] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 357.242715][T24808] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 357.251236][T24808] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 357.262394][T24808] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 357.270848][T24808] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 357.281950][T24808] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 357.289968][T24808] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 357.301291][T24808] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 357.309368][T24808] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 357.320424][T24808] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 357.328427][T24808] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e 04:32:58 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:58 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x1, 0x1, 0x1, 0x7, 0x0, 0x1, 0x9800, 0xb, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffa2, 0x2, @perf_config_ext={0x10000, 0xfffffffffffffff7}, 0x2000, 0x0, 0x2, 0x0, 0x1, 0x1, 0xa, 0x0, 0x3}, 0xffffffffffffffff, 0x6, r0, 0x8) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:58 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xf6ffffff00000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:58 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:58 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(r1, 0x13) r2 = fork() tkill(r2, 0x13) tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:58 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="cf3aef7bf352e02bc2f82b5b84d0525b47946317818511857a", 0x19}, {&(0x7f0000000140)="d6", 0x1}], 0x2) waitid(0x0, r0, 0x0, 0x4, &(0x7f0000000000)) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x4, 0x1, 0x6, 0x7, 0x10, @local, @local, 0x7800, 0x80, 0x80, 0x400}}) r4 = fork() tkill(r4, 0x13) waitid(0x2, r4, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 357.339539][T24808] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 357.347863][T24808] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 357.366594][T24808] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 357.374991][T24808] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:58 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(r1, 0x13) fork() tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:58 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="cf3aef7bf352e02bc2f82b5b84d0525b47946317818511857a", 0x19}, {&(0x7f0000000140)="d6", 0x1}], 0x2) waitid(0x0, r0, 0x0, 0x4, &(0x7f0000000000)) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x4, 0x1, 0x6, 0x7, 0x10, @local, @local, 0x7800, 0x80, 0x80, 0x400}}) r4 = fork() waitid(0x2, r4, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 357.451568][T24885] loop2: detected capacity change from 0 to 264192 04:32:58 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(r1, 0x13) tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:58 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xf9fdffff00000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 357.506339][T24885] loop2: detected capacity change from 0 to 264192 04:32:58 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="cf3aef7bf352e02bc2f82b5b84d0525b47946317818511857a", 0x19}, {&(0x7f0000000140)="d6", 0x1}], 0x2) waitid(0x0, r0, 0x0, 0x4, &(0x7f0000000000)) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x4, 0x1, 0x6, 0x7, 0x10, @local, @local, 0x7800, 0x80, 0x80, 0x400}}) waitid(0x2, 0x0, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:32:58 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfdfdffff00000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 357.576637][T24907] loop2: detected capacity change from 0 to 264192 [ 357.636391][T24917] loop2: detected capacity change from 0 to 264192 [ 358.287359][T24876] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 358.295855][T24876] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 358.307211][T24876] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 358.315564][T24876] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 358.326931][T24876] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 358.335239][T24876] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 358.348896][T24876] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 358.356900][T24876] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 358.368741][T24876] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 358.376747][T24876] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 358.387840][T24876] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 358.395837][T24876] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 358.408124][T24876] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 358.416478][T24876] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 358.484992][T24876] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 358.493433][T24876] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 358.517986][T24876] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 358.526368][T24876] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 358.538242][T24876] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 358.546604][T24876] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 358.557932][T24876] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 358.566344][T24876] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 358.577504][T24876] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 358.585501][T24876] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 358.596557][T24876] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 358.604508][T24876] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 358.615652][T24876] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 358.623655][T24876] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e 04:32:59 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfdffffff00000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:59 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="cf3aef7bf352e02bc2f82b5b84d0525b47946317818511857a", 0x19}, {&(0x7f0000000140)="d6", 0x1}], 0x2) waitid(0x0, r0, 0x0, 0x4, &(0x7f0000000000)) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x4, 0x1, 0x6, 0x7, 0x10, @local, @local, 0x7800, 0x80, 0x80, 0x400}}) waitid(0x2, 0x0, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:32:59 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$lock(r0, 0x7, &(0x7f0000000040)={0x0, 0x4, 0x1, 0x1}) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_bp={&(0x7f0000000000), 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xfffffffdffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:59 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:32:59 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:32:59 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(r1, 0x13) tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 358.634735][T24876] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 358.643065][T24876] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 358.655475][T24876] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 358.663865][T24876] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:32:59 executing program 3: sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)={0x94, 0x0, 0x401, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x7, 0x43}}}}, [@NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xe, 0xbd, [0x7, 0x81, 0x2, 0x0, 0x3]}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x1d}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x8}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x18, 0xbd, [0x8001, 0x2, 0x1953, 0xe2d, 0x5, 0x111f, 0x8, 0x101, 0x0, 0x6]}, @NL80211_ATTR_STA_WME={0x14, 0x81, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0xff}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x8}]}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x8, 0xbd, [0x8, 0x9]}, @NL80211_ATTR_STA_PLINK_ACTION={0x5}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x61}]}, 0x94}, 0x1, 0x0, 0x0, 0xc004}, 0x4000) r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x85, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open_tree(0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', 0x9000) sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f0000000700)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000006c0)={&(0x7f00000003c0)={0x2dc, 0x0, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0xc4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x6, @rand_addr=' \x01\x00', 0x978}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010101}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x100}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x80000001, @rand_addr=' \x01\x00', 0x3}}, {0x14, 0x2, @in={0x2, 0x4e24, @multicast1}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @empty}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x5, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8000}]}, @TIPC_NLA_SOCK={0x84, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x80}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xee}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffffc}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x10001}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}]}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffff81}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x21e}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x40}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffff9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_NODE={0x8}]}]}, @TIPC_NLA_NODE={0x180, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bc942cb7fea371cc2ed5c1e4afcf91e2ae2d942e1ec217a78e226703e927bfb74bbe8cd4"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x42, 0x4, {'gcm(aes)\x00', 0x1a, "c2df58222a59275d4c8c848cb339dcb8e2dce68ebadf4453bff9"}}, @TIPC_NLA_NODE_ID={0x94, 0x3, "a78fd72eb2157b0d339068493e87841e1c9289ab60fa61a4dfdbb6f3976c3da0ecf880b5d662b930cdf57f179adf8fd8c7e88268439cdeb37c4a05c4f16bbd1dcb0743a0eadfde337cc34c83af771c582edb50278f72f1e6cd864d836ffed78394cce4ac432bebf6ae039c95749a5433559480b63438ce788d4531fb487ba8c4e5e0184229cd27894cb192bb2ee47ae7"}, @TIPC_NLA_NODE_KEY={0x49, 0x4, {'gcm(aes)\x00', 0x21, "c8eaac6103d0ff88c7f601f79914e53e4769c777535365da1b4e1859f1a3b2c002"}}]}]}, 0x2dc}, 0x1, 0x0, 0x0, 0xc8}, 0xe82219661a0779d9) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000004, 0x10, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) openat(r3, &(0x7f0000000000)='./file0\x00', 0x400000, 0x108) preadv(r0, &(0x7f0000001b40)=[{&(0x7f0000000180)=""/2, 0x2}, {&(0x7f0000000740)=""/185, 0xb9}, {&(0x7f0000000800)=""/134, 0x86}, {&(0x7f00000002c0)=""/3, 0x3}, {&(0x7f00000008c0)=""/77, 0x4d}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f0000001940)=""/252, 0xfc}, {&(0x7f0000001a40)=""/67, 0x43}, {&(0x7f0000001ac0)=""/77, 0x4d}], 0x9, 0x2, 0x4) write$binfmt_script(r3, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:32:59 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="cf3aef7bf352e02bc2f82b5b84d0525b47946317818511857a", 0x19}, {&(0x7f0000000140)="d6", 0x1}], 0x2) waitid(0x0, r0, 0x0, 0x4, &(0x7f0000000000)) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x4, 0x1, 0x6, 0x7, 0x10, @local, @local, 0x7800, 0x80, 0x80, 0x400}}) waitid(0x2, 0x0, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 358.720784][T24940] loop2: detected capacity change from 0 to 264192 04:32:59 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="cf3aef7bf352e02bc2f82b5b84d0525b47946317818511857a", 0x19}, {&(0x7f0000000140)="d6", 0x1}], 0x2) waitid(0x0, r0, 0x0, 0x4, &(0x7f0000000000)) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) r4 = fork() waitid(0x2, r4, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:32:59 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="cf3aef7bf352e02bc2f82b5b84d0525b47946317818511857a", 0x19}, {&(0x7f0000000140)="d6", 0x1}], 0x2) waitid(0x0, r0, 0x0, 0x4, &(0x7f0000000000)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') r3 = fork() waitid(0x2, r3, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 358.778598][T24940] loop2: detected capacity change from 0 to 264192 04:32:59 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfeffffff00000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:32:59 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="cf3aef7bf352e02bc2f82b5b84d0525b47946317818511857a", 0x19}, {&(0x7f0000000140)="d6", 0x1}], 0x2) waitid(0x0, r0, 0x0, 0x4, &(0x7f0000000000)) r3 = fork() waitid(0x2, r3, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:00 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="cf3aef7bf352e02bc2f82b5b84d0525b47946317818511857a", 0x19}, {&(0x7f0000000140)="d6", 0x1}], 0x2) r3 = fork() waitid(0x2, r3, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 358.881959][T24970] loop2: detected capacity change from 0 to 264192 04:33:00 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfeffffffffffffff, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:00 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) r2 = fork() waitid(0x2, r2, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 358.939712][T24970] loop2: detected capacity change from 0 to 264192 [ 359.039454][T24992] loop2: detected capacity change from 0 to 264192 [ 359.118875][T24992] loop2: detected capacity change from 0 to 264192 [ 359.571366][T24932] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 359.579774][T24932] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 359.591094][T24932] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 359.599458][T24932] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 359.610553][T24932] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 359.618961][T24932] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 359.632515][T24932] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 359.640562][T24932] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 359.652038][T24932] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 359.660020][T24932] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 359.671196][T24932] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 359.679165][T24932] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 359.691604][T24932] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 359.699926][T24932] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 359.754173][T24932] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 359.762692][T24932] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 359.786884][T24932] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 359.795289][T24932] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 359.806755][T24932] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 359.815157][T24932] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 359.826223][T24932] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 359.834547][T24932] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 359.845681][T24932] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 359.853786][T24932] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 359.864822][T24932] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 359.872861][T24932] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 359.883897][T24932] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 359.891922][T24932] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e 04:33:01 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:33:01 executing program 5: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) r2 = fork() waitid(0x2, r2, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:01 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='rdma.current\x00', 0x0, 0x0) r1 = fork() tkill(r1, 0x13) wait4(r1, 0x0, 0x8, 0x0) tgkill(r1, r1, 0x12) r2 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000, 0x7fff}}, r1, 0xffffffffffffffff, r0, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r2, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:33:01 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xffffff7f00000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:01 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(r1, 0x13) tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:01 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = fork() tkill(r2, 0x13) r3 = fork() tkill(r3, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 359.902988][T24932] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 359.911379][T24932] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 359.923819][T24932] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 359.932244][T24932] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:33:01 executing program 5: getpid() r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:01 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 359.996290][T25017] loop2: detected capacity change from 0 to 264192 04:33:01 executing program 5: getpid() r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:01 executing program 5: getpid() r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 360.066352][T25017] loop2: detected capacity change from 0 to 264192 04:33:01 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xffffffff00000000, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:01 executing program 5: getpid() r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 360.158660][T25054] loop2: detected capacity change from 0 to 264192 [ 360.832378][T25010] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 360.840736][T25010] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 360.852303][T25010] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 360.860667][T25010] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 360.872263][T25010] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 360.880707][T25010] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 360.893969][T25010] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 360.901962][T25010] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 360.913806][T25010] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 360.921791][T25010] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 360.933111][T25010] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 360.941260][T25010] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 360.953659][T25010] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 360.961993][T25010] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 361.033217][T25010] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 361.041663][T25010] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 361.066030][T25010] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 361.074442][T25010] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 361.085520][T25010] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 361.093844][T25010] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 361.104898][T25010] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 361.113236][T25010] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 361.124392][T25010] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 361.132377][T25010] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 361.143434][T25010] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 361.151410][T25010] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 361.162466][T25010] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 361.170451][T25010] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e 04:33:02 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:33:02 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xffffffffffffff0f, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:02 executing program 5: getpid() r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:02 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) r2 = inotify_init1(0x80800) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r2, 0x8010661b, &(0x7f0000000000)) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:33:02 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(0x0, 0x13) r3 = fork() tkill(r3, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:02 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 361.181577][T25010] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 361.189919][T25010] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 361.202406][T25010] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 361.210832][T25010] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:33:02 executing program 5: getpid() r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 361.255013][T25074] loop2: detected capacity change from 0 to 264192 04:33:02 executing program 5: getpid() r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:02 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xfffffffffffffffe, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 361.345984][T25074] loop2: detected capacity change from 0 to 264192 04:33:02 executing program 5: getpid() mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r0 = fork() waitid(0x2, r0, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 361.421278][T25101] loop2: detected capacity change from 0 to 264192 04:33:02 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, 0x0, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:02 executing program 5: getpid() mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r0 = fork() waitid(0x2, r0, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 361.547111][T25112] loop2: detected capacity change from 0 to 264192 [ 362.124480][T25076] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 362.132950][T25076] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 362.144548][T25076] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 362.152922][T25076] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 362.164023][T25076] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 362.172361][T25076] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 362.185828][T25076] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 362.193787][T25076] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 362.205285][T25076] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 362.213249][T25076] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 362.224383][T25076] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 362.232370][T25076] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 362.245029][T25076] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 362.253375][T25076] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 362.318513][T25076] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 362.326939][T25076] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 362.351066][T25076] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 362.359512][T25076] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 362.370554][T25076] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 362.378928][T25076] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 362.389997][T25076] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 362.398328][T25076] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 362.409413][T25076] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 362.417383][T25076] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 362.428439][T25076] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 362.436414][T25076] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 362.447470][T25076] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 362.455570][T25076] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e 04:33:03 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:33:03 executing program 5: getpid() mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r0 = fork() waitid(0x2, r0, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:03 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:03 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x7e, 0x7f, 0x7f, 0x0, 0x0, 0x7ff, 0x1240, 0x4, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x5, 0x4, @perf_bp={&(0x7f00000002c0), 0x8}, 0x2002, 0x0, 0x401, 0x5, 0x8, 0x6, 0x81, 0x0, 0xff, 0x0, 0x7}, 0x0, 0xd, r0, 0x8) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r2, 0xd000943e, &(0x7f0000000380)={0x0, 0x0, "d22c31d090ac451165eee47891c2cf8a0ebd962f17d454a39c852b0a9b7a2a99ab0e01cb791e7e0051faa90a8735f3d12131070eb7c1caeeadc8171058e6a268c6e09f8d72a8295d9edb3687c22bb6d8dfbb379c6af1e96e0a0ddceefe6d5e71901dc63985991297a8712258a8560bd247ec28adfa2b6aa682f42240f543a532a011d44376751ec763058212b0150ab4c8d85065e1c53d7238b133e352abd93396062aa93532758a6112ea3132834f6e0a163006c91c0dd3304d2b39de0976fef5bdf385bced249821114c8e8b3933a5b539cb8ed13721d0f95ee88a4b3489550eb8484d38e62c16afe7aaff97bee623aaf936f0a354ae4afa7e7270a10a9c55", "3562d36cfce21c93029f9bdf6f4018fdeafb2dd70fc507fa2da97b82b83332bf42f0beb975d8848a8ee674302f35b19e485b42d75e86a0a9d8f46d5cd462259739aee1d965c4104f91cdfed9acbe7c8ea209ae69c1eff1f6f9b20c55eaf5529c234b9816933a5cf538eb61473d21b918fadc4e98f7cf1a7e7f8422b893c7921066040c97faee215a33088510a376ec975da55267e46febf8869c448cbd6d5bf4df18f85ef74a1966288be7d1445c7026651d7bd56dea7bf7197c822818f4f98f71f3d92cc964886306e1a0cdabeff11fa4d2610b760105ab47efa33980dab5c8b3241279806c28ab0d4b1fa320075d2fd65ea2518afd9002e5669fecaf27ee92e3cdafeffe1791623240732a199687d9ae70d8d1400962e032159900d2339c02fd094bf29d894724a50f60754b972436ef8e70280f2ff83c26c041a83d57e6ff75f5e1be16a43736768b6f397f7295b453665b236e301b60959b3e10abd9f04d1f4f4fbfceafd36987bc829663a88c81b4f8a03bb219656690b316fbf24c238492195a4ee9f2782405b578f4d9c5cfa0c727cefb45c20632b21aabedd68316790905cfb005c0a672bbb1531c6c79a4f75fd00167680426076596ea58616123aaacfe2f127ddf0dd4a070875470041ca6899c5e7fafbd87c8584986d26ebcc4349519f1296e7c84175b5dfa5701592a1aaa796185b2319f0cfeb82552392731066509d42db39ce7c13569b60df6c558f45b00db831f4c42ca413bb6711fd78a0d959c9571f35256f16c6b483fb50bfe2ad3342b1bebfb71d270da98b68404df726fd5bb86d8f6d9f7d3e4a66452368ed6a2caa32bb89416a8d78027c5bcd502cb1626d358058ac31eff307aad50c3d6da494c265e85d6a90113033e3aca9667ce7272b1161437a3f44c04e44530a4ea6ce0d4f1b9d58a9c511972124d56ff5c094ea90133bf561297ffb1f357ac5312b883b76e90a0f6b69f25c7073d11be15c843f7e694a2c5f95ef3c7dd277a1b7a1d86fb9627e2985d8c59c2281b1c021582aa9634596ed117bbd1dd5a2a495a5321dae881d69959750ab49feab8c55d4d0932a3d758cfcb98c798e58a6aaeaa4e9724e1de41172f94013eb892ce01f055c9e8352ca4e8a7af49ace109616111f62fdff7a70b73f8fd9ee10fa5c9196bd4b24ee5adab8714a77e1e8f7db9bde134b6d01126458369f9bf5e72d0568c40c971a352b9a2434af748e84bab415c43aeb03beff81462686bf53399314ce0ecc5d4e4943ec4e7cdfa4f1174788ad1eecd565de29bc1450c73c9b58dac219c16a46061c292075d0dc112dd88ac91c0ebb3af6faacd6f64dbb6a7333dc19f319ca13107d2773d3f74603e5ca75e6be59e40c9c0e33399ae082b8a1209c2d0749da00c37e14980195abd6341d2b702e0eca3dcaa79917a1c7403cad57ccb30ad5fd45c27a99986963fcc30bc07bc56316954add9340a405df5d2fe5e823eecccd154fa9553f35c2024043471c60c02d31d96df6547b5db616f70079333b4781e26468c48d1201688f71059fbdc67a62243867e2caf6b5fdd2720a53744e1b7e0efe89abfa53fdae26b2a2f281480c71ce43524727fd6d9ee851439849fbccb18e650444dd161eb66b85ad7617cd9e758df1799080faf2abf589f6a29a92afd8fb0603c2b186974b81e0446ad5bf2ff582aec472a05ed4a9b74b59993044e6966c2b6cad64303d2fa27f9b6d8adeb12630877ea7e2e31fc13e97573419be128014c6cb33c72f948d051fd788ef64ff2755e0a80e0289b1f0bb6acd6d653200d013df5f286acac51d02e0c037bc9d47784bf1858149639397d4ddff1f8c345ce15473198a5c0c9ad055754c6c53baab90746efdbf62c7bd6f57eb15df79ae22904e8a041759aa023ac792a42e5ed5dfdd271482074c9a8ba70fd01c4f9e5942c046f4cb92103083a2b76eeb98bc1ae90622e860c7b9ee75709766c69e7bae381b771ad1e5a9f23be819ecfc11a8d011edc0f16303bf4dcd4e464563be60645f2522c92657eb6ba373e67d7bef9a762e8dec366314e525eecddb2de63b97eb27e40219c909ae3a7309492bd9ee43e46abac1573f2bace57653b651d2d4f09facbfe28dc5b7ebcf218c90e3886e8ba25b317cea3c995d7333f55431bb2063b18eb081abe6b43732ff82cccc9895f82e5e0f8b4ed659c531c112d86d540413d69051425f11f2b8bd378addd8b3b99572e2a6c5610f27bd85977b531e166d0870c1e57a85227bc40ac9531b2e1f330ae9cc316a7c54bbb0714bd98b04300beb01e0b5da7cd70c90e503ef93c2ebdccb53bc695581d26ed2c44662ffe744c3bcaae7a62b6291b606ffa087c0dabde2ff4bdb69f4e5113660f7b852ef2a662f5cf051f45229b5e025c0b65ccf4bd52174dad6736d8abbe15e916985e5f0c0e03db5e43d7c75d26d78d2c415808e106773945ce6376460f0f71bd96b6a9cb413da10a5e92fd59c1c31bbabe1e953d7ea928f153ab15c1e46a2ee7b2716979613013b7b464770bcfe2fe4beb5d598ac90ef83a7016f562e87130bdcb6de1665c8eaeeb4ba3af7ec3a9a0261638263cadee2c4fcc0e8b0f6f4e5d88e7612351cdd67b7f3077d9094c64752129c8b2a9705d1f7a827c6129334f575fb84bdd88b74651bb9d000b9a4cf76859e4eba5b3bfca9328a2cb7500e1060347cd8bd82d27811184510dc7f1c2e6b6d949bd83c43988e684b6c151921f47dc45f0862d6ba278111dc19e3f90c6ad073328ff59348b4f52cdd8908e431028aa167b62cdb9b637ac79b1d78391ccc21e24410e4c1898d0b26cc0715ed4d9c4bee436b7c571c8c15abafc401095a0ae33303e35856be6ce3fc0e76da82e94b6a0f09e2375d12485ef1b437f3e7b409b256525194828730993fb9678caa9592141eb289d3bbc4347c0777a92b386fdcc1861525e2a7f4a9bd459986017a238920105627c55548bb7e8f84ef5eae68e2c407552f59aaa3a88fc2e97ff1aa29f2497b4766de364afab750b839d3bcd6ca67f508b841467e8392b31b452ed71379f1379866ac1e5f4fc33993cc7bc952c6dda7bf5ab1714c67eb03cf1a71db96d9b3f2d8f7b9fea95c19505db5e13794e5ff47177a267209c5115d53469648b4bcec1c4cbd8425af33c6d5e2a805efe0c1e79e90fb7918b856c73720f0af5a97ff90684543f829954627e2cce779b7a3448bfc6604462a3a1bc7e105a4a9123fbaf29b95e31dbe760b6d35f050a090630f0c106bc92e0c7e8713357511c2bfc902ab1bec38525572b4e67d6d35ed6f080e64e8243307e42347c8c8edaf0d8c3966e89af17fc2a6cbdeca533eb95bad866544cbf23f7bad4feb4a93ba463b7ce51bc13f2e6bc6efcda4d40b1920e0aea859e6f8312cff7ac72a8e5e62278ff243e9c644abd6dea71f5962577d564d1b11ad7c62ab1ada76fd3204c00a7c7d72be389f6c1dd18fde5eb41fee0b3cab16a1ee2bc69f641240f47b43b18823d8747c8a6bfadbc542b1e67ed0db3d54003b083b327a6af718b022487641029a080400410664774e8e5b80c97f0c57fd7fbb78f35d25042d804bc223be634ee2009bbc2108eaf4d8eaf051cb3da40af9ada58d102e351b8b8656737b383acef934d192fdb073c69894b96ff95ebe42fd4aef7bfae4ff3cc109ebd27ddbb28483132afb53fcb853908a247048e3789cfeb857971c99ec8e49d68103bfcac8da193c44e8e0744eae298c8de5aedcfedbbe2dff86a7721390c2ee5e2056d48d7295db8640bc68998204e8c3af4321f6078d6fffdf057feb7a8e8ec350cc9efbed8ed070a441bdc28a707013227bc199af591ae655824ff48b677c3376de77095e0ce6d508eb69732d6d9a6d4babdbfbeb5bd0af3ed47f74a31d1bb1358921fc205c3b13a50972cae10705680ff5820a1d8e535adadde8c5bf28cfcac37bdd3e16c9d916853ce6261cbe2c2997db840c2930199581bb6820551b4ae4c5732880eaa1425262693c6ae29fb1259a3a511ae2c4e915a38a8c417f3fa15d1027207fbef247d2df1c533a3334faaf320a60a89a0e3ab67f874062cc99cac4303839f91d4600f81289b82fdf9c085c8c70f5bb197aa9af43f500d007dc360b1508d452109e6de6f221c35e4be318610316d431c35004e394b5a48cdc89f91c0b781c1f9505199956b7a0616b3d255aa21b2fddb5492c66d5e90db002061dc00e7d0f8bdfeac6000226b17e50525739d84ae9903a4eab8f2eefe39aa02ce86187ca0a3e237b5e148905192b5b71c42b0a97e0af427d775cc1216c1de5bb7e02aa14b58c768b0111837a4a06974f071e8ee359e86ac1e08af4b0f3858a3f0f10a4db8d0c2ff1a4961ffda633e5a7cd3153964e55d4eaec5a8d94e397620b5fd37e008b53a4ead8e966a9eef39ffd9b32168f33787d3eadc0d62c316757b370bcd2e06dbf8a9aa9f6d77862353ba79a2c9f6dec44f2bafb8e0830bec3bb65f27bc7c4abb4b45e4c3c9cf468c768ac85a5f463c7274f6b8de9e1e720f02f55defaeeeec968c4d67af037916df82d66be6964fee0b90e4d6ca0a5f0a42ebb31be390a7ce3f9e6e18e15474a37bbe99e84037eeb7bdb49fdda4ca7743a52314ea07790bcd85c3605c4fc4b878965af88e087b4b9c001cb836b2d19f8e083b9da4524f7a993ce2e22ee1b9e7ee3f69e65dea07e7bae54e591715693d36ec56e13727dfd05eca7e55196e9765e2420e3249c4acc70d76857f090e36a9f624950f15902ca85927eb2100e9153f05fd4ae77735fc8f00a98e20835a3c75f6fae2c5fc85eade3cd4a42464522fdcc525e1583dd188856ec96ffa4202ba24f98c750868c5f9fb7eed6e6451d5df734aba1636c8b8cb618df9e79ad73ffb72935e80709f9a5cd24e37619974e5cf63511543519f501054f9753670f9cea7777f42a81f83aeea19ef80dff1f357f3a6e2083bac38e4ab9f0380d748090c20a581a4f881f99a90c433d9c79b7e4cc7e7ac2864549afb38e64fe9bac3ae969a1e01465ff98a4fc0fc0d95516e52cc1e4ba6a5bc0ef34f740177749175a89b404ac3ef5fcbc25dd2d7df77e3faba1738d5541cf17c55d5ac8d69616f690d0b5d959f8c44dcb961414d6bf0ae3a61529f883cabdcb252c639abb34e4ec296ccfb2c01e35902c7a1d647e8c8123e329c92e015606ed237e4731f7dc381c22c149e3e141ec9d249481f415531c88943a401948838e6f2dc7eff5ee1dc3b1d29f9ae2eadc1dbcb33ff98d417c84794296ea99a62cc5d5923c103500ad50b4b758148937ac7907b5d6c7e1730f21fe00f67462e9bd3fc22c24ca5c8de3fab8faad4dbff921dbe9ad4f560f65b4ec5bb0cd3dc6731f82ec1db59e0cc37a8cf7f791c6a39f7af1ec14448ea247cdb372272b10fb0"}) syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x1, &(0x7f0000000080)=[{&(0x7f0000000200)="678fdefdb8695ac11b1aeb0033c88b7afbc011b0b84a97d455dc898911573e56578fc9dc2b7b4070467c988438206304f4d93752461152262d149e184ee6a6beca523013989bf818f5e354386726ca9d2afcc1f12fd3e546aafe8cfdd454d9b81da736d279002b2d920c4da4c598dc22d4c61f803646339ab72be8bf12d4387015c31029d6cd303e4a57cc017b4808c43d9c1380ddf4cdd0cf71717e99ec5bc01545f4175836fcd823d2", 0xaa, 0x7fff}], 0x200020, &(0x7f0000000140)={[{@data_writeback}, {@prjquota}, {@data_ordered}, {@nombcache}], [{@dont_hash}, {@fsuuid={'fsuuid', 0x3d, {[0x57, 0x38, 0x51, 0x33, 0x31, 0x5c, 0x36, 0x37], 0x2d, [0x66, 0x30, 0x62, 0x36], 0x2d, [0x36, 0x63, 0x34, 0x65], 0x2d, [0x66, 0x31, 0x0, 0x64], 0x2d, [0x33, 0x33, 0x64, 0x36, 0x33, 0x64, 0x34, 0x36]}}}, {@dont_appraise}]}) write$binfmt_script(r1, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:33:03 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(0x0, 0x13) r3 = fork() tkill(r3, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:03 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 362.466784][T25076] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 362.475179][T25076] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 362.488044][T25076] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 362.496549][T25076] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:33:03 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:03 executing program 5: r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 362.564646][T25135] loop3: detected capacity change from 0 to 127 04:33:03 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x3, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:03 executing program 5: r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:03 executing program 5: r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:03 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 362.956364][T25135] loop3: detected capacity change from 0 to 127 [ 363.417255][T25134] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 363.426066][T25134] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 363.437586][T25134] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 363.445968][T25134] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 363.457663][T25134] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 363.465997][T25134] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 363.479304][T25134] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 363.487367][T25134] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 363.499008][T25134] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 363.506984][T25134] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 363.518073][T25134] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 363.526050][T25134] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 363.538804][T25134] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 363.547217][T25134] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 363.615457][T25134] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 363.623936][T25134] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 363.647741][T25134] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 363.656146][T25134] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 363.667255][T25134] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 363.675589][T25134] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 363.686775][T25134] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 363.695113][T25134] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 363.707054][T25134] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 363.715061][T25134] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 363.726179][T25134] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 363.734204][T25134] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 363.745235][T25134] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 363.753251][T25134] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e 04:33:04 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:33:04 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x4, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:04 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:04 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x7, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xffffffffffffffff}, 0x0, 0x2, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='attr/exec\x00') perf_event_open(&(0x7f0000000200)={0x3, 0x80, 0xff, 0x3f, 0x1f, 0x5, 0x0, 0x10001, 0x50088, 0xa, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2a3b, 0x2, @perf_bp={&(0x7f0000000140), 0x6}, 0x4281, 0x7, 0x3, 0x8, 0x7, 0x4, 0x631, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, 0x0, 0x5, r1, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) sched_setattr(0xffffffffffffffff, &(0x7f0000000280)={0x38, 0x3, 0x10000000, 0x0, 0x5, 0x401, 0x7, 0x3, 0x20, 0x927}, 0x0) write$binfmt_script(r2, &(0x7f0000000180)=ANY=[], 0x208e24b) r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x7, 0x9, 0x3f, 0x0, 0x8001, 0x1c000, 0x6, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x80000008, 0x4, @perf_bp={&(0x7f0000000000), 0x2}, 0xc74a, 0x1, 0x8000, 0x7, 0x0, 0xfff, 0x200, 0x0, 0x6, 0x0, 0xfffffffffffffff9}, 0xffffffffffffffff, 0xb, r0, 0x2) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r4, 0x84009422, &(0x7f0000000fc0)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0}}) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r') ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ') sendmsg$NLBL_CIPSOV4_C_REMOVE(r6, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000001400)=ANY=[@ANYRES32=r5, @ANYRESOCT, @ANYRESHEX, @ANYRES32, @ANYRESOCT, @ANYRES64, @ANYRESHEX], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x40025) ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r5, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}}) ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x8, 0x0, {0x5, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x20000000, 0x7, 0x1, 0xfffffffffffffffe, 0xa4d]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x7, 0x4, 0x0, 0x2, 0x0, 0xd71]}, {0x9, @usage=0xe1, r5, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x487, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}}) ioctl$BTRFS_IOC_DEV_REPLACE(0xffffffffffffffff, 0xca289435, &(0x7f0000000440)={0x1, 0x80000001, @start={r5, 0x1, "110eb4e4c27f67423bdc700247a565224ec5e11112fd2587496f249ff9eef90a2e5be562e792546520a21b29ee0fc76eb3ab3f6343215a1cffb633331cc910d059cd6a9d4d2a63abfad5bb400b50fde3d51c7566f28ef1ef184c58c65d2d839fcb1b6e4431c33b2dce348ebc2062dbcfeec4f6ff0b976077a3f4c20b7a76beeed99381ad2267e087e1cf463b1f308f5c45caf1d8bb39082ea89ca871c050d46c280c3121d61adb9c34b13051ce614386ca695c7687853a03d11ee6bf62aa9e373acedbc965e28866e5d07181e92b02523c84f34bfe7c6331f394cb2d0e98fbf8ea5ccf9e3e06baa378ae18397062970e48c1f746cb4d5b5b7bb70f2dd18b4e7774c619943c236e24e32fad65b50104ebe021ecb539394b520347419cbf98e3575c43872cf0a98daa389ce817cc5ace6545ca0890047cdd95375eb9911a74ae08ad7de65121278616e9b68858a2481a093e78eee71cd42a186ab9f9ba0ec19fc8817d45c71be489cac0407b73be297644054214fbf7f35dd16f6de9f9ffa1b1c9d935f7432fef5d57390b12c375c48f4090fe73b3dcf80aeaf1001fd0540cc707016a55508763e8a3308433e386fca68f8d402930503fc098ce5a9080e158a112a96889a6b656361e74bc654324149d4bf56867f2e87ff20fcace8aee65511238647e2765a064beb06af8473046a5fa33521326885dc95b71e894d0a6627d238dd82f0146be4dd72aa302ff15a35fd7b2c65ede0957e7387904d461ba03b52038e8b52526653da2b937a5ec73cfad564df5335929c90fef68d96ed3f76796b9aa157cd5dfc9dd1b55027d0174db3b57b1a15534c69299a2f93bf41d00b9aac52c18f25cb067831765f5dabb406074e3ee8e628e57c5406cd339e5df7562b833a49feba4fb8e4b587d748a96d808c710657419983a64890c5d0e6c3e2e8c8594e90efb9bc0dd40a404c0ac412b2151f09d2376d047df795200f0884b9011099c72abfc855bf38c6c8fcd5c16b0e3bd2790d6a068953d17ceda1337c7dfbae30376df76168959c807d4df1109aa1ff5ad58025556e39fa993664c136a07801b12223f8434fda23865902319e59e08a504eef634a588ccf951a8488ac262bf42971181a12843ecdf4d1e4a76554ae506085cbddc0123a3c86e964e03d2fa0bcba641a9c5d1982f84b26816f2a84459ffa5016c0cc2a02d2538970d11aad3ff29b3cc77bbe970ea00be8628e959d202be95a64d05a895eab3d61aad36777bd943cb4032158e7f0153eba56f22fcaccf311d786fa77ba9786be190db2d1cb04db7d0bde35a6bb962eba0f61397c5e076a78fd261fde2b79507580ebdb9674fedc11a711a683eec2c684413406bfc09ba874ea1b4c0f87c4e505edbfcb6551652958601c5cde397849b6f07e625fa3ca4492493745229f38263b3f9d4fee25eb6e7fcafc2", "46874dc4eb80f6f00327aa9f6269b5853c63d033eab39ac7f7aab8ad5680da5cdf0318c564adcee7775c8e8c7ae89310c3deee18ecd465ba9cf83e6cdbe441a2886179d98e953318a005fef854d04e2e618bf69afde6990ac27c8c7d316d5381ee044fdc9a0d274e32d6dc792b56c441572279c35a89a35d8822f67e5c732b0dd28d6c0ec09aa947283090c1738c3f588ef0bbc4144319644288db32f54487448693c1e30ddda1f8eca46872121720fd5305e4dcea30977e8b3cd3a7c5beae493bac6d4de978fac7c3d0afa9d3a9c0032c983c7ef820e15ec1ee2cee8c58bc86c8a7cdd266928e5ddd62fafa1b5e08482191f87d74245487c23833338f0f130733276873a6152a03b0a6841f26939f855798873d4d361108faa099569ce8c4a811a8f29d9000647d851f3b8e4ebf151774addd2bfc2c8d88ca7ad36e029072edd9cbb2ce29f57f84af4a5041c231c7e04c1bc8c5ecf89cb334b2273e7d89cdf167c71b19b4e285a1b0c66b82b1d7f61f7a3fad97675c6fe691c9e75d1a539ab120a541c439afd48963917fb35a5d96cfd64123ba119294b512ce713a8745256edd4059d2b7bc887363e88a473eb7e4b56abf2bcef5b8b0a0219f71e02dfc880afe128b0dc64403993c20e221ac6e5499fd11c71b8461f3d30b8f11e2be6228c156173eaba0f4ccb08fdf679b96070134f1aa38a9008243dc14ad20de5586186b33c1870c143905ca2e510b943071c7a80f8c35252d0d6517c4ca179e886580cced9cabc8a94940cb9048414d16956513f97084ef54e516b7120b20005c31569ab3e4b5c450f76831d2ef0e47c02c84f5518cc487cd0b53356babfa1399680f0e6799e0b346e3e9a0dbdf528aa7320e095538fa05cd4eaa7c4c6874c1038b34d622920511453543e6431f566245ae645d8f0fbe2d999e697182a1fe5a989c001f304f1ab25044ab34bb10c7c60ad57487fad3db56b950c64aefef65bbb59139d3b9b99bc5dc1c06e377fd199d36f23de02d77d5e5966aa18cbc339f3e95d87b2726692087b52da81c049c50846efebbb6b212dc52efb9580f396b115cdf1d4c88c8b28e4686a27a30807d1f33f676836c70189e713dacb8900702f9d153dfbb02557cd91f9d27d528e87373eb474968ac65291aa4e88aa801b9bc37cea6d21b2ebac742ea81e343f4190d053b5f657a782bac6229e8a47e2b6905229d57d434b71cb9006b9df70f03dcf0cb20a738ed67a7efd62de957ece3407535ee736cdb20b248d68a0632cc2f9c87f7c28118a3a88300be023dd2bd0e60168d59f2b79c3d2942dde823182319bbd3e2c08b607c4c3bf81507abecf8dfe6e34f444fd7c7db4e15ed8f393ef276105a721692acb1b313665103224b0397ad5f5a34f0d1a35e866e3c0f946bf3041d3be6fa9c2ca752684a2432194ae3bbea75d6d8c9946d98f6"}, [0x80000001, 0xd89, 0x78, 0x0, 0x5, 0x0, 0x8, 0x80, 0x3ff, 0x1, 0x4, 0x7, 0x6534, 0x6, 0x7df, 0x7ff0000000000, 0xf9, 0x2, 0x7fffffff, 0x2, 0x20000000000000, 0x8, 0xfffffffffffffffb, 0x3, 0x9, 0x0, 0x80, 0xfffffffffffff74e, 0x2, 0x7ff, 0x10, 0xf7f0, 0x3, 0x9, 0x100000000000008, 0x5, 0x1, 0x42, 0xa, 0x3f, 0x19d366d7, 0x8, 0x7ff, 0x6, 0x6, 0x9, 0x1000, 0x8, 0x4, 0x9709, 0x9b, 0xfffffffffffffffb, 0x1, 0x0, 0x9, 0x1, 0x4, 0x4, 0x4, 0x5, 0x5, 0xfff, 0x4, 0x4]}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r3, 0x50009418, &(0x7f0000000540)={{r3}, 0x0, 0x0, @inherit={0x58, &(0x7f00000004c0)={0x1, 0x2, 0x3, 0x1, {0x20, 0x2, 0x2, 0x200, 0x3}, [0x8, 0x2]}}, @devid=r5}) 04:33:04 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(0x0, 0x13) r3 = fork() tkill(r3, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:04 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) tkill(0x0, 0x13) tgkill(0x0, 0x0, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 363.764559][T25134] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 363.772904][T25134] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 363.785509][T25134] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 363.793993][T25134] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:33:04 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:04 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) tkill(0x0, 0x13) tgkill(0x0, 0x0, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:05 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x5, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:05 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) tkill(0x0, 0x13) tgkill(0x0, 0x0, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:05 executing program 1: r0 = getpid() r1 = fork() tkill(r1, 0x13) tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:05 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x6, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 364.721145][T25206] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 364.729650][T25206] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 364.740760][T25206] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 364.749099][T25206] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 364.760666][T25206] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 364.769063][T25206] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 364.782514][T25206] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 364.790528][T25206] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 364.802030][T25206] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 364.810064][T25206] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 364.821261][T25206] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 364.829444][T25206] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 364.841795][T25206] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 364.850130][T25206] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 364.928451][T25206] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 364.937231][T25206] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 364.961718][T25206] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 364.970174][T25206] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 364.981470][T25206] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 364.989897][T25206] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 365.000936][T25206] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 365.009273][T25206] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 365.020593][T25206] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 365.028670][T25206] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 365.039895][T25206] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 365.047986][T25206] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 365.059044][T25206] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 365.067018][T25206] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e 04:33:06 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:33:06 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x7, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:06 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00') write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000340)={'syz0', "7e2413efab8efaccd0bce0f66c255bbdd6ee5914f958edec92fca9e43d01ccf40edc8cc01ed729e9d55fece76d3832a378a678a3a7bb5a9c43527bc5e527c0c85ad1f28e65e952b7a3f92f5f17771c0ccb94b3e08b47a693e45976e7cb32f846591dddcb0e69e32aa7c314e21af2308e2f4bb06460b500f150bbbe31fea0fe93fa2d73a37c2b437eeb026bb94def666d6ecac5d91908e573922d92abf5c609eedf037639"}, 0xa8) preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x9, 0x6, 0xeb, 0x0, 0x0, 0x8, 0x1200, 0xf, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000040), 0x7}, 0x228, 0x1, 0x7f, 0x0, 0x7, 0xfffffffe, 0x491, 0x0, 0xffff}, 0xffffffffffffffff, 0x0, r1, 0x1) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x40200, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000180)=ANY=[], 0x208e24b) 04:33:06 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x0) r3 = fork() tkill(r3, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:06 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:06 executing program 1: r0 = getpid() r1 = fork() tkill(r1, 0x13) tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 365.078204][T25206] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 365.086638][T25206] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 365.099395][T25206] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 365.107816][T25206] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:33:06 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:06 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x8, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:06 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:06 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:06 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:06 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x9, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 365.465725][ T1800] ================================================================== [ 365.473822][ T1800] BUG: KCSAN: data-race in blkdev_get_whole / blkdev_put [ 365.481028][ T1800] [ 365.483342][ T1800] write to 0xffff888101b800a0 of 4 bytes by task 25320 on cpu 0: [ 365.491141][ T1800] blkdev_get_whole+0x308/0x350 [ 365.496083][ T1800] blkdev_get_by_dev+0x2ad/0x8d0 [ 365.501023][ T1800] blkdev_open+0xb3/0x130 [ 365.505443][ T1800] do_dentry_open+0x529/0x850 [ 365.510125][ T1800] vfs_open+0x43/0x50 [ 365.514106][ T1800] path_openat+0x1787/0x1f20 [ 365.518703][ T1800] do_filp_open+0xe9/0x200 [ 365.523208][ T1800] do_sys_openat2+0xa3/0x250 [ 365.527801][ T1800] __x64_sys_open+0xe2/0x110 [ 365.532396][ T1800] do_syscall_64+0x3d/0x90 [ 365.536816][ T1800] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 365.542886][ T1800] [ 365.545204][ T1800] read to 0xffff888101b800a0 of 4 bytes by task 1800 on cpu 1: [ 365.552741][ T1800] blkdev_put+0x3b/0x4e0 [ 365.556991][ T1800] blkdev_close+0x47/0x50 [ 365.561318][ T1800] __fput+0x25b/0x4e0 [ 365.565307][ T1800] ____fput+0x11/0x20 [ 365.569298][ T1800] task_work_run+0xae/0x130 [ 365.573803][ T1800] exit_to_user_mode_prepare+0x156/0x190 [ 365.579485][ T1800] syscall_exit_to_user_mode+0x20/0x40 [ 365.585038][ T1800] do_syscall_64+0x49/0x90 [ 365.589461][ T1800] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 365.595361][ T1800] [ 365.597678][ T1800] value changed: 0x00000001 -> 0x00000002 [ 365.603394][ T1800] [ 365.605801][ T1800] Reported by Kernel Concurrency Sanitizer on: [ 365.611945][ T1800] CPU: 1 PID: 1800 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 [ 365.620622][ T1800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 365.630682][ T1800] ================================================================== [ 366.063192][T25278] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 366.071574][T25278] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 366.091974][T25278] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 366.100356][T25278] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 366.111523][T25278] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 366.119905][T25278] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 366.133748][T25278] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 366.142621][T25278] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 366.154479][T25278] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 366.162536][T25278] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 366.173756][T25278] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 366.183446][T25278] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 366.196162][T25278] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 366.204829][T25278] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 366.280765][T25278] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 366.289226][T25278] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 366.316334][T25278] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 366.324706][T25278] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 366.340138][T25278] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 366.348957][T25278] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 366.361627][T25278] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 366.370019][T25278] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 366.381414][T25278] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 366.389433][T25278] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 366.400632][T25278] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 366.408654][T25278] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 366.419756][T25278] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 04:33:07 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 366.427862][T25278] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 366.439093][T25278] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 366.447451][T25278] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 366.462085][T25278] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 366.470600][T25278] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:33:07 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:07 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0xa, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:07 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x0) r3 = fork() tkill(r3, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:07 executing program 1: r0 = getpid() r1 = fork() tkill(r1, 0x13) tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:07 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:07 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0xb, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:07 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:07 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0xc, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:07 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:07 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:08 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0xd, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 367.438583][T25332] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 367.447050][T25332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 367.469821][T25332] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 367.478186][T25332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 367.489593][T25332] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 367.498003][T25332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 367.513018][T25332] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 367.521186][T25332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 367.533153][T25332] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 367.541199][T25332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 367.552583][T25332] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 367.560685][T25332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 367.573502][T25332] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 367.581901][T25332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 367.673894][T25332] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 367.682429][T25332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 367.714579][T25332] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 367.722949][T25332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 367.734383][T25332] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 367.742744][T25332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 367.754597][T25332] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 367.763033][T25332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 367.774676][T25332] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 367.782744][T25332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 367.794157][T25332] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 367.802245][T25332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 367.813645][T25332] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 367.821750][T25332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 367.833170][T25332] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 367.841532][T25332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 367.855281][T25332] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 04:33:08 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:33:08 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:08 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0xe, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:08 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x0) r3 = fork() tkill(r3, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:08 executing program 1: openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r0 = fork() tkill(r0, 0x13) tgkill(r0, r0, 0x12) waitid(0x2, 0x0, 0x0, 0x8, 0x0) [ 367.863695][T25332] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:33:09 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x10, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:09 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:09 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:09 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:09 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x11, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:09 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:09 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x12, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 368.817048][T25398] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 368.825448][T25398] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 368.864981][T25398] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 368.873411][T25398] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 368.901026][T25398] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 368.909448][T25398] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 368.923924][T25398] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 368.931983][T25398] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 368.944166][T25398] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 368.952174][T25398] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 368.963979][T25398] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 368.972106][T25398] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 368.986120][T25398] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 368.994454][T25398] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 369.069878][T25398] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 369.078338][T25398] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 369.106079][T25398] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 369.114421][T25398] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 369.126665][T25398] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 369.135020][T25398] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 369.147009][T25398] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 369.155370][T25398] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 369.166739][T25398] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 369.174713][T25398] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 369.185802][T25398] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 369.193772][T25398] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 369.205169][T25398] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 04:33:10 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:33:10 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x0, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:10 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x22, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 369.213140][T25398] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 369.224543][T25398] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 369.232904][T25398] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 369.247069][T25398] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 369.255500][T25398] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:33:10 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) fork() tkill(0x0, 0x13) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:10 executing program 1: openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r0 = fork() tkill(r0, 0x13) tgkill(r0, r0, 0x12) waitid(0x2, 0x0, 0x0, 0x8, 0x0) 04:33:10 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x25, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:10 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) fork() tkill(0x0, 0x0) tgkill(r2, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:10 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) fork() tkill(0x0, 0x0) tgkill(0x0, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:10 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x48, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:10 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x4c, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:10 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x68, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:10 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x6c, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 370.206483][T25469] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 370.214858][T25469] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 370.246178][T25469] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 370.254530][T25469] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 370.285838][T25469] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 370.294251][T25469] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 370.324561][T25469] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 370.332567][T25469] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 370.344927][T25469] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 370.353132][T25469] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 370.364498][T25469] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 370.372501][T25469] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 370.386204][T25469] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 370.394546][T25469] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 370.502093][T25469] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 370.510808][T25469] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 370.539255][T25469] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 370.547732][T25469] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 370.560341][T25469] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 370.568719][T25469] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 370.580037][T25469] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 370.588490][T25469] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 370.601385][T25469] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 370.609401][T25469] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 370.620772][T25469] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 370.628910][T25469] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 370.640340][T25469] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 370.648346][T25469] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 370.659793][T25469] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 370.668151][T25469] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 370.682248][T25469] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 370.690761][T25469] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:33:11 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:33:11 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x74, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:11 executing program 1: openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r0 = fork() tkill(r0, 0x13) tgkill(r0, r0, 0x12) waitid(0x2, 0x0, 0x0, 0x8, 0x0) 04:33:11 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x0, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:11 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) fork() tkill(0x0, 0x0) tgkill(0x0, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:11 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x7a, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:12 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0xfe, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:12 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x1d4, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:12 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x1d5, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:12 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x1d6, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:12 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x204, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:12 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x229, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 371.640143][T25546] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 371.648527][T25546] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 371.694880][T25546] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 371.703222][T25546] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 371.724824][T25546] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 371.733166][T25546] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 371.757523][T25546] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 371.765541][T25546] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 371.795297][T25546] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 371.803375][T25546] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 371.815416][T25546] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 371.823489][T25546] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 371.837095][T25546] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 371.845462][T25546] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 371.959217][T25546] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 371.967677][T25546] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 371.997793][T25546] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 372.006179][T25546] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 372.028940][T25546] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 372.037306][T25546] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 372.049070][T25546] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 372.057465][T25546] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 372.069025][T25546] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 372.077037][T25546] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 372.088488][T25546] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 372.096502][T25546] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 372.108252][T25546] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 372.116264][T25546] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 372.127836][T25546] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 372.136293][T25546] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 372.150399][T25546] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 04:33:13 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:33:13 executing program 1: r0 = getpid() openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = fork() tkill(r1, 0x13) tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:13 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x0, r1, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) 04:33:13 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) fork() tkill(0x0, 0x0) tgkill(0x0, r2, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) 04:33:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x22a, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 372.158864][T25546] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 372.300495][T25628] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 372.309231][T25628] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 372.320396][T25628] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 372.328742][T25628] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 372.339837][T25628] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 04:33:13 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) fork() waitid(0x2, 0x0, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 372.348183][T25628] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 372.361986][T25628] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 372.370009][T25628] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 372.381758][T25628] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 372.389846][T25628] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 372.401071][T25628] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 372.409157][T25628] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 372.422139][T25628] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 372.430522][T25628] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 372.519382][T25628] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 372.527832][T25628] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:33:13 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) fork() tkill(0x0, 0x0) tgkill(r2, 0x0, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 372.563545][T25628] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 372.571921][T25628] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 372.583049][T25628] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 372.591402][T25628] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 372.602540][T25628] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 372.610886][T25628] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 372.621989][T25628] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 372.630001][T25628] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 372.641229][T25628] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 372.649218][T25628] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 372.660389][T25628] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 372.668404][T25628] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 372.679538][T25628] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 372.687883][T25628] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 04:33:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x22b, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 372.709868][T25628] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 372.718305][T25628] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:33:13 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:33:13 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) fork() waitid(0x2, 0x0, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 372.884126][T25661] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 372.892510][T25661] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 372.903634][T25661] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 372.912066][T25661] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 372.923360][T25661] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 372.931707][T25661] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 372.945147][T25661] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 372.953139][T25661] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 372.964907][T25661] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 372.972897][T25661] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 372.984087][T25661] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 372.992077][T25661] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 373.004761][T25661] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 373.013268][T25661] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 04:33:14 executing program 1: r0 = getpid() openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = fork() tkill(r1, 0x13) tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 373.107121][T25661] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 373.115586][T25661] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 373.146133][T25661] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 04:33:14 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x300, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 373.154466][T25661] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 373.165548][T25661] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 373.173947][T25661] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 373.184996][T25661] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 373.193313][T25661] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 373.204486][T25661] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 373.212484][T25661] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 373.223551][T25661] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 373.231597][T25661] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 373.242728][T25661] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 373.250812][T25661] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 373.262047][T25661] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 373.270385][T25661] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 373.284574][T25661] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 373.293018][T25661] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:33:14 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 373.438870][T25687] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 373.447237][T25687] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 373.458518][T25687] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 373.466861][T25687] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 373.477935][T25687] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 373.486279][T25687] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 373.499901][T25687] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 373.508025][T25687] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 373.519915][T25687] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 373.527913][T25687] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 373.538984][T25687] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 373.546993][T25687] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 373.559737][T25687] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 373.568189][T25687] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 04:33:14 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) fork() tkill(0x0, 0x0) tgkill(r2, 0x0, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 373.652446][T25687] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 373.660966][T25687] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:33:14 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x402, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 04:33:14 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) fork() waitid(0x2, 0x0, &(0x7f0000000340), 0x2, &(0x7f00000003c0)) [ 373.695444][T25687] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 373.706270][T25687] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 373.717406][T25687] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 373.725769][T25687] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 373.736838][T25687] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 373.745438][T25687] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 373.756647][T25687] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 373.764615][T25687] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 373.775780][T25687] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 373.783753][T25687] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 373.795681][T25687] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 373.803741][T25687] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 373.814900][T25687] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 373.823271][T25687] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 373.837127][T25687] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 04:33:14 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 373.845935][T25687] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:33:15 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) fork() tkill(0x0, 0x0) tgkill(r2, 0x0, 0x12) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 374.007586][T25706] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 374.015947][T25706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 374.027088][T25706] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 374.035424][T25706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 374.046491][T25706] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 374.054827][T25706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 374.068486][T25706] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 374.076991][T25706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 374.088585][T25706] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 374.097017][T25706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 374.108084][T25706] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 374.116084][T25706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 374.128642][T25706] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 374.136991][T25706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 04:33:15 executing program 1: r0 = getpid() openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = fork() tkill(r1, 0x13) tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 374.228544][T25706] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 374.237018][T25706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 374.265753][T25706] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 374.274083][T25706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 374.285152][T25706] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 374.293489][T25706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 374.304530][T25706] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 374.312886][T25706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 374.324010][T25706] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 374.332008][T25706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 374.343076][T25706] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 374.351072][T25706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 374.362114][T25706] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 04:33:15 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 04:33:15 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(0x0, 0x13) tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 374.370192][T25706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 374.381269][T25706] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 374.389680][T25706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 374.403219][T25706] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 374.411664][T25706] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:33:15 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x406, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 374.572456][T25731] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 374.580830][T25731] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 374.592035][T25731] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 374.600454][T25731] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 374.611528][T25731] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 374.619875][T25731] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 374.633525][T25731] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 374.641529][T25731] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 374.653139][T25731] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 374.661150][T25731] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 374.672227][T25731] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 374.680217][T25731] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 374.693160][T25731] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 374.701515][T25731] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 04:33:15 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, 0x0, 0x2, &(0x7f00000003c0)) [ 374.788010][T25731] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 374.796510][T25731] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 374.827622][T25731] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 04:33:15 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x500, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 374.835987][T25731] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 374.847045][T25731] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 374.855394][T25731] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 374.866458][T25731] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 374.874795][T25731] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f 04:33:15 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = fork() tkill(r2, 0x13) fork() tkill(0x0, 0x0) tgkill(r2, r2, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 374.885918][T25731] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 374.893892][T25731] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 374.904961][T25731] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 374.913068][T25731] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 [ 374.924129][T25731] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 04:33:16 executing program 0: openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0xffc) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 374.932135][T25731] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 374.943321][T25731] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 374.951671][T25731] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 [ 374.965302][T25731] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 374.973749][T25731] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d 04:33:16 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, 0x0, 0x2, &(0x7f00000003c0)) 04:33:16 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, 0x0, 0x2, &(0x7f00000003c0)) [ 375.156644][T25757] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 375.165009][T25757] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 375.176174][T25757] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 375.184534][T25757] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 375.195720][T25757] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 375.204045][T25757] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000014e0476f [ 375.218057][T25757] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 375.226083][T25757] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x00000000cfe45455 [ 375.237679][T25757] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 375.245682][T25757] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000017c13794 04:33:16 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x0, 0x600, &(0x7f0000001480), 0x0, &(0x7f0000000180)={[{@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 375.257231][T25757] ref_ctr going negative. vaddr: 0x20000004, curr val: 0, delta: -1 [ 375.265221][T25757] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x0000000070e9254e [ 375.277987][T25757] ref_ctr going negative. vaddr: 0x20000004, curr val: -9217, delta: -1 [ 375.286344][T25757] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000002cf96384 04:33:16 executing program 1: r0 = getpid() openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) r1 = fork() tkill(0x0, 0x13) tgkill(r1, r1, 0x12) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 375.381160][T25757] ref_ctr going negative. vaddr: 0x20000004, curr val: -31789, delta: -1 [ 375.389603][T25757] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007199b88d [ 375.431536][T25757] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 375.440584][T25757] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000003a3d538f [ 375.451640][T25757] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 [ 375.459973][T25757] ref_ctr decrement failed for inode: 0x361d offset: 0x0 ref_ctr_offset: 0x4 of mm: 0x000000007658ad76 [ 375.471075][T25757] ref_ctr going negative. vaddr: 0x20000004, curr val: -6680, delta: -1 04:33:16 executing program 5: r0 = openat(0xffffffffffffffff, &(0x7f00000002c0)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = fork() waitid(0x2, r1, &(0x7f0000000340), 0x0, &(0x7f00000003c0))