, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_btf_id_by_name$bpf_lsm(0x0) [ 384.292997][ T5112] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:43 executing program 2: semctl$IPC_INFO(0x0, 0x3, 0x3, &(0x7f0000000140)=""/39) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x80000, 0x6, &(0x7f0000000200)=[{&(0x7f0000010000)="200000003600000019000000600100000ff68f01000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x640}, {&(0x7f0000010400)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f0000011000)="8081000000180000ddf4655fddf4655fddf4655f0000000000c800002000000010e10800000000000af3020004000000000000000000000002000000300000", 0x3f}], 0x81, &(0x7f0000000080)) 14:19:43 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r0, 0x0, r0, 0x0, 0x0, 0x0) 14:19:43 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'}) [ 384.362402][ T5119] EXT4-fs (loop3): orphan cleanup on readonly fs [ 384.368933][ T5119] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 33554432 [ 384.379950][ T5119] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 14:19:43 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10b4fff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:43 executing program 3: semctl$IPC_INFO(0x0, 0x3, 0x3, 0x0) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1050}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000003600000019000000600100000ff68f01000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f0000011000)="8081000000180000ddf4655fddf4655fddf4655f0000000000c800002000000010e10800000000000af302000400000000000000000000000200000030000000020000000400000032", 0x49}], 0x81, &(0x7f0000000080)) 14:19:43 executing program 4: pkey_mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0xffffffffffffffff) 14:19:43 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000280)={0x1, &(0x7f0000000240)=[{0x20}]}) [ 384.482821][ T5165] loop1: detected capacity change from 0 to 1 [ 384.543023][ T5165] loop1: p1 p2 p3 p4 [ 384.548879][ T5165] loop1: p1 start 1326170564 is beyond EOD, truncated [ 384.552223][ T5176] loop3: detected capacity change from 0 to 1024 [ 384.555705][ T5165] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 384.562129][ T5165] loop1: p3 start 225 is beyond EOD, truncated [ 384.575690][ T5165] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 384.594883][ T5176] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (60935!=0) [ 384.608785][ T5176] EXT4-fs (loop3): orphan cleanup on readonly fs [ 384.615276][ T5176] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 33554432 [ 384.626326][ T5176] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 14:19:43 executing program 5: sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x1e0e05a1e2473a9d) 14:19:43 executing program 0: perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x80000, 0x6, &(0x7f0000000200)=[{&(0x7f0000010000)="200000003600000019000000600100000ff68f01000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {0x0}, {&(0x7f0000010400)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f0000011000)="8081000000180000ddf4655fddf4655fddf4655f0000000000c800002000000010e10800000000000af3", 0x2a}], 0x81, &(0x7f0000000080)) 14:19:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$sock(r0, &(0x7f0000005d00)=[{{0x0, 0x0, &(0x7f0000002140)=[{0x0}, {&(0x7f0000001080)='8', 0x1}], 0x2}}], 0x1, 0x0) 14:19:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$sock(r0, &(0x7f0000006600)=[{{0x0, 0x0, 0x0, 0x5b}}], 0x1, 0x0) 14:19:43 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10c4fff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:43 executing program 3: semctl$IPC_INFO(0x0, 0x3, 0x3, 0x0) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1050}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000003600000019000000600100000ff68f01000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f0000011000)="8081000000180000ddf4655fddf4655fddf4655f0000000000c800002000000010e10800000000000af302000400000000000000000000000200000030000000020000000400000032", 0x49}], 0x81, &(0x7f0000000080)) 14:19:43 executing program 0: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f0000002980)=[{0x0}], 0x0, 0x0) 14:19:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$sock(r0, &(0x7f0000006600)=[{{&(0x7f00000002c0)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "2d4af34fab646a433aa0b4d62904575280b57c227b1a1edc6c4ef4b384cba7d4379a6a8d242f5f0286498be664cc8b20582b319ab6d709527fcb9ad11d2246"}, 0x80, 0x0}}], 0x1, 0x0) 14:19:43 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_opts(r0, 0x29, 0x39, 0x0, 0x0) 14:19:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$sock(r0, &(0x7f0000006600)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}], 0x1, 0x0) [ 385.188282][ T5205] loop1: detected capacity change from 0 to 1 [ 385.195818][ T5207] loop3: detected capacity change from 0 to 1024 14:19:43 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_async', 0x0, 0x0) finit_module(r0, 0x0, 0x0) [ 385.238432][ T5207] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (60935!=0) [ 385.253421][ T5205] loop1: p1 p2 p3 p4 [ 385.265580][ T5205] loop1: p1 start 1326236100 is beyond EOD, truncated [ 385.272429][ T5205] loop1: p2 size 1073872896 extends beyond EOD, truncated 14:19:44 executing program 2: semctl$IPC_INFO(0x0, 0x3, 0x3, &(0x7f0000000140)=""/39) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1050}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x80000, 0x6, &(0x7f0000000200)=[{&(0x7f0000010000)="200000003600000019000000600100000ff68f01000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x640}, {&(0x7f0000010400)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f0000011000)="8081000000180000ddf4655fddf4655fddf4655f0000000000c800002000000010e10800000000000af302000400000000000000000000000200000030000000020000", 0x43}], 0x81, &(0x7f0000000080)) [ 385.287022][ T5205] loop1: p3 start 225 is beyond EOD, truncated [ 385.293343][ T5205] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:44 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x10) 14:19:44 executing program 5: semctl$IPC_INFO(0x0, 0x3, 0x3, &(0x7f0000000140)=""/39) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1050}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x80000, 0x6, &(0x7f0000000200)=[{&(0x7f0000010000)="200000003600000019000000600100000ff68f01000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x640}, {&(0x7f0000010400)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f0000011000)="8081000000180000ddf4655fddf4655fddf4655f0000000000c800002000000010e10800000000000af302000400000000000000000000000200000030000000", 0x40}], 0x81, &(0x7f0000000080)) [ 385.345251][ T25] audit: type=1400 audit(1622470784.038:302): avc: denied { module_load } for pid=5223 comm="syz-executor.0" path="/sys/power/pm_async" dev="sysfs" ino=104 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=system permissive=1 14:19:44 executing program 0: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f0000002980)=[{&(0x7f00000018c0)="38d58652ecbaf09f6cd0300e80e6ab3f36c80feaafcecd58794b3a1a7f10e9dded432e737563429dea40f60a461d2d94bd5c5f11df0732ac5234ff7a96b60bfde3859781a3fbd6fbf0ccc5b26e0625cfd293e0ec3980d21725005a4affc237b4365e70cc02b47ce6ba0709bb469ab1bfc470fe3cbd564ec2333da67feb2c3fd05c9b181c9a0c9082d607e1eb6b9c1be29bcef482b5904e43aeb7b87e80ac13c48c5e00c5194ca909749c8bc3dc46f94099403b813438dd0ad738806fb47bb0bcb55467b3b0284648b0c0e206bf91bfbc87ad9544f11f97db7f82397b2bb5526994647e228788bbe052a03d6ad06202e9d13d976eab7a3a3d221f76e5a406c6d078c6fcc14e9e434f453dd3d03b6129951a8d39a0caa0f3aa1771d73e98e8ae1c0a050b07049978706a861a1ef8e8a0ffb4169c625099f752add53a9ef13f9d3affc7aa6e270e28f25375c98071c4ba032da83f9e1ea70aceca393dd39c7cb6f12a4a9909d23dda51effe142cac99c63617246c5375c5721dadd3512744de56fdb96d9403af7d4d5385b1271f9d2e7350b24b8baa344297fc53c6b9241e3bda38ff2cb4d9ce72a0769772dff17db127faa0e3b6c149ae64d9e04db3ff30a9e9b3c9d266a7449230daed78b312f492507561daf899ece7ec8a6c2eb03e520f37aa7682e6a67f94dfb17c7606841be0750f501a9928f45e40c6603b0b412a72afd6c1eb56c9a3079d703fc094a5f35c50c3fba2f6ae27c0ea8ee6148f08fdcdfad20da8408b59d94129c9dbc863a3dedaaad1003059d766abdcf61f02bd01a27fdefcb0e7cb959fc569e4d55c29d73d9655d4ff5e16e8c671df72b27d2938453cf3d8b3fb2b590f46779ffa48bdba47bcedba393548d8a095549c2918943d9577b4794698e1b7b7635c5ea3dd97447173135a197e730ae1299f87852cbed6a82c56d649cd2ea60a3e87c81879282a440aadcbe018ed59a189c677f1bddeb4b5665d5911b0b975c5951fe1e908fa9ae269ae23c80e23fe9255631794f89e3f3363ad1179f792a67c6ac3914d1a1cdb6ef2d3786a049c37ced88d6835f586302ea4016e51dfb3759e68b563ecffe88823b24917fd6d8b01811175a9c02f4821a31905186356a6d76e099a4fc81a4e9abd8a8180a2ed32aaf1b4c0ac0356f318f5486f0f4f23b7e19346fd7d348ad220038b501b931f9246d0dde8895bbb012f9e0e0e1bd0c1acb42b15b61c4683b98a61db56801254c6cb4cb95ee87738e0a56864c6f2c54139e2501000dab747107cdd942cca16a9e87baf0911319941cfd7e2ab72db0487a68232d37d1550059d8290ac5aff15e8ecd5b1d908c106ec15a4e13635f765eaea2b34f279c48c1e69787beb7e82c564257fe8e342f232104dd8f0df231cb8cbbda14be5da153eb395ccb28415f89c242bd53d79bd894a713958b6a6f2ff2c44d30fd8456f0048277238582944e424132961da77480216ec309272d77c1b7da5b11d325bfeee5cd324db72197ae011fd428ec4f875c900076d5ed167000367496dc78aa23037b28872d38e059989a8781715225aa6398875b445d0da4d3c725cc29ae4411da81d01ae5d7f610ab1127fe96d9ebafccbac4e81868534e8ffc09eae9f0c768339b1dadcbf801336c7221f18a08e2d071fdd7548b3fcbb90ddb2e13e884119eee68ec2190c6d3780723a1a6f6df4124530937a3de3be84850dfb4141fb1c28790209c3a65d61cef06f2dadc28ac1888fa2dc205bfeef2f65c41aa71cdce24441e5d0c955be4b04393c9b2bd59ecbeb6d6041fc893ef8095b5fc6cbca3613c541d602729c7d636472d3171a9d75989ebd61be26db279eb6825694de88eff7f959320b108612fb21fb452aa1a34372967292e6fb12573e1f2af4d7a3a3bff8878ac3e31ce2dc51a4e06a0803813c9f180b652c39b8a0779073eb695beeb57ed8bd923870fed8f719f14aa9fd5e44ac59eaddd865225277857a6d07b95657773809c4e5fbe83f1006b58bedf2489f53cd22878fa4f3d108f02285ead901ace68baa3ca9b0954c3f4dd724fc44280f6529a249a18ff1b71a7c535134e7cf9b83aa2f8cb44c059fbe15059762c10d8eb57a11f03be9690fc127c1b5b06790139bc16347eaed9d39931bfa7c6d0323cbe5f376da279fa1376abee03ec442ae08724801be65df7e1aeb53087147b2a07c0f1b8647c218177db3985cd7bd0245d26711624980279e56131c3848bbb95e70d239eb8b4359e977f21e3db310e843ee294dabb1467cc7c4dc5418c7180378e138b610d5351c74998344a40caedc1259810f18538c9f7110c9bc7498fe92bdc82dc6dbd47e680370af74356fef5a1a909fab4747b1fc41956cf1658b6a4a471a50ed0209cb525abaa6100a1cd45ab9d3418405d40f017882d7a27acbfe02ef24068dc433b15ef565278c894980bfdf0c5082d2bf4a50ec7019252d65d01d556e557f75dbda35d38ad4a714c63510601a0438b4c3cb17a9ea23f8efe3d5c9071e41a3e140bc32a199f524f9ac5dac8b64e4d4da049d41ab0f6fea301a5934afa21bb8789439a3c23d9f706003b289aebda4891e8f0b6875784ca40889857f8d075bf7b43f69db268e8578e153efd79640b5141fbb559817357c2c5bd8dfe6870eda97aeecaecfbbc0cd37b4de92e3398ca7798c1248d19ad7fdf517bb274c51abf73f71d67a68c610c74c1209778781b4c186f9e7e5057afe92aab96011929e8d26123e2e42c35480b496e63d2f0e093fa1dab0e526ae2fab5f867b131f569659eb4cea310ec8a2f0124b8de327ecb86dfcc420fda4b036ec7f18d63347de038b653b60aa256da363f59492351e2674cca75e435bd7c374e391893201b97eafb4e726c04367bfe9b1da467edabdd676eda9ebdf8bf0527fe0e7cc48f5f185bbf18e871d7c938ef9c68bc23c640128cf334d4a442ce13e438152a407c3c5bf176437b6795a79747837a00d5ab9f0159328c9be3f9e2d0715baaa80f44e5713a37c342bef465af6d082f35c6a1f1b8deffa57db5514cc2de9a613d6a8fb91325f48a72dc14e2b5f4f4e7059cdd4be6d1fb9bd5a88f1fe18bed92dff94cdc3d5f854edac123c40ce7d6d1dcf5ec9485481c8dbd1c384aa0a8831d4cc5eff40a8f041f5b1b0e6029a47b2ef03932aef32af186904a077d180d96cac87e38c75e4b5e634d7989e65a721e660b488c68d626fa236ad8211a7660210555b1ffd7f6640c4baa9680fae317e1bf49ca5075c7351f138edfbcf45e041c05354117cddadfa7c7b6e1e91e9e5b8a66c7016c8b5d0920c73604668cd80ff12ecb9280c81569624b3c3261f62b4c91728676b3dd426d91c9deb794572225e9b2f90f12f82f734d4cbaafffbd1cea00adfa32d52fae27788500f308c8806053f6d2477c453cb300ab2d0708eb78e6a881674da5b8440f004d1c6bdcdb7a0d89cf278e253544b747ab0729af2cd25a744520e5384a55a16ad690d6867d55804f99978a83db0d0635c5f89be715365cb566888abf0e27a3497ba82c4f8b79c7244a807bfba7740dea757dadb1adf9890a0b9bf915b13f798766c2ebe7da4e0a5b3911a1499592cef95b574dcc5d5fce7b7a73c994e0b88a6e29f6b8f8ebddddddda170b0c55df2cd3c3e221e0a97e8d0540ce1373869951af6409b6bc34120d237bf43a45da7b85cf747d40b6cd670e4f5a67eef4732f6233d83f71efde3d6985ba15a6924bb84dac1425d2fe1055bd339e1ad6aaf05f8e5ddc0aa36f04e50ae88d727991ed8b6d4050f6d8bc31b81cd9102a98879ec22fe7e55f7fc51cdfb0fbc2d1e389f1a9ca428bb4b2037422fd879aa4c31d369e7733d39f010c7f9e2e051c4465daa9748d64ad95954c35da5daf7560497c3cba0cabb37b49d8a9e3d0cdf2c11843c2342c3dbc57cd1ef5807ebe29e76db7d2796f99c02e0ccd9339d72bea04d8d54300b4b86237f6afe4c214dc283efe45deedaf4cb6778f886cf5d2dbb84053bdaf6fcc99c94505191290490cde1349a9ff80d0b3640de99f08a71557cdbef6dad1d1e7b4fced83ad16a620633eb470932bf165b92a5cae5b3d2d9803950c67c6eae73bbdde6eb06cd2e61f18cf84662c5970c7612ae3e2c75c1461c278df32a485cff75604cdf3b20d606f71bf9edf04eef6ac2476655d658441a94b94b2bb50ad08347b1417b165e0696133824985b0dc5f4b8411435919259a1cb07099c7bb4cb9dbc3fe839ece1969aedbff5f298578c0fd0265909e6dcc963e5471bcdc8eb8efbaa7c8ba843551909c62354076d097c134695a28249889030a4dd5b81c92fc89c11aa0e9cd299ffdae2c4ccf3d232af46b8b4938be63f57511ae73b2b2c942d5237545526ea4cec9ab496442ff51d542a93841e5948092e9c4938d4a1ef12e0d6b562111bf878881b110e3c6d4b80a4b595e87d8c56deb11016984d00e1635eafac1007818fbbafb9902775ea1488f654555b49757ac3aa0c3f93fda80cc0b86549b435cd48c45e919b2808c52b94dd77f6b5fbb8a27d40a93db65e9d4b98064c620a1c72c1acc9280f3b383a73e801f4c1caa86078fa359ef2b4928dbd1691a0b5fb9f441796ee2ddaadb5744b81adb17b7cea1e2a3a324422c4e68e11710e6015df94e5cd015d97f4e8f1a447b50e8d79007487f9105029c5f4418ca787a5213b01e0c2b98bb868aa4e2a8c5432173cd94b9a1e64cc7cdf2ba60a2a9d6a7b8591920ee74e43e5314870ebd2eff834f80d6e09f3b1898af87ae1a8c96c185f17065801ef49a111197fe7aeaf1e16a9da72b742def52b16fad9b15bc9c27b8bef3cb867e88ba300ffd39987315dd03e537a1489ff085e19dc75142cb0c40b84c0f0e9ab9a07a3c83ad921c8984804cec39b8992cebdd335b30e7718757248b259c7c48e36890ce047dc29fe68cf0aae62de07d4022594854a626001b4a8215cbcd2a8b5af2da75b272beafbf552552307b2633acbb9d8dd0a5467a0e0bca7812212c75b253f0040295f1bb1d7dc01dbd0a87b356a3e121bf1513f14a7af1738553fbb7b8ae6ffa76361e98d9d9a6d7b5e634f377255132c8470b3eaa64120cfd37bc2858600fa67699f2199a3822a794cabeb9bf4c318a7cb79643eb4be7ef3df7498164c48cb92511bcee815d2e82ba6aca9db4b78d9d1b5f7da6978dfe7b3bb8581531577f506f8bea6a42efc71c244a4d0444d28e2f41ae60ec5b4c68a2375a7d03a744cf5f9cd72ba4422ce183617440e42f4a4353f1273adc2b7aa28db8325ada58b4745ee46c14be463f516fe47414551e5143a1df6df2a29e0cb2dba5b72e58963bdd44e1671d84a163d9f75b2171b1e2f72d7b39bba289307b50bba6cbce8308390186a78335d2dcc749a1f77d80e7ffea37fa97ee0beb9fc6fe34d3ddbc5edf717073a2b2c897a8790b00bfa1fe71bf3841c9e9a18f4774ab32b0d315902934e084340073126283528eed14a5065e1afc1333e892d85afaa15908b8e2b40d169f521b09cb36a08856acc0c6de0e920105d99f458465d5b909d780a67a78d6b95d630427c032267beabf6248d061fa0b7e1f4d5329fc9d0419877f654d6b2b793910d143d8bd2e0b4acfb8230e3b1c3ecfdd7ee74ae1b83b03a2e303d7046fd8b95b54fbefa225de1ce53034e3a688b9bb75e40c7f81d15a6df81063a00a92ddd89143af090675c86b10981356ffce592c2d6b1c32b9e890f21c15f669cc3b625d33b128cbc83c0db0c84ce55f64fb7ee56c5cb79ef4cd29f1426f3e63c6744090b83c786a7df268807", 0x1b00}], 0x0, 0x0) 14:19:44 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10055ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:44 executing program 2: fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x80000, 0x6, &(0x7f0000000200)=[{&(0x7f0000010000)="200000003600000019000000600100000ff68f01000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x640}, {&(0x7f0000010400)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f0000011000)="8081000000180000ddf4655fddf4655fddf4655f0000000000c800002000000010e10800000000000af302000400"/55, 0x37}], 0x81, &(0x7f0000000080)) [ 385.390469][ T5207] EXT4-fs (loop3): orphan cleanup on readonly fs [ 385.396828][ T5207] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 33554432 [ 385.407839][ T5207] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 14:19:44 executing program 3: semctl$IPC_INFO(0x0, 0x3, 0x3, 0x0) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1050}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000003600000019000000600100000ff68f01000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f0000011000)="8081000000180000ddf4655fddf4655fddf4655f0000000000c800002000000010e10800000000000af302000400000000000000000000000200000030000000020000000400000032", 0x49}], 0x81, &(0x7f0000000080)) 14:19:44 executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x200000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000082e36724c6f34caa846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000010500)="7f000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7e23a065916bffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x1002, 0x2000}, {&(0x7f0000012600)="ed41000010000000daf4655fdbf4655fdbf4655f00000000000004008000000000000800050000000af301000400000000000000000000000900000010", 0x3d, 0x4400}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000380)=ANY=[], 0x44) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) 14:19:44 executing program 0: pipe(&(0x7f0000000080)={0xffffffffffffffff}) r1 = memfd_create(&(0x7f0000000200)='#\tP\x81\xcbXE\x00'/19, 0x0) splice(r0, 0x0, r1, &(0x7f0000000040), 0x7, 0x7) 14:19:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$sock(r0, &(0x7f0000001600)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @multicast2}, 0x80, &(0x7f0000001480)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}}], 0x1, 0x0) [ 385.462862][ T5250] loop5: detected capacity change from 0 to 1024 [ 385.485422][ T5250] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (60935!=0) [ 385.499012][ T5262] loop1: detected capacity change from 0 to 1 [ 385.528563][ T5262] loop1: p1 p2 p3 p4 [ 385.532690][ T5262] loop1: p1 start 1426112964 is beyond EOD, truncated [ 385.539479][ T5262] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 385.555181][ T5250] EXT4-fs (loop5): orphan cleanup on readonly fs [ 385.561624][ T5250] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 33554432 14:19:44 executing program 2: semctl$IPC_INFO(0x0, 0x3, 0x3, &(0x7f0000000140)=""/39) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000040)) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1050}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x6, 0xffffffffffffffff, 0x8) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x80000, 0x6, &(0x7f0000000200)=[{&(0x7f0000010000)="200000003600000019000000600100000ff68f01000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x640}, {&(0x7f0000010400)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {0x0}], 0x81, &(0x7f0000000080)) 14:19:44 executing program 0: pkey_mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0xffffffffffffffff) [ 385.572535][ T5250] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 385.582120][ T5262] loop1: p3 start 225 is beyond EOD, truncated [ 385.589674][ T5262] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 385.596757][ T5286] loop3: detected capacity change from 0 to 1024 [ 385.597013][ T5278] loop4: detected capacity change from 0 to 4096 [ 385.611789][ T5286] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (60935!=0) 14:19:44 executing program 0: semctl$IPC_INFO(0x0, 0x3, 0x3, 0x0) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1050}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x80000, 0x6, &(0x7f0000000200)=[{&(0x7f0000010000)="200000003600000019000000600100000ff68f01000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x640}, {&(0x7f0000010400)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {0x0}], 0x81, &(0x7f0000000080)) 14:19:44 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10102ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 385.637007][ T5286] EXT4-fs (loop3): orphan cleanup on readonly fs [ 385.643537][ T5286] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 33554432 [ 385.654640][ T5286] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 385.668647][ T5278] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 14:19:44 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) poll(&(0x7f0000000140)=[{0xffffffffffffffff, 0x480}, {0xffffffffffffffff, 0x100}, {0xffffffffffffffff, 0x70a0}, {r0, 0x84}], 0x4, 0x807) 14:19:44 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) finit_module(r1, 0x0, 0x0) 14:19:44 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x2) ioctl$sock_ifreq(r0, 0x8924, &(0x7f00000000c0)={'veth0_vlan\x00', @ifru_settings={0x0, 0x0, @fr_pvc=0x0}}) 14:19:44 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f0000000040), 0x8) [ 385.745482][ T5310] loop1: detected capacity change from 0 to 1 [ 385.765642][ T25] audit: type=1400 audit(1622470784.458:303): avc: denied { module_load } for pid=5313 comm="syz-executor.3" path="/root/syz-executor.3" dev="sda1" ino=13855 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=system permissive=1 14:19:44 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000001440), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, "c8fc719ad2fd3659fdb2c577a2bfe5c216ab1d79bdc963c355a29307d32f2462"}) [ 385.767484][ T5317] Module has invalid ELF structures [ 385.838135][ T1232] loop1: p1 p2 p3 p4 [ 385.842527][ T1232] loop1: p1 start 33669572 is beyond EOD, truncated [ 385.849181][ T1232] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 385.857297][ T1232] loop1: p3 start 225 is beyond EOD, truncated [ 385.863531][ T1232] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 385.872272][ T5310] loop1: p1 p2 p3 p4 [ 385.876452][ T5310] loop1: p1 start 33669572 is beyond EOD, truncated [ 385.883089][ T5310] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 385.890864][ T5310] loop1: p3 start 225 is beyond EOD, truncated [ 385.897016][ T5310] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:45 executing program 4: semctl$IPC_INFO(0x0, 0x3, 0x3, &(0x7f0000000140)=""/39) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1050}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x80000, 0x6, &(0x7f0000000200)=[{&(0x7f0000010000)="200000003600000019000000600100000ff68f01000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x640}, {&(0x7f0000010400)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f0000011000)}], 0x81, &(0x7f0000000080)) 14:19:45 executing program 3: perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x80000, 0x6, &(0x7f0000000200)=[{&(0x7f0000010000)="200000003600000019000000600100000ff68f01000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {0x0}, {&(0x7f0000010400)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f0000011000)="8081000000180000ddf4655fddf4655fddf4655f0000000000c800002000000010e10800000000000af302000400000000", 0x31}], 0x81, &(0x7f0000000080)) 14:19:45 executing program 2: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) keyctl$unlink(0x9, r0, r1) 14:19:45 executing program 5: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x3) write$binfmt_script(r0, &(0x7f0000000440)=ANY=[@ANYBLOB='#< \t'], 0x191) close(r0) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) 14:19:45 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x22, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000380)=ANY=[], 0x44) fcntl$setstatus(r0, 0x4, 0x44000) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) 14:19:45 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10103ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:45 executing program 2: semctl$IPC_INFO(0x0, 0x0, 0x3, &(0x7f0000000140)=""/39) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1050}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000003600000019000000600100000ff68f01000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f0000011000)}], 0x81, &(0x7f0000000080)) 14:19:45 executing program 5: ioctl$GIO_FONTX(0xffffffffffffffff, 0x4b6b, &(0x7f0000000580)={0x0, 0x0, 0x0}) pkey_mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) pkey_mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0xffffffffffffffff) 14:19:45 executing program 0: getresuid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)) syslog(0x2, &(0x7f0000000240)=""/101, 0x65) [ 386.437027][ T5355] loop1: detected capacity change from 0 to 1 [ 386.494013][ T5355] loop1: p1 p2 p3 p4 [ 386.498080][ T5355] loop1: p1 start 50446788 is beyond EOD, truncated [ 386.504700][ T5355] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 386.512694][ T5359] loop3: detected capacity change from 0 to 1024 [ 386.518714][ T5373] loop4: detected capacity change from 0 to 1024 [ 386.528100][ T5373] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (60935!=0) 14:19:45 executing program 0: openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000100)={0x246040}, 0x18) [ 386.538580][ T5359] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (60935!=0) [ 386.552073][ T5373] EXT4-fs (loop4): orphan cleanup on readonly fs [ 386.558485][ T5373] EXT4-fs error (device loop4): ext4_orphan_get:1413: comm syz-executor.4: bad orphan inode 33554432 [ 386.569505][ T5373] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 386.585182][ T5355] loop1: p3 start 225 is beyond EOD, truncated 14:19:45 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000200), 0x0, 0x0) ioctl$EVIOCGMASK(r0, 0x40044591, 0x0) 14:19:45 executing program 0: perf_event_open(&(0x7f0000000580)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000180)=""/4082, 0xff2}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/netlink\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x20000000, 0x0) [ 386.591464][ T5355] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:45 executing program 4: perf_event_open(&(0x7f0000000580)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000180)=""/4082, 0xff2}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/netlink\x00') write(0xffffffffffffffff, 0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x218, 0x0, 0x0) 14:19:45 executing program 3: open$dir(&(0x7f0000000080)='./file0\x00', 0x42842, 0x0) 14:19:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$sock(r0, &(0x7f0000006600)=[{{&(0x7f00000002c0)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "2d4af34fab646a433aa0b4d62904575280b57c227b1a1edc6c4ef4b384cba7d4379a6a8d242f5f0286498be664cc8b20582b319ab6d709527fcb9ad11d2246"}, 0x25a7, 0x0}}], 0x1, 0x0) 14:19:45 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x2a, 0x0, 0x0, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0, 0x74, 0x0) 14:19:45 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10104ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 386.645455][ T5359] EXT4-fs (loop3): orphan cleanup on readonly fs [ 386.651916][ T5359] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 33554432 [ 386.662864][ T5359] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 14:19:45 executing program 5: perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0xf, 0xffffffffffffffff, 0x0) 14:19:45 executing program 0: r0 = timerfd_create(0x1, 0x0) timerfd_settime(r0, 0x1, &(0x7f00000000c0)={{}, {0x77359400}}, 0x0) 14:19:45 executing program 2: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f00000002c0)=0xece) fcntl$setsig(r1, 0xa, 0x12) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r3, 0x0, 0x0, 0x22040fb5, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) recvmmsg(r3, &(0x7f0000000200)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x103}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) recvmmsg(r2, &(0x7f0000004800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) dup2(r1, r2) fcntl$setown(r2, 0x8, r0) tkill(r0, 0x16) 14:19:45 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x0) ioctl$EVIOCGPHYS(r0, 0x80404507, &(0x7f0000000000)=""/244) 14:19:45 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000200), 0x0, 0x0) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000340)={0x700, 0x0, 0x0}) 14:19:45 executing program 5: syz_io_uring_setup(0x0, &(0x7f0000000600), &(0x7f0000ff3000/0xd000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000680), &(0x7f00000006c0)) [ 386.767399][ T5419] loop1: detected capacity change from 0 to 1 14:19:45 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000ffd000/0x2000)=nil, 0x2000}, &(0x7f0000000080)=0x14) 14:19:45 executing program 3: r0 = timerfd_create(0x9, 0x0) timerfd_gettime(r0, &(0x7f0000000180)) 14:19:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x15) sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, 0x0, 0x1}, 0x14}}, 0x0) 14:19:45 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000200), 0x0, 0x0) ioctl$EVIOCGMASK(r0, 0x5450, 0x0) [ 386.851171][ T5419] loop1: p1 p2 p3 p4 [ 386.855348][ T5419] loop1: p1 start 67224004 is beyond EOD, truncated [ 386.861994][ T5419] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 386.874695][ T5419] loop1: p3 start 225 is beyond EOD, truncated [ 386.880938][ T5419] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:45 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x0) ioctl$EVIOCGBITSW(r0, 0x80404525, &(0x7f0000000140)=""/213) 14:19:45 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10105ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:45 executing program 4: perf_event_open(&(0x7f00000000c0)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 14:19:45 executing program 5: perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 387.040202][ T5475] loop1: detected capacity change from 0 to 1 [ 387.098607][ T5475] loop1: p1 p2 p3 p4 [ 387.102767][ T5475] loop1: p1 start 84001220 is beyond EOD, truncated [ 387.109515][ T5475] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 387.116948][ T5475] loop1: p3 start 225 is beyond EOD, truncated [ 387.123157][ T5475] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:48 executing program 2: r0 = eventfd2(0x0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000002, 0x10, r0, 0x0) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1612c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0x4000000000010046) 14:19:48 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x7, &(0x7f0000000040)=0x3, 0x4) 14:19:48 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f00000002c0)=0x8001, 0x4) 14:19:48 executing program 5: syz_io_uring_setup(0x6c18, &(0x7f0000002400), &(0x7f0000002000/0x4000)=nil, &(0x7f0000003000/0x5000)=nil, 0x0, 0x0) clone3(&(0x7f00000022c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 14:19:48 executing program 3: r0 = timerfd_create(0x8, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) timerfd_settime(r0, 0x1, &(0x7f0000000000)={{}, {0x0, r1+60000000}}, 0x0) 14:19:48 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10106ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:48 executing program 0: r0 = eventfd2(0x2260, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000002, 0x10, r0, 0x0) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1612c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0x4000000000010046) 14:19:48 executing program 4: syz_open_dev$evdev(&(0x7f0000000080), 0x3, 0x40) [ 389.850644][ T5506] loop1: detected capacity change from 0 to 1 [ 389.889848][ T5506] loop1: p1 p2 p3 p4 [ 389.894161][ T5506] loop1: p1 start 100778436 is beyond EOD, truncated 14:19:48 executing program 3: socketpair(0x1, 0x5, 0x0, &(0x7f0000000a40)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$AUDIT_USER_TTY(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={0x0}}, 0x801) 14:19:48 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='syscall\x00') preadv(r0, 0x0, 0x0, 0x0, 0x0) [ 389.900891][ T5506] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 389.909980][ T5506] loop1: p3 start 225 is beyond EOD, truncated [ 389.916348][ T5506] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:48 executing program 4: mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x187, &(0x7f00000002c0), &(0x7f00006d5000/0x2000)=nil, &(0x7f00006d6000/0x4000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x2, 0x0, r3, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}}, 0x0) io_uring_enter(r0, 0x2a6e, 0x0, 0x0, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r4, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, 0x0, 0x1) io_uring_enter(r0, 0x6196, 0x0, 0x0, 0x0, 0x0) 14:19:48 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000180)=@req={0x0, 0x3}, 0x10) 14:19:48 executing program 2: r0 = eventfd2(0x0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000002, 0x10, r0, 0x0) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1612c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0x4000000000010046) 14:19:48 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000200), 0x0, 0x0) ioctl$EVIOCGMASK(r0, 0x5452, &(0x7f0000000340)={0x0, 0x0, 0x0}) 14:19:48 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10107ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:48 executing program 3: process_vm_readv(0x0, &(0x7f00000026c0)=[{&(0x7f0000002480)=""/78, 0x4e}], 0x1, &(0x7f0000002d40)=[{0x0}, {0x0}], 0x2, 0x0) 14:19:48 executing program 0: r0 = eventfd2(0x2260, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000002, 0x10, r0, 0x0) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1612c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0x4000000000010046) 14:19:48 executing program 3: r0 = fork() process_vm_readv(r0, &(0x7f00000026c0)=[{0x0}, {&(0x7f0000002500)=""/249, 0xf9}], 0x2, &(0x7f0000002d40)=[{&(0x7f0000002700)=""/142, 0x8e}, {&(0x7f0000002800)=""/216, 0xd8}, {0x0}], 0x3, 0x0) 14:19:48 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000240)={'erspan0\x00', 0x0}) [ 390.153454][ T5554] loop1: detected capacity change from 0 to 1 [ 390.198780][ T5554] loop1: p1 p2 p3 p4 [ 390.203003][ T5554] loop1: p1 start 117555652 is beyond EOD, truncated [ 390.209707][ T5554] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 390.218818][ T5554] loop1: p3 start 225 is beyond EOD, truncated [ 390.225002][ T5554] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:48 executing program 5: syz_io_uring_setup(0x1a73, &(0x7f0000000140)={0x0, 0x0, 0x20}, &(0x7f0000005000/0x2000)=nil, &(0x7f0000000000/0x8000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) 14:19:49 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10108ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:49 executing program 3: openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x41a003, 0x0) [ 390.354046][ T5585] loop1: detected capacity change from 0 to 1 [ 390.403915][ T5585] loop1: p1 p2 p3 p4 [ 390.408112][ T5585] loop1: p1 start 134332868 is beyond EOD, truncated [ 390.414825][ T5585] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 390.423246][ T5585] loop1: p3 start 225 is beyond EOD, truncated [ 390.429583][ T5585] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:49 executing program 0: r0 = timerfd_create(0x8, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) timerfd_settime(r0, 0x0, &(0x7f0000000000)={{}, {0x0, r1+60000000}}, 0x0) 14:19:49 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b41, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 14:19:49 executing program 5: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000e80), 0x0, 0x0) clone3(&(0x7f0000000000)={0x3cd058300, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x7c) 14:19:49 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f00000001c0)) 14:19:49 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10109ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:49 executing program 2: r0 = eventfd2(0x0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000002, 0x10, r0, 0x0) r1 = open(&(0x7f0000000180)='./bus\x00', 0x1612c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0x4000000000010046) 14:19:49 executing program 5: mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4) mlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) munlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) 14:19:49 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000200), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x385b, "ad13173c21ddc5efdab04f48915ba542b5bda97b685cfafa14bbebbd07335036"}) 14:19:49 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000200), 0x0, 0x0) ioctl$EVIOCGMASK(r0, 0xc0189436, &(0x7f0000000340)={0x0, 0x0, 0x0}) 14:19:49 executing program 3: clone3(&(0x7f0000000280)={0x4100000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 390.977056][ T5618] loop1: detected capacity change from 0 to 1 14:19:49 executing program 5: process_vm_readv(0x0, &(0x7f00000026c0)=[{&(0x7f0000002480)=""/78, 0x4e}], 0x1, 0x0, 0x0, 0x0) 14:19:49 executing program 4: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom(r1, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) 14:19:49 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 391.038824][ T5618] loop1: p1 p2 p3 p4 [ 391.043231][ T5618] loop1: p1 start 151110084 is beyond EOD, truncated [ 391.050141][ T5618] loop1: p2 size 1073872896 extends beyond EOD, truncated 14:19:49 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r0, 0x0, 0x0, 0x0, &(0x7f0000000540)) 14:19:49 executing program 3: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, 0x0) 14:19:49 executing program 0: perf_event_open(&(0x7f0000000580)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000180)=""/4082, 0xff2}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/netlink\x00') preadv(r0, &(0x7f00000017c0), 0x218, 0x0, 0x0) [ 391.132548][ T5618] loop1: p3 start 225 is beyond EOD, truncated [ 391.138795][ T5618] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:49 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c1010aff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:49 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000180)=0x7) 14:19:49 executing program 0: openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 14:19:49 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000200), 0x0, 0x0) ioctl$EVIOCGMASK(r0, 0x2, &(0x7f0000000340)={0x0, 0x0, 0x0}) 14:19:49 executing program 2: setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0xfffffffffffffd5e) 14:19:49 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f0000000600)='ns/time_for_children\x00') 14:19:50 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$sock_ifreq(r0, 0x541b, 0x0) [ 391.295370][ T5672] loop1: detected capacity change from 0 to 1 [ 391.352025][ T5672] loop1: p1 p2 p3 p4 [ 391.356199][ T5672] loop1: p1 start 167887300 is beyond EOD, truncated [ 391.362931][ T5672] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 391.370884][ T5672] loop1: p3 start 225 is beyond EOD, truncated [ 391.377093][ T5672] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:50 executing program 4: perf_event_open(&(0x7f0000000580)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000023c0)=[{&(0x7f0000000180)=""/4082, 0xff2}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/netlink\x00') preadv(r0, &(0x7f00000017c0), 0xeb, 0x0, 0x0) 14:19:50 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:19:50 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$sock_ifreq(r0, 0x5411, &(0x7f0000000080)={'vcan0\x00', @ifru_addrs=@xdp}) 14:19:50 executing program 2: syz_io_uring_setup(0x4925, &(0x7f0000000180)={0x0, 0x0, 0x4}, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) 14:19:50 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000200), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f0000000000)=""/55) 14:19:50 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c1010bff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:50 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000100)={0x2, 'veth0_to_hsr\x00'}) 14:19:50 executing program 3: syz_open_dev$evdev(&(0x7f0000000040), 0x10000, 0x8300) 14:19:50 executing program 0: pselect6(0x40, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)={0xfffffffffffffff7}, &(0x7f00000000c0)={0x0, 0x989680}, &(0x7f0000000140)={&(0x7f0000000100)={[0x9]}, 0x8}) 14:19:50 executing program 2: syz_io_uring_setup(0x40006785, &(0x7f00000003c0)={0x0, 0x0, 0x10}, &(0x7f0000ffa000/0x6000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000280)) [ 392.095712][ T5720] loop1: detected capacity change from 0 to 1 14:19:50 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8983, 0x0) 14:19:50 executing program 4: perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 392.140302][ T5720] loop1: p1 p2 p3 p4 [ 392.144670][ T5720] loop1: p1 start 184664516 is beyond EOD, truncated [ 392.151422][ T5720] loop1: p2 size 1073872896 extends beyond EOD, truncated 14:19:50 executing program 3: clone3(&(0x7f00000022c0)={0x200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 392.199279][ T5720] loop1: p3 start 225 is beyond EOD, truncated [ 392.205650][ T5720] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:53 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:19:53 executing program 0: syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) r0 = socket$inet(0x2, 0x3, 0x5) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000200)) 14:19:53 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$sock_ifreq(r0, 0x8932, &(0x7f0000000080)={'vcan0\x00', @ifru_addrs=@xdp}) 14:19:53 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000040)) 14:19:53 executing program 3: clone3(&(0x7f00000022c0)={0x200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 14:19:53 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c1010cff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:53 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000200), 0x0, 0x0) ioctl$EVIOCGMASK(r0, 0x5421, &(0x7f0000000340)={0x0, 0x0, 0x0}) 14:19:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x8982, &(0x7f0000001700)={'gre0\x00', 0x0}) 14:19:53 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000180)=@req={0x20, 0x3}, 0x10) 14:19:53 executing program 0: socketpair(0x11, 0x0, 0x0, &(0x7f0000000a40)) [ 395.147349][ T5777] loop1: detected capacity change from 0 to 1 14:19:53 executing program 0: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$PTP_PIN_SETFUNC(r0, 0x40603d07, &(0x7f0000000180)) 14:19:53 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000003980)={0x14, r1, 0x1}, 0x14}}, 0x0) [ 395.189223][ T5777] loop1: p1 p2 p3 p4 [ 395.193492][ T5777] loop1: p1 start 201441732 is beyond EOD, truncated [ 395.200209][ T5777] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 395.236843][ T5777] loop1: p3 start 225 is beyond EOD, truncated [ 395.243119][ T5777] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:55 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:19:55 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000040000000030000002d0000000f0000000000000002000000020000000080000000800000200000002bc4645f2bc4645f0100ffff53ef0100010000002bc4645f000000000000000001000000000000000b0000000001000038000000c20200006b0400000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e373836333438323637", 0xa2, 0x400}, {&(0x7f0000010100)="0000000000000000000000002f527b43270a4164871303f1137e5908010040000c000000000000002bc4645f", 0x2c, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000500000000000000000000000000000000000000040100004d", 0x39, 0x540}, {&(0x7f0000000040)="00000000000000000000000000000000000000000000000000000000787371fe", 0x20, 0x7e0}, {&(0x7f0000010400)="0200000012000000220000002d000f00030004000000000031245cf20f0062e6000000000000000000000000000000000000000000000000d4189ee9", 0x3c, 0x1000}, {&(0x7f0000011d00)="ffff01", 0x3, 0x12000}, {&(0x7f0000012f00)="ed410000001000002bc4645f2bc4645f2bc4645f00000000000004000800000000000800050000000af3010004000000000000000000000001000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f49000020004f3f54a9d2a254a9d2a2000000002bc4645f", 0x94, 0x22100}], 0x0, &(0x7f0000000300)=ANY=[]) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x410481, 0x0) pwritev(r0, &(0x7f00000014c0)=[{&(0x7f0000000080)="d69f", 0x2}], 0x1, 0x0, 0x2600) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x401) 14:19:55 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000480), 0x0, 0x0) ioctl$EVIOCGKEYCODE(r0, 0x80084504, 0x0) 14:19:55 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000240), 0x0, 0x0) ioctl$EVIOCGUNIQ(r0, 0x5450, 0x0) 14:19:55 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0) ioctl$EVIOCREVOKE(r0, 0x40044591, &(0x7f00000002c0)) 14:19:55 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c1010dff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:55 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f00000013c0)={0x0, 0x0, 0x0}) 14:19:55 executing program 4: r0 = fork() process_vm_readv(r0, &(0x7f00000026c0)=[{&(0x7f0000002500)=""/249, 0xf9}], 0x1, &(0x7f0000002d40)=[{0x0}, {&(0x7f0000002800)=""/216, 0xd8}], 0x2, 0x0) 14:19:55 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000080)={0x0, 0x1, &(0x7f0000000040)="ad"}) 14:19:55 executing program 2: r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc4}, 0x0, 0x0, r0) 14:19:55 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20044011, &(0x7f0000000100)={0x2, 0x4e23, @private}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) sendto$inet(r0, &(0x7f0000000140)="9a", 0x1, 0x0, 0x0, 0x0) [ 396.439106][ T5831] loop1: detected capacity change from 0 to 1 [ 396.445406][ T5833] loop3: detected capacity change from 0 to 545 [ 396.473035][ T5833] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 396.499321][ T5831] loop1: p1 p2 p3 p4 [ 396.513415][ T5833] EXT4-fs error (device loop3): ext4_validate_block_bitmap:390: comm syz-executor.3: bg 0: bad block bitmap checksum [ 396.515037][ T5831] loop1: p1 start 218218948 is beyond EOD, truncated [ 396.532531][ T5831] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 396.542504][ T5831] loop1: p3 start 225 is beyond EOD, truncated 14:19:55 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x8983, &(0x7f0000000080)={'ip6gre0\x00', 0x0}) [ 396.548850][ T5831] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:56 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c1010eff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:56 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) recvmmsg(r0, &(0x7f0000001600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2000, 0x0) 14:19:56 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)) 14:19:56 executing program 0: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x80, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @remote}, 0x10) 14:19:56 executing program 3: timer_create(0x0, &(0x7f00000010c0)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, 0x0) 14:19:56 executing program 2: inotify_add_watch(0xffffffffffffffff, 0x0, 0x100) 14:19:56 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r0, 0x89f9, &(0x7f0000000100)={'ip6_vti0\x00', 0x0}) 14:19:56 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000000)={{{@in6=@remote, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x150, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@empty}, 0x0, @in6=@rand_addr=' \x01\x00'}}, 0xe4) sendmmsg$inet6(r0, &(0x7f00000026c0)=[{{&(0x7f0000001180)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0}}], 0x1, 0x0) 14:19:56 executing program 0: getresgid(&(0x7f0000000140), 0x0, 0x0) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) 14:19:56 executing program 4: r0 = openat$full(0xffffff9c, &(0x7f0000000440), 0x0, 0x0) syz_genetlink_get_family_id$gtp(&(0x7f0000000980), r0) [ 397.623416][ T5888] loop1: detected capacity change from 0 to 1 [ 397.663127][ T5888] loop1: p1 p2 p3 p4 14:19:56 executing program 4: syz_open_procfs$namespace(0x0, &(0x7f0000000600)='ns/uts\x00') syz_open_procfs$namespace(0x0, &(0x7f0000000600)='ns/uts\x00') 14:19:56 executing program 2: getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$SEM_STAT_ANY(0x0, 0x0, 0x14, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x8) r0 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20040008, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x8) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x8000007bc4, 0x4) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r2, 0x0) preadv(r2, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$set_timeout(0xf, 0x0, 0x0) ftruncate(r1, 0x8000a) sendfile(r0, r1, 0x0, 0x8000fffffffe) [ 397.671877][ T5888] loop1: p1 start 234996164 is beyond EOD, truncated [ 397.678590][ T5888] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 397.688983][ T5888] loop1: p3 start 225 is beyond EOD, truncated [ 397.695196][ T5888] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:56 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c1010fff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:56 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)={0x20, 0x2, 0x8, 0x801, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0) [ 397.773187][ T5929] loop1: detected capacity change from 0 to 1 [ 397.818050][ T5929] loop1: p1 p2 p3 p4 [ 397.822504][ T5929] loop1: p1 start 251773380 is beyond EOD, truncated [ 397.829241][ T5929] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 397.836791][ T5929] loop1: p3 start 225 is beyond EOD, truncated [ 397.843083][ T5929] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:57 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)) 14:19:57 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r1, 0x0) preadv(r0, &(0x7f00000001c0)=[{0x0}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x800000000009031, 0xffffffffffffffff, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000070603000000000000000000000000000500010006"], 0x1c}}, 0x0) 14:19:57 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r0, 0x0) preadv(r0, &(0x7f00000001c0)=[{0x0}], 0x1, 0x9, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x800000000009031, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) socket$inet_icmp_raw(0x2, 0x3, 0x1) write$binfmt_misc(r2, &(0x7f0000000000)=ANY=[], 0x4240a2a0) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) splice(r1, 0x0, r3, 0x0, 0x100000, 0x0) 14:19:57 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) accept4(r0, 0x0, 0x0, 0x80800) socket$inet6_udplite(0xa, 0x2, 0x88) 14:19:57 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10110ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:57 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f00000001c0)={0x0, @xdp, @nfc, @l2tp={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}) [ 398.502315][ T5951] loop1: detected capacity change from 0 to 1 [ 398.550280][ T5951] loop1: p1 p2 p3 p4 [ 398.554588][ T5951] loop1: p1 start 268550596 is beyond EOD, truncated [ 398.561429][ T5951] loop1: p2 size 1073872896 extends beyond EOD, truncated 14:19:57 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000000c0)={{{@in=@empty, @in=@local}}, {{@in=@empty}, 0x0, @in=@empty}}, 0xe8) 14:19:57 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x6060481) creat(&(0x7f0000000040)='./file0\x00', 0x0) [ 398.593822][ T5951] loop1: p3 start 225 is beyond EOD, truncated [ 398.600044][ T5951] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:57 executing program 2: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) add_key(&(0x7f0000000000)='logon\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000140)="e6", 0x1, r0) 14:19:57 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) times(&(0x7f0000000000)) 14:19:57 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10111ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:57 executing program 2: open$dir(&(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0) open$dir(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00') [ 398.749265][ T5992] loop1: detected capacity change from 0 to 1 [ 398.804370][ T5992] loop1: p1 p2 p3 p4 [ 398.809784][ T5992] loop1: p1 start 285327812 is beyond EOD, truncated [ 398.816877][ T5992] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 398.824987][ T5992] loop1: p3 start 225 is beyond EOD, truncated [ 398.831187][ T5992] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:58 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)) 14:19:58 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_int(r1, 0x1, 0x1e, &(0x7f0000001600), &(0x7f0000001640)=0x4) 14:19:58 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000ac0)) 14:19:58 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fcntl$dupfd(r0, 0x406, r1) 14:19:58 executing program 2: syz_genetlink_get_family_id$gtp(&(0x7f0000000900), 0xffffffffffffffff) 14:19:58 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10112ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:58 executing program 0: r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) r1 = shmat(r0, &(0x7f0000000000/0x13000)=nil, 0x4000) shmat(0x0, &(0x7f000023d000/0xd000)=nil, 0xe000) shmdt(r1) 14:19:58 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_WOWLAN(r0, &(0x7f00000018c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000400}, 0xc, &(0x7f0000001880)={&(0x7f00000000c0)={0xec4, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void, @void}}, [@NL80211_ATTR_WOWLAN_TRIGGERS={0xea8, 0x75, 0x0, 0x1, [@NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE={0x4}, @NL80211_WOWLAN_TRIG_NET_DETECT={0xea0, 0x12, 0x0, 0x1, [@NL80211_ATTR_BG_SCAN_PERIOD={0x6}, @NL80211_ATTR_SCAN_FLAGS={0x8}, @NL80211_ATTR_SCAN_SUPP_RATES={0xe8c, 0x7d, 0x0, 0x1, [@NL80211_BAND_60GHZ={0xe85, 0x2, "7d5b7db1266588660dd505c16ccff9fe07b7dbd28fdcf9904e29267b37c54f8d90e08a90a48ee7e2de997bb983ed025e7d550b41e94ae42ce5c79e9137ec32e799a0380f0cb9a2987e08e58077f0bfaa22bc469384ee9da1602075d3857961118f99b204447ae7d3562dcf52eca40e7a229bc76eb6369a64fa9cb1487ee9f0a65eed55f7f0744bc3a3fa26deecf549a728378e80260f57ce2f30e168b01631239755fbdaaa7d96fd5efc6070cff64eeeaba41127153cd4139c8c5cc084b2ccdf982da5d4ee5e8abf4906471ce097d54b9ad554106c7721d41e008ac86f159ec6869dc0502f30ecbcf8e89a0ca8f99624bd374f9ff869a5296a0e98bf61948f2415862bed577601fa6291fee5ab6424262ec15669966695248c522ab1870e0ff5cea0db1e25e90b762e90d7a113c83750604501fc1a80d0aa9055cf2fae5de0feafdffad1b9d7b30d65f6da30db5d1c722372b6e8e50b14f98a6dcc4a99771ec301f3e8d996c0b491a773e2dd52fb085603304ed083d05652514c5f5c146aeba9c15faed5c0149d1ea93100eaf0646200c6332010ce11256d7950299d96e7e5788db79c692c790f65bca24ef6c7c5f66aaf720c50798b4bc88a144cc70a6dc8d06e38b0520e9ee1f6a6e323237c7d61aa1ff1c4cf86e82e232078e907cc175a63191aa0f6a6ecded426dfd009cd66b0efc05d6c836f691bcc70f164edae842143ee99498b8dd1e7b3890658c063062e8f6359178d19cb0b5b7de993694c61257d4075ff3c5c3c116e1b10e3fde39c76b78667c8cfbf1a2941bfb8c08591cca3bc0f8d353219004c08e89aa10432cf6604b8acfcbee7ba96704640be90bf703b9acda024dd4e6e7221ce8f2f391a9276267adcc578b58f5003bbceee19a3a18899378dc1f35e6bb234eccd05e34917c869ffcda1981fa44182e648c238d7224cfba1fe422cc970a9a3765ed0a08d56920834d34a2057ca1a6f853175d37028d78604627651ca605fa1f55a66386c19e8eb6b36a66688a902db93572ba10d6d23bf9875e8b444d2abd21e4656d5fc15bf829aa89bc605fdbb0d0408478120fe894845bc38170006677ac9d16234e4fc72cce8ffc15ec762e48440e6c6dd7330e5c6bc092e06eca38b5562c406740022adbf5294856bb47e112f6fa5d852128263fc5446b7f800acd722295ac4687e28f161f45f2d2e9cbf2ab616805a0399c2f37c8ae4995435e8b4f802442669f4e397695b230abb44e393fe74f841b6472a8844c655faeb62c1067f94927002e1daf1e9de388adb742f154389bbfcb4412a157748f99e5b6fd2b2a679c1799e95f3956f6e58e72838de69331142a96a17ac1a93fb1dade0e10c5bc2e3670ec8cf787fdab65332fa2120b3b1ee55b77ba257c3aa4b1a0b677a26c7ac0c93411c066f6deaf3b886b6c6693f252347e4edbce18d4c393711c740156377af53ff0f46166939ba520cb1a24bcef28e15986ca1accde1059851cffda9588a67630a435bd4da05b781d9b4ee1bc7abcd4bcbd28c5b85c7daf28b2c589252380f3fafa6b8c372245ac1c927621c7847138e4873ec9f6bdffa3deabbff8372b3bd6f41bd09c85157d5a272b31f404432e295ae73cb1a60d7df5a6066f75552ae0e57f62553bde10eac8f25b9058c02c637541702cf85960177136ba3dcc137fedd2bbf2f84a82ece2445b886150643f8e73751380ed18d630f92353597aa0038c3407bc3fd8dd2946fc1956270320f1791d281b1695811b66777469065d4559f7ef43900926bc1c277ecb22b0cbba9aef5cfcc193f526a0fe936e550266f0db583f4e772444feac220835769925b84e9a925266f381d9c6d9b30a3d61102edc44cf54e04868a983917acffda78ff85ebe2920517b07f94737aa0361d869aeee6f22420c8e74bdd207075b9902914a0574057c0cfa4420bb7e092d8ca2ec996411976c22c705f6c53debc9bb21de408b39a844db4eeee8e0e6003a85e57aa95a6f6e80aaf9579dab36c64c614e40885c254e7a909a7b7ba365563872666ddae2c20fcbd962bc0e68a60a442076206784e7e372e59f17824b8b2be9aee6fcaff453d0da1461ca63be886194d79192aa9743105f6c3ed85d299ea6aacf82376b1a3a902d4638c5b41f0eef153bbbf7b17de5a7ba97b2ba8e20abc164722febe62226f6e6d620cd4c1d967d15f1d2e90a31ef82c5eff1f5ee3e6dfcd643975ee1d6851b7edf6e8b7f853c0cd2bc4f7c4b3dc190470f15c4934e35323137a0040ac927f24af0b871e69872b0156fc87c6bf112dd712ddaa75971757823df9a58d8b50ab3f6707e60e7bc50aed437b16fcbc2457b1e364d93e4072ec308b985b756e6f16a4c7a888c8f3469039b8977a1e5663f1c2ba960a1b40b5a5f7901fa737409501038d62cc19db15f81f8be942de25c2bb696faa3696a0e1c84b60428bd5ba35bebff5372143cffa5a2471b92eb3fce1dbec806d617c7d1a43e77f45ce6cd9b7cb272a4a81cf947e280f24b284263ce8f8c105a3e8235db8045a952f7cf77af40a19ab2d2359760750749c5d2841b74a5ac1a67c339a37d06b9c06f6c82ec8665e74f05b8df1f352a8752fd46b8505af3ad369574efa6d5fcb075e91984c6332d05305035c1e0baccf064f1f36a9eea1614b3dee5df22d53be11517d6b947c43051549572d9437b79bafebcf542a773575d1af9f25837c17f6adc3547d04c0091aa6b669ee7177581eeb0a0498e16151021cbc77271d3b6ee7c6573e3168044988128aa2e1e83bb02b5e88ba33478f81ecc2d332a4d8d1bca7d0eab9b3d9203e387d95e009a3ea7e9d63fe7d26938854b90b73e326b05230fd0383c864c45af3cae59b16e63b2fea7f0afb644e542e2e9f7431d1013c06eae2af368a9032535de4b5573064ceadbe5d4661f735f445f82c38739ca6481229c5ea620c282786f457fc07c2226e82beeab916202171a2fa6b5537dee15f8bddbd556d534b1c29aeb20f36f5b38fea5c511ec31e0db02bbdad7ace30ab3f28c7c217294dde98cc5d0fcfad49c21ecb94241d2e7f0e0fb37470641469b6107a178500e861bd7293c8ec63c797571dd63de52172bb1931e0da0d8a9712b22354cb7c32650b444573e075b127439691a4676f3dc2de05f17932209bf034187900933268582e48bf983ac153c9b940209ddbaaea4c00b670fe78f01be16e1e4a15d7af28fc5af395029ff881b3fcac19f7e26ab59afee7bb284cb6857ba53227f0d5e10f29a39b8ee930312cd6fdebdd51fe096d997969b5f40ec6545f8dc704af760abd88ecccef2a04b8216f94e076426d4e36a391bf240961e0d869683fa088c6a56affe48cfb296e22969fb9ae76ddb3ede108f17a87052170b7b31f181048eeb6e64d3f1687a435d758a8f2892246783c5f74518f95e2261eb64ce0e3faef37312b14f6aed77511e961c0a25aa962238cb5d553e7c322ce9b56ba1691c47ca14543b30b087c63b12d128df330becf24d2cc529bb432e6d42bb29f8436c3e46378c0bb2e7281357f476af21dc94f309b421e38ac58bff40d0b70f3ee3cbd3794896d3fca047779181ea685d0e096a334c2ba2d953b55e604bbb4f9da19e888dea8c1f4cc66ec04b05e41275d8e6ed71b3369ca5cea2a10d6f2045f7bd5bd99f8cef3274d5289f42d8b5b356930b2834dd9083bae805543e30f2c05964432a64070d2ff08561a18d3477bee50a46f8b07d0a1ce4d39bb29c8e25367a0f5b460c063246c9824cde4e9d6c7e717edc6cfa53417de83345b7fd06d4af54e3a9b4b0c629f6b9d7916893a2326786f4f66b8d9f0474b366750d1e167213fa101e6872078f90920701071d4ddd24c6da67c21cec00862c0bb333a112bfb4239335986923cfb1a30348190f6a4d8fc61a301580981a740c93d25f6a5e35cd3a92d4466b69c2a80f61fec88e170d3084a0c12fa1cb6fc2958fbe55186a3b5b838f335621f6728c571daae355bb6e2f88f6bbe50f71c6b9ffabee01e254c4e7540d68e010a848c97131c8264d12abcbd9f9b739943e31bf4debd5102e4496dca54b346893276d6622f4383f43c65c228b2af3c1511f50ad0e6c47e66cf59c221217795446c17fa446adc23eb5bf5b950537d47b2692efd9dd54e19dcab3e3655ae1b9d3cd963bd04ab735e5f38f2dddfd5c47d099a4206312bc183786a128c8fb810d82d5d43ef2cd83191bff37706daee18df99740280eb83a87531e28b91f1657eee6ad7b50e4778476069116ad3edcc5b7ad1c3f2b14da9c617a7aeacf0b9df5c93388a34959eeea1b337df06a3fe2e529067f36b717e67b941ba23372bea9a0f89b43f5f690731d55f967f9931a9e9f6c35a34ebb9c37aa4c183610e55672e535022c9b8d899127bf35f66903e6b3f8f07294329bd39f0d2109070411dabfa5cd20822b123e5f9553669208ace3eabea567b4beca36c9e842a88b0f05e9d429a381abed2ead737d2c82fc4108020af8f4fb178d6e2572e94ecf9de5f54342610173f815d554af05f43466807739f86609feb16e19e6c8400b6426f64f77324086bbd796c420f8745da57bfe601dc33279be0fdfe123d66935b59a146dfa7d0a278a0fd986e190f518d5f08aa73a8df2c4d949fef93917cd4c730d75c5f222868a78634625e4ec7bf5051cad525600846146d29d180cc053f72949e0046450014d9b0dfec7492ee782b1698f68498901631577547c22ac2650f70c27bdc6adc437d56963005eaf8fb34b7283a0ab70b2fab59a370f8a1d738719943c263e79883f6bdc66eaab458dd5af101444968b70d57eebe1edb7be1dea7bd0dd6430731e04d76e274b114474cb9853e93e9ed0801eb2f372972e49517f1ee7b1285c1f63d915935046ef573b1f9bd239a1df4d09aa95b239d51340741612790d6d2c753cdead161ed44cdb007f5f3a7318ca923601d7cb2843d28d306aca9b082072254c86c07f7f7437c19897eb64e5b9732251755e2cefa364467282e389e3eff21c47d6927f75cf43e05da34ff23b53b35e6a57141c93b938a104a38ba645764de70e17372b019fe58fe97fe660ca5db355de0ae4eb25fd7f83b64aa0da129e7ea177e80090d838f3a7122cf21da9669a8c657154048477dafb00fa3e36419f3ea139e68368e390ee7438a7051a0e7c1923a28eaea2837ec126d9a977e292c2ee37840c1964e27260d51417526573e7f2dfdf53b81629b372cb809d01b9493fa17405923b4e80f"}]}]}]}]}, 0xec4}}, 0x0) 14:19:58 executing program 4: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x6060481) 14:19:58 executing program 0: r0 = socket(0x2, 0x3, 0x3) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x2400c001) 14:19:58 executing program 3: r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$clear(0x7, r0) 14:19:58 executing program 2: semtimedop(0x0, &(0x7f0000000c40)=[{0x0, 0x5}, {}], 0x2, &(0x7f0000000cc0)) [ 399.417032][ T6029] loop1: detected capacity change from 0 to 1 [ 399.469583][ T6029] loop1: p1 p2 p3 p4 [ 399.473669][ T6029] loop1: p1 start 302105028 is beyond EOD, truncated [ 399.480381][ T6029] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 399.494831][ T6029] loop1: p3 start 225 is beyond EOD, truncated [ 399.501075][ T6029] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:58 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:19:58 executing program 4: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f0000000200)={{0x0, 0x3938700}}, 0x0) 14:19:58 executing program 0: epoll_create(0x9) 14:19:58 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) accept4(r0, 0x0, 0x0, 0x80000) socket$inet_udp(0x2, 0x2, 0x0) 14:19:58 executing program 3: openat$zero(0xffffffffffffff9c, &(0x7f0000001c00), 0x84000, 0x0) 14:19:58 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10113ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:58 executing program 4: socket$inet(0x2, 0x0, 0xfffff6c0) 14:19:58 executing program 3: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, 0xffffffffffffffff) 14:19:58 executing program 3: futex(0x0, 0x89, 0x0, 0x0, 0x0, 0x0) 14:19:58 executing program 0: r0 = socket(0x2, 0x1, 0x0) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x24000081) 14:19:58 executing program 2: r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) io_setup(0x6, &(0x7f0000000000)=0x0) add_key$keyring(&(0x7f0000000080), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) io_destroy(r1) keyctl$clear(0xf, r0) [ 400.209470][ T6073] loop1: detected capacity change from 0 to 1 14:19:59 executing program 3: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) signalfd4(r0, &(0x7f0000000f80), 0x8, 0x0) [ 400.262641][ T6073] loop1: p1 p2 p3 p4 [ 400.267865][ T6073] loop1: p1 start 318882244 is beyond EOD, truncated [ 400.274607][ T6073] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 400.314411][ T6073] loop1: p3 start 225 is beyond EOD, truncated [ 400.320756][ T6073] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:19:59 executing program 4: openat$zero(0xffffffffffffff9c, &(0x7f0000001c00), 0x84000, 0x0) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) 14:19:59 executing program 0: r0 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000000c0)={'fscrypt:', @desc1}, &(0x7f0000000100)={0x0, "f90b37deeffea5d0e1f5b28fa685e7f1b415d3a299bb3a686a31e7f6c143a8aab4a9b94788e12f6ce579217b715c88dfe3868f8d09d00c9b9640c1e9492e00db"}, 0x48, 0xffffffffffffffff) add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, r0) 14:19:59 executing program 3: get_robust_list(0x0, &(0x7f0000000240)=0x0, &(0x7f0000000280)) 14:19:59 executing program 2: sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x1f) 14:19:59 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:19:59 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10124ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:19:59 executing program 2: sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) clock_gettime(0x0, &(0x7f0000000c80)) 14:19:59 executing program 3: syz_open_procfs$namespace(0x0, &(0x7f0000001740)='ns/net\x00') 14:19:59 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000000)={{0x0, @multicast1, 0x0, 0x0, 'lblc\x00'}, {@multicast1}}, 0x44) 14:19:59 executing program 0: msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000040)=""/89) 14:19:59 executing program 2: add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f00000000c0)={'fscrypt:', @auto=[0x53, 0x37, 0x35, 0x62, 0x38, 0x31, 0x0, 0x33, 0x32, 0x66, 0x61, 0x52]}, &(0x7f0000000100)={0x0, "dcdbb27bb9540e34c4adf7891b80f9afb197e2c007f593f763fe793da53d3f27821397df3a068b1f4714f8ab1cdbcb7c6a0b68e17c27647b87108431570f39ca"}, 0x48, 0xfffffffffffffffb) 14:19:59 executing program 0: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="c40000000406ffff39010001000000000060ffff0500ea03004400000900120000797a3000f200000500010006"], 0x54}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2f6) splice(r0, 0x0, r2, 0x0, 0x447fe7, 0x0) [ 401.078438][ T6126] loop1: detected capacity change from 0 to 1 14:19:59 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) flistxattr(r0, &(0x7f0000002cc0)=""/4096, 0x1000) [ 401.150865][ T6126] loop1: p1 p2 p3 p4 [ 401.154942][ T6126] loop1: p1 start 604094916 is beyond EOD, truncated [ 401.161676][ T6126] loop1: p2 size 1073872896 extends beyond EOD, truncated 14:19:59 executing program 4: signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) 14:19:59 executing program 3: sendmsg$NL80211_CMD_SET_WOWLAN(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB='T)\x00\x00', @ANYRES16, @ANYBLOB="010028bd7000fddbdf254a0000000c009900060000003b0000008002758078020e8008000900bf010000100007000000000008000000026d0000b3000a002d48e775d9bea153762e3b9ca664232ef11c95e6462df4484539f4020c4a352a54efa390bdcf95776e9d50592838c6656c6b1cef3779f469a5dde6774240639d30ed572e5ff3236251ec60a2b0f2645a68c96d10f71e943aa23aea1aa9c6830bc7df0d8a9e7dcfa45752f0325f3b4f6a0bde4be4dd68bc304a4e6947eeca04342cf644121947c0474890f6bad85f62d15555bca9fed528cc93f0b3a0ca23c35ac4ff349b56bca77f4692ebdb3284bf0085000600fb03c84cc62ed122b0d88e71b761dcbf873ebdce5b45bdb31486d97eacee24aafecff3cece7abc57d3af04e3452d6c26b9f9851bbf98899614e754b37092a316d589cf81a1c76d0a16a07ea1a5c9ea569c6551ebfac5e1d8821a206accb8189a4c7255d7a94211d09a2279be28cff6894c303735160726602693baece32f3eb5c100000008000200ac1414bb08000100e00000011000070000040000f20200000300000008000200e00000010800010000000008ed000a00352e410942230862cca70271cbef28d65bb13ff16f505fa1d7fb1a64bb5a8359f58623ab5e3578b5a0ff5d7f5c5214555fa87c09388a275c5af2c63c0e46a35f9a0fa723982c9e903092d933dc92c9595d96f92e1383bcf03b491f86f50ec44c6724f7529554e6f8f789400d013ca635ea25236fd4274665857b014ae0c5345731f69b2b76c03489750c0cabbcd6025a31609631f8e05933c98d7cb469421313b5107d4caca888e5d52700765a28135c5f989941422f7d9e5bbf8cc68a690a1aadc55c651fd7ca0a2ea6daaec272fae0b74dc47da3a0b3b738bcb50814a5bef2368e375c5ceea4be21000000040008008c24758088240480b0020080bb000200826b1bbc18c90d272747c4a6aa44137af3fed681b1c059bbf5e0c8d7385a45c6922a335a152d46191a3c7d01ec48da875579460db021d95851f2c2dac51b826556c71143dbc4127603b94a48d525b1e9398d76c8f07e8fc28fcd289de871143e3afeb65f5ed126372a1423bb2104095e806cb89adde5ddb3d0e9a2de569262dfe9fb4c3c6718f906509fc5a4a5c468f387b243aabc522065a890cb9fd6028c73b35b9af944a68704ec3d5443dafa75f07498bb0a7b03cd00dd000200d402800a96693410fdf85bb2933ccb6daf3887d37e56ea3b966294c5bbc20375e38d83ce234d4d24427a2443d35587b64b87dc8c2b9cae47e9699ff90255a52f2fecb6a0ea52217f10d81e84d9079f3320df0041cf9b53f22ed034884dda7f928d74522fb4112a9bee8a71260bbc5caa38b1faecdad3ad5189708877307168b77c0dfcb2a96aaee0c7b9595a97f9b64f9658c08ccb9aa15c00df0f067f0f9fb9bf5be02a42cf9ad1524b37c4009917c5beccc67d2b6e06bf00a821528ecf7e3e7afa8f812ccbed129285dd114f46f5f3abf10b5cf233d663c40000000800030004000000080003000800000061000100693060226de26f1db635e2d0237332630726619ae7c72d0ff174fa57e2953cc4f50fbe27a3796b907b7583735dfd7401ffc5e02e23fef4161fc50c6fa070789806cf15ed1aff1b2ea6580c07a1f73c979aca00985ad9d844362cbe90a000000093000100844fe22d819f1d6b98aa4a6371a94ecea45ca6ee731dfd5d770f370f4d7a7345c116ad57b2dd522747262f1f611a9c6f3f314936c2520faaf0c3fcf5d49c5583abdd7d50d044ed7af73e800cf1c6594edb2ca887b26b6a280756cb26b9e3cc394ede01c4805a2a0e41178dd8d2710b855ff1b18683330519c35ed090bbc619024f09c8397b0febebd6cfd32a0b10750008000300040000001401008008000300ff7f00006a0001007955ce7e6e9b202342ceeedc6d0de5472e54671085e206a0620af4ce27ca408573935658eea722efb6d3a8747cd31222a119c667b868e166a8b069402ab4ff6b104e9b9243c949b4f960d52d5df945f63a179210ba753016e4544804cf47cc27bf3651ba0d9900009b000200791e2ce715d120e2d5a123b3912a0a80912233d23b853107f613e564fa7cf457776a1a7bb6d6aca279fc6bcdf77eacbbafa4f218a12503880b2396309ecfe01d0bfed0461f4012a6598faac8fc7ae13b9fb154314bb947581f6902ef2b5f6fe59b344cd4e9820a2305713ac55fd80da48d91f3cf394838d416b4f873761a43c845456dc8897aa269369e136d0f920f7b8541f5b5b68e4200c0200080080003000000000004100200ebc78e2901ce97febf9bb5c56dcf61a0060ed18e759d7aab391a867a663f47644b9956c619971b614960c02fe91d25df53142cd5f1fdecf2688f6dc97a7ffbb4b0acb8d1af95b8fe816c7859423ef3aaa23d5d26d5c8425bb1dd09ebb54610e2b113864992b3030bd61ca0e815960110f8a017cab0ef16ef3293ab6b415546f510130092a0d5015f1862571351a0ad3ad3d543122eab6a4c501450965ab1920d5a05c3b23eed4cb6b64933b7c98ee04bb636993b1a783eb3aee9647ec52c8d1a35165aa208b1962cc2646c36031f796236bb7087b1e8b894518de8a3d69dbb7ff3324944bb07bdbf83c579ba50d3f04463479b1f7afd3882dc0c1c6f9a5b7cdbb71aa05505709c7b275febebef4a99fb359d4d125d06e75a5c902c708c86d1b1aacf484d9e6188507a0c45928bdc508f37b8cf656190d2910660354460e20cbee4648868c4c90bfe72cf08c397f8ed97d4d4ee86c08b02c5e4c89accc153c3d5b1429f671ba4f00c9b36509c410d35b705a1c95af2062fd61ef9bdb9ae7d4f69f25f48c833f019caef9da4fa06d398103ec40d6167ce32faa50f9d6ea5615a226be9ba975a327ab21977d487e814bf2c28131c0031d5666be29d5f04d8ab64826e69c7c3459a0960e68024eaafcd22a1ff9910d797602900473e1a42e3a69875cd04b2ef346d975c87692e0ea75fa8df1623d01925d913bc90c9e4baccf72d7fef2b431500b69ce9d70d57d5b6f27ae5dea645ffc5ea0cd1c7fb496df6134f0b35fbfc261f0194794d2cc974a9609d85aa1d45629066a6cdbe4396bf34f413efa2a4c86175dc161386bc16c486edbb259ab90fcef6fed9de118c4d47d7333dd95e63feef55578ac261998e079b22f4cae482d11405954f292722b0b7db897280515b67e3f10d687836de28a6d7d45ca27d1f353ac520e3825a5c671e79028849bcf796bcf61fcdb3671d68dfac990cfc60c80f8f609d8d2b8f226389cdf8f7703faf5dafb434e03d878386749bdabc5d22863378b35c8a3cf392eb663ff6c232b4ff2bb1ac98c041629f516ce290e06c4b1116e09a9ebae771d70088bf3a6c03e5dad60e077190ca06c381ad48ad42e3b688675d8d3e694ad23b8b1d01430cb0fc39494eb15b17ce3533314d8c707585c6a682ad0ed796e60636cf9f1164e090b8f36201694e262a9238fde693243976363dc3425ead5ef21fa22bb02003c9723f3a0f153e9379003efc783d91712e7277ac755bf63db1e6528d091b8e6dd49e992cd06f768de5ca366cb43c942c18a93920c1c873c39e6fd86c228989e49341070687f904d11f56516320fe1667995c1eaa7e5648f9e4b17c02ea29336f6fbd3f00302a3351a92962e0bea49702affc11090a4fb6e30bfe36453d34f1eb43aebd6b4e6769cd2679d9978df239d80601f7c160937fdf936550000df7cd3cb34b5605a971121451d35f455ee89d7e66951601db07e46ddd726865c85a58ad30b14d7d4cacf7979f50cbf7253beb23e40c490c10e0afda5c5f0c507514f325e543897995b61ba5341e50354477ffb943f7b4880c87da7d0bb6f477f2caddc1a428a27953c4f8fb9635007778e1a39be8a7198539d5ff4b6540fc876a6e50e17d646e73d2955d8bb6ff121c02b37c2bf37ebbdf8f60d61c5aa40ecc2ce930a81bba4d018236a589d7252bef31a97744092dfb16d47ef7ddaf30e29eabf8315341f7c01c9ad3add2bc454a0b09854c273a533f111435c0837bd14b13989a2e0983005878ecfb5d1e5c42dd5fec15094e8ec1cdf2a614874d4f81d640b607f5c122c3f98d7e57b34c92fa83b9dfb990d939131466950a0ea040e0f5c2cf2ce095efa64574b18f3cc4ab64f6eeda6434150b533780f6ff0881d392e2b75d6531ad56990c75bebd78701cbffe5ebc58a5d3913155a05a2f55d58da5f550be04b16bbc28d18a9713f96a47117a76243b7720a55ab109d7e002624669718c957925af4ce4e162d4eb3017199b742dd4f6dec666440af021e06df471bd36e2bc13175dbcab711ee0f9affd47eddc0bb3c00d691e52f81144e1e3037cf7c856a052ac40b649670a2b131270deee2d5bdb3d6a60c6b9a3367891115fb90ed3542798f320c5d38010808bc3a64eb23d004f2cc746b3bc21194160bffc8d34af00e875f99c8f95c755ebaae5a6a3a1e4f63fcc6e8e1e406e77e3c65198fe0ffc6de31229ff9679134591c85bb8c9a2c1b467662e8f9200af4fc3677248c3e2aa3322cc4f78c3c8be85e75fcc2ffbad2a70aa963d38af4d5b6d093d9c0cd66cbf0b558a95591fe737fe126c44a7a8eceb54385c831801d32aac927c81d6ddaf7742d17de8a8d1f2d8fdb6cf78a1b3116097c7809d09bc95f1f14284c58d7626ebea42c71bc409f0bda0a73c86a212c2f37b59bbcd5b5471347ea5bb76bab33b64ced59181b292c0cc4bd53cdc7a397c6f403843ee95e8d0cfa1df2b5e77b1da7597ca2c1ee7c4342c76ccd61dc75fcc2bd507a4c4e69f81b20f7057a71e4a5c7e6aea7fd4e30100bda350e6ea9721b824e0a95fb902c98aac9bd3e28894d7863f8fee7120b086df5d084b91990dde481b06f32f3a6453d68a287b514cd78915b5594e9570b190ea789c4b2185ce8aa04196482b1add3991ba659a6fac1cb0d1eee0779f585ffca8dbd9c4bc8a2f0759269fc5e663ce6d344ecc08200c84889eafba8018f272be4647db3bcf412d3bd49d52a60592f3fb0872cefdbf514c3496c9bdfcf92ef4a3c80bafaebbf5e14d7484a842e89badf65e9017cffd1213470812b27f0b278a8426fccb929e26becc2eb189094db2270c43c9a32bd89f22e3ab0904ba5df33a7ac932a48c1043781225084a8ea9f2842cce254e5639ca8f8495aee8e91f018091119f93082054ef0b2667322af8e9f335f912018433ea668ee90ec43355a0704c3195d7afe553668304e11bcc58d1e76a2a15d69a5cf0521cb29c429fe650ff37d3e60bb33ef79a89c715048615dc236eb104bafc0b1d120339a0290b42c8aa7200e6a50f7f1550bd94c82eade62e77a06a20bfa01555893e03c709b2efe6fa488079df9464d9d62649521720afa884726e960b42ae17040fe507c01ef67e56bcba8e5a2ecaee4cf95f0673543a32dd42fe3514ed4bc8cb4e0d80da32d741bb952d5da28414a5bb00335d4b0e0323285eafd28f481475046d43708206f2f58319e5408072a47a53344342d1845767afd06bba7529529eb99efe0f4a12a96dfb75ea6ecd8bdcdbdd51781008a4b77b56f2c590444f7eda072a70f53cc4acaa7cb40144e73e61ad23e3fd2a460721eb88401bd375030d5d0440f99cab48ea40951c96a0e1acb824501e4787a4e663ccef80eae257625b5c41f6083200845af8dd232c5555a0e6a23fca281a4a89c54591351f9cba889714ecd7fd24b69fce96b556fe736c50392333d1590abb39ec5339d0d2a9f530e03b63ebdca2a0ac9161396feb0ae12dc87da1a5507b50ec39d4b7e8761f28c9dbe69f1ee83f7d13ad9a2e861dd8f9d1787acf2575ac46c196a6aeefe3f965c391982d59b0edde630175e16fa58b0e5e8941b0d80b95178899e6f08c8cb33e3fc4f0aee9fd013fcab34b0a77db1b69301e34ec2e23a75132ae57645a06013ecb9ef023e5632a9014cb41007cee9122e3753ca635dcf9ff8a76d3b7bf7ea470bfde8491cfec02e4a4fb5b655173c060864685702a48432a543a6f6c6342e5f71b7747a9e6cd3071c4e7e45e01207dea77b64a68685e3b5df86e4e2ed6362eda898a4d3129d9ec4da0293591c3cbf64ba0dcfe97f1b819f00f70b500df6cd40dc9418c3fe56e9ca9a189eb8b0db7de5d33287bc52a01e028b688b4cfea74a507ec4ada80db467a8692b4e447b7cf1c2ea7df2ba334e616ed6341243a98a7dc780f2701b8d2ed7e5f35a890ee2f69c28eca9c67be76abc70e8d0c85e85005b1cebc768e5196dfccb40e06f0a2ab1ae7e2082d10ea0eef715679fd908d09acf009b4f8ea83f9aefed929736aec92b7a986527059f05642ae399337f49faf4f7ed937597aaaeaa65f00f17ff9ed9c00fe17143931b8d511be873c0baa2bd00ce8e9b22400246f399356d4c236e556d21071d3f7549821f6d6d4283f3ed6239164cd6952be75d85e9bff09a2ea022f1a1d6c3b37ae312f531ff46e8bb176ad9640fa59fee13e908d6461db4f05d297804d81c5ed91ab876d13820c6e796c75ef0f40b9906a72cd5d016583af65d8fb40c946ed8f8aa4a9f591044bd74619665489a5c6bbcb02a1589db5bbfaf67b390c142db2325ad312dca8b74b89e261c1d85ef36f06ff529b184c739fee45f5d45ae7de96391833a11130b8ede2bed919ca43b0bdeecc2fd24e6d8403132b17abe1a6c1812fc710f8a6f4bf70cf215acf8b1d6c18ea9db2a04420123a091964453a5ddd62790952b67fbee899d87085794f3e3ddb05e81bb6d750883a87162207ec761907e7102e48168bc5052b2791eb5810db0fc41a3afc4b87ea9f693fbac5b4b44842a6f9f452d15d2575dd59aa80d48add4bbfc87d1e3137c4efcaf003ea6df6c641df6e0b87d4b8b99c4bbc69157d7869f90d967778b7ded76af0cc7a8cf3da87f704f9d3d009baf9d4d2dd3c0e291a52d13bc0b37d9542312d816809e55c9f2a82c453bdbbba49ad2671fbd6e70d19dd6f3e724041ae8649413714ef199f36921ceacb2a547c4102fc53be30697961d42970baf37a1c98c26dd22975a836f9eb8fe9920016e93bd0c6284ec4bf885ab6e883e89afd77052a6801be51c3921ae7097fa9135d6852ae1fbff16969f7091953f0caa0328234ccef8a7a1ba06032466aeceff70b282dc986cb151fcff7f52b12f26a0adc46f0b4396f17b94994df634c68b5717cab841a229409ef0a438deba1bd50e39ab1d14fa46fcaf5aa7feb9f177d789d8fdcb973cf9af6c110d256a8eb4103dd451a2a8c7cd230133c25ee4b604ea5b86e4f8b0716a8c7ef0cf1c043d9b57ad1316c08c49bbed40d562b965689806cf0069d8ab1bddff8169f2557f9286303e34b201c25fd2c449357358fdfcb00e9f9ad543192b8bba489de28e0f023865c998755e1c5b2622bb97133c04f63b31563e80b20e49ab3ec8fc932dbbfa75bec3359b39ff7cbbca387d0d3b50ce84356fa77a52f51b34a628029228589ed09d2442ca9dbf29c65b5c5c451d69f536b246cb2623b21aead6394e5e311ef35371bc24578ac31ddb1e3c10175b9775ada0262b0d10660845bc9e7456601f74de91a55b69cbebe233cf84e2a6721f064ab0f0763599a6b2715f54445e9bcc7a400982e74e065f3fbe6bdfdad86ec5e8ffc6f4bf3d0e030b8a3631c6b4d01fd107b88a203f6392b7056638da4c03a03e9d2a9cca38e927ea1f56855e1e108e21552fe8b223e617a7cade3e28395ec98d8966f8ab703d9b871b9965910cf9e88ed617862b08c2c9b838436307db9afd7f51c5a2da2424eb597909e3ae38b86918a246693f92b3d4e6602bcd1ec695d5e84fa19a8eea261c568c6928b95eab1244a5b8498a9fdef7189c8397b2060b5a274b93426c06eacd8465b961f3f2525ff100d5f9f894a25a9f4d8220ccadfcfa1d9c73831ab8149725a2b76a2495b2ba2fa4274ffd9b6fb6e6142ac8d795f4e0a77f7fd77be084bde7e15a56246338174e02f4b428a972589f6a23096a4772f27b394f7a356a2aaebbe11058cf4a3b1fe50fa064c92e3851a9fd05dacb04ab04d66c5ed044e88115cbf7a456dd132abdbc03ab6447e75de36ee6cea13d4cd9100020067dbb23114726ff3b5da3ed7d9dc74b4a5e290568aa1ccd27eff1afed6931ae7b13c9342444b7442223dfc888d6fee8b9aab06ea746b9df46579e11011f7146d3083ddfa2e5e195cf6436285c187dd64c80ac85ef2ac59eac024ca7c25345431edda90a72c2d5218a40051d929d152bc7ca2335e3a72150752ff7488b3267148aaaa2fbf5ce067ec3fa69f76fd00000008000300f8ffffff08000300010000000800030044000000041001003c2a2199fbe74334da6ab31cd3d4e0059bfda4c6b9d4365a371679b667655fcf563d1c03d3879da2d20701ae1a0bd8525cb71d9844097669b7a213b141fe37801ba3a10c463598b8c96fd4f2221087cf42199d19e1054ce3b030fc91942520f8bc646ecccead17d16f1d7aa139ced449286885861249f9eebe381f7ffd2b7a5f351dddea670498a8d818035c41e65b363c921a2c29a8dfddc17fd66e5bf762108237ab92fd59a812409df1e3dc3b1c31129468a2c3391888066ab95eadb7de9e9605be1976142c635ecfd153d846f683fef5feca58caeed8acf892d891ffad1ab96a74e7f895c219b154569c042370166de9354710e1dbc28847312724b26f69eae6ea94799177f240e23766a15cf54770fd98cd714143d9531a8fd81be3e13fa42448ca6fadac596601f54857402c970002be65762db213441b622d50144e4d52366e1907a54c23f6300161bcb9f535f8d9aceceac54a3e1a0fa256660340d311ccb1c2a2d7a87c7955a72cb848b9179b130718b78dbf1d5d64c02b9f8ac8da95ba4b0aa1b119579a6e82cfcd63f0676483a5ee47277fde15a94aaf380121127bba08f8631715c9f0964c578ebb84529dea125dc412cb1705f67830bbb61790e6b876f8f84edbe55b856ad45d834af8864741525cbb5fa0a6800dcedc65b5e40e99a005b4cc368ccd117274e9a3f7c287eaed51e227f3db75a898b921c6ab4d7a36f4fda5028e35ac496cfca349e6c49bd7c17b3ca6bfc90ae4e3883fca2d4703ed9fcc2cabb358e1a5190461cf0952884fce7789cb8e1446a6a894be5406282ae64d367aa52b655bba1bca4236658b39f73f76c8c0690ff9a730ea9dd003325f1972a7d42ef925a8cd2b752a4708dcd1b6926b97d932df92f30b0e9117171054b816db9f552f91245f12da3777dd2592b3539014171ad0f9ae20c4cd04e40b0a0590ec23dfdf484dea9b6dbfc0d1632c18d4eafeaffbc5faec27e17cafb341b70bb6e10bdbe43b358097b1fe8fff40f86b3f8842f23c991d7a0567ffd8e380156332a957f56337b9a9dd4eb5389cf17729c5caad94a9f80ba380ce6b4bb37af9337debaa8a393479668b74f43ef8bee1e2d9b836be8b94a065a719b481e87cc95af1388f690a1d98dc38bbce354d2c3d02b7f8961b845f50747eab040eeac3bdfc36c70d4ce43f689c42adb82e6b74115f2d5d175668b4ac8de13f7db1a05071248cb90740b2a9f2310dd1479218742ff8e7e4e817084c3f37a647590b86ad0119810118433298e1873c634fbeaf1812131e8d09526874ad878d63ef85c52f5b00cd5b35603a1101fa0fdd7dc339dce4b6f27bb26e1dfa57f04002700093e330dddb76c2a62b751ba119df2a36c64f54be246e6fcaf842a0f5ab363bc76a95fb4476e03a5b49d708a04ad2cbef3f4704bb5279d1d6d379e104581550d74a17ac802128e2c25e998e58fa0f89f09e51640b9141fd76a13f2af197462a0ccede7758dbd20611a3e6190a39059dfe796ec30bac4ef3ef0ab09ea6aa1520841a5cc6dd076cc4cda75171c2e8674ffbd072adaa4d18ef01285ae800566474647ce5aa065cd360a68b15fd1889858863763c27339fc860c609bc8ed5b94d9c74da1c61cfc413909c70e9f2593c0716635e0efcd0910acda657793e891cfbb855e6d9ff6049993334b7c32fc852cf995511fe269b76961b9f6f34b832e5acad80f699f6575ec7a9ab93c5c782666a4979dc649ac248724ff486be6827b0aaf742461b076b9ac3c39f5c1da1b2d0e3ae18ecfc484ed48af8552c4385296518d7b0fa4a4d94a77658b01e20637d7118d5223a772f806a20d8dd885886b53a77be3d31555d1bed9c1ce1b2d6bfc1a295d62a4dc749b6e11dc542aac1611e7238dd807f8fd2f6b504435626c35a7bf5604dbc7592858ba7b5016dc5b3f5f19053b30275c9a52a96f8a32935a1c073754ba26c225ec884be9291ec3a2b7aa5313d0671e04096196b2f316ae4a299c6918883eaa1171e19c75b2f14fbc05d7104401500271c0b33979e56b2e6c0168137d42a23c9f8382dbe61ef9be963501107cf8039a58223b2547ed6cd496166c6032c3fc5f42591de3b46dfb2f8d2fc6ec9bf76d026dd7e1bc461b6828c6745a48b0069a75a592e26f8a3152c130aa52e16bf69734847fd15a90aea33662e3e9506e3dc118cde003f1059e475aa7510a47fe21869056a540bf72cc60452a4faa09564ad858c861481895c67152352cc6bf8de5c40bf480cbf971b790f1ab362abf13e271dc7834a256f86da17cf08c8b291453798d32212a7b489785f07530cef011a435154d9d5366c946e4468609257ba9f58714a9ab6a456c4a435d35436b4abcf3c80dfa34b43675e1e"], 0x2954}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) flistxattr(r0, &(0x7f0000002cc0)=""/4096, 0x1000) [ 401.194688][ T6126] loop1: p3 start 225 is beyond EOD, truncated [ 401.200964][ T6126] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:00 executing program 2: futex(&(0x7f0000000740), 0x1, 0x0, &(0x7f0000000780)={0x0, 0x989680}, 0x0, 0x0) 14:20:00 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10125ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:00 executing program 3: getresgid(&(0x7f00000000c0), &(0x7f00000001c0), &(0x7f0000000200)) 14:20:00 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:00 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, 0x1, 0x1, 0x201, 0x0, 0x0, {0x2, 0x0, 0x1}}, 0x14}}, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) 14:20:00 executing program 2: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, r1) 14:20:00 executing program 3: recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x166211c2a85f009b, 0x0, 0x0) 14:20:00 executing program 0: shmctl$IPC_RMID(0x0, 0x0) shmat(0x0, &(0x7f0000ffd000/0x3000)=nil, 0x0) 14:20:00 executing program 4: add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f00000000c0)={'fscrypt:', @auto=[0x30, 0x0, 0x0, 0x61, 0x35, 0x0, 0x0, 0x66, 0x38]}, &(0x7f0000000100)={0x0, "dcdbb27bb9540e34c4adf7891b80f9afb197e2c007f593f763fe793da53d3f27821397df3a068b1f4714f8ab1cdbcb7c6a0b68e17c27647b87108431570f39ca"}, 0x48, 0xfffffffffffffffb) 14:20:00 executing program 3: syz_open_procfs$namespace(0x0, &(0x7f0000001740)='ns/mnt\x00') 14:20:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, &(0x7f0000006200)={0x0, 0x989680}) [ 401.988604][ T6193] loop1: detected capacity change from 0 to 1 14:20:00 executing program 0: add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, r0) 14:20:00 executing program 2: shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000100)=""/159) [ 402.061409][ T6193] loop1: p1 p2 p3 p4 [ 402.065662][ T6193] loop1: p1 start 620872132 is beyond EOD, truncated [ 402.072471][ T6193] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 402.086264][ T6193] loop1: p3 start 225 is beyond EOD, truncated [ 402.092504][ T6193] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:00 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10126ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:00 executing program 4: r0 = openat$null(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) accept4(r0, 0x0, 0x0, 0x0) [ 402.180571][ T6239] loop1: detected capacity change from 0 to 1 [ 402.219941][ T1232] loop1: p1 p2 p3 p4 [ 402.224266][ T1232] loop1: p1 start 637649348 is beyond EOD, truncated [ 402.231370][ T1232] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 402.239017][ T1232] loop1: p3 start 225 is beyond EOD, truncated [ 402.245368][ T1232] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 402.253780][ T6239] loop1: p1 p2 p3 p4 [ 402.257943][ T6239] loop1: p1 start 637649348 is beyond EOD, truncated [ 402.264779][ T6239] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 402.272366][ T6239] loop1: p3 start 225 is beyond EOD, truncated [ 402.278521][ T6239] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:01 executing program 3: openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/class/power_supply', 0x460401, 0x0) 14:20:01 executing program 0: accept(0xffffffffffffffff, 0xfffffffffffffffc, 0x0) 14:20:01 executing program 2: shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000100)=""/159) 14:20:01 executing program 4: pipe2(&(0x7f00000041c0)={0xffffffffffffffff}, 0x0) ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, 0x0) 14:20:01 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:01 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c1012eff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:01 executing program 3: readlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0) 14:20:01 executing program 0: pipe(&(0x7f00000032c0)) [ 402.808507][ T6264] loop1: detected capacity change from 0 to 1 14:20:01 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) signalfd4(r0, 0x0, 0x0, 0x0) 14:20:01 executing program 2: shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000100)=""/159) 14:20:01 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) 14:20:01 executing program 0: openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/class/power_supply', 0x0, 0x0) 14:20:01 executing program 3: r0 = openat$null(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, 0x0, 0x0) [ 402.860900][ T6264] loop1: p1 p2 p3 p4 [ 402.865066][ T6264] loop1: p1 start 771867076 is beyond EOD, truncated [ 402.871819][ T6264] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 402.884407][ T6264] loop1: p3 start 225 is beyond EOD, truncated [ 402.890651][ T6264] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:01 executing program 2: shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000100)=""/159) 14:20:01 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10148ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:01 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, 0x0) [ 403.031393][ T6318] loop1: detected capacity change from 0 to 1 [ 403.069922][ T6318] loop1: p1 p2 p3 p4 [ 403.074124][ T6318] loop1: p1 start 1208074692 is beyond EOD, truncated [ 403.080929][ T6318] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 403.088476][ T6318] loop1: p3 start 225 is beyond EOD, truncated [ 403.094871][ T6318] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:04 executing program 2: pipe(&(0x7f00000032c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, 0x0) 14:20:04 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r0, 0x8400941f, &(0x7f0000000180)) 14:20:04 executing program 0: signalfd4(0xffffffffffffffff, &(0x7f0000000540), 0x8, 0x800) 14:20:04 executing program 3: r0 = open(&(0x7f0000000100)='./file1\x00', 0x0, 0x0) ftruncate(r0, 0x2210004) r1 = epoll_create(0xabcb) sendfile(r1, r0, 0x0, 0xf10000) truncate(&(0x7f0000000040)='./file1\x00', 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) lstat(&(0x7f0000000080)='.\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgid(r2) open(&(0x7f0000000180)='./file1\x00', 0x4468c0, 0x9) 14:20:04 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:04 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c1014cff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:04 executing program 0: r0 = socket$unix(0x1, 0x1, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) 14:20:04 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0) 14:20:04 executing program 4: inotify_add_watch(0xffffffffffffffff, 0x0, 0x4200050c) 14:20:04 executing program 3: r0 = signalfd(0xffffffffffffffff, &(0x7f00000011c0), 0x8) r1 = dup2(r0, r0) inotify_add_watch(r1, 0x0, 0x0) [ 405.885919][ T6345] loop1: detected capacity change from 0 to 1 14:20:04 executing program 0: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "ac4d3ffad6c3ee8c7279c71b7f4c0946d47b4ccf2ea829900063622e67b55d736d18cb621990a73ae798e638d05821b46123ea88501a75c070e494149f44d5da"}, 0x48, 0xfffffffffffffffc) keyctl$clear(0x7, r0) 14:20:04 executing program 2: r0 = signalfd(0xffffffffffffffff, &(0x7f00000011c0), 0x8) r1 = dup2(r0, r0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, 0x0) 14:20:04 executing program 4: r0 = signalfd(0xffffffffffffffff, &(0x7f00000011c0), 0x8) getsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0) 14:20:04 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) dup2(r0, r0) 14:20:04 executing program 0: mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) [ 405.942352][ T6345] loop1: p1 p2 p3 p4 [ 405.946556][ T6345] loop1: p1 start 1275183556 is beyond EOD, truncated [ 405.953470][ T6345] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 405.969059][ T6345] loop1: p3 start 225 is beyond EOD, truncated [ 405.975274][ T6345] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:04 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @dev}, 0x10) 14:20:07 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10160ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:07 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0xb, 0x0, &(0x7f00000002c0)) 14:20:07 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @private}, 0x10) 14:20:07 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f0000000080), &(0x7f00000001c0)=0x4) 14:20:07 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:07 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x8, 0x0, &(0x7f00000001c0)) 14:20:07 executing program 0: recvmsg(0xffffffffffffffff, &(0x7f00000019c0)={0x0, 0x0, &(0x7f00000002c0), 0x100000000000030c}, 0x0) 14:20:07 executing program 2: open(&(0x7f0000000000)='./file0\x00', 0x200, 0x0) truncate(&(0x7f0000000140)='./file0\x00', 0x0) 14:20:07 executing program 3: mlock(&(0x7f0000ffa000/0x5000)=nil, 0x5000) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) 14:20:07 executing program 0: r0 = socket$inet(0x2, 0x3, 0x0) setsockopt$sock_cred(r0, 0xffff, 0x1022, 0x0, 0x0) [ 408.894624][ T6409] loop1: detected capacity change from 0 to 1 14:20:07 executing program 0: r0 = socket$inet6(0x18, 0x3, 0x0) getsockopt$sock_timeval(r0, 0xffff, 0x0, 0x0, 0x0) 14:20:07 executing program 3: mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0) munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) 14:20:07 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10166ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:07 executing program 2: mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0) munmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000) [ 408.948918][ T6409] loop1: p1 p2 p3 p4 [ 408.953218][ T6409] loop1: p1 start 1610727876 is beyond EOD, truncated [ 408.959999][ T6409] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 408.975555][ T6409] loop1: p3 start 225 is beyond EOD, truncated [ 408.981788][ T6409] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 409.043695][ T6450] loop1: detected capacity change from 0 to 1 [ 409.092851][ T6450] loop1: p1 p2 p3 p4 [ 409.096939][ T6450] loop1: p1 start 1711391172 is beyond EOD, truncated [ 409.103749][ T6450] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 409.111560][ T6450] loop1: p3 start 225 is beyond EOD, truncated [ 409.117709][ T6450] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:08 executing program 4: r0 = socket$inet6(0x18, 0x2, 0x0) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0x66, 0x0, 0x0) 14:20:08 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) poll(&(0x7f0000000000)=[{r0, 0x84}], 0x1, 0x0) 14:20:10 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:10 executing program 3: r0 = socket$inet6(0x18, 0x8003, 0x0) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[], 0xa) 14:20:10 executing program 2: pipe(&(0x7f0000001480)={0xffffffffffffffff}) writev(r0, &(0x7f0000001840)=[{&(0x7f00000014c0)='r', 0x1}], 0x1) 14:20:10 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10168ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:10 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="080100000000000001"], 0x1e8}, 0x0) 14:20:10 executing program 4: open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) munmap(&(0x7f0000003000/0x1000)=nil, 0x1000) 14:20:10 executing program 4: mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) munlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000) 14:20:10 executing program 2: mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) munlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000) 14:20:10 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) r1 = dup(r0) shutdown(r1, 0x2) 14:20:10 executing program 3: r0 = socket$inet(0x2, 0x3, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) dup2(r1, r0) 14:20:10 executing program 4: r0 = socket$inet(0x2, 0x3, 0x0) getsockopt(r0, 0x8, 0x0, 0x0, 0x0) [ 411.913763][ T6480] loop1: detected capacity change from 0 to 1 14:20:10 executing program 0: r0 = socket$inet(0x2, 0x3, 0x0) setsockopt$sock_int(r0, 0xffff, 0x8, 0x0, 0x0) [ 411.980695][ T6480] loop1: p1 p2 p3 p4 [ 411.984770][ T6480] loop1: p1 start 1744945604 is beyond EOD, truncated [ 411.991612][ T6480] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 412.018074][ T6480] loop1: p3 start 225 is beyond EOD, truncated [ 412.024319][ T6480] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:13 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:13 executing program 2: r0 = socket$inet6(0x18, 0x3, 0x0) bind(r0, &(0x7f0000000800)=@in6={0x18, 0x2}, 0xc) 14:20:13 executing program 4: r0 = syz_open_pts(0xffffffffffffffff, 0x0) poll(&(0x7f000001b780)=[{r0, 0x9}], 0x1, 0x0) 14:20:13 executing program 3: r0 = syz_open_pts(0xffffffffffffffff, 0x0) poll(&(0x7f000001b780)=[{r0}], 0x1, 0x0) 14:20:13 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c1016cff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:13 executing program 0: writev(0xffffffffffffffff, &(0x7f0000001240), 0x1000018c) 14:20:13 executing program 4: r0 = socket$inet(0x2, 0x3, 0x0) setsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f0000000080)='t', 0x1) 14:20:13 executing program 0: r0 = socket$inet(0x2, 0x3, 0x0) setsockopt$sock_int(r0, 0xffff, 0x1021, &(0x7f0000000000), 0x4) 14:20:13 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000180)="195b1252ae345f840f2f3533dafaaf25642ccaa903ddd188ad2a42b1c7523396345ad52b54c9e83b7571442c6aacb1c4ae51391450e670978f25b05462c173ea4a7879abcab21aa57fefc2da43fba5e576b46355de52950e82efbb7fe13a4ebda26118e04e250ec07259c38f9f9deb7b3703e7233ab395e57ca31bfcd6fbba7299968f377d3dfe04ff87b52a19560819ab", 0x91}], 0x1, &(0x7f0000000bc0)=ANY=[@ANYBLOB="080100000000000001"], 0x1e8}, 0x0) 14:20:13 executing program 2: poll(0x0, 0x0, 0x1fc) 14:20:13 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) fcntl$lock(r0, 0xf, 0x0) 14:20:13 executing program 4: r0 = socket$unix(0x1, 0x2, 0x0) r1 = dup(r0) setsockopt$sock_int(r1, 0xffff, 0x1002, &(0x7f00000000c0), 0x4) [ 415.000357][ T6560] loop1: detected capacity change from 0 to 1 [ 415.080226][ T6560] loop1: p1 p2 p3 p4 [ 415.085207][ T6560] loop1: p1 start 1812054468 is beyond EOD, truncated [ 415.092014][ T6560] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 415.105068][ T6560] loop1: p3 start 225 is beyond EOD, truncated [ 415.111460][ T6560] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:16 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:16 executing program 0: r0 = socket$inet(0x2, 0x3, 0x0) setsockopt$sock_int(r0, 0xffff, 0x200, 0x0, 0x0) 14:20:16 executing program 3: mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0) 14:20:16 executing program 4: r0 = socket$inet(0x2, 0x3, 0x0) connect(r0, &(0x7f0000000140)=@in6={0x18, 0x3}, 0xc) 14:20:16 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10174ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:16 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) sendto(r0, 0x0, 0x0, 0x8, 0x0, 0x0) 14:20:16 executing program 3: shmat(0xffffffffffffffff, &(0x7f0000ffd000/0x2000)=nil, 0x0) r0 = shmget(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(r0, &(0x7f0000ff6000/0xa000)=nil, 0x0) 14:20:16 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) listen(r0, 0x0) [ 417.993274][ T6616] loop1: detected capacity change from 0 to 1 [ 418.031611][ T6616] loop1: p1 p2 p3 p4 [ 418.036138][ T6616] loop1: p1 start 1946272196 is beyond EOD, truncated 14:20:16 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000180)="195b1252ae345f840f2f3533dafaaf25642ccaa903ddd188ad2a42b1c7523396345ad52b54c9e83b7571442c6aacb1c4ae51391450e670978f25b05462c173ea4a7879abcab21aa57fefc2da43fba5e576b46355de52950e82efbb7fe13a4ebda26118e04e250ec07259c38f9f9deb7b3703e7233ab395e57ca31bfcd6fbba7299968f377d3dfe04ff87b52a19560819ab", 0x91}], 0x1, 0x0, 0x1e8}, 0x0) 14:20:16 executing program 3: syz_open_pts(0xffffffffffffffff, 0x0) 14:20:16 executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) clock_gettime(0x2, &(0x7f0000000080)) 14:20:16 executing program 3: munmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000) madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0) [ 418.043046][ T6616] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 418.060849][ T6616] loop1: p3 start 225 is beyond EOD, truncated [ 418.067098][ T6616] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:19 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:19 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c1017aff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:19 executing program 4: mprotect(&(0x7f00005c0000/0x2000)=nil, 0x2000, 0x31175e97aefcd0a) 14:20:19 executing program 2: mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0) mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) 14:20:19 executing program 0: mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0) mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) 14:20:19 executing program 3: munmap(&(0x7f0000ff9000/0x2000)=nil, 0x2000) madvise(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0) 14:20:19 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x0) 14:20:19 executing program 4: utimensat(0xffffffffffffff9c, 0x0, &(0x7f0000000040)={{}, {0x0, 0xffffffffffffffff}}, 0x0) 14:20:19 executing program 0: mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0) 14:20:19 executing program 3: utimensat(0xffffffffffffffff, &(0x7f00000026c0)='./file0\x00', 0x0, 0x0) 14:20:19 executing program 2: madvise(&(0x7f0000ff6000/0x2000)=nil, 0x2000, 0x1ab67047fb71cb97) 14:20:19 executing program 2: r0 = open$dir(&(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) [ 421.026768][ T6674] loop1: detected capacity change from 0 to 1 14:20:19 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:19 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff09ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:19 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_GETSTATE(r0, 0x5421, 0x0) 14:20:19 executing program 0: mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mprotect(&(0x7f0000f45000/0x3000)=nil, 0x3000, 0x0) 14:20:19 executing program 4: r0 = socket$unix(0x1, 0x2, 0x0) sendmsg$unix(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x0) 14:20:19 executing program 2: r0 = shmget(0x3, 0x2000, 0x0, &(0x7f0000ffb000/0x2000)=nil) shmctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/125) 14:20:19 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:19 executing program 3: mprotect(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4) [ 421.124582][ T6674] loop1: p1 p2 p3 p4 [ 421.128658][ T6674] loop1: p1 start 2046935492 is beyond EOD, truncated [ 421.135865][ T6674] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 421.143836][ T6674] loop1: p3 start 225 is beyond EOD, truncated [ 421.150126][ T6674] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:19 executing program 2: pipe(&(0x7f0000000600)={0xffffffffffffffff}) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) 14:20:19 executing program 4: semop(0x0, &(0x7f0000000000)=[{0x4, 0x6, 0x1000}], 0x1) semget(0x2, 0x3, 0x8) r0 = semget$private(0x0, 0x4, 0x190) semctl$SETVAL(r0, 0x5, 0x8, &(0x7f0000000040)=0x2) r1 = semget(0x3, 0x0, 0x29) semctl$SETALL(r1, 0x0, 0x9, &(0x7f0000000080)=[0x6, 0x9b, 0x7f, 0xcd, 0x4, 0x1f, 0x1, 0x5]) r2 = semget(0x3, 0x1, 0x10) semctl$SETALL(r2, 0x0, 0x9, &(0x7f00000000c0)=[0x401, 0x3]) r3 = semget$private(0x0, 0x0, 0x691) semctl$IPC_RMID(r3, 0x0, 0x0) semctl$SETVAL(r0, 0x3, 0x8, &(0x7f0000000100)=0x7) socketpair(0x2, 0x3, 0x1f, &(0x7f0000000540)) 14:20:19 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:19 executing program 0: getresgid(&(0x7f0000001440), &(0x7f0000001480), 0x0) 14:20:19 executing program 3: openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x40bc3, 0x0) [ 421.254294][ T6728] loop1: detected capacity change from 0 to 1 14:20:20 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x60}]}) 14:20:20 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff0aac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:20 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000500)=0x5) 14:20:20 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000540)={&(0x7f0000000000), 0xc, &(0x7f0000000500)={0x0}}, 0x0) 14:20:20 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x9, &(0x7f0000000180), 0x4) 14:20:20 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) recvfrom(r0, 0x0, 0xfffffd5a, 0x40, 0x0, 0xfffffe2a) [ 421.300684][ T6728] loop1: p1 p2 p3 p4 [ 421.305185][ T6728] loop1: p1 start 115140 is beyond EOD, truncated [ 421.311815][ T6728] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 421.319736][ T6728] loop1: p3 start 225 is beyond EOD, truncated [ 421.326315][ T6728] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:20 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) recvfrom(r0, 0x0, 0x0, 0x40000062, 0x0, 0x0) 14:20:20 executing program 0: mlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) munlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) mlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000) munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) 14:20:20 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0xa4}, {0x6}]}) [ 421.396725][ T6763] loop1: detected capacity change from 0 to 1 [ 421.415072][ T25] audit: type=1326 audit(1622470820.106:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=6768 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x0 [ 421.455355][ T6763] loop1: p1 p2 p3 p4 [ 421.462527][ T6763] loop1: p1 start 115140 is beyond EOD, truncated [ 421.469123][ T6763] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 421.478142][ T6763] loop1: p3 start 225 is beyond EOD, truncated [ 421.484376][ T6763] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:20 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:20 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) write(r0, &(0x7f0000000000)="8ee20db312bf1809f9533baf66aa2f34", 0x10) 14:20:20 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) write(r0, &(0x7f0000000000)="8ee20db312bf1809f9533baf66aa2f34", 0x20000010) 14:20:20 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x894c, 0x0) 14:20:20 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:20 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff25ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:20 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@getae={0x88, 0x1f, 0x39, 0x0, 0x0, {{@in6=@local, 0x0, 0xa}, @in=@private}, [@algo_comp={0x48, 0x3, {{'lzjh\x00'}}}]}, 0x88}}, 0x0) 14:20:20 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) write(r0, 0x0, 0x0) 14:20:20 executing program 4: clone3(&(0x7f00000022c0)={0x100108100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 14:20:20 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@getae={0x88, 0x1f, 0x39, 0x0, 0x0, {{@in6=@local}, @in=@private}, [@algo_comp={0x48, 0x3, {{'lzjh\x00'}}}]}, 0x88}}, 0x0) 14:20:20 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x17, &(0x7f0000001ac0), 0x4) [ 422.112740][ T6791] loop1: detected capacity change from 0 to 1 14:20:20 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0xa, 0x0, 0x0, @mcast1}}, 0x5c) [ 422.184295][ T6791] loop1: p1 p2 p3 p4 [ 422.193240][ T6791] loop1: p1 start 115140 is beyond EOD, truncated [ 422.199953][ T6791] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 422.232736][ T6791] loop1: p3 start 225 is beyond EOD, truncated [ 422.238947][ T6791] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:21 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:21 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002300)={0xec4, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_PMSR_ATTR_PEERS={0x500, 0x5, 0x0, 0x1, [{0x21c, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_REQ={0x19c, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0x88, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x110, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}]}, @NL80211_PMSR_TYPE_FTM={0x48, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x34, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}]}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x10, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}]}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}, @NL80211_PMSR_PEER_ATTR_CHAN={0x3c, 0x2, 0x0, 0x1, [@NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0xc, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa}]}, {0x2d0, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_REQ={0xc4, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0x3c, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x54, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5, 0x7, 0x7}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x10, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x2c, 0x2, 0x0, 0x1, [@NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random}, @NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x190, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0xf0, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x38, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5, 0x3, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x34, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x40, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x98, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x40, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}]}, @NL80211_PMSR_TYPE_FTM={0x40, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x3c, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x34, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}]}]}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @broadcast}]}]}, @NL80211_PMSR_ATTR_PEERS={0x930, 0x5, 0x0, 0x1, [{0x19c, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_REQ={0x170, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0xe8, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}]}, @NL80211_PMSR_TYPE_FTM={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x4}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x34, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}]}]}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x1c, 0x2, 0x0, 0x1, [@NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8}]}, @NL80211_PMSR_PEER_ATTR_REQ={0xc, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}]}, {0x41c, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_REQ={0xd0, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0xc0, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0xf}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6, 0x4, 0x800}]}, @NL80211_PMSR_TYPE_FTM={0x3c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5, 0x5, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x158, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x74, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x44, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x74, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}]}, @NL80211_PMSR_TYPE_FTM={0x3c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x1c, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x23}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0x2c, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}, @NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x8, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa}, @NL80211_PMSR_PEER_ATTR_REQ={0x194, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0x5c, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x18, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x28, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0xc4, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x44, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x40, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5, 0x6, 0x1d}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x1}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x64, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}]}, @NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x24, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}]}]}]}]}, {0x4}, {0x168, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_REQ={0x164, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_DATA={0x148, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}]}, @NL80211_PMSR_TYPE_FTM={0x38, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x34, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x48, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8, 0x2, 0x3}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x34, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}]}, @NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x20, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}]}, {0x30, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_CHAN={0x2c, 0x2, 0x0, 0x1, [@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8}]}]}, {0x1d8, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xa, 0x1, @device_b}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa}, @NL80211_PMSR_PEER_ATTR_REQ={0x1bc, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0xec, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x3c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x1c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x70, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x40, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}]}, @NL80211_PMSR_TYPE_FTM={0x2c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE={0x8}]}]}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x54, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x30, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD={0x6}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION={0x5}]}]}]}]}]}, @NL80211_PMSR_ATTR_PEERS={0x78, 0x5, 0x0, 0x1, [{0x74, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_REQ={0x8, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}]}, @NL80211_PMSR_PEER_ATTR_CHAN={0xc, 0x2, 0x0, 0x1, [@NL80211_ATTR_CHANNEL_WIDTH={0x8}]}, @NL80211_PMSR_PEER_ATTR_REQ={0x5c, 0x3, 0x0, 0x1, [@NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_GET_AP_TSF={0x4}, @NL80211_PMSR_REQ_ATTR_DATA={0x40, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_ASAP={0x4}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x14, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP={0x5}]}, @NL80211_PMSR_TYPE_FTM={0x8, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI={0x4}]}, @NL80211_PMSR_TYPE_FTM={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST={0x5}, @NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED={0x4}]}]}, @NL80211_PMSR_REQ_ATTR_DATA={0x10, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES={0x5}]}]}]}]}]}]}, 0xec4}}, 0x0) 14:20:21 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) recvfrom(r0, 0x0, 0x3c00, 0x0, 0x0, 0xa) 14:20:21 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r1, 0x20d}, 0x14}}, 0x0) 14:20:21 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0280ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:21 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000000), 0x4) 14:20:21 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:21 executing program 4: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000001140)={0xa, 0x4e1f}, 0x1c) 14:20:21 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0xc8, &(0x7f00000007c0), 0x4) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0xa, 0x0, 0x0, @mcast1}}, 0x5c) [ 422.994503][ T6849] loop1: detected capacity change from 0 to 1 14:20:21 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) recvfrom(r0, 0x0, 0x0, 0x221, 0x0, 0x0) 14:20:21 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff}) sendmsg$sock(r0, &(0x7f0000000080)={&(0x7f0000000600)=@ipx={0x4, 0x0, 0x0, "94fd5cae949b"}, 0x80, 0x0, 0x0, 0x0, 0x700}, 0x0) 14:20:21 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0380ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 423.038263][ T6849] loop1: p1 p2 p3 p4 [ 423.042949][ T6849] loop1: p1 start 115140 is beyond EOD, truncated [ 423.049399][ T6849] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 423.064212][ T6849] loop1: p3 start 225 is beyond EOD, truncated [ 423.070455][ T6849] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 423.136322][ T6888] loop1: detected capacity change from 0 to 1 [ 423.194088][ T6888] loop1: p1 p2 p3 p4 [ 423.198436][ T6888] loop1: p1 start 115140 is beyond EOD, truncated [ 423.205192][ T6888] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 423.212911][ T6888] loop1: p3 start 225 is beyond EOD, truncated [ 423.219091][ T6888] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:22 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:22 executing program 0: socketpair(0x2b, 0x0, 0x1, &(0x7f0000000140)) 14:20:22 executing program 4: socketpair(0x2b, 0x1, 0x0, &(0x7f0000000140)) 14:20:22 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0580ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:22 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xac, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)=')\x00') 14:20:22 executing program 3: perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xad, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 14:20:22 executing program 4: syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/time_for_children\x00') 14:20:22 executing program 2: perf_event_open(&(0x7f00000000c0)={0x7, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 14:20:22 executing program 0: r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x0) [ 423.879750][ T6915] loop1: detected capacity change from 0 to 1 14:20:22 executing program 2: r0 = perf_event_open(&(0x7f00000000c0)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 14:20:22 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000005c0)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000600)=0xffffffffffffffff, 0x12) [ 423.929900][ T6915] loop1: p1 p2 p3 p4 [ 423.934227][ T6915] loop1: p1 start 115140 is beyond EOD, truncated [ 423.940704][ T6915] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 423.949156][ T6915] loop1: p3 start 225 is beyond EOD, truncated [ 423.955637][ T6915] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:22 executing program 2: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz0\x00', 0x1ff) 14:20:23 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:23 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0680ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:23 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) 14:20:23 executing program 4: syz_open_procfs$namespace(0x0, &(0x7f00000003c0)='ns/cgroup\x00') syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') 14:20:23 executing program 2: socketpair(0x0, 0x0, 0x0, &(0x7f0000002200)) 14:20:23 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=[{0x18, 0x1, 0x1, ':'}], 0x18}, 0x0) 14:20:23 executing program 3: perf_event_open(&(0x7f00000000c0)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 14:20:23 executing program 2: perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xad, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8502, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 14:20:24 executing program 3: openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0) 14:20:24 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000d00), 0x10000, 0x0) 14:20:24 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) 14:20:24 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) r1 = socket(0x400000000000010, 0x802, 0x0) write(r1, &(0x7f00000000c0)="24000000200099f0003be90000ed190e020008160000100000ba1080080002007f196be0", 0x24) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f0000000080), 0x4) [ 425.269965][ T6964] loop1: detected capacity change from 0 to 1 [ 425.343549][ T6964] loop1: p1 p2 p3 p4 [ 425.347992][ T6964] loop1: p1 start 115140 is beyond EOD, truncated [ 425.354685][ T6964] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 425.369503][ T6964] loop1: p3 start 225 is beyond EOD, truncated [ 425.375879][ T6964] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:24 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:24 executing program 3: openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='cgroup.clone_children\x00', 0x2, 0x0) 14:20:24 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:20:24 executing program 0: capset(&(0x7f0000001500)={0x20080522}, &(0x7f0000001540)) 14:20:24 executing program 4: socketpair(0x18, 0x0, 0xff, 0x0) 14:20:24 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0780ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:24 executing program 3: socket$inet6(0x18, 0x10000000, 0x0) 14:20:24 executing program 0: socketpair(0x0, 0x0, 0xff, 0x0) 14:20:24 executing program 4: pipe(&(0x7f0000000300)={0xffffffffffffffff}) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0x68, 0x0, 0x0) 14:20:24 executing program 3: setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0x68, 0x0, 0x0) [ 426.140705][ T7022] loop1: detected capacity change from 0 to 1 14:20:24 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000001a00)={0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000000080)="d93bd8b160bf659bced005f8c55f050ac0c216d51e0ea73f8e870b83c08e9c0db77d374c78e29c06d8590dd5c7b991101d7d18a6cecab79b48d0", 0x3a}, {&(0x7f00000000c0)="e8d320ca61f7fab059e40701aa37d1202f07e3416b919bdb954e9aad11d2ca887a6b48dd3775ed03f77ab37466536053fbbbfc", 0x33}, {&(0x7f0000000100)="7b9cb2ded652960c127e79ba5bf33eacb4875afae57844ca56b45cd08d5e56a023b210ea9f43080bf11c425da4f5f7c8400034597704498abee75cac5773b25370319943054be96a1e68af1b1bd294d3bdd7f58d59a7966d", 0x58}, {&(0x7f0000000180)="7e609f72d5161d5d155c764fa208aebbd18825bc2579b20af7112f0f37fa432e06adcd97cfb44d0b5488d85ea40c701b4634ff6c85f16511209fcc77ebaf9d83477cb6e0ce4131e08460ad49f12954040c031c14095d53bf3c549f51259ad9d1bd23322cedcc31fb1889f8fee86b09505221504b9f1ba9b59480ea81140b90f206cdae2b658b2a52ddd5048f7a4f99595fa181b3296adee9af9c796b9306", 0x9e}, {&(0x7f0000000240)="44e77afee42b1ac653693346a718d7aa62b4d000896af5c1203dd5f52156a45510584d93c78052f9c7183945f2d303f95f34d708a8321e991bbe99a8958c7ab4496f0ada7cf8294b32a603f63b4cba36411237e35844197ebe4648ca2a78716b05173375b2b66defe6597884b6c6b36c22b0ffc427c0e65550be9b98e75347bddc3f905628d6253800", 0x89}, {&(0x7f0000000300)="829cc5cd41b1a47b997c3a87e153a7a47c0e03803afabea8f006488a666677de0a3a164f4a2b8c2f18a1a3a83c392edef236e98e83a9cfe67a58b97c53e36ce96ab8889e9cf92ac8697c06bdfe582587909b3d5ef397b24c12c542dd4145ad4a41fc1a2ddf08", 0x66}, {&(0x7f0000000380)="4b8fedaca50a8840ae9f641f649789477885293e2384ee5394a33241c11fc677c7c7209fad77090d61a9e8c7dfcc76ce54229009f1e56d280929c4207150484420645afb724f0a6622dae63bcac672e33e80b9472c90643010f7c39181e5f8dd7372dcc098fa634a3707b74d246ab3800b22f0d155535a48a432cd5f44c4e8fc0cb152682b23cf38129641cb7851227638aa859959ca8db52ab0ebb3d307d0575d2f9d3d4ab0d24edf491c40f30415ac32bf3fd3cbbec60d2b291e52cecd7c80e693a231fcd4", 0xc6}, {&(0x7f0000000480)="b977efbd00a34c75b7001f8bdb378dad0871b340cf48988450cbab621a672d98be356c33c9df1675d18e955cfc32f7abe2715e5f1da3b123e6e1a9b8315ce7c54397e4c0d6c80ea7d0f09bf59733dc44bba381336df5dd07b4dac88f481fc82551c7656dafebf772df51199e95e2125eb3cb38127fe82084e8a37b8b06f0fd1b0ff6724cd7db7396fe395e8aec9ea4c0817b67eef43050cdee1c32b2bf976a569a3baa0b7fc923f7", 0xa8}, {&(0x7f0000000540)="f4dfa27b22e16a6b1e24f31e75cc432ea64a74b1ecf94325add78b684f06786ba17116a23c0cf676a280f95495d1c64432015f1a2fdef95bbdad84c880a862444040ec1e09168a2e78d75d59c6b07d861b95e93f7e972e3686437f32edd67afcaa808a5b1115db27ee81276333cb08bebb23c38ad46be5b14397f71fbebd51f2bfc99d04f265ffe611ae625b50fdb2e13d017940fa2c1c6c1c080daafaae4c4821963b97fd158ec270efef69b2500c29c9d4896ac6d23f4d501ae74e968408be3579b3d750c4eec090361968fd30dea93f25267e4fbca662eb5f91ad626129e929d548ed1848effff9299d260384aadf68122c4d4424a0dfff783ca9d6f62c40b7a1132c0e89dcfdc9d2f690eb18da73bdfded03250aa9493795f3474106d6351314737edbb019b475f61baccca901ebbaacd7387c2248c03c156338d54e19f2d496327012f36f7a40b68bf73b5c68fb3fa48a2426c064af992b57687cb681d2da76dd8d714cf772fa6e408ce4403ea62079b99df152e0537810f85f0eb964618849d8ed3bc01eb9b914ee544f5cfa9ba291187c4d0fa6f3eb265b941a90d07d9f030ea46a197eea399988f43e9ddf491cb6f5e45074044bc2133c6420b36f98050061377337867f1c99b26c9e622f6ad89ca64b968531228a6f4c8e398cc53aa6711dd160c11a06808e11b593440be21a86bc0d31b02cafd5c13845f7f31fa0769bef7008e7a5d44cf555445eb1bebc88d769397dd5ee4aacb5c969703c3178099f0f4bb7f043bbc820b6772fe481613b04128e8dd222668b5169b1aa06078cd8595197b9f88a37b56c663026f281ccb26c01880b4e9d7bfa0ada833202a25cdae11fac05902b82d38c49cd35c0e4281d4f27c986b571a44a85d68f925dabe017361cf5aae7c983d472658e31d4fd9762e86308cb341bdc673ddd6ffdb1a03bdb8fb02192d83e1eca488021459817ec1288428d3c994f052db8cc75cab89a89c9a61207fa2b9cf3cdea766f3029722bbbc88b36a358e8ca1614b97129ef54ef3476a099b1966c42d0ecca9d8bec6e033c1fb217fe7c2d370e8e380b63df8c2d79561dba23bf729c9fc42beb95031de9740006b5434734f6ee3443ecc8666ff3353cafbafd6c967e80c51dc7994ee6719e2f1e5e085d522e1b5acd19d859ceaa3683f12bd77dd11c8f29786c3654e56f9f05a795bb5ad88aaff2153c275232396dc5981011e74b674df19ac59b0c75605ac8e444b7aeda6318c6d48ad30bf6f83d90cd0379a069e79a6532a3389448658cee6f9917f2a8059838aa3adc4ac7d22d955975fb3baf5c92f23518cb66acdfdf66b4d6e2f687d74922b1fcd7c66bf162ef16b4d9330b4a736d45b0b6095fba038344045ada7f1503c6498528948afb7494b6c6f7c211a2df056908cd248bf7814cf3eea9578958682c81e52d5c690e074ac41c317c6766d1968276a94228a9e46e3b6e2f270b35b0db294c9e059b23ead63879edcac75190a1a0e24ef8d04890dc8745402e8e20edcd5457545f898ce3", 0x441}], 0x9}, 0x0) 14:20:24 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$sock(r0, &(0x7f00000009c0)=[{{&(0x7f0000000000)=@in6={0xa, 0x4e23, 0x0, @loopback}, 0x80, 0x0}}], 0x1, 0x0) [ 426.183815][ T7022] loop1: p1 p2 p3 p4 [ 426.191480][ T7022] loop1: p1 start 115140 is beyond EOD, truncated [ 426.197964][ T7022] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 426.247817][ T7022] loop1: p3 start 225 is beyond EOD, truncated [ 426.254341][ T7022] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:25 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:25 executing program 4: r0 = io_uring_setup(0xc67, &(0x7f00000000c0)) r1 = eventfd2(0x0, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f0000000140)=r1, 0x1) 14:20:26 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:20:26 executing program 0: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x46802) io_setup(0x1, &(0x7f0000000080)=0x0) r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1000f4) r3 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$P9_RREMOVE(r3, &(0x7f0000000280)={0xd4fa3fe959b9ad8}, 0xff7f) r4 = open(&(0x7f000000fffa)='./bus\x00', 0x141002, 0x0) fdatasync(r3) ioctl$EXT4_IOC_MOVE_EXT(r4, 0xc028660f, &(0x7f0000000200)={0x100000, r3}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_submit(r1, 0x45, &(0x7f0000000540)=[&(0x7f00000000c0)={0x2600, 0x400000000000, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 14:20:26 executing program 3: setresuid(0x0, 0xee00, 0xee01) r0 = geteuid() setresuid(0x0, r0, 0x0) setresuid(0xee00, 0xee00, 0xffffffffffffffff) 14:20:26 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0880ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:26 executing program 4: prctl$PR_SET_MM_AUXV(0x66, 0xc, 0x0, 0x0) 14:20:26 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'veth1_to_hsr\x00', &(0x7f0000000080)=@ethtool_sset_info={0x37, 0x0, 0x9}}) 14:20:26 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'veth1_to_hsr\x00', &(0x7f0000000000)=@ethtool_dump={0x4e}}) [ 427.940229][ T7080] loop1: detected capacity change from 0 to 1 14:20:26 executing program 4: select(0x72e01ce75838ac89, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000000200)) 14:20:26 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0x6ca, &(0x7f0000000180)="14d11b5f", 0x4) 14:20:26 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0980ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 427.986375][ T7080] loop1: p1 p2 p3 p4 [ 427.991412][ T7080] loop1: p1 start 115140 is beyond EOD, truncated [ 427.997862][ T7080] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 428.007227][ T7080] loop1: p3 start 225 is beyond EOD, truncated [ 428.013507][ T7080] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 428.081187][ T7118] loop1: detected capacity change from 0 to 1 [ 428.118923][ T7118] loop1: p1 p2 p3 p4 [ 428.123034][ T7118] loop1: p1 start 115140 is beyond EOD, truncated 14:20:26 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:26 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x89b1, &(0x7f0000000100)={'veth1_to_bond\x00', @ifru_hwaddr=@dev}) [ 428.129788][ T7118] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 428.137355][ T7118] loop1: p3 start 225 is beyond EOD, truncated [ 428.143570][ T7118] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:28 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:20:28 executing program 0: select(0x40, &(0x7f0000000140), &(0x7f0000000180), 0x0, &(0x7f0000000200)={0x0, 0x2710}) 14:20:28 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, &(0x7f0000000000)={'raw\x00', 0x4, "fd470dde"}, &(0x7f0000000100)=0x28) 14:20:28 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0a80ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:28 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x2a, &(0x7f0000000000)="9e678d3c1ffb6938dd505bb5c7be1e705ab5bc521582c461dd95771549929701aaf13fc1052c22ba808a102abbf1ab5a66678cb1b85fc7b26db3cfbe4b35057d2c937f77ebbaca34165a58dcd056dcaf0dbe68fcb02af369a3550879fe0c76cd15f6dd66a8d07b5af20af24d8a5260a057fcceee68120c1fdae5d302628dce8627a409b5066f427c", 0x88) 14:20:28 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:28 executing program 4: sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x9) 14:20:28 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x1c, 0x0, 0x1, 0x301, 0x0, 0x0, {}, [@generic="f7", @nested={0x4}]}, 0x1c}}, 0x0) 14:20:28 executing program 4: openat$vcsa(0xffffffffffffff9c, &(0x7f00000004c0), 0x86080, 0x0) [ 429.423794][ T7148] loop1: detected capacity change from 0 to 1 14:20:28 executing program 0: syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000300)=[{&(0x7f0000000000)="8e979d4f56b158", 0x7, 0x8}, {0x0, 0x0, 0x3ff}], 0x0, &(0x7f0000000500)) 14:20:28 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0x8, &(0x7f0000000180)='\x00\x00\x00\x00', 0x4) [ 429.472372][ T7148] loop1: p1 p2 p3 p4 [ 429.476451][ T7148] loop1: p1 start 115140 is beyond EOD, truncated [ 429.482941][ T7148] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 429.497462][ T7176] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 429.498309][ T7148] loop1: p3 start 225 is beyond EOD, truncated [ 429.506776][ T7148] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:28 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0b80ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:28 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:20:28 executing program 0: syz_mount_image$msdos(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=']) 14:20:28 executing program 4: r0 = getpgid(0x0) tgkill(r0, r0, 0x21) 14:20:28 executing program 3: syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='nfs=n']) syz_open_procfs(0x0, &(0x7f0000000040)='fd/4\x00') 14:20:28 executing program 0: setresuid(0x0, 0xee00, 0xee01) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) [ 429.579411][ T7190] loop1: detected capacity change from 0 to 1 [ 429.643662][ T7190] loop1: p1 p2 p3 p4 [ 429.647924][ T7190] loop1: p1 start 115140 is beyond EOD, truncated [ 429.654503][ T7190] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 429.654773][ T7200] FAT-fs (loop3): Unrecognized mount option "nfs=n" or missing value [ 429.662883][ T7190] loop1: p3 start 225 is beyond EOD, truncated [ 429.676261][ T7190] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 429.702254][ T7200] FAT-fs (loop3): Unrecognized mount option "nfs=n" or missing value 14:20:28 executing program 5: mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:28 executing program 4: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) 14:20:28 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x4, 0x31, 0xffffffffffffffff, 0x0) clone(0xdff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) futex(&(0x7f0000000040), 0x89, 0x0, 0x0, 0x0, 0x1) 14:20:28 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0c80ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:28 executing program 3: syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='children\x00') 14:20:28 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0) 14:20:29 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'veth1_to_hsr\x00', &(0x7f0000000000)=@ethtool_dump={0x4c}}) 14:20:29 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0) 14:20:29 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8924, &(0x7f0000000040)={'veth1_to_hsr\x00', 0x0}) 14:20:29 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$AUDIT_GET_FEATURE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x10, 0x3fb, 0x11}, 0x10}}, 0x0) 14:20:29 executing program 3: syz_open_dev$ttys(0xc, 0x2, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) 14:20:29 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0) [ 430.302287][ T7239] loop1: detected capacity change from 0 to 1 [ 430.363212][ T7239] loop1: p1 p2 p3 p4 [ 430.379851][ T7239] loop1: p1 start 115140 is beyond EOD, truncated [ 430.384061][ T7264] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1019 sclass=netlink_route_socket pid=7264 comm=syz-executor.4 [ 430.386362][ T7239] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 430.413779][ T7239] loop1: p3 start 225 is beyond EOD, truncated [ 430.420040][ T7239] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:29 executing program 5: mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:29 executing program 0: mq_unlink(&(0x7f0000000000)='#{(\x00') 14:20:29 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@mcast1}, 0x43) 14:20:29 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(0x0, 0x0, 0x200000000006, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) connect$inet6(r1, &(0x7f0000004540)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='memory.current\x00', 0x0, 0x0) io_setup(0x404, 0x0) sendfile(r0, 0xffffffffffffffff, &(0x7f0000000200)=0x100000001, 0x3) socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000240)={0x8, 'veth1_virt_wifi\x00', {'veth1_to_batadv\x00'}, 0x1bf3}) pipe2(&(0x7f0000000080), 0x0) io_submit(0x0, 0x0, &(0x7f0000000380)) syz_io_uring_setup(0x6d4, 0x0, &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d5000/0x3000)=nil, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0xf60a0, 0x0) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f00000001c0)={0x5, &(0x7f0000000140)=[{0x6, 0x12, 0x7, 0x9}, {0x1f, 0x2, 0x8, 0x9}, {0x0, 0x19, 0x0, 0x9}, {0x9, 0xe, 0x0, 0x4}, {0xb61, 0x0, 0x16, 0x3}]}, 0x10) dup(0xffffffffffffffff) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) dup(r2) sendmmsg(r1, &(0x7f0000004d80)=[{{0x0, 0x2000000, &(0x7f0000001500)=[{&(0x7f0000000040)="d3622fe131479cee20fb607a9585dc0b411519fd3b65066522d73df58b9257b566c6fc626776defc3a2e249c9120cab00220bc31d41e44f96f67971b8ed8a3dc9eb4123a903d58da02dd1eca653150422bc91e9585fb38", 0x57}, {&(0x7f00000011c0)="7cc3be44ec866303c11f9ec49c2fe80d4ccef580f3bf717b5e129f1dc7766fdf864b7bc35924f34bb5fd1dd89172a4b0db90eea51bdfec78bb53e8d41773cba7f1305a8a40b7368445a71ef7870273f1544930baf73a8bfa6ece09d54376b821b65fdf1e0704f1f3c5a823fa67f635159af010053f5b909f8e944c43d6fb1c4fca639b470d3e6ad140d0838958ecf0fc98a780205474fdeb93a97d27b4f3314a9585129aaec893d7fe36d87fd746841ac5c60b31e1732a1a3ca0afcc4068cdde63b142700c563c1ab59dc0b7200723bf21c694583ed8fed1b2bc5c204df3812c223ce0de2f40b69e7f4e8ba1c3ebc31de2f4190e3f1ceb", 0xf7}, {&(0x7f00000012c0), 0x80fe}, {&(0x7f0000000280)="0c22fcc306e8a4d628dc3f33cd1758b784d34ef62ecd943b96c5573b05e34886b55503a08eeac42aafc204e9fec654b4b0853f4c32d8d6e0968a96b81710a9ed49ae96ea22eb07accdc99ed31fb48b921b4c9ae0278829eb32247169da3593e5e73371e82e3558cd87b9c876b91e091e933496ae3a6b5a00a79f50110980c83af2fd44e0f08908f806be4146080def894a3ac87c3d214e32b0e031c8873b6ed3cdb9c160ee236576cb5a749ee356d4f5df961b35ec3667bcfa641e2c812a5eefbd78546783b6bd280dc4ec1cd015bee7d07f0993d6", 0xd5}, {&(0x7f0000001440)="7b18908bcd34b2f4eef2193c5f89bb79551b5d7000ccc31628374b03e7f0b8bbfe45", 0x22}], 0x5, 0x0, 0x0, 0xffffffe0}}], 0x400000000000132, 0x4000000) 14:20:29 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0d80ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:29 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:20:29 executing program 0: syz_mount_image$msdos(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000400), 0x0, &(0x7f0000000480)={[{@fat=@usefree}]}) 14:20:29 executing program 4: syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000400), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='uid=F']) 14:20:29 executing program 0: sched_setaffinity(0x0, 0x8, &(0x7f00000004c0)=0xd51b) 14:20:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) [ 431.155493][ T7284] loop1: detected capacity change from 0 to 1 14:20:29 executing program 3: syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x8000, &(0x7f0000000500)) 14:20:29 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$sock(r0, &(0x7f0000000380)={&(0x7f0000000240)=@in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000440)=[@mark={{0x14}}, @txtime={{0x18}}], 0x30}, 0x0) [ 431.208309][ T7284] loop1: p1 p2 p3 p4 [ 431.212398][ T7284] loop1: p1 start 115140 is beyond EOD, truncated [ 431.218949][ T7284] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 431.233114][ T7284] loop1: p3 start 225 is beyond EOD, truncated [ 431.239371][ T7284] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:30 executing program 5: mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:30 executing program 0: prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000240)="4386c72ce776e1fc64d8de4c57610d72b9b85fa949fe8c4c166cb77429ae2bf378f6ccd90727131363cbd62032674df512d09b9bc231ec6c40e88062f858ebeec1c31ca1a2e9f63029a8c44685d79adf1624c0d966b4d37f0297f9aabc0615c80d82684cbbd6e2bebaad63a3c7edf0fd5ae1d33d7a8459f5b25b67f2b5e1726173dad5c3ee83f6303c0f3fc774b39b2019b025150f000000006015798a9a40e8e9c99ee2626794df6fb5e77667ab59f18cee7a393a5279a857fcb8d5a67b0933931c7c7530d578e499c1fbdf847e642100d69009e3343ced2da78b6971c04069363c5f653c2e24d0cb1990dbeb5766ed85cd0122935ff67992e94a2824b0c561fea7f90b96d60353496a8d6bff2a4458f792ae9d0700a39a6211", 0xffffffffffffffbb) 14:20:30 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0e80ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:30 executing program 4: prctl$PR_SET_MM_AUXV(0x2f, 0xc, &(0x7f0000000340), 0x0) 14:20:30 executing program 3: set_mempolicy(0x0, &(0x7f0000000080)=0x80000005, 0x40) 14:20:30 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:20:30 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0xce, 0x0, &(0x7f0000000180)) 14:20:30 executing program 3: syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000300)=[{&(0x7f0000000000)="8e979d4f56b1581fff", 0x9, 0x8}, {0x0, 0x0, 0x3ff}], 0x0, &(0x7f0000000500)) 14:20:30 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000000c0), 0x0, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000100), 0x0, 0x0, 0x0) 14:20:30 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000080), 0x0, 0x2) pwritev(r0, 0x0, 0x0, 0x0, 0x0) [ 432.085149][ T7355] loop1: detected capacity change from 0 to 1 14:20:30 executing program 0: r0 = signalfd(0xffffffffffffffff, &(0x7f0000000280), 0x8) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) dup3(r0, r1, 0x0) [ 432.132626][ T7355] loop1: p1 p2 p3 p4 [ 432.146296][ T7355] loop1: p1 start 115140 is beyond EOD, truncated [ 432.147435][ T7372] loop3: detected capacity change from 0 to 3 [ 432.152824][ T7355] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 432.171895][ T7372] FAT-fs (loop3): invalid media value (0x00) 14:20:30 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0x14, &(0x7f0000000180)="14d11b5f", 0x4) [ 432.175308][ T7355] loop1: p3 start 225 is beyond EOD, [ 432.177933][ T7372] FAT-fs (loop3): Can't find a valid FAT filesystem [ 432.190030][ T7355] truncated [ 432.193161][ T7355] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:31 executing program 5: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:31 executing program 4: ustat(0x7, &(0x7f0000000000)) 14:20:31 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@private0, 0xc000}, 0x20) 14:20:31 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac1080ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:31 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) getpeername$packet(r0, 0x0, &(0x7f00000001c0)) 14:20:31 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:20:31 executing program 4: openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/block/ram1', 0x650140, 0x0) 14:20:31 executing program 3: syz_mount_image$msdos(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x1000000, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, 0x0) 14:20:31 executing program 0: openat(0xffffffffffffffff, &(0x7f00000009c0)='\x00', 0x0, 0x0) 14:20:31 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x42, 0x0, 0x0) 14:20:31 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000000000)={0x0, 0x40}) 14:20:31 executing program 3: syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="6e6f726f636b2c696f636861727365743d63703933320b6e6f2e30c5a0fb79ddf47466382c686964652c7569643d", @ANYRESDEC]) [ 432.965277][ T7410] loop1: detected capacity change from 0 to 1 [ 432.996460][ T7425] 9pnet_virtio: no channels available for device [ 433.022385][ T7410] loop1: p1 p2 p3 p4 [ 433.026648][ T7410] loop1: p1 start 115140 is beyond EOD, truncated [ 433.033188][ T7410] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 433.041944][ T7410] loop1: p3 start 225 is beyond EOD, truncated [ 433.050215][ T7410] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:32 executing program 5: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:32 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0) fadvise64(r0, 0x9, 0x0, 0x4) 14:20:32 executing program 0: set_mempolicy(0x3, &(0x7f0000000000)=0x7fff, 0x12cd) 14:20:32 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac1180ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:32 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000400)={&(0x7f0000000000), 0xc, &(0x7f00000003c0)={&(0x7f0000000040)={0x14, 0x0, 0x7, 0x401}, 0x14}}, 0x0) 14:20:32 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:20:32 executing program 0: prctl$PR_SET_MM_AUXV(0x24, 0xc, 0x0, 0x0) 14:20:32 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0xc, &(0x7f0000000180)="14d11b5f", 0x4) 14:20:32 executing program 3: syz_open_procfs(0x0, &(0x7f0000000040)='comm\x00') [ 433.796566][ T7459] loop1: detected capacity change from 0 to 1 14:20:32 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0x10, &(0x7f0000000180)='\x00\x00\x00\x00', 0x4) 14:20:32 executing program 4: syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={[{@fat=@errors_remount}, {@fat=@codepage={'codepage', 0x3d, '874'}}]}) 14:20:32 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x2000000003, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000080)="24000000260007031dfffd866fa283002020020000000000000000010c1ba3a20400ff7e", 0x24}], 0x1}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) [ 433.842518][ T7459] loop1: p1 p2 p3 p4 [ 433.851196][ T7459] loop1: p1 start 115140 is beyond EOD, truncated [ 433.857696][ T7459] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 433.867071][ T7459] loop1: p3 start 225 is beyond EOD, truncated [ 433.873787][ T7459] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 433.925550][ T7487] FAT-fs (loop4): bogus number of reserved sectors [ 433.932228][ T7487] FAT-fs (loop4): Can't find a valid FAT filesystem [ 433.981325][ T7487] FAT-fs (loop4): bogus number of reserved sectors [ 433.987973][ T7487] FAT-fs (loop4): Can't find a valid FAT filesystem 14:20:33 executing program 5: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:33 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x894b, &(0x7f0000000040)={'veth1_to_hsr\x00', 0x0}) 14:20:33 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac1280ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:33 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8927, &(0x7f0000000040)={'veth1_to_hsr\x00', 0x0}) 14:20:33 executing program 4: syz_mount_image$msdos(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x2d, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0, 0x0) 14:20:33 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:20:33 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f00000006c0)=0x2000000000000001, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='syz_tun\x00', 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) 14:20:33 executing program 0: add_key$user(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="d4", 0x1, 0xfffffffffffffffb) 14:20:33 executing program 3: select(0x40, &(0x7f0000000140)={0x2}, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x2710}) 14:20:33 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_int(r0, 0x1, 0x3e, 0x0, &(0x7f0000000040)) [ 434.666518][ T7515] loop1: detected capacity change from 0 to 1 14:20:33 executing program 0: openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) 14:20:33 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$sock(r0, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) sendmmsg$sock(r0, &(0x7f0000000fc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) [ 434.717316][ T7515] loop1: p1 p2 p3 p4 [ 434.721371][ T7515] loop1: p1 start 115140 is beyond EOD, truncated [ 434.727820][ T7515] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 434.745780][ T7515] loop1: p3 start 225 is beyond EOD, truncated [ 434.752016][ T7515] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:34 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac04f5ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:34 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x3, 0xb}, 0x20) 14:20:34 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@remote}, &(0x7f0000000040)=0x20) 14:20:34 executing program 4: prctl$PR_SET_MM_AUXV(0x67, 0xc, 0x0, 0x0) 14:20:34 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:34 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:20:34 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x22086605, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x9) 14:20:34 executing program 4: syz_io_uring_setup(0x63da, &(0x7f0000000300), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) fork() 14:20:34 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$sock(r0, &(0x7f00000009c0)=[{{&(0x7f0000000000)=@nl=@unspec, 0x80, 0x0}}], 0x1, 0x0) 14:20:34 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:34 executing program 0: syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x0, 0x0, &(0x7f00000002c0), 0x0, &(0x7f0000002580)={[], [{@uid_eq}]}) 14:20:34 executing program 3: waitid(0x0, 0xffffffffffffffff, 0x0, 0x155b46aa46359f04, 0x0) [ 435.557940][ T7571] loop1: detected capacity change from 0 to 1 14:20:34 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000005800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:34 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x210bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x53) 14:20:34 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/gpio', 0x0, 0x0) openat(r0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) 14:20:34 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:34 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 435.681442][ T7607] loop1: detected capacity change from 0 to 1 [ 435.736308][ T7607] loop1: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p2 [ 435.736466][ T7607] loop1: p1 start 115140 is beyond EOD, truncated [ 435.830145][ T7607] loop1: p2 size 2 extends beyond EOD, truncated 14:20:34 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:20:34 executing program 3: io_setup(0x81, &(0x7f0000000000)) 14:20:34 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x891e, &(0x7f0000000040)={'vlan0\x00', @ifru_hwaddr=@dev}) [ 435.837763][ T7607] loop1: p3 start 225 is beyond EOD, truncated [ 435.844004][ T7607] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 435.852139][ T7607] loop1: p5 start 115140 is beyond EOD, truncated [ 435.858753][ T7607] loop1: p6 start 115140 is beyond EOD, truncated [ 435.865268][ T7607] loop1: p7 start 115140 is beyond EOD, truncated [ 435.871707][ T7607] loop1: p8 start 115140 is beyond EOD, truncated [ 435.878162][ T7607] loop1: p9 start 115140 is beyond EOD, truncated 14:20:34 executing program 0: openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security', 0x301000, 0x0) 14:20:34 executing program 0: syz_io_uring_setup(0x7594, &(0x7f0000000000), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0) syz_io_uring_setup(0x1e19, &(0x7f0000000100), &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) [ 435.884607][ T7607] loop1: p10 start 115140 is beyond EOD, truncated [ 435.891140][ T7607] loop1: p11 start 115140 is beyond EOD, truncated [ 435.897687][ T7607] loop1: p12 start 115140 is beyond EOD, truncated [ 435.904271][ T7607] loop1: p13 start 115140 is beyond EOD, truncated [ 435.910802][ T7607] loop1: p14 start 115140 is beyond EOD, truncated [ 435.917327][ T7607] loop1: p15 start 115140 is beyond EOD, truncated [ 435.923908][ T7607] loop1: p16 start 115140 is beyond EOD, truncated [ 435.930540][ T7607] loop1: p17 start 115140 is beyond EOD, truncated 14:20:34 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) sendfile(r0, r1, 0x0, 0x0) [ 435.937308][ T7607] loop1: p18 start 115140 is beyond EOD, truncated [ 435.943799][ T7607] loop1: p19 start 115140 is beyond EOD, truncated [ 435.950365][ T7607] loop1: p20 start 115140 is beyond EOD, truncated [ 435.956945][ T7607] loop1: p21 start 115140 is beyond EOD, truncated [ 435.963469][ T7607] loop1: p22 start 115140 is beyond EOD, truncated [ 435.970161][ T7607] loop1: p23 start 115140 is beyond EOD, truncated [ 435.976805][ T7607] loop1: p24 start 115140 is beyond EOD, truncated 14:20:34 executing program 0: r0 = getpgid(0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) [ 435.976845][ T7607] loop1: p25 start 115140 is beyond EOD, truncated [ 435.976859][ T7607] loop1: p26 start 115140 is beyond EOD, truncated [ 435.996350][ T7607] loop1: p27 start 115140 is beyond EOD, truncated [ 436.002888][ T7607] loop1: p28 start 115140 is beyond EOD, truncated [ 436.009543][ T7607] loop1: p29 start 115140 is beyond EOD, truncated [ 436.016050][ T7607] loop1: p30 start 115140 is beyond EOD, truncated [ 436.022608][ T7607] loop1: p31 start 115140 is beyond EOD, truncated [ 436.029148][ T7607] loop1: p32 start 115140 is beyond EOD, truncated [ 436.035658][ T7607] loop1: p33 start 115140 is beyond EOD, truncated [ 436.042311][ T7607] loop1: p34 start 115140 is beyond EOD, truncated [ 436.048916][ T7607] loop1: p35 start 115140 is beyond EOD, truncated [ 436.055461][ T7607] loop1: p36 start 115140 is beyond EOD, truncated [ 436.062172][ T7607] loop1: p37 start 115140 is beyond EOD, truncated [ 436.068699][ T7607] loop1: p38 start 115140 is beyond EOD, truncated [ 436.075285][ T7607] loop1: p39 start 115140 is beyond EOD, truncated [ 436.081864][ T7607] loop1: p40 start 115140 is beyond EOD, truncated [ 436.088914][ T7607] loop1: p41 start 115140 is beyond EOD, truncated [ 436.095417][ T7607] loop1: p42 start 115140 is beyond EOD, truncated [ 436.101926][ T7607] loop1: p43 start 115140 is beyond EOD, truncated [ 436.108557][ T7607] loop1: p44 start 115140 is beyond EOD, truncated [ 436.115151][ T7607] loop1: p45 start 115140 is beyond EOD, truncated [ 436.121965][ T7607] loop1: p46 start 115140 is beyond EOD, truncated [ 436.128483][ T7607] loop1: p47 start 115140 is beyond EOD, truncated [ 436.135067][ T7607] loop1: p48 start 115140 is beyond EOD, truncated [ 436.141706][ T7607] loop1: p49 start 115140 is beyond EOD, truncated [ 436.149016][ T7607] loop1: p50 start 115140 is beyond EOD, truncated [ 436.155509][ T7607] loop1: p51 start 115140 is beyond EOD, truncated [ 436.162250][ T7607] loop1: p52 start 115140 is beyond EOD, truncated [ 436.169131][ T7607] loop1: p53 start 115140 is beyond EOD, truncated [ 436.175712][ T7607] loop1: p54 start 115140 is beyond EOD, truncated [ 436.182216][ T7607] loop1: p55 start 115140 is beyond EOD, truncated [ 436.188932][ T7607] loop1: p56 start 115140 is beyond EOD, truncated [ 436.195491][ T7607] loop1: p57 start 115140 is beyond EOD, truncated [ 436.202066][ T7607] loop1: p58 start 115140 is beyond EOD, truncated [ 436.208600][ T7607] loop1: p59 start 115140 is beyond EOD, truncated [ 436.215253][ T7607] loop1: p60 start 115140 is beyond EOD, truncated [ 436.221777][ T7607] loop1: p61 start 115140 is beyond EOD, truncated [ 436.228416][ T7607] loop1: p62 start 115140 is beyond EOD, truncated [ 436.234907][ T7607] loop1: p63 start 115140 is beyond EOD, truncated [ 436.241413][ T7607] loop1: p64 start 115140 is beyond EOD, truncated [ 436.248000][ T7607] loop1: p65 start 115140 is beyond EOD, truncated [ 436.254491][ T7607] loop1: p66 start 115140 is beyond EOD, truncated [ 436.261232][ T7607] loop1: p67 start 115140 is beyond EOD, truncated [ 436.267836][ T7607] loop1: p68 start 115140 is beyond EOD, truncated [ 436.274331][ T7607] loop1: p69 start 115140 is beyond EOD, truncated [ 436.280862][ T7607] loop1: p70 start 115140 is beyond EOD, truncated [ 436.287606][ T7607] loop1: p71 start 115140 is beyond EOD, truncated [ 436.294101][ T7607] loop1: p72 start 115140 is beyond EOD, truncated [ 436.300628][ T7607] loop1: p73 start 115140 is beyond EOD, truncated [ 436.307243][ T7607] loop1: p74 start 115140 is beyond EOD, truncated [ 436.313918][ T7607] loop1: p75 start 115140 is beyond EOD, truncated [ 436.320425][ T7607] loop1: p76 start 115140 is beyond EOD, truncated [ 436.327057][ T7607] loop1: p77 start 115140 is beyond EOD, truncated [ 436.333736][ T7607] loop1: p78 start 115140 is beyond EOD, truncated [ 436.340263][ T7607] loop1: p79 start 115140 is beyond EOD, truncated [ 436.346889][ T7607] loop1: p80 start 115140 is beyond EOD, truncated [ 436.353681][ T7607] loop1: p81 start 115140 is beyond EOD, truncated [ 436.360302][ T7607] loop1: p82 start 115140 is beyond EOD, truncated [ 436.367018][ T7607] loop1: p83 start 115140 is beyond EOD, truncated [ 436.373642][ T7607] loop1: p84 start 115140 is beyond EOD, truncated [ 436.380384][ T7607] loop1: p85 start 115140 is beyond EOD, truncated [ 436.386892][ T7607] loop1: p86 start 115140 is beyond EOD, truncated [ 436.393879][ T7607] loop1: p87 start 115140 is beyond EOD, truncated [ 436.400392][ T7607] loop1: p88 start 115140 is beyond EOD, truncated [ 436.406892][ T7607] loop1: p89 start 115140 is beyond EOD, truncated [ 436.413439][ T7607] loop1: p90 start 115140 is beyond EOD, truncated [ 436.419979][ T7607] loop1: p91 start 115140 is beyond EOD, truncated [ 436.426558][ T7607] loop1: p92 start 115140 is beyond EOD, truncated [ 436.433076][ T7607] loop1: p93 start 115140 is beyond EOD, truncated [ 436.439604][ T7607] loop1: p94 start 115140 is beyond EOD, truncated [ 436.446354][ T7607] loop1: p95 start 115140 is beyond EOD, truncated [ 436.452855][ T7607] loop1: p96 start 115140 is beyond EOD, truncated [ 436.459456][ T7607] loop1: p97 start 115140 is beyond EOD, truncated [ 436.465964][ T7607] loop1: p98 start 115140 is beyond EOD, truncated [ 436.472560][ T7607] loop1: p99 start 115140 is beyond EOD, truncated [ 436.479205][ T7607] loop1: p100 start 115140 is beyond EOD, truncated [ 436.485803][ T7607] loop1: p101 start 115140 is beyond EOD, truncated [ 436.492397][ T7607] loop1: p102 start 115140 is beyond EOD, truncated [ 436.499010][ T7607] loop1: p103 start 115140 is beyond EOD, truncated [ 436.505599][ T7607] loop1: p104 start 115140 is beyond EOD, truncated [ 436.512217][ T7607] loop1: p105 start 115140 is beyond EOD, truncated [ 436.518854][ T7607] loop1: p106 start 115140 is beyond EOD, truncated [ 436.525446][ T7607] loop1: p107 start 115140 is beyond EOD, truncated [ 436.532213][ T7607] loop1: p108 start 115140 is beyond EOD, truncated [ 436.538900][ T7607] loop1: p109 start 115140 is beyond EOD, truncated [ 436.545937][ T7607] loop1: p110 start 115140 is beyond EOD, truncated [ 436.552580][ T7607] loop1: p111 start 115140 is beyond EOD, truncated [ 436.559883][ T7607] loop1: p112 start 115140 is beyond EOD, truncated [ 436.566461][ T7607] loop1: p113 start 115140 is beyond EOD, truncated [ 436.573147][ T7607] loop1: p114 start 115140 is beyond EOD, truncated [ 436.579761][ T7607] loop1: p115 start 115140 is beyond EOD, truncated [ 436.586339][ T7607] loop1: p116 start 115140 is beyond EOD, truncated [ 436.592958][ T7607] loop1: p117 start 115140 is beyond EOD, truncated [ 436.599568][ T7607] loop1: p118 start 115140 is beyond EOD, truncated [ 436.606142][ T7607] loop1: p119 start 115140 is beyond EOD, truncated [ 436.612734][ T7607] loop1: p120 start 115140 is beyond EOD, truncated [ 436.619333][ T7607] loop1: p121 start 115140 is beyond EOD, truncated [ 436.625910][ T7607] loop1: p122 start 115140 is beyond EOD, truncated [ 436.632584][ T7607] loop1: p123 start 115140 is beyond EOD, truncated [ 436.639278][ T7607] loop1: p124 start 115140 is beyond EOD, truncated [ 436.646136][ T7607] loop1: p125 start 115140 is beyond EOD, truncated [ 436.652806][ T7607] loop1: p126 start 115140 is beyond EOD, truncated [ 436.659444][ T7607] loop1: p127 start 115140 is beyond EOD, truncated [ 436.666052][ T7607] loop1: p128 start 115140 is beyond EOD, truncated [ 436.672650][ T7607] loop1: p129 start 115140 is beyond EOD, truncated [ 436.679245][ T7607] loop1: p130 start 115140 is beyond EOD, truncated [ 436.685822][ T7607] loop1: p131 start 115140 is beyond EOD, truncated [ 436.692405][ T7607] loop1: p132 start 115140 is beyond EOD, truncated [ 436.699035][ T7607] loop1: p133 start 115140 is beyond EOD, truncated [ 436.705821][ T7607] loop1: p134 start 115140 is beyond EOD, truncated [ 436.712404][ T7607] loop1: p135 start 115140 is beyond EOD, truncated [ 436.719025][ T7607] loop1: p136 start 115140 is beyond EOD, truncated [ 436.725864][ T7607] loop1: p137 start 115140 is beyond EOD, truncated [ 436.732514][ T7607] loop1: p138 start 115140 is beyond EOD, truncated [ 436.739133][ T7607] loop1: p139 start 115140 is beyond EOD, truncated [ 436.745889][ T7607] loop1: p140 start 115140 is beyond EOD, truncated [ 436.752538][ T7607] loop1: p141 start 115140 is beyond EOD, truncated [ 436.759142][ T7607] loop1: p142 start 115140 is beyond EOD, truncated [ 436.765718][ T7607] loop1: p143 start 115140 is beyond EOD, truncated [ 436.772320][ T7607] loop1: p144 start 115140 is beyond EOD, truncated [ 436.778928][ T7607] loop1: p145 start 115140 is beyond EOD, truncated [ 436.785503][ T7607] loop1: p146 start 115140 is beyond EOD, truncated [ 436.792089][ T7607] loop1: p147 start 115140 is beyond EOD, truncated [ 436.798694][ T7607] loop1: p148 start 115140 is beyond EOD, truncated [ 436.805292][ T7607] loop1: p149 start 115140 is beyond EOD, truncated [ 436.812020][ T7607] loop1: p150 start 115140 is beyond EOD, truncated [ 436.819051][ T7607] loop1: p151 start 115140 is beyond EOD, truncated [ 436.826161][ T7607] loop1: p152 start 115140 is beyond EOD, truncated [ 436.832853][ T7607] loop1: p153 start 115140 is beyond EOD, truncated [ 436.839470][ T7607] loop1: p154 start 115140 is beyond EOD, truncated [ 436.846055][ T7607] loop1: p155 start 115140 is beyond EOD, truncated [ 436.852679][ T7607] loop1: p156 start 115140 is beyond EOD, truncated [ 436.859356][ T7607] loop1: p157 start 115140 is beyond EOD, truncated [ 436.866044][ T7607] loop1: p158 start 115140 is beyond EOD, truncated [ 436.872774][ T7607] loop1: p159 start 115140 is beyond EOD, truncated [ 436.879382][ T7607] loop1: p160 start 115140 is beyond EOD, truncated [ 436.885972][ T7607] loop1: p161 start 115140 is beyond EOD, truncated [ 436.892567][ T7607] loop1: p162 start 115140 is beyond EOD, truncated [ 436.899243][ T7607] loop1: p163 start 115140 is beyond EOD, truncated [ 436.905856][ T7607] loop1: p164 start 115140 is beyond EOD, truncated [ 436.912445][ T7607] loop1: p165 start 115140 is beyond EOD, truncated [ 436.919136][ T7607] loop1: p166 start 115140 is beyond EOD, truncated [ 436.925736][ T7607] loop1: p167 start 115140 is beyond EOD, truncated [ 436.932690][ T7607] loop1: p168 start 115140 is beyond EOD, truncated [ 436.939352][ T7607] loop1: p169 start 115140 is beyond EOD, truncated [ 436.946057][ T7607] loop1: p170 start 115140 is beyond EOD, truncated [ 436.952733][ T7607] loop1: p171 start 115140 is beyond EOD, truncated [ 436.959348][ T7607] loop1: p172 start 115140 is beyond EOD, truncated [ 436.965945][ T7607] loop1: p173 start 115140 is beyond EOD, truncated [ 436.972556][ T7607] loop1: p174 start 115140 is beyond EOD, truncated [ 436.979207][ T7607] loop1: p175 start 115140 is beyond EOD, truncated [ 436.985879][ T7607] loop1: p176 start 115140 is beyond EOD, truncated [ 436.992617][ T7607] loop1: p177 start 115140 is beyond EOD, truncated [ 436.999230][ T7607] loop1: p178 start 115140 is beyond EOD, truncated [ 437.005836][ T7607] loop1: p179 start 115140 is beyond EOD, truncated [ 437.012775][ T7607] loop1: p180 start 115140 is beyond EOD, truncated [ 437.019624][ T7607] loop1: p181 start 115140 is beyond EOD, truncated [ 437.026219][ T7607] loop1: p182 start 115140 is beyond EOD, truncated [ 437.032844][ T7607] loop1: p183 start 115140 is beyond EOD, truncated [ 437.039469][ T7607] loop1: p184 start 115140 is beyond EOD, truncated [ 437.046204][ T7607] loop1: p185 start 115140 is beyond EOD, truncated [ 437.052823][ T7607] loop1: p186 start 115140 is beyond EOD, truncated [ 437.059539][ T7607] loop1: p187 start 115140 is beyond EOD, truncated [ 437.066209][ T7607] loop1: p188 start 115140 is beyond EOD, truncated [ 437.072820][ T7607] loop1: p189 start 115140 is beyond EOD, truncated [ 437.079436][ T7607] loop1: p190 start 115140 is beyond EOD, truncated [ 437.086101][ T7607] loop1: p191 start 115140 is beyond EOD, truncated [ 437.092691][ T7607] loop1: p192 start 115140 is beyond EOD, truncated [ 437.099329][ T7607] loop1: p193 start 115140 is beyond EOD, truncated [ 437.105920][ T7607] loop1: p194 start 115140 is beyond EOD, truncated [ 437.112535][ T7607] loop1: p195 start 115140 is beyond EOD, truncated [ 437.119143][ T7607] loop1: p196 start 115140 is beyond EOD, truncated [ 437.125722][ T7607] loop1: p197 start 115140 is beyond EOD, truncated [ 437.132432][ T7607] loop1: p198 start 115140 is beyond EOD, truncated [ 437.139104][ T7607] loop1: p199 start 115140 is beyond EOD, truncated [ 437.145703][ T7607] loop1: p200 start 115140 is beyond EOD, truncated [ 437.152544][ T7607] loop1: p201 start 115140 is beyond EOD, truncated [ 437.159235][ T7607] loop1: p202 start 115140 is beyond EOD, truncated [ 437.165875][ T7607] loop1: p203 start 115140 is beyond EOD, truncated [ 437.172669][ T7607] loop1: p204 start 115140 is beyond EOD, truncated [ 437.179340][ T7607] loop1: p205 start 115140 is beyond EOD, truncated [ 437.186150][ T7607] loop1: p206 start 115140 is beyond EOD, truncated [ 437.193310][ T7607] loop1: p207 start 115140 is beyond EOD, truncated [ 437.200279][ T7607] loop1: p208 start 115140 is beyond EOD, truncated [ 437.206984][ T7607] loop1: p209 start 115140 is beyond EOD, truncated [ 437.213659][ T7607] loop1: p210 start 115140 is beyond EOD, truncated [ 437.220263][ T7607] loop1: p211 start 115140 is beyond EOD, truncated [ 437.227138][ T7607] loop1: p212 start 115140 is beyond EOD, truncated [ 437.233713][ T7607] loop1: p213 start 115140 is beyond EOD, truncated [ 437.240310][ T7607] loop1: p214 start 115140 is beyond EOD, truncated [ 437.246933][ T7607] loop1: p215 start 115140 is beyond EOD, truncated [ 437.253720][ T7607] loop1: p216 start 115140 is beyond EOD, truncated [ 437.260314][ T7607] loop1: p217 start 115140 is beyond EOD, truncated [ 437.267041][ T7607] loop1: p218 start 115140 is beyond EOD, truncated [ 437.273885][ T7607] loop1: p219 start 115140 is beyond EOD, truncated [ 437.280489][ T7607] loop1: p220 start 115140 is beyond EOD, truncated [ 437.287190][ T7607] loop1: p221 start 115140 is beyond EOD, truncated [ 437.293780][ T7607] loop1: p222 start 115140 is beyond EOD, truncated [ 437.300367][ T7607] loop1: p223 start 115140 is beyond EOD, truncated [ 437.306994][ T7607] loop1: p224 start 115140 is beyond EOD, truncated [ 437.313758][ T7607] loop1: p225 start 115140 is beyond EOD, truncated [ 437.320445][ T7607] loop1: p226 start 115140 is beyond EOD, truncated [ 437.327395][ T7607] loop1: p227 start 115140 is beyond EOD, truncated [ 437.334121][ T7607] loop1: p228 start 115140 is beyond EOD, truncated [ 437.340723][ T7607] loop1: p229 start 115140 is beyond EOD, truncated [ 437.347425][ T7607] loop1: p230 start 115140 is beyond EOD, truncated [ 437.354004][ T7607] loop1: p231 start 115140 is beyond EOD, truncated [ 437.360600][ T7607] loop1: p232 start 115140 is beyond EOD, truncated [ 437.367285][ T7607] loop1: p233 start 115140 is beyond EOD, truncated [ 437.374062][ T7607] loop1: p234 start 115140 is beyond EOD, truncated [ 437.380788][ T7607] loop1: p235 start 115140 is beyond EOD, truncated [ 437.387467][ T7607] loop1: p236 start 115140 is beyond EOD, truncated [ 437.394083][ T7607] loop1: p237 start 115140 is beyond EOD, truncated [ 437.401002][ T7607] loop1: p238 start 115140 is beyond EOD, truncated [ 437.407895][ T7607] loop1: p239 start 115140 is beyond EOD, truncated [ 437.414479][ T7607] loop1: p240 start 115140 is beyond EOD, truncated [ 437.421703][ T7607] loop1: p241 start 115140 is beyond EOD, truncated [ 437.428400][ T7607] loop1: p242 start 115140 is beyond EOD, truncated [ 437.435227][ T7607] loop1: p243 start 115140 is beyond EOD, truncated [ 437.441811][ T7607] loop1: p244 start 115140 is beyond EOD, truncated [ 437.448472][ T7607] loop1: p245 start 115140 is beyond EOD, truncated [ 437.455121][ T7607] loop1: p246 start 115140 is beyond EOD, truncated [ 437.462029][ T7607] loop1: p247 start 115140 is beyond EOD, truncated [ 437.468769][ T7607] loop1: p248 start 115140 is beyond EOD, truncated [ 437.475364][ T7607] loop1: p249 start 115140 is beyond EOD, truncated [ 437.482302][ T7607] loop1: p250 start 115140 is beyond EOD, truncated [ 437.489470][ T7607] loop1: p251 start 115140 is beyond EOD, truncated [ 437.496454][ T7607] loop1: p252 start 115140 is beyond EOD, truncated [ 437.503071][ T7607] loop1: p253 start 115140 is beyond EOD, truncated [ 437.509693][ T7607] loop1: p254 start 115140 is beyond EOD, truncated [ 437.516272][ T7607] loop1: p255 start 115140 is beyond EOD, truncated 14:20:36 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac04800000000f800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:36 executing program 0: mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x2b031, 0xffffffffffffffff, 0x0) 14:20:36 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x210bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x53) 14:20:36 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0x13, &(0x7f0000000180)='\x00\x00\x00\x00', 0x4) [ 437.639726][ T7662] loop1: detected capacity change from 0 to 1 [ 437.703376][ T7662] loop1: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p2 [ 437.703571][ T7662] loop1: p1 start 115140 is beyond EOD, truncated 14:20:36 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 437.798915][ T7662] loop1: p2 size 2 extends beyond EOD, truncated [ 437.805761][ T7662] loop1: p3 start 225 is beyond EOD, truncated [ 437.811975][ T7662] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 437.819621][ T7662] loop1: p5 start 115140 is beyond EOD, truncated [ 437.826114][ T7662] loop1: p6 start 115140 is beyond EOD, truncated [ 437.832553][ T7662] loop1: p7 start 115140 is beyond EOD, truncated [ 437.839209][ T7662] loop1: p8 start 115140 is beyond EOD, truncated [ 437.845627][ T7662] loop1: p9 start 115140 is beyond EOD, truncated [ 437.852082][ T7662] loop1: p10 start 115140 is beyond EOD, truncated [ 437.858602][ T7662] loop1: p11 start 115140 is beyond EOD, truncated [ 437.865144][ T7662] loop1: p12 start 115140 is beyond EOD, truncated [ 437.871694][ T7662] loop1: p13 start 115140 is beyond EOD, truncated [ 437.878334][ T7662] loop1: p14 start 115140 is beyond EOD, truncated [ 437.884955][ T7662] loop1: p15 start 115140 is beyond EOD, truncated [ 437.891468][ T7662] loop1: p16 start 115140 is beyond EOD, truncated [ 437.897993][ T7662] loop1: p17 start 115140 is beyond EOD, truncated [ 437.904491][ T7662] loop1: p18 start 115140 is beyond EOD, truncated [ 437.911103][ T7662] loop1: p19 start 115140 is beyond EOD, truncated [ 437.917748][ T7662] loop1: p20 start 115140 is beyond EOD, truncated [ 437.924254][ T7662] loop1: p21 start 115140 is beyond EOD, truncated [ 437.930758][ T7662] loop1: p22 start 115140 is beyond EOD, truncated [ 437.937374][ T7662] loop1: p23 start 115140 is beyond EOD, truncated [ 437.943881][ T7662] loop1: p24 start 115140 is beyond EOD, truncated [ 437.950395][ T7662] loop1: p25 start 115140 is beyond EOD, truncated [ 437.957287][ T7662] loop1: p26 start 115140 is beyond EOD, truncated [ 437.964074][ T7662] loop1: p27 start 115140 is beyond EOD, truncated [ 437.970691][ T7662] loop1: p28 start 115140 is beyond EOD, truncated [ 437.977633][ T7662] loop1: p29 start 115140 is beyond EOD, truncated [ 437.984445][ T7662] loop1: p30 start 115140 is beyond EOD, truncated [ 437.991281][ T7662] loop1: p31 start 115140 is beyond EOD, truncated [ 437.997804][ T7662] loop1: p32 start 115140 is beyond EOD, truncated [ 438.004512][ T7662] loop1: p33 start 115140 is beyond EOD, truncated [ 438.011026][ T7662] loop1: p34 start 115140 is beyond EOD, truncated [ 438.017808][ T7662] loop1: p35 start 115140 is beyond EOD, truncated [ 438.024558][ T7662] loop1: p36 start 115140 is beyond EOD, truncated [ 438.031569][ T7662] loop1: p37 start 115140 is beyond EOD, truncated [ 438.038540][ T7662] loop1: p38 start 115140 is beyond EOD, truncated [ 438.045359][ T7662] loop1: p39 start 115140 is beyond EOD, truncated [ 438.051889][ T7662] loop1: p40 start 115140 is beyond EOD, truncated [ 438.058572][ T7662] loop1: p41 start 115140 is beyond EOD, truncated [ 438.065292][ T7662] loop1: p42 start 115140 is beyond EOD, truncated [ 438.071816][ T7662] loop1: p43 start 115140 is beyond EOD, truncated [ 438.078440][ T7662] loop1: p44 start 115140 is beyond EOD, truncated [ 438.085230][ T7662] loop1: p45 start 115140 is beyond EOD, truncated [ 438.091946][ T7662] loop1: p46 start 115140 is beyond EOD, truncated [ 438.098496][ T7662] loop1: p47 start 115140 is beyond EOD, truncated [ 438.104988][ T7662] loop1: p48 start 115140 is beyond EOD, truncated [ 438.111575][ T7662] loop1: p49 start 115140 is beyond EOD, truncated [ 438.118089][ T7662] loop1: p50 start 115140 is beyond EOD, truncated [ 438.124581][ T7662] loop1: p51 start 115140 is beyond EOD, truncated [ 438.131086][ T7662] loop1: p52 start 115140 is beyond EOD, truncated [ 438.137749][ T7662] loop1: p53 start 115140 is beyond EOD, truncated [ 438.144431][ T7662] loop1: p54 start 115140 is beyond EOD, truncated [ 438.151037][ T7662] loop1: p55 start 115140 is beyond EOD, truncated [ 438.157779][ T7662] loop1: p56 start 115140 is beyond EOD, truncated [ 438.164461][ T7662] loop1: p57 start 115140 is beyond EOD, truncated [ 438.171138][ T7662] loop1: p58 start 115140 is beyond EOD, truncated [ 438.177766][ T7662] loop1: p59 start 115140 is beyond EOD, truncated [ 438.184263][ T7662] loop1: p60 start 115140 is beyond EOD, truncated [ 438.190780][ T7662] loop1: p61 start 115140 is beyond EOD, truncated [ 438.197292][ T7662] loop1: p62 start 115140 is beyond EOD, truncated [ 438.203901][ T7662] loop1: p63 start 115140 is beyond EOD, truncated [ 438.210757][ T7662] loop1: p64 start 115140 is beyond EOD, truncated [ 438.217391][ T7662] loop1: p65 start 115140 is beyond EOD, truncated [ 438.224339][ T7662] loop1: p66 start 115140 is beyond EOD, truncated [ 438.231136][ T7662] loop1: p67 start 115140 is beyond EOD, truncated [ 438.237727][ T7662] loop1: p68 start 115140 is beyond EOD, truncated [ 438.244310][ T7662] loop1: p69 start 115140 is beyond EOD, truncated [ 438.250911][ T7662] loop1: p70 start 115140 is beyond EOD, truncated [ 438.257436][ T7662] loop1: p71 start 115140 is beyond EOD, truncated [ 438.264925][ T7662] loop1: p72 start 115140 is beyond EOD, truncated [ 438.271640][ T7662] loop1: p73 start 115140 is beyond EOD, truncated [ 438.278392][ T7662] loop1: p74 start 115140 is beyond EOD, truncated [ 438.285204][ T7662] loop1: p75 start 115140 is beyond EOD, truncated [ 438.292024][ T7662] loop1: p76 start 115140 is beyond EOD, truncated [ 438.298772][ T7662] loop1: p77 start 115140 is beyond EOD, truncated [ 438.305472][ T7662] loop1: p78 start 115140 is beyond EOD, truncated [ 438.312141][ T7662] loop1: p79 start 115140 is beyond EOD, truncated [ 438.319007][ T7662] loop1: p80 start 115140 is beyond EOD, truncated [ 438.325614][ T7662] loop1: p81 start 115140 is beyond EOD, truncated [ 438.332204][ T7662] loop1: p82 start 115140 is beyond EOD, truncated [ 438.338837][ T7662] loop1: p83 start 115140 is beyond EOD, truncated [ 438.345480][ T7662] loop1: p84 start 115140 is beyond EOD, truncated [ 438.352106][ T7662] loop1: p85 start 115140 is beyond EOD, truncated [ 438.358629][ T7662] loop1: p86 start 115140 is beyond EOD, truncated [ 438.365195][ T7662] loop1: p87 start 115140 is beyond EOD, truncated [ 438.371700][ T7662] loop1: p88 start 115140 is beyond EOD, truncated [ 438.378480][ T7662] loop1: p89 start 115140 is beyond EOD, truncated [ 438.385342][ T7662] loop1: p90 start 115140 is beyond EOD, truncated [ 438.392059][ T7662] loop1: p91 start 115140 is beyond EOD, truncated [ 438.398913][ T7662] loop1: p92 start 115140 is beyond EOD, truncated [ 438.405931][ T7662] loop1: p93 start 115140 is beyond EOD, truncated [ 438.412620][ T7662] loop1: p94 start 115140 is beyond EOD, truncated [ 438.419341][ T7662] loop1: p95 start 115140 is beyond EOD, truncated [ 438.425960][ T7662] loop1: p96 start 115140 is beyond EOD, truncated [ 438.432465][ T7662] loop1: p97 start 115140 is beyond EOD, truncated [ 438.439000][ T7662] loop1: p98 start 115140 is beyond EOD, truncated [ 438.445553][ T7662] loop1: p99 start 115140 is beyond EOD, truncated [ 438.452364][ T7662] loop1: p100 start 115140 is beyond EOD, truncated [ 438.459192][ T7662] loop1: p101 start 115140 is beyond EOD, truncated [ 438.465908][ T7662] loop1: p102 start 115140 is beyond EOD, truncated [ 438.472807][ T7662] loop1: p103 start 115140 is beyond EOD, truncated [ 438.479627][ T7662] loop1: p104 start 115140 is beyond EOD, truncated [ 438.487028][ T7662] loop1: p105 start 115140 is beyond EOD, truncated [ 438.493632][ T7662] loop1: p106 start 115140 is beyond EOD, truncated [ 438.500384][ T7662] loop1: p107 start 115140 is beyond EOD, truncated [ 438.506992][ T7662] loop1: p108 start 115140 is beyond EOD, truncated [ 438.513908][ T7662] loop1: p109 start 115140 is beyond EOD, truncated [ 438.520656][ T7662] loop1: p110 start 115140 is beyond EOD, truncated [ 438.527768][ T7662] loop1: p111 start 115140 is beyond EOD, truncated [ 438.534527][ T7662] loop1: p112 start 115140 is beyond EOD, truncated [ 438.541328][ T7662] loop1: p113 start 115140 is beyond EOD, truncated [ 438.548052][ T7662] loop1: p114 start 115140 is beyond EOD, truncated [ 438.554731][ T7662] loop1: p115 start 115140 is beyond EOD, truncated [ 438.561324][ T7662] loop1: p116 start 115140 is beyond EOD, truncated [ 438.568215][ T7662] loop1: p117 start 115140 is beyond EOD, truncated [ 438.574802][ T7662] loop1: p118 start 115140 is beyond EOD, truncated [ 438.581412][ T7662] loop1: p119 start 115140 is beyond EOD, truncated [ 438.588019][ T7662] loop1: p120 start 115140 is beyond EOD, truncated [ 438.594599][ T7662] loop1: p121 start 115140 is beyond EOD, truncated [ 438.601386][ T7662] loop1: p122 start 115140 is beyond EOD, truncated [ 438.608265][ T7662] loop1: p123 start 115140 is beyond EOD, truncated [ 438.615135][ T7662] loop1: p124 start 115140 is beyond EOD, truncated [ 438.622053][ T7662] loop1: p125 start 115140 is beyond EOD, truncated [ 438.628927][ T7662] loop1: p126 start 115140 is beyond EOD, truncated [ 438.635531][ T7662] loop1: p127 start 115140 is beyond EOD, truncated [ 438.642559][ T7662] loop1: p128 start 115140 is beyond EOD, truncated [ 438.649170][ T7662] loop1: p129 start 115140 is beyond EOD, truncated [ 438.655888][ T7662] loop1: p130 start 115140 is beyond EOD, truncated [ 438.662487][ T7662] loop1: p131 start 115140 is beyond EOD, truncated [ 438.669114][ T7662] loop1: p132 start 115140 is beyond EOD, truncated [ 438.675697][ T7662] loop1: p133 start 115140 is beyond EOD, truncated [ 438.682286][ T7662] loop1: p134 start 115140 is beyond EOD, truncated [ 438.688987][ T7662] loop1: p135 start 115140 is beyond EOD, truncated [ 438.695778][ T7662] loop1: p136 start 115140 is beyond EOD, truncated [ 438.702853][ T7662] loop1: p137 start 115140 is beyond EOD, truncated [ 438.709525][ T7662] loop1: p138 start 115140 is beyond EOD, truncated [ 438.716152][ T7662] loop1: p139 start 115140 is beyond EOD, truncated [ 438.722795][ T7662] loop1: p140 start 115140 is beyond EOD, truncated [ 438.729413][ T7662] loop1: p141 start 115140 is beyond EOD, truncated [ 438.736000][ T7662] loop1: p142 start 115140 is beyond EOD, truncated [ 438.742844][ T7662] loop1: p143 start 115140 is beyond EOD, truncated [ 438.749518][ T7662] loop1: p144 start 115140 is beyond EOD, truncated [ 438.756193][ T7662] loop1: p145 start 115140 is beyond EOD, truncated [ 438.762810][ T7662] loop1: p146 start 115140 is beyond EOD, truncated [ 438.769426][ T7662] loop1: p147 start 115140 is beyond EOD, truncated [ 438.776180][ T7662] loop1: p148 start 115140 is beyond EOD, truncated [ 438.782824][ T7662] loop1: p149 start 115140 is beyond EOD, truncated [ 438.789597][ T7662] loop1: p150 start 115140 is beyond EOD, truncated [ 438.796319][ T7662] loop1: p151 start 115140 is beyond EOD, truncated [ 438.802919][ T7662] loop1: p152 start 115140 is beyond EOD, truncated [ 438.809701][ T7662] loop1: p153 start 115140 is beyond EOD, truncated [ 438.816438][ T7662] loop1: p154 start 115140 is beyond EOD, truncated [ 438.823119][ T7662] loop1: p155 start 115140 is beyond EOD, truncated [ 438.829954][ T7662] loop1: p156 start 115140 is beyond EOD, truncated [ 438.836598][ T7662] loop1: p157 start 115140 is beyond EOD, truncated [ 438.843279][ T7662] loop1: p158 start 115140 is beyond EOD, truncated [ 438.849875][ T7662] loop1: p159 start 115140 is beyond EOD, truncated 14:20:37 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:20:37 executing program 3: mq_unlink(&(0x7f0000000000)='#)/%\x00') 14:20:37 executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f73665df41100080120000200004000f8000020004000000000000000000001", 0x25}, {&(0x7f0000010100)='RRaA', 0x4, 0x800}], 0x0, &(0x7f0000011000)) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) 14:20:37 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x210bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x53) 14:20:37 executing program 0: r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0, 0x2}, &(0x7f0000000080)="d4", 0x1, 0xfffffffffffffffb) add_key$user(&(0x7f00000000c0), 0x0, 0x0, 0x0, r0) [ 438.856459][ T7662] loop1: p160 start 115140 is beyond EOD, truncated [ 438.863061][ T7662] loop1: p161 start 115140 is beyond EOD, truncated [ 438.869679][ T7662] loop1: p162 start 115140 is beyond EOD, truncated [ 438.876424][ T7662] loop1: p163 start 115140 is beyond EOD, truncated [ 438.883194][ T7662] loop1: p164 start 115140 is beyond EOD, truncated [ 438.889839][ T7662] loop1: p165 start 115140 is beyond EOD, truncated [ 438.896423][ T7662] loop1: p166 start 115140 is beyond EOD, truncated 14:20:37 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0x6bf, &(0x7f0000000180)="14d11b5f", 0x4) 14:20:37 executing program 0: getresuid(&(0x7f0000001140), &(0x7f0000001180), &(0x7f00000011c0)) [ 438.903130][ T7662] loop1: p167 start 115140 is beyond EOD, truncated [ 438.909761][ T7662] loop1: p168 start 115140 is beyond EOD, truncated [ 438.916433][ T7662] loop1: p169 start 115140 is beyond EOD, truncated [ 438.923034][ T7662] loop1: p170 start 115140 is beyond EOD, truncated [ 438.929732][ T7662] loop1: p171 start 115140 is beyond EOD, truncated [ 438.936312][ T7662] loop1: p172 start 115140 is beyond EOD, truncated [ 438.942918][ T7662] loop1: p173 start 115140 is beyond EOD, truncated [ 438.950041][ T7662] loop1: p174 start 115140 is beyond EOD, truncated [ 438.956676][ T7662] loop1: p175 start 115140 is beyond EOD, truncated [ 438.963272][ T7662] loop1: p176 start 115140 is beyond EOD, truncated [ 438.969879][ T7662] loop1: p177 start 115140 is beyond EOD, truncated [ 438.976667][ T7662] loop1: p178 start 115140 is beyond EOD, truncated [ 438.983545][ T7662] loop1: p179 start 115140 is beyond EOD, truncated [ 438.990335][ T7662] loop1: p180 start 115140 is beyond EOD, truncated [ 438.997142][ T7662] loop1: p181 start 115140 is beyond EOD, truncated [ 439.003768][ T7662] loop1: p182 start 115140 is beyond EOD, truncated [ 439.010377][ T7662] loop1: p183 start 115140 is beyond EOD, truncated [ 439.017108][ T7662] loop1: p184 start 115140 is beyond EOD, truncated [ 439.023710][ T7662] loop1: p185 start 115140 is beyond EOD, truncated [ 439.030374][ T7662] loop1: p186 start 115140 is beyond EOD, truncated [ 439.037024][ T7662] loop1: p187 start 115140 is beyond EOD, truncated [ 439.043621][ T7662] loop1: p188 start 115140 is beyond EOD, truncated [ 439.050290][ T7662] loop1: p189 start 115140 is beyond EOD, truncated [ 439.056909][ T7662] loop1: p190 start 115140 is beyond EOD, truncated [ 439.063727][ T7662] loop1: p191 start 115140 is beyond EOD, truncated [ 439.070323][ T7662] loop1: p192 start 115140 is beyond EOD, truncated [ 439.077036][ T7662] loop1: p193 start 115140 is beyond EOD, truncated [ 439.083621][ T7662] loop1: p194 start 115140 is beyond EOD, truncated [ 439.090213][ T7662] loop1: p195 start 115140 is beyond EOD, truncated [ 439.096915][ T7662] loop1: p196 start 115140 is beyond EOD, truncated [ 439.103513][ T7662] loop1: p197 start 115140 is beyond EOD, truncated [ 439.110194][ T7662] loop1: p198 start 115140 is beyond EOD, truncated [ 439.116797][ T7662] loop1: p199 start 115140 is beyond EOD, truncated [ 439.123380][ T7662] loop1: p200 start 115140 is beyond EOD, truncated [ 439.130037][ T7662] loop1: p201 start 115140 is beyond EOD, truncated [ 439.136646][ T7662] loop1: p202 start 115140 is beyond EOD, truncated [ 439.143260][ T7662] loop1: p203 start 115140 is beyond EOD, truncated [ 439.149864][ T7662] loop1: p204 start 115140 is beyond EOD, truncated [ 439.156447][ T7662] loop1: p205 start 115140 is beyond EOD, truncated [ 439.163066][ T7662] loop1: p206 start 115140 is beyond EOD, truncated [ 439.169669][ T7662] loop1: p207 start 115140 is beyond EOD, truncated [ 439.177244][ T7662] loop1: p208 start 115140 is beyond EOD, truncated [ 439.183932][ T7662] loop1: p209 start 115140 is beyond EOD, truncated [ 439.190650][ T7662] loop1: p210 start 115140 is beyond EOD, truncated [ 439.197335][ T7662] loop1: p211 start 115140 is beyond EOD, truncated [ 439.203924][ T7662] loop1: p212 start 115140 is beyond EOD, truncated [ 439.210765][ T7662] loop1: p213 start 115140 is beyond EOD, truncated [ 439.217476][ T7662] loop1: p214 start 115140 is beyond EOD, truncated [ 439.224055][ T7662] loop1: p215 start 115140 is beyond EOD, truncated [ 439.230911][ T7662] loop1: p216 start 115140 is beyond EOD, truncated [ 439.237528][ T7662] loop1: p217 start 115140 is beyond EOD, truncated [ 439.244115][ T7662] loop1: p218 start 115140 is beyond EOD, truncated [ 439.251231][ T7662] loop1: p219 start 115140 is beyond EOD, truncated [ 439.257876][ T7662] loop1: p220 start 115140 is beyond EOD, truncated [ 439.264629][ T7662] loop1: p221 start 115140 is beyond EOD, truncated [ 439.271241][ T7662] loop1: p222 start 115140 is beyond EOD, truncated [ 439.277934][ T7662] loop1: p223 start 115140 is beyond EOD, truncated [ 439.284516][ T7662] loop1: p224 start 115140 is beyond EOD, truncated [ 439.291211][ T7662] loop1: p225 start 115140 is beyond EOD, truncated [ 439.297865][ T7662] loop1: p226 start 115140 is beyond EOD, truncated [ 439.304488][ T7662] loop1: p227 start 115140 is beyond EOD, truncated [ 439.311092][ T7662] loop1: p228 start 115140 is beyond EOD, truncated [ 439.317789][ T7662] loop1: p229 start 115140 is beyond EOD, truncated [ 439.324424][ T7662] loop1: p230 start 115140 is beyond EOD, truncated [ 439.331046][ T7662] loop1: p231 start 115140 is beyond EOD, truncated [ 439.337859][ T7662] loop1: p232 start 115140 is beyond EOD, truncated [ 439.344606][ T7662] loop1: p233 start 115140 is beyond EOD, truncated [ 439.351526][ T7662] loop1: p234 start 115140 is beyond EOD, truncated [ 439.358243][ T7662] loop1: p235 start 115140 is beyond EOD, truncated [ 439.364838][ T7662] loop1: p236 start 115140 is beyond EOD, truncated [ 439.371437][ T7662] loop1: p237 start 115140 is beyond EOD, truncated [ 439.378250][ T7662] loop1: p238 start 115140 is beyond EOD, truncated [ 439.384936][ T7662] loop1: p239 start 115140 is beyond EOD, truncated [ 439.391649][ T7662] loop1: p240 start 115140 is beyond EOD, truncated [ 439.398254][ T7662] loop1: p241 start 115140 is beyond EOD, truncated [ 439.404938][ T7662] loop1: p242 start 115140 is beyond EOD, truncated [ 439.411537][ T7662] loop1: p243 start 115140 is beyond EOD, truncated [ 439.418149][ T7662] loop1: p244 start 115140 is beyond EOD, truncated [ 439.424737][ T7662] loop1: p245 start 115140 is beyond EOD, truncated [ 439.431442][ T7662] loop1: p246 start 115140 is beyond EOD, truncated [ 439.438149][ T7662] loop1: p247 start 115140 is beyond EOD, truncated [ 439.444736][ T7662] loop1: p248 start 115140 is beyond EOD, truncated [ 439.451357][ T7662] loop1: p249 start 115140 is beyond EOD, truncated [ 439.457969][ T7662] loop1: p250 start 115140 is beyond EOD, truncated [ 439.464661][ T7662] loop1: p251 start 115140 is beyond EOD, truncated [ 439.471337][ T7662] loop1: p252 start 115140 is beyond EOD, truncated [ 439.478130][ T7662] loop1: p253 start 115140 is beyond EOD, truncated [ 439.484711][ T7662] loop1: p254 start 115140 is beyond EOD, truncated [ 439.491343][ T7662] loop1: p255 start 115140 is beyond EOD, truncated 14:20:38 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r0, 0x0) add_key$keyring(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) 14:20:38 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000054800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:38 executing program 3: clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="4400000017000101000000e27e0000000500000e300011003538eb0933094f411f81d78934680000e747f464995203a1526a1eb4ceac9d46cca6ae17f00bbad728d59baba479e764ac823dc9a212a1bf683807c70365f49b843e42bcd5a154aee8112e8b96cbffdb5ba2960bf332f736ea7e7744f3ee95512a303c32e0b900e3279e7bbd267e02000000000005001c41c6dbb2ae66318463f0fe685b0000000000000000000000000000000000000000ff00a97f455a291364b07d513d83e041fe04f856eb732e01188e39caeb49a01707a1a1a48d2d110dad06f969fbfd411d00bb3257b0c74733c3fe4dca7b71e5d88589f05b80860c9aa7489f582cb53c33189c4cb9e8fad870294e38c75302d8fe03d6226dfca913930be6bf9461503fe6e4700b2385bc8d7b1aeb292f157ed485d0af03d6427d99b3fb3e538f961dd33c0f3785efeeba422dd2d11979656ebeaac22e98b05a7e666f2dac754ca310877ad3a89cb8210107bdd6f34d487eca8083aba48694df66705b1ad5515e726d"], 0x44}}, 0x0) 14:20:38 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_int(r0, 0x11, 0x0, &(0x7f0000000000), 0x4) [ 439.634842][ T7708] loop1: detected capacity change from 0 to 1 14:20:38 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 439.710426][ T7708] loop1: p1 p2[DM] p3 p4 [ 439.716057][ T7708] loop1: p1 start 115140 is beyond EOD, truncated [ 439.722683][ T7708] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 439.732597][ T7708] loop1: p3 start 225 is beyond EOD, truncated [ 439.738823][ T7708] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:40 executing program 0: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000f00)='ns/net\x00') ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, 0x0) 14:20:40 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:40 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x80, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x210bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x53) 14:20:40 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000055800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:40 executing program 3: keyctl$search(0xa, 0x0, 0x0, 0x0, 0xfffffffffffffffc) 14:20:40 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:20:40 executing program 0: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc2}, &(0x7f0000000080)={0x0, "103d3786fb892f356c4566d895afd0df7c92b0af85356a36d5fc819af7ab262171c95b59d6e622f41641ad178e42f45962053e6a7b9b59bd9441a863216739a1"}, 0x48, 0xfffffffffffffffc) keyctl$invalidate(0x15, r0) 14:20:40 executing program 3: openat$nvram(0xffffffffffffff9c, &(0x7f0000000300), 0x801, 0x0) 14:20:40 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_DEL_SEC_DEV(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0xfffffffffffffffc}}, 0x0) 14:20:40 executing program 0: getresuid(0x0, 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f0000000e00), &(0x7f0000000fc0)='./file0\x00', 0x0, 0x3, &(0x7f00000010c0)=[{&(0x7f0000000e80)}, {0x0, 0x0, 0x1}, {&(0x7f00000012c0)="b6", 0x1, 0x8001}], 0x0, &(0x7f0000001440)=ANY=[]) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) [ 441.923318][ T7732] loop1: detected capacity change from 0 to 1 14:20:40 executing program 0: openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0xc0c0, 0x0) 14:20:40 executing program 3: syz_mount_image$nfs4(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x35448, &(0x7f0000001500)) 14:20:40 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 441.974459][ T7732] loop1: p1 p2[EZD] p3 p4 [ 441.979033][ T7732] loop1: p1 start 115140 is beyond EOD, truncated [ 441.985500][ T7732] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 441.993815][ T7732] loop1: p3 start 225 is beyond EOD, truncated [ 442.000108][ T7732] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 442.082579][ T7767] loop1: detected capacity change from 0 to 1 [ 442.107001][ T7767] loop1: p1 p2 p3 p4 [ 442.111261][ T7767] loop1: p1 start 115140 is beyond EOD, truncated [ 442.117834][ T7767] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 442.125733][ T7767] loop1: p3 start 225 is beyond EOD, truncated [ 442.132507][ T7767] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:43 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000140)="edcf55567c6f664f79c1e002210f285c0e1be28d49d773827cfe96161bd2389c2d14ef36a3f0b8bc53726c6880396113cc077486be289344735962099082c990ccad5c49ad500c85d956f53129d22aa596385c16a5e5ff3d518356e5", 0x5c}, {&(0x7f00000003c0)="d8", 0x1}], 0x2}, 0x0) 14:20:43 executing program 0: clock_getres(0xf, &(0x7f0000000300)) 14:20:43 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffff81800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:43 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x410, 0xffffffffffffffff, 0x0) 14:20:43 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:20:43 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:43 executing program 3: getresuid(&(0x7f0000002ac0), 0x0, 0x0) 14:20:43 executing program 4: mkdir(&(0x7f0000000180)='./file1\x00', 0x42) rmdir(&(0x7f0000000040)='./file1\x00') 14:20:43 executing program 4: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f0000000000)=0x7, 0x4) 14:20:43 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000013c0)={0x1, &(0x7f0000001380)=[{}]}) 14:20:43 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x4}, 0x14}}, 0x0) 14:20:43 executing program 0: sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000200)=""/4096) 14:20:43 executing program 4: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f00000020c0)={{0x1, 0xee00, 0xee01, 0xee00}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}) [ 444.975474][ T7792] loop1: detected capacity change from 0 to 1 14:20:43 executing program 0: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/keycreate\x00', 0x2, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, 0x0) [ 445.046056][ T7792] loop1: p1 p2 p3 p4 [ 445.050129][ T7792] loop1: p1 start 115140 is beyond EOD, truncated [ 445.056620][ T7792] loop1: p2 size 1073872896 extends beyond EOD, truncated 14:20:43 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffff82800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockname(r0, 0x0, &(0x7f00000004c0)) [ 445.094452][ T7792] loop1: p3 start 225 is beyond EOD, truncated [ 445.100710][ T7792] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 445.154624][ T7838] loop1: detected capacity change from 0 to 1 [ 445.201507][ T7838] loop1: p1 p2 p3 p4 [ 445.205615][ T7838] loop1: p1 start 115140 is beyond EOD, truncated [ 445.212220][ T7838] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 445.223259][ T7838] loop1: p3 start 225 is beyond EOD, truncated [ 445.229510][ T7838] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:46 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:20:46 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000380), 0x0, 0x0) ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000000500)) 14:20:46 executing program 3: add_key(&(0x7f0000000040)='id_legacy\x00', &(0x7f0000000080)={'syz', 0x2}, &(0x7f00000000c0)="84", 0x1, 0xfffffffffffffffb) 14:20:46 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) 14:20:46 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffff85800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:46 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:46 executing program 3: select(0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)={0x77359400}) 14:20:46 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CCA_ED_LEVEL(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x801) 14:20:46 executing program 4: openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x10100, 0x0) 14:20:46 executing program 0: add_key(&(0x7f0000000800)='encrypted\x00', &(0x7f0000000840)={'syz', 0x2}, &(0x7f0000000880)='0', 0x1, 0xfffffffffffffffc) [ 447.986347][ T7861] loop1: detected capacity change from 0 to 1 14:20:46 executing program 0: add_key(&(0x7f0000000000)='trusted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) 14:20:46 executing program 4: openat$bsg(0xffffffffffffff9c, 0x0, 0x202a00, 0x0) [ 448.052273][ T7861] loop1: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p2 [ 448.052406][ T7861] loop1: p1 start 115140 is beyond EOD, truncated [ 448.147249][ T7861] loop1: p2 size 2 extends beyond EOD, truncated [ 448.154160][ T7861] loop1: p3 start 225 is beyond EOD, truncated [ 448.160395][ T7861] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 448.167938][ T7861] loop1: p5 start 115140 is beyond EOD, truncated [ 448.174364][ T7861] loop1: p6 start 115140 is beyond EOD, truncated [ 448.180822][ T7861] loop1: p7 start 115140 is beyond EOD, truncated [ 448.187450][ T7861] loop1: p8 start 115140 is beyond EOD, truncated [ 448.194367][ T7861] loop1: p9 start 115140 is beyond EOD, truncated [ 448.201086][ T7861] loop1: p10 start 115140 is beyond EOD, truncated [ 448.207835][ T7861] loop1: p11 start 115140 is beyond EOD, truncated [ 448.214624][ T7861] loop1: p12 start 115140 is beyond EOD, truncated [ 448.221240][ T7861] loop1: p13 start 115140 is beyond EOD, truncated [ 448.227851][ T7861] loop1: p14 start 115140 is beyond EOD, truncated [ 448.234521][ T7861] loop1: p15 start 115140 is beyond EOD, truncated [ 448.241145][ T7861] loop1: p16 start 115140 is beyond EOD, truncated [ 448.247691][ T7861] loop1: p17 start 115140 is beyond EOD, truncated [ 448.254367][ T7861] loop1: p18 start 115140 is beyond EOD, truncated [ 448.261155][ T7861] loop1: p19 start 115140 is beyond EOD, truncated [ 448.267686][ T7861] loop1: p20 start 115140 is beyond EOD, truncated [ 448.274273][ T7861] loop1: p21 start 115140 is beyond EOD, truncated [ 448.280788][ T7861] loop1: p22 start 115140 is beyond EOD, truncated [ 448.287948][ T7861] loop1: p23 start 115140 is beyond EOD, truncated [ 448.294443][ T7861] loop1: p24 start 115140 is beyond EOD, truncated [ 448.300990][ T7861] loop1: p25 start 115140 is beyond EOD, truncated [ 448.307518][ T7861] loop1: p26 start 115140 is beyond EOD, truncated [ 448.314017][ T7861] loop1: p27 start 115140 is beyond EOD, truncated [ 448.320548][ T7861] loop1: p28 start 115140 is beyond EOD, truncated [ 448.327160][ T7861] loop1: p29 start 115140 is beyond EOD, truncated [ 448.333708][ T7861] loop1: p30 start 115140 is beyond EOD, truncated [ 448.340393][ T7861] loop1: p31 start 115140 is beyond EOD, truncated [ 448.346971][ T7861] loop1: p32 start 115140 is beyond EOD, truncated [ 448.354040][ T7861] loop1: p33 start 115140 is beyond EOD, truncated [ 448.360719][ T7861] loop1: p34 start 115140 is beyond EOD, truncated [ 448.367359][ T7861] loop1: p35 start 115140 is beyond EOD, truncated [ 448.373905][ T7861] loop1: p36 start 115140 is beyond EOD, truncated [ 448.380537][ T7861] loop1: p37 start 115140 is beyond EOD, truncated [ 448.387364][ T7861] loop1: p38 start 115140 is beyond EOD, truncated [ 448.393881][ T7861] loop1: p39 start 115140 is beyond EOD, truncated [ 448.400486][ T7861] loop1: p40 start 115140 is beyond EOD, truncated [ 448.407328][ T7861] loop1: p41 start 115140 is beyond EOD, truncated [ 448.414013][ T7861] loop1: p42 start 115140 is beyond EOD, truncated [ 448.420727][ T7861] loop1: p43 start 115140 is beyond EOD, truncated [ 448.427286][ T7861] loop1: p44 start 115140 is beyond EOD, truncated [ 448.433783][ T7861] loop1: p45 start 115140 is beyond EOD, truncated [ 448.440316][ T7861] loop1: p46 start 115140 is beyond EOD, truncated [ 448.446858][ T7861] loop1: p47 start 115140 is beyond EOD, truncated [ 448.453435][ T7861] loop1: p48 start 115140 is beyond EOD, truncated [ 448.460129][ T7861] loop1: p49 start 115140 is beyond EOD, truncated [ 448.466682][ T7861] loop1: p50 start 115140 is beyond EOD, truncated [ 448.473313][ T7861] loop1: p51 start 115140 is beyond EOD, truncated [ 448.480008][ T7861] loop1: p52 start 115140 is beyond EOD, truncated [ 448.486653][ T7861] loop1: p53 start 115140 is beyond EOD, truncated [ 448.493157][ T7861] loop1: p54 start 115140 is beyond EOD, truncated [ 448.499670][ T7861] loop1: p55 start 115140 is beyond EOD, truncated [ 448.506404][ T7861] loop1: p56 start 115140 is beyond EOD, truncated [ 448.512969][ T7861] loop1: p57 start 115140 is beyond EOD, truncated [ 448.519501][ T7861] loop1: p58 start 115140 is beyond EOD, truncated [ 448.526114][ T7861] loop1: p59 start 115140 is beyond EOD, truncated [ 448.533178][ T7861] loop1: p60 start 115140 is beyond EOD, truncated [ 448.540049][ T7861] loop1: p61 start 115140 is beyond EOD, truncated [ 448.546785][ T7861] loop1: p62 start 115140 is beyond EOD, truncated [ 448.553431][ T7861] loop1: p63 start 115140 is beyond EOD, truncated [ 448.559952][ T7861] loop1: p64 start 115140 is beyond EOD, truncated [ 448.566579][ T7861] loop1: p65 start 115140 is beyond EOD, truncated [ 448.573294][ T7861] loop1: p66 start 115140 is beyond EOD, truncated [ 448.579905][ T7861] loop1: p67 start 115140 is beyond EOD, truncated [ 448.586557][ T7861] loop1: p68 start 115140 is beyond EOD, truncated [ 448.593320][ T7861] loop1: p69 start 115140 is beyond EOD, truncated [ 448.600080][ T7861] loop1: p70 start 115140 is beyond EOD, truncated [ 448.606728][ T7861] loop1: p71 start 115140 is beyond EOD, truncated [ 448.613545][ T7861] loop1: p72 start 115140 is beyond EOD, truncated [ 448.620318][ T7861] loop1: p73 start 115140 is beyond EOD, truncated [ 448.627020][ T7861] loop1: p74 start 115140 is beyond EOD, truncated [ 448.633615][ T7861] loop1: p75 start 115140 is beyond EOD, truncated [ 448.640149][ T7861] loop1: p76 start 115140 is beyond EOD, truncated [ 448.646807][ T7861] loop1: p77 start 115140 is beyond EOD, truncated [ 448.653303][ T7861] loop1: p78 start 115140 is beyond EOD, truncated [ 448.659866][ T7861] loop1: p79 start 115140 is beyond EOD, truncated [ 448.666455][ T7861] loop1: p80 start 115140 is beyond EOD, truncated [ 448.673053][ T7861] loop1: p81 start 115140 is beyond EOD, truncated [ 448.679600][ T7861] loop1: p82 start 115140 is beyond EOD, truncated [ 448.686145][ T7861] loop1: p83 start 115140 is beyond EOD, truncated [ 448.692672][ T7861] loop1: p84 start 115140 is beyond EOD, truncated [ 448.699234][ T7861] loop1: p85 start 115140 is beyond EOD, truncated [ 448.705852][ T7861] loop1: p86 start 115140 is beyond EOD, truncated [ 448.712347][ T7861] loop1: p87 start 115140 is beyond EOD, truncated [ 448.718872][ T7861] loop1: p88 start 115140 is beyond EOD, truncated [ 448.725438][ T7861] loop1: p89 start 115140 is beyond EOD, truncated [ 448.732000][ T7861] loop1: p90 start 115140 is beyond EOD, truncated [ 448.738558][ T7861] loop1: p91 start 115140 is beyond EOD, truncated [ 448.745173][ T7861] loop1: p92 start 115140 is beyond EOD, truncated [ 448.751820][ T7861] loop1: p93 start 115140 is beyond EOD, truncated [ 448.758390][ T7861] loop1: p94 start 115140 is beyond EOD, truncated [ 448.764908][ T7861] loop1: p95 start 115140 is beyond EOD, truncated [ 448.771582][ T7861] loop1: p96 start 115140 is beyond EOD, truncated [ 448.778126][ T7861] loop1: p97 start 115140 is beyond EOD, truncated [ 448.784626][ T7861] loop1: p98 start 115140 is beyond EOD, truncated [ 448.791168][ T7861] loop1: p99 start 115140 is beyond EOD, truncated [ 448.797865][ T7861] loop1: p100 start 115140 is beyond EOD, truncated [ 448.804561][ T7861] loop1: p101 start 115140 is beyond EOD, truncated [ 448.811442][ T7861] loop1: p102 start 115140 is beyond EOD, truncated [ 448.818064][ T7861] loop1: p103 start 115140 is beyond EOD, truncated [ 448.824677][ T7861] loop1: p104 start 115140 is beyond EOD, truncated [ 448.831595][ T7861] loop1: p105 start 115140 is beyond EOD, truncated [ 448.838482][ T7861] loop1: p106 start 115140 is beyond EOD, truncated [ 448.845188][ T7861] loop1: p107 start 115140 is beyond EOD, truncated [ 448.851793][ T7861] loop1: p108 start 115140 is beyond EOD, truncated [ 448.858430][ T7861] loop1: p109 start 115140 is beyond EOD, truncated [ 448.865234][ T7861] loop1: p110 start 115140 is beyond EOD, truncated [ 448.871872][ T7861] loop1: p111 start 115140 is beyond EOD, truncated [ 448.878649][ T7861] loop1: p112 start 115140 is beyond EOD, truncated [ 448.885350][ T7861] loop1: p113 start 115140 is beyond EOD, truncated [ 448.892007][ T7861] loop1: p114 start 115140 is beyond EOD, truncated [ 448.898747][ T7861] loop1: p115 start 115140 is beyond EOD, truncated [ 448.905332][ T7861] loop1: p116 start 115140 is beyond EOD, truncated [ 448.911945][ T7861] loop1: p117 start 115140 is beyond EOD, truncated [ 448.918800][ T7861] loop1: p118 start 115140 is beyond EOD, truncated [ 448.925410][ T7861] loop1: p119 start 115140 is beyond EOD, truncated [ 448.932160][ T7861] loop1: p120 start 115140 is beyond EOD, truncated [ 448.938908][ T7861] loop1: p121 start 115140 is beyond EOD, truncated [ 448.945517][ T7861] loop1: p122 start 115140 is beyond EOD, truncated [ 448.952118][ T7861] loop1: p123 start 115140 is beyond EOD, truncated [ 448.958800][ T7861] loop1: p124 start 115140 is beyond EOD, truncated [ 448.965454][ T7861] loop1: p125 start 115140 is beyond EOD, truncated [ 448.972100][ T7861] loop1: p126 start 115140 is beyond EOD, truncated [ 448.978876][ T7861] loop1: p127 start 115140 is beyond EOD, truncated [ 448.985599][ T7861] loop1: p128 start 115140 is beyond EOD, truncated [ 448.992295][ T7861] loop1: p129 start 115140 is beyond EOD, truncated [ 448.999672][ T7861] loop1: p130 start 115140 is beyond EOD, truncated [ 449.006283][ T7861] loop1: p131 start 115140 is beyond EOD, truncated [ 449.012953][ T7861] loop1: p132 start 115140 is beyond EOD, truncated [ 449.019560][ T7861] loop1: p133 start 115140 is beyond EOD, truncated [ 449.026210][ T7861] loop1: p134 start 115140 is beyond EOD, truncated [ 449.032806][ T7861] loop1: p135 start 115140 is beyond EOD, truncated [ 449.039480][ T7861] loop1: p136 start 115140 is beyond EOD, truncated [ 449.046188][ T7861] loop1: p137 start 115140 is beyond EOD, truncated [ 449.052801][ T7861] loop1: p138 start 115140 is beyond EOD, truncated [ 449.059423][ T7861] loop1: p139 start 115140 is beyond EOD, truncated [ 449.066120][ T7861] loop1: p140 start 115140 is beyond EOD, truncated [ 449.072815][ T7861] loop1: p141 start 115140 is beyond EOD, truncated [ 449.079524][ T7861] loop1: p142 start 115140 is beyond EOD, truncated [ 449.086136][ T7861] loop1: p143 start 115140 is beyond EOD, truncated [ 449.092743][ T7861] loop1: p144 start 115140 is beyond EOD, truncated [ 449.099620][ T7861] loop1: p145 start 115140 is beyond EOD, truncated [ 449.106317][ T7861] loop1: p146 start 115140 is beyond EOD, truncated [ 449.112910][ T7861] loop1: p147 start 115140 is beyond EOD, truncated [ 449.119505][ T7861] loop1: p148 start 115140 is beyond EOD, truncated [ 449.126173][ T7861] loop1: p149 start 115140 is beyond EOD, truncated [ 449.132766][ T7861] loop1: p150 start 115140 is beyond EOD, truncated [ 449.139455][ T7861] loop1: p151 start 115140 is beyond EOD, truncated [ 449.146385][ T7861] loop1: p152 start 115140 is beyond EOD, truncated [ 449.153305][ T7861] loop1: p153 start 115140 is beyond EOD, truncated [ 449.160229][ T7861] loop1: p154 start 115140 is beyond EOD, truncated [ 449.166839][ T7861] loop1: p155 start 115140 is beyond EOD, truncated [ 449.173505][ T7861] loop1: p156 start 115140 is beyond EOD, truncated [ 449.180178][ T7861] loop1: p157 start 115140 is beyond EOD, truncated [ 449.186903][ T7861] loop1: p158 start 115140 is beyond EOD, truncated [ 449.193779][ T7861] loop1: p159 start 115140 is beyond EOD, truncated [ 449.200591][ T7861] loop1: p160 start 115140 is beyond EOD, truncated [ 449.207237][ T7861] loop1: p161 start 115140 is beyond EOD, truncated [ 449.213817][ T7861] loop1: p162 start 115140 is beyond EOD, truncated [ 449.221330][ T7861] loop1: p163 start 115140 is beyond EOD, truncated [ 449.228088][ T7861] loop1: p164 start 115140 is beyond EOD, truncated [ 449.234685][ T7861] loop1: p165 start 115140 is beyond EOD, truncated [ 449.241281][ T7861] loop1: p166 start 115140 is beyond EOD, truncated [ 449.247894][ T7861] loop1: p167 start 115140 is beyond EOD, truncated [ 449.254582][ T7861] loop1: p168 start 115140 is beyond EOD, truncated [ 449.261278][ T7861] loop1: p169 start 115140 is beyond EOD, truncated [ 449.268108][ T7861] loop1: p170 start 115140 is beyond EOD, truncated [ 449.274997][ T7861] loop1: p171 start 115140 is beyond EOD, truncated [ 449.281700][ T7861] loop1: p172 start 115140 is beyond EOD, truncated [ 449.288341][ T7861] loop1: p173 start 115140 is beyond EOD, truncated [ 449.294958][ T7861] loop1: p174 start 115140 is beyond EOD, truncated [ 449.301660][ T7861] loop1: p175 start 115140 is beyond EOD, truncated [ 449.308356][ T7861] loop1: p176 start 115140 is beyond EOD, truncated [ 449.314953][ T7861] loop1: p177 start 115140 is beyond EOD, truncated [ 449.321663][ T7861] loop1: p178 start 115140 is beyond EOD, truncated [ 449.328268][ T7861] loop1: p179 start 115140 is beyond EOD, truncated [ 449.334853][ T7861] loop1: p180 start 115140 is beyond EOD, truncated [ 449.341542][ T7861] loop1: p181 start 115140 is beyond EOD, truncated [ 449.348275][ T7861] loop1: p182 start 115140 is beyond EOD, truncated [ 449.354948][ T7861] loop1: p183 start 115140 is beyond EOD, truncated [ 449.361547][ T7861] loop1: p184 start 115140 is beyond EOD, truncated [ 449.368160][ T7861] loop1: p185 start 115140 is beyond EOD, truncated [ 449.374741][ T7861] loop1: p186 start 115140 is beyond EOD, truncated [ 449.381338][ T7861] loop1: p187 start 115140 is beyond EOD, truncated [ 449.388032][ T7861] loop1: p188 start 115140 is beyond EOD, truncated [ 449.394610][ T7861] loop1: p189 start 115140 is beyond EOD, truncated [ 449.401293][ T7861] loop1: p190 start 115140 is beyond EOD, truncated [ 449.407954][ T7861] loop1: p191 start 115140 is beyond EOD, truncated [ 449.414654][ T7861] loop1: p192 start 115140 is beyond EOD, truncated [ 449.421434][ T7861] loop1: p193 start 115140 is beyond EOD, truncated [ 449.428069][ T7861] loop1: p194 start 115140 is beyond EOD, truncated [ 449.434721][ T7861] loop1: p195 start 115140 is beyond EOD, truncated [ 449.441366][ T7861] loop1: p196 start 115140 is beyond EOD, truncated [ 449.448005][ T7861] loop1: p197 start 115140 is beyond EOD, truncated [ 449.454733][ T7861] loop1: p198 start 115140 is beyond EOD, truncated [ 449.461408][ T7861] loop1: p199 start 115140 is beyond EOD, truncated [ 449.468230][ T7861] loop1: p200 start 115140 is beyond EOD, truncated [ 449.474999][ T7861] loop1: p201 start 115140 is beyond EOD, truncated [ 449.481914][ T7861] loop1: p202 start 115140 is beyond EOD, truncated [ 449.488612][ T7861] loop1: p203 start 115140 is beyond EOD, truncated [ 449.495294][ T7861] loop1: p204 start 115140 is beyond EOD, truncated [ 449.501895][ T7861] loop1: p205 start 115140 is beyond EOD, truncated [ 449.508510][ T7861] loop1: p206 start 115140 is beyond EOD, truncated [ 449.515243][ T7861] loop1: p207 start 115140 is beyond EOD, truncated [ 449.521841][ T7861] loop1: p208 start 115140 is beyond EOD, truncated [ 449.528446][ T7861] loop1: p209 start 115140 is beyond EOD, truncated [ 449.535031][ T7861] loop1: p210 start 115140 is beyond EOD, truncated [ 449.541639][ T7861] loop1: p211 start 115140 is beyond EOD, truncated [ 449.548292][ T7861] loop1: p212 start 115140 is beyond EOD, truncated [ 449.554914][ T7861] loop1: p213 start 115140 is beyond EOD, truncated [ 449.561506][ T7861] loop1: p214 start 115140 is beyond EOD, truncated [ 449.568139][ T7861] loop1: p215 start 115140 is beyond EOD, truncated [ 449.574849][ T7861] loop1: p216 start 115140 is beyond EOD, truncated [ 449.581460][ T7861] loop1: p217 start 115140 is beyond EOD, truncated [ 449.588164][ T7861] loop1: p218 start 115140 is beyond EOD, truncated [ 449.594756][ T7861] loop1: p219 start 115140 is beyond EOD, truncated [ 449.601431][ T7861] loop1: p220 start 115140 is beyond EOD, truncated [ 449.608068][ T7861] loop1: p221 start 115140 is beyond EOD, truncated [ 449.614875][ T7861] loop1: p222 start 115140 is beyond EOD, truncated [ 449.621476][ T7861] loop1: p223 start 115140 is beyond EOD, truncated [ 449.628089][ T7861] loop1: p224 start 115140 is beyond EOD, truncated [ 449.634716][ T7861] loop1: p225 start 115140 is beyond EOD, truncated [ 449.641414][ T7861] loop1: p226 start 115140 is beyond EOD, truncated [ 449.648108][ T7861] loop1: p227 start 115140 is beyond EOD, truncated [ 449.654696][ T7861] loop1: p228 start 115140 is beyond EOD, truncated [ 449.661303][ T7861] loop1: p229 start 115140 is beyond EOD, truncated [ 449.668027][ T7861] loop1: p230 start 115140 is beyond EOD, truncated [ 449.674696][ T7861] loop1: p231 start 115140 is beyond EOD, truncated [ 449.681448][ T7861] loop1: p232 start 115140 is beyond EOD, truncated [ 449.688151][ T7861] loop1: p233 start 115140 is beyond EOD, truncated [ 449.694883][ T7861] loop1: p234 start 115140 is beyond EOD, truncated [ 449.701584][ T7861] loop1: p235 start 115140 is beyond EOD, truncated [ 449.708287][ T7861] loop1: p236 start 115140 is beyond EOD, truncated [ 449.714885][ T7861] loop1: p237 start 115140 is beyond EOD, truncated [ 449.721488][ T7861] loop1: p238 start 115140 is beyond EOD, truncated [ 449.728127][ T7861] loop1: p239 start 115140 is beyond EOD, truncated [ 449.734864][ T7861] loop1: p240 start 115140 is beyond EOD, truncated [ 449.741482][ T7861] loop1: p241 start 115140 is beyond EOD, truncated [ 449.748182][ T7861] loop1: p242 start 115140 is beyond EOD, truncated [ 449.754847][ T7861] loop1: p243 start 115140 is beyond EOD, truncated [ 449.761475][ T7861] loop1: p244 start 115140 is beyond EOD, truncated [ 449.768096][ T7861] loop1: p245 start 115140 is beyond EOD, truncated [ 449.774727][ T7861] loop1: p246 start 115140 is beyond EOD, truncated [ 449.781317][ T7861] loop1: p247 start 115140 is beyond EOD, truncated [ 449.787944][ T7861] loop1: p248 start 115140 is beyond EOD, truncated [ 449.794622][ T7861] loop1: p249 start 115140 is beyond EOD, truncated [ 449.801299][ T7861] loop1: p250 start 115140 is beyond EOD, truncated [ 449.807929][ T7861] loop1: p251 start 115140 is beyond EOD, truncated [ 449.814598][ T7861] loop1: p252 start 115140 is beyond EOD, truncated [ 449.821188][ T7861] loop1: p253 start 115140 is beyond EOD, truncated [ 449.827834][ T7861] loop1: p254 start 115140 is beyond EOD, truncated [ 449.834442][ T7861] loop1: p255 start 115140 is beyond EOD, truncated [ 449.931574][ T1232] loop1: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p2 [ 449.931812][ T1232] loop1: p1 start 115140 is beyond EOD, truncated [ 450.026975][ T1232] loop1: p2 size 2 extends beyond EOD, truncated [ 450.033835][ T1232] loop1: p3 start 225 is beyond EOD, truncated [ 450.040037][ T1232] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 450.047678][ T1232] loop1: p5 start 115140 is beyond EOD, truncated [ 450.054102][ T1232] loop1: p6 start 115140 is beyond EOD, truncated [ 450.060556][ T1232] loop1: p7 start 115140 is beyond EOD, truncated [ 450.067121][ T1232] loop1: p8 start 115140 is beyond EOD, truncated [ 450.073820][ T1232] loop1: p9 start 115140 is beyond EOD, truncated [ 450.080499][ T1232] loop1: p10 start 115140 is beyond EOD, truncated [ 450.087180][ T1232] loop1: p11 start 115140 is beyond EOD, truncated [ 450.093672][ T1232] loop1: p12 start 115140 is beyond EOD, truncated [ 450.100194][ T1232] loop1: p13 start 115140 is beyond EOD, truncated [ 450.106827][ T1232] loop1: p14 start 115140 is beyond EOD, truncated [ 450.113318][ T1232] loop1: p15 start 115140 is beyond EOD, truncated [ 450.119843][ T1232] loop1: p16 start 115140 is beyond EOD, truncated [ 450.126364][ T1232] loop1: p17 start 115140 is beyond EOD, truncated [ 450.132855][ T1232] loop1: p18 start 115140 is beyond EOD, truncated [ 450.139371][ T1232] loop1: p19 start 115140 is beyond EOD, truncated [ 450.145891][ T1232] loop1: p20 start 115140 is beyond EOD, truncated [ 450.152390][ T1232] loop1: p21 start 115140 is beyond EOD, truncated [ 450.158895][ T1232] loop1: p22 start 115140 is beyond EOD, truncated [ 450.165439][ T1232] loop1: p23 start 115140 is beyond EOD, truncated [ 450.172021][ T1232] loop1: p24 start 115140 is beyond EOD, truncated [ 450.178548][ T1232] loop1: p25 start 115140 is beyond EOD, truncated [ 450.185222][ T1232] loop1: p26 start 115140 is beyond EOD, truncated [ 450.191767][ T1232] loop1: p27 start 115140 is beyond EOD, truncated [ 450.198377][ T1232] loop1: p28 start 115140 is beyond EOD, truncated [ 450.204880][ T1232] loop1: p29 start 115140 is beyond EOD, truncated [ 450.211399][ T1232] loop1: p30 start 115140 is beyond EOD, truncated [ 450.217967][ T1232] loop1: p31 start 115140 is beyond EOD, truncated [ 450.224628][ T1232] loop1: p32 start 115140 is beyond EOD, truncated [ 450.231130][ T1232] loop1: p33 start 115140 is beyond EOD, truncated [ 450.237647][ T1232] loop1: p34 start 115140 is beyond EOD, truncated [ 450.244411][ T1232] loop1: p35 start 115140 is beyond EOD, truncated [ 450.251219][ T1232] loop1: p36 start 115140 is beyond EOD, truncated [ 450.257747][ T1232] loop1: p37 start 115140 is beyond EOD, truncated [ 450.264323][ T1232] loop1: p38 start 115140 is beyond EOD, truncated [ 450.270923][ T1232] loop1: p39 start 115140 is beyond EOD, truncated [ 450.277556][ T1232] loop1: p40 start 115140 is beyond EOD, truncated [ 450.284060][ T1232] loop1: p41 start 115140 is beyond EOD, truncated [ 450.290984][ T1232] loop1: p42 start 115140 is beyond EOD, truncated [ 450.297693][ T1232] loop1: p43 start 115140 is beyond EOD, truncated [ 450.304242][ T1232] loop1: p44 start 115140 is beyond EOD, truncated [ 450.310749][ T1232] loop1: p45 start 115140 is beyond EOD, truncated [ 450.317295][ T1232] loop1: p46 start 115140 is beyond EOD, truncated [ 450.323827][ T1232] loop1: p47 start 115140 is beyond EOD, truncated [ 450.330330][ T1232] loop1: p48 start 115140 is beyond EOD, truncated [ 450.336967][ T1232] loop1: p49 start 115140 is beyond EOD, truncated [ 450.343460][ T1232] loop1: p50 start 115140 is beyond EOD, truncated [ 450.350002][ T1232] loop1: p51 start 115140 is beyond EOD, truncated [ 450.357150][ T1232] loop1: p52 start 115140 is beyond EOD, truncated [ 450.363665][ T1232] loop1: p53 start 115140 is beyond EOD, truncated [ 450.370187][ T1232] loop1: p54 start 115140 is beyond EOD, truncated [ 450.376709][ T1232] loop1: p55 start 115140 is beyond EOD, truncated [ 450.383557][ T1232] loop1: p56 start 115140 is beyond EOD, truncated [ 450.390135][ T1232] loop1: p57 start 115140 is beyond EOD, truncated [ 450.396878][ T1232] loop1: p58 start 115140 is beyond EOD, truncated [ 450.403370][ T1232] loop1: p59 start 115140 is beyond EOD, truncated [ 450.409880][ T1232] loop1: p60 start 115140 is beyond EOD, truncated [ 450.416398][ T1232] loop1: p61 start 115140 is beyond EOD, truncated [ 450.422997][ T1232] loop1: p62 start 115140 is beyond EOD, truncated [ 450.429497][ T1232] loop1: p63 start 115140 is beyond EOD, truncated [ 450.436112][ T1232] loop1: p64 start 115140 is beyond EOD, truncated [ 450.442622][ T1232] loop1: p65 start 115140 is beyond EOD, truncated [ 450.449141][ T1232] loop1: p66 start 115140 is beyond EOD, truncated [ 450.455686][ T1232] loop1: p67 start 115140 is beyond EOD, truncated [ 450.462198][ T1232] loop1: p68 start 115140 is beyond EOD, truncated [ 450.468701][ T1232] loop1: p69 start 115140 is beyond EOD, truncated [ 450.475194][ T1232] loop1: p70 start 115140 is beyond EOD, truncated [ 450.481706][ T1232] loop1: p71 start 115140 is beyond EOD, truncated [ 450.488334][ T1232] loop1: p72 start 115140 is beyond EOD, truncated [ 450.494867][ T1232] loop1: p73 start 115140 is beyond EOD, truncated [ 450.501390][ T1232] loop1: p74 start 115140 is beyond EOD, truncated [ 450.507918][ T1232] loop1: p75 start 115140 is beyond EOD, truncated [ 450.514501][ T1232] loop1: p76 start 115140 is beyond EOD, truncated [ 450.521103][ T1232] loop1: p77 start 115140 is beyond EOD, truncated [ 450.527689][ T1232] loop1: p78 start 115140 is beyond EOD, truncated [ 450.534328][ T1232] loop1: p79 start 115140 is beyond EOD, truncated [ 450.540838][ T1232] loop1: p80 start 115140 is beyond EOD, truncated [ 450.547375][ T1232] loop1: p81 start 115140 is beyond EOD, truncated [ 450.553876][ T1232] loop1: p82 start 115140 is beyond EOD, truncated [ 450.560715][ T1232] loop1: p83 start 115140 is beyond EOD, truncated [ 450.567359][ T1232] loop1: p84 start 115140 is beyond EOD, truncated [ 450.575887][ T1232] loop1: p85 start 115140 is beyond EOD, truncated [ 450.582395][ T1232] loop1: p86 start 115140 is beyond EOD, truncated [ 450.588913][ T1232] loop1: p87 start 115140 is beyond EOD, truncated [ 450.595529][ T1232] loop1: p88 start 115140 is beyond EOD, truncated [ 450.602043][ T1232] loop1: p89 start 115140 is beyond EOD, truncated [ 450.608568][ T1232] loop1: p90 start 115140 is beyond EOD, truncated [ 450.615187][ T1232] loop1: p91 start 115140 is beyond EOD, truncated [ 450.622104][ T1232] loop1: p92 start 115140 is beyond EOD, truncated [ 450.628628][ T1232] loop1: p93 start 115140 is beyond EOD, truncated [ 450.635125][ T1232] loop1: p94 start 115140 is beyond EOD, truncated [ 450.641836][ T1232] loop1: p95 start 115140 is beyond EOD, truncated [ 450.648484][ T1232] loop1: p96 start 115140 is beyond EOD, truncated [ 450.654985][ T1232] loop1: p97 start 115140 is beyond EOD, truncated [ 450.661492][ T1232] loop1: p98 start 115140 is beyond EOD, truncated [ 450.668248][ T1232] loop1: p99 start 115140 is beyond EOD, truncated [ 450.674740][ T1232] loop1: p100 start 115140 is beyond EOD, truncated [ 450.681401][ T1232] loop1: p101 start 115140 is beyond EOD, truncated [ 450.688035][ T1232] loop1: p102 start 115140 is beyond EOD, truncated [ 450.694613][ T1232] loop1: p103 start 115140 is beyond EOD, truncated [ 450.701274][ T1232] loop1: p104 start 115140 is beyond EOD, truncated [ 450.708415][ T1232] loop1: p105 start 115140 is beyond EOD, truncated [ 450.714998][ T1232] loop1: p106 start 115140 is beyond EOD, truncated [ 450.721866][ T1232] loop1: p107 start 115140 is beyond EOD, truncated [ 450.728612][ T1232] loop1: p108 start 115140 is beyond EOD, truncated [ 450.735186][ T1232] loop1: p109 start 115140 is beyond EOD, truncated [ 450.741774][ T1232] loop1: p110 start 115140 is beyond EOD, truncated [ 450.748485][ T1232] loop1: p111 start 115140 is beyond EOD, truncated [ 450.755165][ T1232] loop1: p112 start 115140 is beyond EOD, truncated [ 450.761768][ T1232] loop1: p113 start 115140 is beyond EOD, truncated [ 450.768509][ T1232] loop1: p114 start 115140 is beyond EOD, truncated [ 450.775540][ T1232] loop1: p115 start 115140 is beyond EOD, truncated [ 450.782128][ T1232] loop1: p116 start 115140 is beyond EOD, truncated [ 450.788729][ T1232] loop1: p117 start 115140 is beyond EOD, truncated [ 450.795357][ T1232] loop1: p118 start 115140 is beyond EOD, truncated [ 450.802043][ T1232] loop1: p119 start 115140 is beyond EOD, truncated [ 450.808654][ T1232] loop1: p120 start 115140 is beyond EOD, truncated [ 450.815457][ T1232] loop1: p121 start 115140 is beyond EOD, truncated [ 450.822183][ T1232] loop1: p122 start 115140 is beyond EOD, truncated [ 450.828963][ T1232] loop1: p123 start 115140 is beyond EOD, truncated [ 450.835564][ T1232] loop1: p124 start 115140 is beyond EOD, truncated [ 450.842144][ T1232] loop1: p125 start 115140 is beyond EOD, truncated [ 450.848882][ T1232] loop1: p126 start 115140 is beyond EOD, truncated [ 450.855488][ T1232] loop1: p127 start 115140 is beyond EOD, truncated [ 450.862104][ T1232] loop1: p128 start 115140 is beyond EOD, truncated [ 450.868799][ T1232] loop1: p129 start 115140 is beyond EOD, truncated [ 450.875406][ T1232] loop1: p130 start 115140 is beyond EOD, truncated [ 450.882014][ T1232] loop1: p131 start 115140 is beyond EOD, truncated [ 450.888617][ T1232] loop1: p132 start 115140 is beyond EOD, truncated [ 450.895435][ T1232] loop1: p133 start 115140 is beyond EOD, truncated [ 450.902014][ T1232] loop1: p134 start 115140 is beyond EOD, truncated [ 450.908876][ T1232] loop1: p135 start 115140 is beyond EOD, truncated [ 450.915578][ T1232] loop1: p136 start 115140 is beyond EOD, truncated [ 450.922396][ T1232] loop1: p137 start 115140 is beyond EOD, truncated [ 450.928994][ T1232] loop1: p138 start 115140 is beyond EOD, truncated 14:20:49 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:20:49 executing program 0: setitimer(0x0, 0x0, &(0x7f0000000080)) clock_gettime(0x2, &(0x7f0000000100)) 14:20:49 executing program 4: add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xfffffffffffffff8) add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000100)={'fscrypt:', @desc1}, &(0x7f0000000140)={0x0, "b43ba0facfd5e193c61a135771948244d178c2ccf677af90d6a5db5e2038f9bc310922cb30362c1c754ae7c0825814e3a0d983927769ba02686859155652c962"}, 0x48, 0xfffffffffffffffe) request_key(&(0x7f0000000200)='dns_resolver\x00', &(0x7f0000000240)={'syz', 0x3}, &(0x7f0000000280)='\\@(\\\x00', 0x0) 14:20:49 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:49 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000013c0)={0x1, &(0x7f0000001380)=[{0x3}]}) 14:20:49 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa5800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 450.935766][ T1232] loop1: p139 start 115140 is beyond EOD, truncated [ 450.942402][ T1232] loop1: p140 start 115140 is beyond EOD, truncated [ 450.948995][ T1232] loop1: p141 start 115140 is beyond EOD, truncated [ 450.955648][ T1232] loop1: p142 start 115140 is beyond EOD, truncated [ 450.962233][ T1232] loop1: p143 start 115140 is beyond EOD, truncated [ 450.968866][ T1232] loop1: p144 start 115140 is beyond EOD, truncated [ 450.975535][ T1232] loop1: p145 start 115140 is beyond EOD, truncated 14:20:49 executing program 0: syz_open_dev$loop(&(0x7f0000000380), 0x0, 0x80082) [ 450.982127][ T1232] loop1: p146 start 115140 is beyond EOD, truncated [ 450.988736][ T1232] loop1: p147 start 115140 is beyond EOD, truncated [ 450.995351][ T1232] loop1: p148 start 115140 is beyond EOD, truncated [ 450.995449][ T7899] syz-executor.0 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 451.001991][ T1232] loop1: p149 start 115140 is beyond EOD, truncated [ 451.019403][ T1232] loop1: p150 start 115140 is beyond EOD, truncated [ 451.026120][ T1232] loop1: p151 start 115140 is beyond EOD, truncated 14:20:49 executing program 3: syz_mount_image$iso9660(0x0, 0x0, 0x0, 0x1, &(0x7f0000001180)=[{&(0x7f0000001280)="459f76a381047d5f0c29ac6445cdd471488ec5c86457caf7a1cfa5d05f6a73b4f1d2d71245ac5956c6778fdcda027a67b3264e3ac1702ac5b9f61b216b8d6a8055ecd65843e0b2e660a20fcb8d394701cdacb18702d843de9b65f9df5a9d7614ef1bedead05f73884c76eaf8528240f14204b84b6e2337151c6b9a53d158532d2f721b31287df1a056a78546a308c921e697c42e82fe6cb3875cf665e4f0791261bc400ed56832f3b8178264d7f55f6880447fe70296e0cdcbe89af5fa8ea5220bc242a041b77f4d9e8e60b747fc12c769ee83794e3fb13624c0d83de406859cc96e783b22c497a0cfb592a6ec33eb69dd4ff3262d0c870e243a77dad2b4b54f7cb2025ce840f9d7874ccc4c04be036962b9b9fc5b2e8f57645765db779711dfaac01553e628ae735427f934d2e02505fd66e911458bb6cf21dd45dbf5a4add082ec35877e10f104af0a0c3eb7402d8e8b4897fc560d34063da6431cf61a35218a7e37cdeb204806e078eb5c216b8782ec24ca3bff387dace06a8517dff247c3d470dcdb34beedcad24ce5d553b38b97d69951fda693c911bff6e6c440e35678c052fed40dceb6664482999fa67f2cc71a9e7ea4193dc92c38f015bd1ffe731639520a1c9420404d35b0127a49fc2d87fe36427076c3222e6baf257e1bd9860763733f2699e1a33d7c9fc8086474aeb1a095936edcf43ac0c2c2fb699312b7148527d232b179ea2e295c4c069497a8ca0c4e6f64b138a7dd6825b2a4977413fb87632742a675b17b504dfa25e49903bd789e1e26a77c33d082f87ed6c2a7eff483cea2b2548fe7e155eb1ec611a11f6787c9d1132a01b5efd008ac6a8209d9732e01eb1901d36d412fea0a88e9ca8b7daf4f469b24b618e9d585484ac6941f7955c43710e8598e442470465f195a5afbea22aa9d4c5f84a6c1ee6d5062bd34e083acf195dd587929b4cfc274fe87e4232472da00ad50ac51cb3e62f33d1c931ce207894f038cc615a323e9683f5fefb61af19d783fcc365cb9cf04e4d29c2a5df919686aed686479d5f1f6c987e4fa6c9e28a1c12506952b9a7304acf9de86106ee0a368d70ee8f2d84426d25ef27a3859050ed4c89247b516c45247953abab38c4feeb11b3186466cc9ddfaa1aa3c7cea0add768157abd53c298bdf2c6935cc2cf1d941eb3e1d0286149f6b09ad11cc4377f5cfbedb9e0c1bcdc5f07bc6f19c198925ba5323d93d3c9d54b02885723b2de7fd4647902bd29995c5821ffaaa363ec5a22cc3d32a6c10ceba1b2beb9a1ddf3ed67c9b9e28b021694c3c03c62bdce81faa29ae3d6433b1cd2c2591904cc0281ba947a3125eb7d0f7ecb88f33a96fa25b3fc621f5568ccab69a835ec59f8041ad4389878039a780283ac95b8723c426f7cdd2372c9709a89ea557985d3300f64b160efdb779246fbcb536acdd5cbbbf9cfdaf90db6cd9ad3312ab2c26a5a0afec84bda6a13b20e3ee0146d1d209b48a6421a3f508df7c66293e9b43c3c1b8e9cebf65743e5ff1f69147f8d427b1a0ef29317658249527740432ef53da1ad562bf60b53625ffdfc4817d327ec1c297f416a9a748a809c86868d35a882390fdea89edd7f2fb014262ef41eb253b81f99f542aa4bbf80c7b1f93baaa1b22b823d55dec4aa9f7a3ac658fa47dc31ae01eec81f12a0c827f7e9b3f305ddd222eb2a5b932d42b632c343b5d37af2e6a037ac11334aa1b10548ea2da7fd5831ab159bee9f7647d39de2c12120161187e3ef44578bd2be215c55d17c7875423b5830de7d1941932bbd358f716ee0715cc3db6ade7e0f46677e12ef33231b3be9100812d999daa003d2c38170f2750c8c04288a8383b88496cb7de43cc5641a5c18824a628dd616f2c65984c6b0d10376e20bad15139adcdd9b835e2ec5acfdccf9350c991eb567ded50309b79b12bced9eb89b6062738c41e18d824eb54db25f8f91c9c03ea7139905e208cbbaf699442d71d4cd93a090978426d0b40e9e29661b86c047dcaabfc67ce48a5ab73e61351efe415af9ed789c6fa2ac104fbae2bd4e72395e150af06aa8e9b4c6030ab23cebe483ccb7486f804a068d28f0d6035a0a63062bf597b3b46e2ed23685d9fd02d51f01e6016ba37a7a5effacd2e2d4db39c1e331bf558ca0bc6e6c664038b1b4e916b2d91fa425796ee8426243b8097618d65d2572f8307c52eb125e0eac0e76700a3dd6c60be9f57c9f7efb293861667408336ebc1c308821337077e95b1c9c885ae1b74fa148d06350e37f1c3a66d6b6f1705e860376447fd28f2982207ac398a52edc6417b31eac7fe64ae25dd51737a9a753bc3ced9003ffbc6263225ae2ead8481bda7e07a190cc44aca56f32c56fbc0ec0c3eaf47686a38ff5338bd0a4701a79635f323d0918f424dd79bc6c12e2651a37565d4fd88a6bfab3e36796fee6bdb3a3e8999581072f70420bab9cfb4cca9d22aa36682fa470357147b329cb69a46858c64147348c20281de1278c28851274d0aabbfb2db540b7f9f4af1482dd1889f244602db498a6126f6c1e1ad49003725606625a683cb29e15ed36aea9bdc4f7906014b945b53d08ca4b56ddb99c1be8cd4d0ddf77e83dc09f013ac05555c86fcf317a4d9cedf2bfe8fd2b9674cd66c80af8d2ccf615f2d2526f9d873ab221dffe6dcc6ae4575f15a234ce198adbab7ec8a7042b85e22de0e8cfeed9d94fc22d2b1c30c3a91df82c81c67d7e6365253ac5e1f160cdfb2593058da8e624c11cc1225b90b88ff9e4c245922158c9d98ca39818b711020c22abcfe0369a0adb7dd57cbae2af31561caab001a5c72690a07de25b0c229b631ffb2b4894ffba6d119820c33acdfc567524341f6119354239ec35038607b419168adf5c526c9b16d67d6ebe23486ad05150f7b4d75c62f51666af0d44cac6ae5d6c256a2e5b06c923d0299e75e2a46ec9db9efbe080b91cc3f0ed2823c9277497639e944869b2c89df1fa28f08859d6e7ea9381e605fa1738fa1f14ce1af9fb4a68f021aee07f8b703fd7bf2e4c3bee5855160a691390010f4742e6ae38cddf79ad144e33449995097234d480f9982551191a1121455de17320e9474cc8f4ec8e6005dce30a06ce56dc7a672ad1d42ede94bf3fe48f9d16417b5725c1e53862890e54761ce4f16f085907bfdbd5bd71f26d8e1db55dd1b472d191a9a882a321127f0dd26c88b20ed8bc585052bdb367b7bc908a7b5a6f667bd26c0bc7b1449fd66a57cfe015995fcb9d4b77309f20a84de3f48bc8654f00311dd3cc0dfbd2c6db15346f5bd63310a8ba5f38a2c5d1f61eaf67d0f71997d166467a5ff6959714a44b134215bbfa5d752cc73e7f5845479cb554b61060eed54d6eacb6141e3d9a8ee1df42a668e302912b4e7f4282b3a01da9d51e3c7370830dc6463a198688ee8c6e325cb902c164f8afb757afe3fdfae833f86b2becd0a58dc6cf42a408e1c5f5f02a54e1769b265142625384d9a6f7ac775d317357c76d8651d55d3420e7d6f120f44cb71f31cee63fd91390b63c87782b33129fa7c09cddd1000bdb61c7eb62db2d6cf79e9d93e1adedd27d4190ab5d94457b50dfedd5899eae49c120a8d90abd3a4970a02b7c37ae3dfcc457bb29622c0c8928b9ff15f363b5f28842ab43540dc43b25c330ccd5bdc8b66b4f51ef618b16da267266e39e9b055b6b3e38e1e149e7fcd0b186b9798719a52df2fc1c48e86a845b5afe3439ba304d3633715bc27c01a712ab77c542ac2ccffe8efe9eeb8696b69f095df9794038834a1921010c4313f369334ca4533754bc2cbdf552ca1b6a22ed622f9555e5c7db20c768956e76d830d4eeb57ea787ffbfcafdefc9b09982005adb9dd4106057206e8ed4f1509c98fc11e2e347ad5e0103a9601f302c073b5d60571041062926775c6e95b6348c796657293cca1f12a58105638718f47cec5eb2458010c4cae53a9b723e1f0b63613885579e34b3b405c92ba54f877db9fd2ec91db66ce78ed40fd20cba3427b6a2197e1a28f77f0b1381d845b49db0d22b8988f787b39e776761391e70645e6f6d8362d8813f9ff6fb68192ea5e0ae81d463473027f29bd592d1666282c28690a85a99f4aac9c1852170ec66ebcf3fc707da1c61bbb8d316783acbc145c9a42fe5f28cc22a06a3c878db592c0f4fa064141b1d0114a2eacd975b51b3d299addd5d7fdee7bfa4c21d144733660f054ac32ce8a1b3c3f2dd443e13ddf8887ebb8fdc28694dee2eff6eefa9a3122ee2ab25bac57f9275f11de3981a8a325e9bae6e63e46031bc08e0cd70c66b5a697dea3cf7954337deba90de655999e7398d192ec1cdd55d7bd153272e6a144269da8668a4d4905cc51496991149fa037c30b86206b43e0adc9c9cc0a264b61e84325f5ac931b13ea706d87f06eee390312768ee4f1318169b69518c49d4b2c9b9cdf8a3eabe5340bfcade3e40cc98b207a0ade8cb450372bc6fa0c9d26739119be4fe8319c104890aae2d8777b9b387aa3fcd03f22d9d5d2e9166abccd37a1da0b744cb0a0c74e3b5c8a1b923e409821df0899860f4dc93ca8e39f472b55e4dc01b820861b8dadd1bf95ef26a4a7aa4c1d1715c6a4f941989069f0a042c92cc9773f542466b31c737577f37f239b2d4233b35cf292408cc36d928729fb4d88f9518b7089141568fc711feb898a18dd3efd7f4b27dcc83f8a67632809e204789b0ea169b2f2ca963218c41ba579cf8e943ba772f64b6c783a47262979ccaba1933a847e3cf670b4e4be2c5c3480ed35bd4c8bec8c1206afe08c6198e001c527ab925a4554cf168a827502436c6e546f0e8c53169dc6015e185638ed4076c71d849756a9b079462b9dfa3fe74d9b463f345c39b90ac87db2d8079a93109500f78256b01e88d8b151500cd08ce1d05f1fa720f16b25e6ce4f62345bf9d213d02bf72bc825dfbb834f4966653ccd5d927d10046bc2a530bad85a6dd7e706346b1666401a8892676b15fd25c2d1734cfedd8863b93db44c33d6bcdeb2ff8034b55b213d3af59da36251d7f11a6bfcdf168bb2932f6148870290624892f02ffcc079cd93a9b21ab1f8047eb83ba70946c28dff86c79e2c3986a979220fb31540aaf17dbeee021f4e4494d74b255fab226fd08a4e216abd82f98c7573ca04689b3593cc9bf05b66e046849a8a9a47ed7aa038bf7d2546623125ed4798a8742a0db37b0cb7f3dd64e6ccceaf61c0c901e016fee18f1d7614f359f3f567c6490e99fc2f825a52e64d26dc6822468f8b02ffce0309f8e59410ba591b07e524952a2cfcfabc86aa30160a1bd94b0f1840069b9ff0a5010a54da2ff2ae164373026240efab3c60ed9d5fb6784b823d454f63a26de6b9631059aa6c3c3dfe138f7f9fabedd9e8fdb069de7b9a6e3247fa443dc1cdd63b2ad6c004ea6c9ff9ba91619651c3f38c6ab4b57cd535d350f738b895d7a70d96e5a86f5614f39095e8a8dce9d3728b043edbeb04e056fa1ef0158ed6b06ded24301ae0945fdb080269d24f5bf9aa692116bfaa7ed3ebf6fd945e548e807873904be717382f20d0ecfeb3a32af2f23c4760e6d7392dc757060cb34eedf99c47b7b429ea29d15e0615d68b3996ac81aa39650e596d85a83eb221c3fbcafbceb97b0e47def954d6bcf584de6f8cc7277996633e39642644dc900a2990037e9c0a870f9c48f71868343083fd59b6cdb92387fcabbace205b90a8552ac09da87f23087619f866dd6951531cd056e46399ef3c6a8299325cbe8d4acea0704ffeca95fada68d550accafda38e41cc2a", 0x1001, 0xffff}], 0x0, 0x0) 14:20:49 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r1, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={0x0}}, 0x0) [ 451.032705][ T1232] loop1: p152 start 115140 is beyond EOD, truncated [ 451.039823][ T1232] loop1: p153 start 115140 is beyond EOD, truncated [ 451.046438][ T1232] loop1: p154 start 115140 is beyond EOD, truncated [ 451.053281][ T1232] loop1: p155 start 115140 is beyond EOD, truncated [ 451.061654][ T1232] loop1: p156 start 115140 is beyond EOD, truncated [ 451.068310][ T1232] loop1: p157 start 115140 is beyond EOD, truncated [ 451.075033][ T1232] loop1: p158 start 115140 is beyond EOD, truncated 14:20:49 executing program 0: ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) [ 451.081665][ T1232] loop1: p159 start 115140 is beyond EOD, truncated [ 451.088323][ T1232] loop1: p160 start 115140 is beyond EOD, truncated [ 451.095011][ T1232] loop1: p161 start 115140 is beyond EOD, truncated [ 451.096995][ T7914] loop3: detected capacity change from 0 to 255 [ 451.101636][ T1232] loop1: p162 start 115140 is beyond EOD, truncated [ 451.114606][ T1232] loop1: p163 start 115140 is beyond EOD, truncated [ 451.121574][ T1232] loop1: p164 start 115140 is beyond EOD, truncated [ 451.128254][ T1232] loop1: p165 start 115140 is beyond EOD, truncated 14:20:49 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_CCA_ED_LEVEL(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, 0x0}, 0x0) 14:20:49 executing program 4: r0 = add_key$fscrypt_v1(&(0x7f0000000380), &(0x7f00000003c0), &(0x7f0000000400)={0x0, "6073ee41179ac5f945a9f75c47a0a63c2a0fbb28ef98f90c9fc819ba699b5be188695d6fa1108be7f3d261f0f2a24492eb3f64232104446a297cca5585b43516"}, 0x48, 0xfffffffffffffffc) request_key(&(0x7f00000002c0)='ceph\x00', &(0x7f0000000300)={'syz', 0x1}, 0x0, r0) [ 451.134852][ T1232] loop1: p166 start 115140 is beyond EOD, truncated [ 451.141538][ T1232] loop1: p167 start 115140 is beyond EOD, truncated [ 451.148234][ T1232] loop1: p168 start 115140 is beyond EOD, truncated [ 451.155225][ T1232] loop1: p169 start 115140 is beyond EOD, truncated [ 451.161960][ T1232] loop1: p170 start 115140 is beyond EOD, truncated [ 451.168576][ T1232] loop1: p171 start 115140 is beyond EOD, truncated [ 451.175273][ T1232] loop1: p172 start 115140 is beyond EOD, truncated [ 451.181910][ T1232] loop1: p173 start 115140 is beyond EOD, truncated [ 451.188522][ T1232] loop1: p174 start 115140 is beyond EOD, truncated [ 451.195223][ T1232] loop1: p175 start 115140 is beyond EOD, truncated [ 451.201820][ T1232] loop1: p176 start 115140 is beyond EOD, truncated [ 451.208429][ T1232] loop1: p177 start 115140 is beyond EOD, truncated [ 451.215101][ T1232] loop1: p178 start 115140 is beyond EOD, truncated [ 451.221863][ T1232] loop1: p179 start 115140 is beyond EOD, truncated [ 451.228475][ T1232] loop1: p180 start 115140 is beyond EOD, truncated [ 451.235149][ T1232] loop1: p181 start 115140 is beyond EOD, truncated [ 451.241788][ T1232] loop1: p182 start 115140 is beyond EOD, truncated [ 451.248398][ T1232] loop1: p183 start 115140 is beyond EOD, truncated [ 451.254985][ T1232] loop1: p184 start 115140 is beyond EOD, truncated [ 451.261652][ T1232] loop1: p185 start 115140 is beyond EOD, truncated [ 451.268512][ T1232] loop1: p186 start 115140 is beyond EOD, truncated [ 451.275100][ T1232] loop1: p187 start 115140 is beyond EOD, truncated [ 451.281722][ T1232] loop1: p188 start 115140 is beyond EOD, truncated [ 451.288526][ T1232] loop1: p189 start 115140 is beyond EOD, truncated [ 451.295223][ T1232] loop1: p190 start 115140 is beyond EOD, truncated [ 451.301916][ T1232] loop1: p191 start 115140 is beyond EOD, truncated [ 451.308619][ T1232] loop1: p192 start 115140 is beyond EOD, truncated [ 451.315200][ T1232] loop1: p193 start 115140 is beyond EOD, truncated [ 451.321800][ T1232] loop1: p194 start 115140 is beyond EOD, truncated [ 451.328436][ T1232] loop1: p195 start 115140 is beyond EOD, truncated [ 451.335018][ T1232] loop1: p196 start 115140 is beyond EOD, truncated [ 451.341781][ T1232] loop1: p197 start 115140 is beyond EOD, truncated [ 451.348463][ T1232] loop1: p198 start 115140 is beyond EOD, truncated [ 451.355080][ T1232] loop1: p199 start 115140 is beyond EOD, truncated [ 451.361676][ T1232] loop1: p200 start 115140 is beyond EOD, truncated [ 451.368320][ T1232] loop1: p201 start 115140 is beyond EOD, truncated [ 451.375152][ T1232] loop1: p202 start 115140 is beyond EOD, truncated [ 451.381985][ T1232] loop1: p203 start 115140 is beyond EOD, truncated [ 451.389323][ T1232] loop1: p204 start 115140 is beyond EOD, truncated [ 451.395950][ T1232] loop1: p205 start 115140 is beyond EOD, truncated [ 451.402608][ T1232] loop1: p206 start 115140 is beyond EOD, truncated [ 451.409346][ T1232] loop1: p207 start 115140 is beyond EOD, truncated [ 451.415981][ T1232] loop1: p208 start 115140 is beyond EOD, truncated [ 451.422558][ T1232] loop1: p209 start 115140 is beyond EOD, truncated [ 451.429716][ T1232] loop1: p210 start 115140 is beyond EOD, truncated [ 451.436341][ T1232] loop1: p211 start 115140 is beyond EOD, truncated [ 451.442918][ T1232] loop1: p212 start 115140 is beyond EOD, truncated [ 451.449527][ T1232] loop1: p213 start 115140 is beyond EOD, truncated [ 451.456213][ T1232] loop1: p214 start 115140 is beyond EOD, truncated [ 451.462798][ T1232] loop1: p215 start 115140 is beyond EOD, truncated [ 451.469423][ T1232] loop1: p216 start 115140 is beyond EOD, truncated [ 451.476186][ T1232] loop1: p217 start 115140 is beyond EOD, truncated [ 451.482768][ T1232] loop1: p218 start 115140 is beyond EOD, truncated [ 451.489438][ T1232] loop1: p219 start 115140 is beyond EOD, truncated [ 451.496118][ T1232] loop1: p220 start 115140 is beyond EOD, truncated [ 451.502723][ T1232] loop1: p221 start 115140 is beyond EOD, truncated [ 451.509341][ T1232] loop1: p222 start 115140 is beyond EOD, truncated [ 451.515955][ T1232] loop1: p223 start 115140 is beyond EOD, truncated [ 451.522536][ T1232] loop1: p224 start 115140 is beyond EOD, truncated [ 451.529328][ T1232] loop1: p225 start 115140 is beyond EOD, truncated [ 451.536030][ T1232] loop1: p226 start 115140 is beyond EOD, truncated [ 451.542610][ T1232] loop1: p227 start 115140 is beyond EOD, truncated [ 451.549307][ T1232] loop1: p228 start 115140 is beyond EOD, truncated [ 451.555938][ T1232] loop1: p229 start 115140 is beyond EOD, truncated [ 451.562563][ T1232] loop1: p230 start 115140 is beyond EOD, truncated [ 451.569252][ T1232] loop1: p231 start 115140 is beyond EOD, truncated [ 451.575862][ T1232] loop1: p232 start 115140 is beyond EOD, truncated [ 451.582449][ T1232] loop1: p233 start 115140 is beyond EOD, truncated [ 451.589040][ T1232] loop1: p234 start 115140 is beyond EOD, truncated [ 451.595749][ T1232] loop1: p235 start 115140 is beyond EOD, truncated [ 451.602348][ T1232] loop1: p236 start 115140 is beyond EOD, truncated [ 451.608976][ T1232] loop1: p237 start 115140 is beyond EOD, truncated [ 451.615679][ T1232] loop1: p238 start 115140 is beyond EOD, truncated [ 451.622400][ T1232] loop1: p239 start 115140 is beyond EOD, truncated [ 451.629139][ T1232] loop1: p240 start 115140 is beyond EOD, truncated [ 451.635788][ T1232] loop1: p241 start 115140 is beyond EOD, truncated [ 451.642571][ T1232] loop1: p242 start 115140 is beyond EOD, truncated [ 451.649219][ T1232] loop1: p243 start 115140 is beyond EOD, truncated [ 451.655969][ T1232] loop1: p244 start 115140 is beyond EOD, truncated [ 451.662573][ T1232] loop1: p245 start 115140 is beyond EOD, truncated [ 451.669252][ T1232] loop1: p246 start 115140 is beyond EOD, truncated [ 451.675879][ T1232] loop1: p247 start 115140 is beyond EOD, truncated [ 451.682467][ T1232] loop1: p248 start 115140 is beyond EOD, truncated [ 451.689144][ T1232] loop1: p249 start 115140 is beyond EOD, truncated [ 451.695838][ T1232] loop1: p250 start 115140 is beyond EOD, truncated [ 451.702523][ T1232] loop1: p251 start 115140 is beyond EOD, truncated [ 451.709120][ T1232] loop1: p252 start 115140 is beyond EOD, truncated [ 451.715752][ T1232] loop1: p253 start 115140 is beyond EOD, truncated [ 451.722347][ T1232] loop1: p254 start 115140 is beyond EOD, truncated [ 451.728942][ T1232] loop1: p255 start 115140 is beyond EOD, truncated [ 451.786431][ T7929] loop1: detected capacity change from 0 to 1 [ 451.816879][ T7914] loop3: detected capacity change from 0 to 255 [ 451.839990][ T7929] loop1: p1 p2 p3 p4 [ 451.844056][ T7929] loop1: p1 start 115140 is beyond EOD, truncated [ 451.850606][ T7929] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 451.858342][ T7929] loop1: p3 start 225 is beyond EOD, truncated [ 451.864717][ T7929] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:52 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:20:52 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x28, 0x0, 0x0) 14:20:52 executing program 4: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x16, 0x0, 0x0) 14:20:52 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:52 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x14, &(0x7f0000000000)={0x0, {{0x2, 0x0, @remote}}}, 0x90) 14:20:52 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa6800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:52 executing program 4: r0 = socket(0x11, 0xa, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f000005b580)) 14:20:52 executing program 3: syz_open_dev$char_raw(&(0x7f0000001040), 0x0, 0x80c0) 14:20:52 executing program 0: syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x145200) 14:20:52 executing program 4: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0xc, 0x0, 0x0) [ 454.031090][ T7965] loop1: detected capacity change from 0 to 1 14:20:52 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x4, 0x0, 0x0) 14:20:52 executing program 0: getresgid(&(0x7f0000000280), 0x0, 0x0) [ 454.079398][ T7965] loop1: p1 p2 p3 p4 [ 454.085266][ T7965] loop1: p1 start 115140 is beyond EOD, truncated [ 454.092019][ T7965] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 454.111388][ T7965] loop1: p3 start 225 is beyond EOD, truncated [ 454.117640][ T7965] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:53 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:20:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x5451, 0x0) 14:20:53 executing program 4: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0xd, 0x0, 0x0) 14:20:54 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:54 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:54 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000000)={0xdd98, {{0x2, 0x0, @multicast1}}}, 0x90) 14:20:54 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req={0x0, 0x0, 0x0, 0x7493}, 0x10) 14:20:54 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x5452, &(0x7f0000000e40)={'batadv_slave_0\x00'}) 14:20:54 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:20:54 executing program 3: socket$inet(0x2, 0x3, 0xff) 14:20:54 executing program 0: request_key(&(0x7f00000002c0)='big_key\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0) 14:20:54 executing program 4: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x23, 0x0, 0x0) 14:20:54 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0xa, &(0x7f0000000000)={0x0, {{0x2, 0x0, @remote}}}, 0x90) 14:20:54 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000300), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_ADD_IFACE(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x78, r1, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy2\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy3\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}]}, 0x78}}, 0x40010) 14:20:54 executing program 4: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x7, &(0x7f0000000000)={0x0, {{0x2, 0x0, @remote}}}, 0x90) [ 455.920285][ T8020] loop1: detected capacity change from 0 to 1 [ 455.968455][ T8020] loop1: p1 p2 p3 p4 [ 455.976027][ T8020] loop1: p1 start 115140 is beyond EOD, truncated [ 455.982531][ T8020] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 455.992478][ T8020] loop1: p3 start 225 is beyond EOD, truncated [ 455.998771][ T8020] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:20:55 executing program 4: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x31, &(0x7f0000000000)={0x0, {{0x2, 0x0, @remote}}}, 0x90) 14:20:55 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:55 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) recvfrom$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) 14:20:55 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffee800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:55 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:20:55 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x32, &(0x7f0000000000)={0x0, {{0x2, 0x0, @remote}}}, 0x90) 14:20:55 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000000000), 0xc) 14:20:55 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8921, &(0x7f0000000e40)={'batadv_slave_0\x00'}) 14:20:55 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0xa, 0x0, 0x0) 14:20:55 executing program 0: syz_open_dev$vcsa(&(0x7f0000002440), 0x0, 0x218300) [ 456.777709][ T8067] loop1: detected capacity change from 0 to 1 14:20:55 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) getsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, &(0x7f0000000240)) 14:20:55 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) bind$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) 14:20:55 executing program 0: request_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0) 14:20:57 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:20:57 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480fffffffd800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:20:57 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x89a0, &(0x7f0000000e40)={'batadv_slave_0\x00'}) 14:20:57 executing program 4: waitid(0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0) 14:20:57 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:20:57 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x22, 0x0, 0x0) 14:20:57 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x2, 0x30, 0x0, 0x0) 14:20:57 executing program 4: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x6, &(0x7f0000000000)={0x0, {{0x2, 0x0, @remote}}}, 0x90) 14:20:57 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = creat(&(0x7f0000000140)='./file0/bus\x00', 0x0) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$FIDEDUPERANGE(r2, 0xc0189436, &(0x7f0000000100)) 14:20:57 executing program 3: r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil) shmctl$SHM_UNLOCK(r0, 0x4) [ 459.248072][ T8119] loop1: detected capacity change from 0 to 1 14:20:58 executing program 4: r0 = socket$unix(0x1, 0x2, 0x0) sendmsg$unix(r0, &(0x7f00000014c0)={&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0xfffffffffffffc73, &(0x7f0000001340)=[{&(0x7f0000000040)="6e249baa18710cd9da00544b292af0c681bba1bfe48f702c50c1a48eb3630845fbf4fbe3a624d77a06f8b0195eca229862cc235303df8c1027157fbfe8f06b10a7246d50f678609c9926732cb5743a6a535373a51133c33a615d41ceaaf04aac1a2e7369e04f8a21bdbe550d52b4c9266fe3da39f8dca9b329d042b43ab970b989da488f4d0d2bcb5ab17cfebd8495a837", 0x91}], 0x1}, 0x0) 14:20:58 executing program 0: r0 = shmget(0x1, 0x3000, 0x0, &(0x7f0000ffc000/0x3000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x0) [ 459.288397][ T8119] loop1: p1 p2 p3 p4 [ 459.296520][ T8119] loop1: p1 start 115140 is beyond EOD, truncated [ 459.303057][ T8119] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 459.311711][ T8119] loop1: p3 start 225 is beyond EOD, truncated [ 459.317950][ T8119] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:00 executing program 3: r0 = syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TIOCSETD(r0, 0x8004741b, &(0x7f0000000040)=0x5) 14:21:00 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x3, 0x0) 14:21:00 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_cred(r0, 0xffff, 0x1022, 0x0, 0x0) 14:21:00 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf002000000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:00 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:00 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:00 executing program 0: madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4100b1597538cba8) 14:21:01 executing program 3: r0 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_timeval(r0, 0xffff, 0x1006, &(0x7f0000000140)={0x0, 0xcf6}, 0x10) 14:21:01 executing program 4: mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000) munlock(&(0x7f0000fee000/0x12000)=nil, 0x12000) madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x6) 14:21:01 executing program 2: mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:21:01 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) sendmsg$unix(r0, &(0x7f00000014c0)={0x0, 0x0, 0x0}, 0x0) 14:21:01 executing program 0: mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1) [ 462.282143][ T8158] loop1: detected capacity change from 0 to 1 14:21:01 executing program 4: r0 = getpid() r1 = getpid() setpgid(r0, r1) 14:21:01 executing program 0: r0 = socket$inet(0x2, 0x3, 0x1) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmmsg$inet(r0, &(0x7f00000001c0)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2=0xe00005c8}, 0x10, &(0x7f0000001400)=[{&(0x7f0000000080)="7a88", 0x2}], 0x1, &(0x7f0000000180)=[@ip_pktinfo={{0x18, 0x0, 0x8, {r2, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}}}}], 0x18}}], 0x1, 0x0) 14:21:01 executing program 3: r0 = socket$inet(0x2, 0x3, 0x1) ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f00000003c0)={0x0, @in={0x2, 0x0, @private}, @can, @hci, 0x4}) [ 462.378361][ T8158] loop1: p1 p2 p3 p4 [ 462.385959][ T8158] loop1: p1 start 115140 is beyond EOD, truncated [ 462.392422][ T8158] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 462.402934][ T8158] loop1: p3 start 225 is beyond EOD, truncated [ 462.409237][ T8158] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:01 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800200000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 462.475719][ T8212] loop1: detected capacity change from 0 to 1 [ 462.505301][ T8212] loop1: p1 p2 p3 p4 [ 462.509571][ T8212] loop1: p1 start 115140 is beyond EOD, truncated [ 462.516087][ T8212] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 462.523662][ T8212] loop1: p3 start 225 is beyond EOD, truncated [ 462.529961][ T8212] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:03 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, 0x0, 0x0, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:03 executing program 4: r0 = socket$inet(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f0000001280)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000001400)=[{&(0x7f0000001300)="7a88deb17607a29122b87e6408a58274684bb0e0efd400e9de8edebe269a6226d8536cc5314b3db71e255e5053e4a21ec65f881b48511f3fde338472089d67fc7d9d7da98db9e7c3110a100418df5b073eed75512a025cdceccb895e7e66403f11e84bc7163660677ac07644ae8033fe2152fe6298e2e848d5635d340de7be056434110641a6fb90d91970b1f7c6e954877886646768fd8cab0dd51fe5bf00acc8ebea826def53f4794f9b2d7fd39983a020fcc0283a1fb2d9c9c017076e7aa67e1645d357ba04675d99d96e3c4c86932165b82e8e", 0xd5}, {&(0x7f0000000180)="b4f001a05a324e106e8e9983a025243f9f8b4e7ec438fb1fa5b1a61c9ae138e0d11c61d17753fa023aa06ee6a7afcca8b6ef9af2dfed51ee65618d759fb6c9cc536b0a5d8202d2fff38ad4b61b90a792bfc05c7f1367b0d7f208de2081cd6e615ee06f4858795b7caedba5de01d9927af6e7975a6f3f39e0f35f70e58151edc7c28fa2dbe60a90ec94dda3e0a2", 0x8d}, {&(0x7f0000001440)="424a6b9b43922c0f9bccbaf02e0063552a3c9441114bb7a076898debc8fb6d85c5b9f5055f0d72f4a3b90f00000000000036aed0ce9f8d31ffaa81607e9248ebd8599dd192692141fc43640376bb7d1f6d0882536e13b63a05302848a43b52e3989240fc7981b4cd450df0d3451775bb097ba5da93fb022ea015f480088504a658488e2972953e6eb5f078ae0500d0c85174cf2cf59c457d903dea3d9293ac09e02fdf8eb7ec8afe49c032554e0076cb55b80400565924e8cf2fe3aca125a50484d1e69d1a1b0147b749d08f350952bd67128e1523cd40895b46d62930e59017a8ef699516c10961465b1bead4b5641ef0ac11935d2b9e02c500f977", 0xfc}, {&(0x7f0000000300)="b52af3c9696fda951412e42c391582dd79f0ced99949e0ec4240fcf17abf07eeee06e314ad6b086a4518428978f0d080a74a374781cc96fd2d862cb584e278bf6a655acec14e60e65f2032913cee7314b468d111e6ed24e20f8040f4aa81687ff83744bd92b5a24a853320099135a5b904630792ec3c3e1b74509be495e5eed666d611a9341a1ac164f83e680dfd746e72410f51d7aeabdca0b746b3e9aefb956fed20d38b80ee24d8a3e3fc50f9aa6152e48f2c1aac1be4992d7ec707ef47b55c582e8be186249bb8fbef750a603fba317a1ff615eb12059422ec56d259e457b6189c59e770839151661dae0f3196eb36a0dafa1c7029c542a010fdacc836c81db139aa66ccb35ee2a9f0f69626088dd6cc70c620237442f2aeec5268869b15fedfa9fd687f316da032429c4bad0d185c7d9f67b4d390480ad066c14db1ecf02659f054e1630576cf4ae7fe2dd7dd7bfa0bd44176701b099c4ebb24702a3f627a15f647b19db6f1357a8a9e76ad536772830cfbd9225c34094690a01df9e67cab0d412813baaa9f7a55c0e43c0e406b84417bf0aa0dac95b84b9098d74d365562d2b2f5d3299b739f30592199f33ee7294d900075ec279366230f7e3fe325b9fc1f9f7f2d7d0245202d6e8013be8fbe3fea43f786630ce954ae014f827d55e34bd9c413ba2d7bbf3c43f3baf6608ae30237791aeb2f5c5ceaef38b0173073932f9aa451b5998f96cdc5f97e1063033cf946f9dee6b9b04bf022a669774bf44e9bc69fb5de96df7ebe97887f4e6ab53b2bf25fb1836d268ab52f5cb4328a1bc208d42b203d859ce1bdd9fd5c5e922e7c2d109783e78e6ce5a5aed89f8d142f93a6edd43db051062f1b817af439f307b95249ef8f90918af832326c055d7e9b426d5697ba67e28da14c4ccf0890ee798ec7e354c3f4a9b7d825a70a44c7b5ceabd0df103d3f0af30cb5eadccc864a62eabe34e398e2f80cabf4e02503a20173371f6e0b22b51837adc6872ca1b4e59c2a1d04b18cbb6b997796bc1104650294f59450937811a02570e293170e4cf7ecc7245b2b9cc1660a1c7683f6dd69f2f5fad0220a059bda533500ceec89a9c291c577bec7befed07d29c34c8c006d58185f9427d1db640a546947e098b1cab60525c9bbbdb4a0f19c73a1aaee5ad932c26b54c74c472207fe78f0d3dd6be6c8765163e3cf4791664bde81cdd7aa25945b4c2e67bafd4f9aec4e8f95a46fc696a2066016b4f5612593f9de08d4e37bd5090698fb46570fc1ff2b2b74cfb8b26b96f7bf0dbd4c8df72b9772b30e1cb97dde9fe7b7373626f91f87220da6371ca431c8b6a42186ae5a13905a700f4df7c6acdd00b47b943598e942257f7e9bb0f669e6bb2b6ae545114c41f35627499a9b6148375e2cc546660b14cc57a04e12a66d193710413d85bd35debb722bee5c824c4e99d750ffc55dd9a94cd0a590d1a7da1e47612280f1c36dba580f4c2c6dcf7b8ee4173df53c00169e5632cca0befc165749d81f573f71f3a918482f1a2e209a51ff8dcf77e21bb0d8b69565e5ba6415c4a3cde237777f63e9672984f59c595ba5ec073484e020fd18a37b4be80d29d154932845a0b600e6dd7135ff1cbabae53dcdffcb938c40a351906687224e301134f9f8adcac4354bb55a87280242ce2e9fccea2dfbd229d9e9716f106dafe8fa0caf7e3a1fc492dfc535fbac334b4c38d7b68be2d1d7b48a2f12d5654841ff7fff26ef440c26bf911c749184dc194b38d73c53e6d1c7d3b3998ec35fb8371329292c8c21216efe3e30bcd69c6704e1513ef9474d804879c9ebc9983fb239be6d0a837d6f33f7d108ce8971d3489244dff98d5383d8982970344184b1011109f9989296a3f960d677ad5b683632a253f1aaa8dd5030f864e1d63c2f577b111ae8bfac2a2a90deec38275bad72ced7af5ee6e6add27d11cbb463b754b32db72e1ed363b4c632555e49c165307bb9402688667c6503aaab0b692dbe09e6cad3bfe0aef98ab46c8428b344fc7fc16155109b65fc4540cfd1c2ad3c8838f30ecab81f91829b31be621d075bb6491935020b3528736a7b8ab9b1e06e5bda6a72caed5299ee6a8143f66bad6837e7b9e01e4a0518fa6d4753ce25eabc9044493748b043f7e4faa073c9f26b254d9ce0193516b311e063c3471b8e85603e620db90c35a908e21acdfbdb5c0a245bd8e63678e69b6dbfff12a5cbe1142d4d080d843efb2a9a25f738c9e9e56a648b69ce4b9d735230f7bf5be95f6bea4404fbb649d8106d29baea1bd6ee2d439d48681eb3fe5e698196fc2af0eeb79684f8013d4376b1cea647092ec4407f860d73038020fc33bc03eba1a902336cfca0f331d03ab5577ed23e9bbc421b9fb48275ed2414ea6d10df3cc802968835006ad961657cc56ad43e33df7cb84f34ab15660d2e8f68265e0c99b72011df6036abd60231275ed360c850b90b328aa08f52a45bf6242daf2b1f98b9fd0d839abc3ecfbf0907112f7ffe11a7370b881ada4544b9468c05764f0fe112f6729da3dbdd945d0a90012f22638f1b8288dafa54ba5cea965905450c6093c4eca4af658b1dfac1212735f7e5c25d030b38645dfd89bfd2e527d076d266ed0bc9ff9c9d7ef827ea22065fc79c7ebd19e1cae89e9ca61aa163bb2a2a4e6670076a634fb8190c36871a58726c69ecff052f21c2f68620f6cc49d08755ab5cfacbe2c6edb1b3c7922405912af6cc4f998f9a0ad8ab1957082a63728ea70127b08eccb5a7fd75f1b1cc69352fd22cbc0a6659e083c05c5c184c303c2b2451bbec065c8e83039763691a3ae6be86fac1c05fea757029219bdb52bb724de739dc2d5363b63df4cd4d5b8a25c9e40d5d24aa4d26823537dfb9bd90205e17ac947b43517708ce3657637d37c811452508d1aa13d15890a5fe9226ae920c9b365896cd0ba63c39bb69af95c65d604758defacb1507e20f5ccec304b4a23f713b10df2fa456da5e4f198dcd09092dd7136db6618d7f92f208c2cc950703581c13d87de28061fc586dffda08285a70f0d43330803d0346c05add75e41dbe923e0eda28eb11aafb02d624d329045087cbb1f0d1533295cbab58153f31606fa2057d26c40ff578fa75c3ef1e53bf743c82fbd0bc11cb64bae3ea9bbd59d08068949854c2b9345647981a45545d568fa7eefacb99c51aca9d0d09110a66ea3a371a7a8ae56369621de16cc915cdab8d71c9ccba7778ea967f55f276433b7f9f0f37f4ed9aedace4aeb736a2b81a220ce6c9ecebc75ac009c63d7a4bbe70abc73038a331a289ca25b0b8c750d59558d5f1dffbffa84fd83d31ddc90d0d0a8beb8b0f727877b4c8228b7dcc9b9d820dbbb36ef139218767b0dff438945d4714960fa426224fc957001c36cee557299f9705883e76679965083bf7ac275bc59f825fb6fd34c6f56ce2b2ac4b77d8360644", 0x98b}], 0x4, &(0x7f00000012c0)=[@ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @remote, @remote}}}], 0x18}}, {{&(0x7f0000000000)={0x2, 0x0, @private}, 0x10, &(0x7f0000001200)=[{&(0x7f0000000cc0)="126f935075b1acf228a8c9e530b946f9727f8c8728375f796e5a3812f54c5f967f201ba816fd989ef9b63a629e90b8175955fb288f5a46e1c12187887f409fe1b7485ba53388bdf9409110171506b4c34a133ca81e94f0", 0x8f}, {&(0x7f0000000d40)="1507bfdf5ef182b74909c8bade482d3d2fb2177abd73ac24718611f07e37bb25f4877ba27921d543bf203b3877f88d58b7ba4ee86cfa9a0653b91f3dcb229ffd8b05823bb3b135837d75aa1e767b9a5a617dc0ae345f4dbd0738b3d8e480e135223fa02c99823a1278b54f834ec8614768a627104be199e164eb5459204811a88dcce929ab1ec68e976983956d9d736044a25460d42287357963edf047a8677199588d8e30438145b0c81c08ee72f1cac89e4e4b3f962427fb7f1ef7927d4425b7143a023f53a8d56bcf4129e90b9668d4494b978bca542c6421cd49a5314a41587f48dd667698739aa0d83b22d1c030d688f63768fc8f", 0xf7}, {&(0x7f0000000e40)="83320daa9dfc416260fbfd4ac2602fa4ee681c5a47709373dd73e88baeff1cb713a8d24017bbd8023a502a778f4c886523c8f83634e3449be8f65d78626b1166609c212f7d60a78f35d1911344dc4aeefd9ab185b4eae2583b455e3df9d6a74fd61aeec2699b1394819dd3c447fa0ca2710d6b17", 0x74}, {&(0x7f0000000ec0)="b39d2c423c208f3fa6ac0e17c698d91c1b83717f41d33f1bf0bc74cf85819782c8a98cd3170b91863bc0e1827ae7e42a589d0e512ea24bf793a9700bb27b5b83067bdf3e5b485500b6575a20ebf41b2410d9737be5c996b3aa4d80080d162f23418f1122efcf98855814b62112de3f14737395cc3ef6c34d8d37ab772f1cca726aa7de145f941e3c8db49bf3e6588dec84036e8e7b6c22fc2d263024365267e2711ba6f570ca", 0xa6}, {&(0x7f0000000f80)="dc4ee18bb47f8289c03d0968abc9a732b4ab47cbf6521d7693f26783cd8b7418bf69aaba57bc6cc3dc87d715c1bd1144ee1e9562c18d77bd96ea95db2680846882ee5ba27ccaf2a2389a36e1f543df700ab5621bff984e", 0x57}, {&(0x7f0000001000)="1080e9b8811d92f044263c0e8d2255174e187fe0b07ade2407a41e50936a03ef6c1a4826f93b2e88966e820c9c04035d3d089a8907305a375d1cd44861eb07", 0x3f}, {&(0x7f0000001040)="ecaa84ab6c8ef1ece89e9a24321461796dc10b503aa52381335dc14c20245515c62d8108046ec919b5a3fb0d6b3b2fe87d660208ed8154957222e169d348b8537470273b7d7f53dfa0b623fff9d82296a544e75996a20de5b0212c3bd04205b3a367a21b24b9ad695b0a7b1c745bfa9d46351d2a81c65977f389c9ce204b085e9410eb757c5add920d4fd16654f969fff7672b4c53e23b6aea2e4462fb45", 0x9e}, {&(0x7f0000001100)="78329576fcc8335f02efd8b99335573c562573d09f48a313103dd0152125e5e011faf319dcf57ad6d79b887b39b6a0cc721ea4e58b26790a80a97618b390b0839046101600538405c6e0c93c9502b1f69214f7d6df0d4b596564d849629a37df42d8dd4a48f9c6b8e8dde288da97b599f94cf6b8d8a50af38e51385174518209ad68b75f516cbc5a507844be9f652854e21e3d7cd3f34ab1386ba4993e523b7a03a2c3ea70fb3b799d7b7f7824775b9f6c04d0ab8931cf3a24bc9edf38336beba5", 0xc1}], 0x200000000000018d, &(0x7f0000000080)=[@ip_tos_int, @ip_pktinfo={{0x0, 0x0, 0x8, {0x0, @empty, @private}}}, @ip_ttl, @ip_tos_u8, @ip_ttl, @ip_pktinfo={{0x0, 0x0, 0x8, {0x0, @private, @dev}}}, @ip_tos_int, @ip_retopts={{0x0, 0x0, 0x7, {[@end, @timestamp_addr={0x44, 0x0, 0x0, 0x1, 0x0, [{@broadcast}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@loopback}, {@multicast2}, {}, {@multicast2}, {@broadcast}, {@broadcast}, {@dev}]}, @timestamp_addr={0x44, 0x0, 0x0, 0x1, 0x0, [{@local}, {@loopback}, {@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}}}]}}], 0x2, 0x0) 14:21:03 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0xbb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000280)='./file0\x00', 0x161) close(r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 14:21:03 executing program 0: r0 = socket$inet(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f0000001280)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000001400)=[{&(0x7f0000000080)="7a88deb17607a29122b87e6408a58274684bb0e0efd400e9de8edebe269a6226d8536cc5314b3db71e255e5053e4a21ec65f881b48511f3fde338472089d67fc7d9d7da98db9e7c3110a100418df5b073eed75512a025cdceccb895e7e66403f11e84bc7163660677ac07644ae8033fe2152fe6298e2e848d5635d340de7be056434110641a6fb90d91970b1f7c6e954877886646768fd8cab0dd51fe5bf00acc8ebea826def53f4794f9b2d7fd39983a020fcc0283a1fb2d9c9c017076e7aa67e1645d357ba04675d99d96e3c4c86932165b82e8e", 0xd5}, {&(0x7f0000000180)="b4f001a05a324e106e8e9983a025243f9f8b4e7ec438fb1fa5b1a61c9ae138e0d11c61d17753fa023aa06ee6a7afcca8b6ef9af2dfed51ee65618d759fb6c9cc536b0a5d8202d2fff38ad4b61b90a792bfc05c7f1367b0d7f208de2081cd6e615ee06f4858795b7caedba5de01d9927af6e7975a6f3f39e0f35f70e58151edc7c28fa2dbe60a90ec94dda3e0a2", 0x8d}, {&(0x7f0000001300)="424a6b9b43922c0f9bccbaf00063552a3c9441114bb7a076898debc8fb8285c5b9f5055f0d72f4a391a84af4c3188fad36aed0ce9f8d31ffaa81607e9248ebd8599dd192692141fc43640376bb7d1f6d0882586e13b63a05302848a43b52e3989240fc7981b4cd450df0d3451775bb097ba5da93fb022ea015f480088504a658488e2972953e6eb5f078ae0500d0c85174cf2cf59c457d903dea3d9293ac09e02fdf8eb7ec8afe", 0xa4}, {&(0x7f0000000300)="b52af3c9696fda951412e42c391582dd79f0ced99949e0ec4240fcf17abf07eeee06e314ad6b086a4518428978f0d080a74a374781cc96fd2d862cb584e278bf6a655acec14e60e65f2032913cee7314b468d111e6ed24e20f8040f4aa81687ff83744bd92b5a24a853320099135a5b904630792ec3c3e1b74509be495e5eed666d611a9341a1ac164f83e680dfd746e72410f51d7aeabdca0b746b3e9aefb956fed20d38b80ee24d8a3e3fc50f9aa6152e48f2c1aac1be4992d7ec707ef47b55c582e8be186249bb8fbef750a603fba317a1ff615eb12059422ec56d259e457b6189c59e770839151661dae0f3196eb36a0dafa1c7029c542a010fdacc836c81db139aa66ccb35ee2a9f0f69626088dd6cc70c620237442f2aeec5268869b15fedfa9fd687f316da032429c4bad0d185c7d9f67b4d390480ad066c14db1ecf02659f054e1630576cf4ae7fe2dd7dd7bfa0bd44176701b099c4ebb24702a3f627a15f647b19db6f1357a8a9e76ad536772830cfbd9225c34094690a01df9e67cab0d412813baaa9f7a55c0e43c0e406b84417bf0aa0dac95b84b9098d74d365562d2b2f5d3299b739f30592199f33ee7294d900075ec279366230f7e3fe325b9fc1f9f7f2d7d0245202d6e8013be8fbe3fea43f786630ce954ae014f827d55e34bd9c413ba2d7bbf3c43f3baf6608ae30237791aeb2f5c5ceaef38b0173073932f9aa451b5998f96cdc5f97e1063033cf946f9dee6b9b04bf022a669774bf44e9bc69fb5de96df7ebe97887f4e6ab53b2bf25fb1836d268ab52f5cb4328a1bc208d42b203d859ce1bdd9fd5c5e922e7c2d109783e78e6ce5a5aed89f8d142f93a6edd43db051062f1b817af439f307b95249ef8f90918af832326c055d7e9b426d5697ba67e28da14c4ccf0890ee798ec7e354c3f4a9b7d825a70a44c7b5ceabd0df103d3f0af30cb5eadccc864a62eabe34e398e2f80cabf4e02503a20173371f6e0b22b51837adc6872ca1b4e59c2a1d04b18cbb6b997796bc1104650294f59450937811a02570e293170e4cf7ecc7245b2b9cc1660a1c7683f6dd69f2f5fad0220a059bda533500ceec89a9c291c577bec7befed07d29c34c8c006d58185f9427d1db640a546947e098b1cab60525c9bbbdb4a0f19c73a1aaee5ad932c26b54c74c472207fe78f0d3dd6be6c8765163e3cf4791664bde81cdd7aa25945b4c2e67bafd4f9aec4e8f95a46fc696a2066016b4f5612593f9de08d4e37bd5090698fb46570fc1ff2b2b74cfb8b26b96f7bf0dbd4c8df72b9772b30e1cb97dde9fe7b7373626f91f87220da6371ca431c8b6a42186ae5a13905a700f4df7c6acdd00b47b943598e942257f7e9bb0f669e6bb2b6ae545114c41f35627499a9b6148375e2cc546660b14cc57a04e12a66d193710413d85bd35debb722bee5c824c4e99d750ffc55dd9a94cd0a590d1a7da1e47612280f1c36dba580f4c2c6dcf7b8ee4173df53c00169e5632cca0befc165749d81f573f71f3a918482f1a2e209a51ff8dcf77e21bb0d8b69565e5ba6415c4a3cde237777f63e9672984f59c595ba5ec073484e020fd18a37b4be80d29d154932845a0b600e6dd7135ff1cbabae53dcdffcb938c40a351906687224e301134f9f8adcac4354bb55a87280242ce2e9fccea2dfbd229d9e9716f106dafe8fa0caf7e3a1fc492dfc535fbac334b4c38d7b68be2d1d7b48a2f12d5654841ff7fff26ef440c26bf911c749184dc194b38d73c53e6d1c7d3b3998ec35fb8371329292c8c21216efe3e30bcd69c6704e1513ef9474d804879c9ebc9983fb239be6d0a837d6f33f7d108ce8971d3489244dff98d5383d8982970344184b1011109f9989296a3f960d677ad5b683632a253f1aaa8dd5030f864e1d63c2f577b111ae8bfac2a2a90deec38275bad72ced7af5ee6e6add27d11cbb463b754b32db72e1ed363b4c632555e49c165307bb9402688667c6503aaab0b692dbe09e6cad3bfe0aef98ab46c8428b344fc7fc16155109b65fc4540cfd1c2ad3c8838f30ecab81f91829b31be621d075bb6491935020b3528736a7b8ab9b1e06e5bda6a72caed5299ee6a8143f66bad6837e7b9e01e4a0518fa6d4753ce25eabc9044493748b043f7e4faa073c9f26b254d9ce0193516b311e063c3471b8e85603e620db90c35a908e21acdfbdb5c0a245bd8e63678e69b6dbfff12a5cbe1142d4d080d843efb2a9a25f738c9e9e56a648b69ce4b9d735230f7bf5be95f6bea4404fbb649d8106d29baea1bd6ee2d439d48681eb3fe5e698196fc2af0eeb79684f8013d4376b1cea647092ec4407f860d73038020fc33bc03eba1a902336cfca0f331d03ab5577ed23e9bbc421b9fb48275ed2414ea6d10df3cc802968835006ad961657cc56ad43e33df7cb84f34ab15660d2e8f68265e0c99b72011df6036abd60231275ed360c850b90b328aa08f52a45bf6242daf2b1f98b9fd0d839abc3ecfbf0907112f7ffe11a7370b881ada4544b9468c05764f0fe112f6729da3dbdd945d0a90012f22638f1b8288dafa54ba5cea965905450c6093c4eca4af658b1dfac1212735f7e5c25d030b38645dfd89bfd2e527d076d266ed0bc9ff9c9d7ef827ea22065fc79c7ebd19e1cae89e9ca61aa163bb2a2a4e6670076a634fb8190c36871a58726c69ecff052f21c2f68620f6cc49d08755ab5cfacbe2c6edb1b3c7922405912af6cc4f998f9a0ad8ab1957082a63728ea70127b08eccb5a7fd75f1b1cc69352fd22cbc0a6659e083c05c5c184c303c2b2451bbec065c8e83039763691a3ae6be86fac1c05fea757029219bdb52bb724de739dc2d5363b63df4cd4d5b8a25c9e40d5d24aa4d26823537dfb9bd90205e17ac947b43517708ce3657637d37c811452508d1aa13d15890a5fe9226ae920c9b365896cd0ba63c39bb69af95c65d604758defacb1507e20f5ccec304b4a23f713b10df2fa456da5e4f198dcd09092dd7136db6618d7f92f208c2cc950703581c13d87de28061fc586dffda08285a70f0d43330803d0346c05add75e41dbe923e0eda28eb11aafb02d624d329045087cbb1f0d1533295cbab58153f31606fa2057d26c40ff578fa75c3ef1e53bf743c82fbd0bc11cb64bae3ea9bbd59d08068949854c2b9345647981a45545d568fa7eefacb99c51aca9d0d09110a66ea3a371a7a8ae56369621de16cc915cdab8d71c9ccba7778ea967f55f276433b7f9f0f37f4ed9aedace4aeb736a2b81a220ce6c9ecebc75ac009c63d7a4bbe70abc73038a331a289ca25b0b8c750d59558d5f1dffbffa84fd83d31ddc90d0d0a8beb8b0f727877b4c8228b7dcc9b9d820dbbb36ef139218767b0dff438945d4714960fa426224fc957001c36cee557299f9705883e76679965083bf7ac275bc59f825fb6fd34c6f56ce2b2ac4b77d8360644", 0x98b}], 0x4, &(0x7f00000012c0)=[@ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @local, @multicast1}}}], 0x18}}, {{&(0x7f0000000000)={0x2, 0x0, @private}, 0x10, &(0x7f0000001200)=[{&(0x7f0000000cc0)="126f935075b1acf228a8c9e530b946f9727f8c8728375f796e5a3812f54c5f967f201ba816fd989ef9b63a629e90b8175955fb288f5a46e1c12187887f409fe1b7485ba53388bdf9409110171506b4c34a133ca81e94f0", 0x7ffff000}, {&(0x7f0000000d40)="1507bfdf5ef182b74909c8bade482d3d2fb2177abd73ac24718611f07e37bb25f4877ba27921d543bf203b3877f88d58b7ba4ee86cfa9a0653b91f3dcb229ffd8b05823bb3b135837d75aa1e767b9a5a617dc0ae345f4dbd0738b3d8e480e135223fa02c99823a1278b54f834ec8614768a627104be199e164eb5459204811a88dcce929ab1ec68e976983956d9d736044a25460d42287357963edf047a8677199588d8e30438145b0c81c08ee72f1cac89e4e4b3f962427fb7f1ef7927d4425b7143a023f53a8d56bcf4129e90b9668d4494b978bca542c6421cd49a5314a41587f48dd667698739aa0d83b22d1c030d688f63768fc8f", 0xf7}, {&(0x7f0000000e40)="83320daa9dfc416260fbfd4ac2602fa4ee681c5a47709373dd73e88baeff1cb713a8d24017bbd8023a502a778f4c886523c8f83634e3449be8f65d78626b1166609c212f7d60a78f35d1911344dc4aeefd9ab185b4eae2583b455e3df9d6a74fd61aeec2699b1394819dd3c447fa0ca2710d6b17", 0x74}, {&(0x7f0000000ec0)="b39d2c423c208f3fa6ac0e17c698d91c1b83717f41d33f1bf0bc74cf85819782c8a98cd3170b91863bc0e1827ae7e42a589d0e512ea24bf793a9700bb27b5b83067bdf3e5b485500b6575a20ebf41b2410d9737be5c996b3aa4d80080d162f23418f1122efcf98855814b62112de3f14737395cc3ef6c34d8d37ab772f1cca726aa7de145f941e3c8db49bf3e6588dec84036e8e7b6c22fc2d263024365267e2711ba6f570ca", 0xa6}, {&(0x7f0000000f80)="dc4ee18bb47f8289c03d0968abc9a732b4ab47cbf6521d7693f26783cd8b7418bf69aaba57bc6cc3dc87d715c1bd1144ee1e9562c18d77bd96ea95db2680846882ee5ba27ccaf2a2389a36e1f543df700ab5621bff984e", 0x57}, {&(0x7f0000001000)="1080e9b8811d92f044263c0e8d2255174e187fe0b07ade2407a41e50936a03ef6c1a4826f93b2e88966e820c9c04035d3d089a8907305a375d1cd44861eb07", 0x3f}, {&(0x7f0000001040)="ecaa84ab6c8ef1ece89e9a24321461796dc10b503aa52381335dc14c20245515c62d8108046ec919b5a3fb0d6b3b2fe87d660208ed8154957222e169d348b8537470273b7d7f53dfa0b623fff9d82296a544e75996a20de5b0212c3bd04205b3a367a21b24b9ad695b0a7b1c745bfa9d46351d2a81c65977f389c9ce204b085e9410eb757c5add920d4fd16654f969fff7672b4c53e23b6aea2e4462fb45", 0x9e}, {&(0x7f0000001100)="78329576fcc8335f02efd8b99335573c562573d09f48a313103dd0152125e5e011faf319dcf57ad6d79b887b39b6a0cc721ea4e58b26790a80a97618b390b0839046101600538405c6e0c93c9502b1f69214f7d6df0d4b596564d849629a37df42d8dd4a48f9c6b8e8dde288da97b599f94cf6b8d8a50af38e51385174518209ad68b75f516cbc5a507844be9f652854e21e3d7cd3f34ab1386ba4993e523b7a03a2c3ea70fb3b799d7b7f7824775b9f6c04d0ab8931cf3a24bc9edf38336beba5", 0xc1}], 0x8, &(0x7f0000001240), 0x20}}], 0x2, 0x0) 14:21:03 executing program 2: mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:21:03 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800300000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:03 executing program 3: r0 = socket$inet(0x2, 0xa, 0x0) bind$packet(r0, 0x0, 0x0) 14:21:03 executing program 0: perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x96, 0x0, 0x0, 0x0, 0x0, 0x1000001000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 14:21:03 executing program 4: sigaltstack(&(0x7f0000ffe000/0x2000)=nil, 0x0) fork() 14:21:03 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001280)={&(0x7f0000000080)={0x14, 0x12, 0x1}, 0x14}}, 0x0) 14:21:03 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$unix(r0, &(0x7f0000000100)="d2", 0x1, 0x0, 0x0, 0x0) recvfrom$unix(r1, &(0x7f0000000180)=""/156, 0x9c, 0x0, 0x0, 0x0) 14:21:03 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg(r0, &(0x7f0000001600)={&(0x7f00000000c0)=@in6={0xa, 0x4e22, 0x0, @remote}, 0x80, 0x0, 0x0, &(0x7f0000000380)=[{0x10, 0x11}], 0x10}, 0x0) [ 464.527046][ T8236] loop1: detected capacity change from 0 to 1 [ 464.601373][ T8236] loop1: p1 p2 p3 p4 [ 464.606444][ T8236] loop1: p1 start 115140 is beyond EOD, truncated [ 464.612946][ T8236] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 464.622423][ T8236] loop1: p3 start 225 is beyond EOD, truncated [ 464.628744][ T8236] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:04 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, 0x0, 0x0, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:04 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480fffffffd800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:04 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:04 executing program 3: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:04 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800400000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:04 executing program 2: mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:21:04 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480fffffffd800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:04 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480fffffffd800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:04 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800300000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 465.391983][ T8299] loop1: detected capacity change from 0 to 1 14:21:04 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) [ 465.454961][ T8299] loop1: p1 p2 p3 p4 [ 465.459465][ T8301] loop3: detected capacity change from 0 to 1 [ 465.459540][ T8299] loop1: p1 start 115140 is beyond EOD, truncated [ 465.472348][ T8299] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 465.487840][ T8299] loop1: p3 start 225 is beyond EOD, truncated [ 465.494150][ T8299] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:04 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800500000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:04 executing program 2: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) [ 465.504917][ T8301] loop3: p1 p2 p3 p4 [ 465.509254][ T8301] loop3: p1 start 115140 is beyond EOD, truncated [ 465.515816][ T8301] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 465.530006][ T8301] loop3: p3 start 225 is beyond EOD, truncated [ 465.536254][ T8301] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 465.567972][ T8331] loop1: detected capacity change from 0 to 1 [ 465.615681][ T8331] loop1: p1 p2 p3 p4 [ 465.621541][ T8331] loop1: p1 start 115140 is beyond EOD, truncated [ 465.628028][ T8331] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 465.637373][ T8331] loop1: p3 start 225 is beyond EOD, truncated [ 465.643650][ T8331] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:04 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, 0x0, 0x0, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:04 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:04 executing program 3: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:04 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800600000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:04 executing program 0: mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:21:05 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) [ 466.303575][ T8353] loop1: detected capacity change from 0 to 1 [ 466.322281][ T8357] loop3: detected capacity change from 0 to 1 [ 466.329455][ T8353] loop1: p1 p2 p3 p4 [ 466.336019][ T8353] loop1: p1 start 115140 is beyond EOD, truncated [ 466.342764][ T8353] loop1: p2 size 1073872896 extends beyond EOD, truncated 14:21:05 executing program 2: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) [ 466.350562][ T8353] loop1: p3 start 225 is beyond EOD, truncated [ 466.356969][ T8353] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 466.377091][ T8357] loop3: p1 p2 p3 p4 [ 466.386533][ T8357] loop3: p1 start 115140 is beyond EOD, truncated [ 466.393000][ T8357] loop3: p2 size 1073872896 extends beyond EOD, truncated 14:21:05 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800700000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:05 executing program 0: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) [ 466.404608][ T8357] loop3: p3 start 225 is beyond EOD, truncated [ 466.410999][ T8357] loop3: p4 size 3657465856 extends beyond EOD, truncated 14:21:05 executing program 3: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 466.476336][ T8384] loop1: detected capacity change from 0 to 1 [ 466.498565][ T8393] loop3: detected capacity change from 0 to 1 [ 466.515327][ T8384] loop1: p1 p2 p3 p4 [ 466.519791][ T8384] loop1: p1 start 115140 is beyond EOD, truncated [ 466.526412][ T8384] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 466.534728][ T8384] loop1: p3 start 225 is beyond EOD, truncated [ 466.540940][ T8384] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 466.565986][ T8393] loop3: p1 p2 p3 p4 [ 466.570463][ T8393] loop3: p1 start 115140 is beyond EOD, truncated 14:21:05 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffff81800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:05 executing program 4: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 466.577004][ T8393] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 466.636186][ T8393] loop3: p3 start 225 is beyond EOD, truncated [ 466.642394][ T8393] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 466.651630][ T8412] loop4: detected capacity change from 0 to 1 [ 466.725071][ T8412] loop4: p1 p2 p3 p4 [ 466.731208][ T8412] loop4: p1 start 115140 is beyond EOD, truncated [ 466.737697][ T8412] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 466.745721][ T8412] loop4: p3 start 225 is beyond EOD, truncated [ 466.752010][ T8412] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:21:05 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:05 executing program 2: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:05 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800900000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:05 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffff81800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:05 executing program 4: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:05 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:05 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffff81800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 467.163543][ T8434] loop4: detected capacity change from 0 to 1 [ 467.176145][ T8433] loop3: detected capacity change from 0 to 1 [ 467.176154][ T8438] loop1: detected capacity change from 0 to 1 14:21:05 executing program 0: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 467.204934][ T8434] loop4: p1 p2 p3 p4 [ 467.209287][ T8434] loop4: p1 start 115140 is beyond EOD, truncated [ 467.215748][ T8434] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 467.223393][ T8434] loop4: p3 start 225 is beyond EOD, truncated [ 467.229759][ T8434] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 467.240811][ T8438] loop1: p1 p2 p3 p4 [ 467.245292][ T8433] loop3: p1 p2 p3 p4 [ 467.250437][ T8433] loop3: p1 start 115140 is beyond EOD, truncated [ 467.256997][ T8433] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 467.257384][ T8438] loop1: p1 start 115140 is beyond EOD, truncated [ 467.270976][ T8438] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 467.275306][ T8433] loop3: p3 start 225 is beyond EOD, truncated [ 467.280101][ T8438] loop1: p3 start 225 is beyond EOD, [ 467.284355][ T8433] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 467.296950][ T8438] truncated 14:21:06 executing program 3: syz_read_part_table(0x0, 0x0, 0x0) [ 467.300180][ T8438] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:06 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800a00000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:06 executing program 4: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 467.407474][ T8483] loop1: detected capacity change from 0 to 1 [ 467.413882][ T8486] loop4: detected capacity change from 0 to 1 [ 467.435219][ T8483] loop1: p1 p2 p3 p4 [ 467.439385][ T8483] loop1: p1 start 115140 is beyond EOD, truncated [ 467.445844][ T8483] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 467.453355][ T8486] loop4: p1 p2 p3 p4 14:21:06 executing program 3: syz_read_part_table(0x0, 0x0, 0x0) [ 467.455468][ T8483] loop1: p3 start 225 is beyond EOD, truncated [ 467.458196][ T8486] loop4: p1 start 115140 is beyond EOD, [ 467.463875][ T8483] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 467.469699][ T8486] truncated [ 467.469705][ T8486] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 467.494311][ T8486] loop4: p3 start 225 is beyond EOD, truncated [ 467.500609][ T8486] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:21:06 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:06 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800b00000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:06 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:06 executing program 3: syz_read_part_table(0x0, 0x0, 0x0) 14:21:06 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:06 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:06 executing program 0: mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:06 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:06 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) [ 468.093638][ T8526] loop4: detected capacity change from 0 to 1 [ 468.100032][ T8528] loop1: detected capacity change from 0 to 1 [ 468.138210][ T8526] loop4: p1 p2 p3 p4 [ 468.142345][ T8526] loop4: p1 start 115140 is beyond EOD, truncated [ 468.148993][ T8526] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 468.156368][ T8528] loop1: p1 p2 p3 p4 [ 468.160893][ T8528] loop1: p1 start 115140 is beyond EOD, truncated [ 468.167335][ T8528] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 468.175466][ T8528] loop1: p3 start 225 is beyond EOD, truncated 14:21:06 executing program 3: syz_read_part_table(0x0, 0x0, &(0x7f0000000080)) 14:21:06 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800c00000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 468.181634][ T8528] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 468.191073][ T8526] loop4: p3 start 225 is beyond EOD, truncated [ 468.197566][ T8526] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:21:06 executing program 4: syz_read_part_table(0x0, 0x0, 0x0) [ 468.282763][ T8567] loop1: detected capacity change from 0 to 1 [ 468.340010][ T8567] loop1: p1 p2 p3 p4 [ 468.347600][ T8567] loop1: p1 start 115140 is beyond EOD, truncated [ 468.354087][ T8567] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 468.364147][ T8567] loop1: p3 start 225 is beyond EOD, truncated [ 468.370569][ T8567] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:07 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:07 executing program 3: syz_read_part_table(0x0, 0x0, &(0x7f0000000080)) 14:21:07 executing program 4: syz_read_part_table(0x0, 0x0, 0x0) 14:21:07 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800d00000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:07 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 468.936722][ T8595] loop1: detected capacity change from 0 to 1 14:21:07 executing program 4: syz_read_part_table(0x0, 0x0, 0x0) 14:21:07 executing program 3: syz_read_part_table(0x0, 0x0, &(0x7f0000000080)) 14:21:07 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) [ 469.001997][ T8595] loop1: p1 p2 p3 p4 [ 469.006266][ T8595] loop1: p1 start 115140 is beyond EOD, truncated [ 469.012860][ T8595] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 469.023357][ T8595] loop1: p3 start 225 is beyond EOD, truncated [ 469.029843][ T8595] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:07 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800e00000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:07 executing program 4: syz_read_part_table(0x0, 0x0, &(0x7f0000000080)) 14:21:07 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{0x0, 0x0, 0x1c0}]) [ 469.182475][ T8635] loop1: detected capacity change from 0 to 1 [ 469.214905][ T8635] loop1: p1 p2 p3 p4 [ 469.219088][ T8635] loop1: p1 start 115140 is beyond EOD, truncated [ 469.225614][ T8635] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 469.237434][ T8635] loop1: p3 start 225 is beyond EOD, truncated [ 469.243638][ T8635] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 469.248567][ T8642] loop3: detected capacity change from 0 to 1 14:21:08 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{0x0, 0x0, 0x1c0}]) [ 469.339011][ T8657] loop3: detected capacity change from 0 to 1 14:21:08 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(0x0, 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:08 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf801000000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:08 executing program 4: syz_read_part_table(0x0, 0x0, &(0x7f0000000080)) 14:21:08 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{0x0, 0x0, 0x1c0}]) 14:21:08 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:08 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(0x0, 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 469.810949][ T8676] loop1: detected capacity change from 0 to 1 [ 469.817328][ T8680] loop3: detected capacity change from 0 to 1 [ 469.846960][ T8676] loop1: p1 p2 p3 p4 [ 469.851016][ T8676] loop1: p1 start 115140 is beyond EOD, truncated 14:21:08 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0), 0x0, 0x1c0}]) 14:21:08 executing program 4: syz_read_part_table(0x0, 0x0, &(0x7f0000000080)) 14:21:08 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:08 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf801100000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 469.857566][ T8676] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 469.865492][ T8676] loop1: p3 start 225 is beyond EOD, truncated [ 469.871712][ T8676] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:08 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(0x0, 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:08 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 469.927941][ T8704] loop3: detected capacity change from 0 to 1 [ 469.951113][ T8709] loop1: detected capacity change from 0 to 1 14:21:08 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{0x0, 0x0, 0x1c0}]) 14:21:08 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0), 0x0, 0x1c0}]) [ 469.993327][ T8709] loop1: p1 p2 p3 p4 [ 470.009747][ T8709] loop1: p1 start 115140 is beyond EOD, truncated [ 470.016533][ T8709] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 470.022195][ T8727] loop4: detected capacity change from 0 to 1 [ 470.034798][ T8709] loop1: p3 start 225 is beyond EOD, truncated 14:21:08 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{0x0, 0x0, 0x1c0}]) [ 470.041177][ T8709] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 470.053636][ T8734] loop3: detected capacity change from 0 to 1 14:21:08 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0), 0x0, 0x1c0}]) [ 470.146014][ T8753] loop3: detected capacity change from 0 to 1 [ 470.150020][ T8752] loop4: detected capacity change from 0 to 1 14:21:09 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf801200000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:09 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ff", 0x20, 0x1c0}]) 14:21:09 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201a6ffffffc4c10100ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:09 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{0x0, 0x0, 0x1c0}]) [ 470.669051][ T8768] loop4: detected capacity change from 0 to 1 [ 470.672033][ T8767] loop1: detected capacity change from 0 to 1 [ 470.677688][ T8770] loop3: detected capacity change from 0 to 1 14:21:09 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:09 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201a6ffffffc4c10100ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:09 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:09 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0), 0x0, 0x1c0}]) 14:21:09 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ff", 0x20, 0x1c0}]) [ 470.709538][ T8728] Process accounting resumed [ 470.725956][ T8767] loop1: p1 p2 p3 p4 [ 470.744355][ T8767] loop1: p1 start 115140 is beyond EOD, truncated [ 470.750976][ T8767] loop1: p2 size 1073872896 extends beyond EOD, truncated 14:21:09 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201a6ffffffc4c10100ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:09 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:09 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 470.796395][ T8767] loop1: p3 start 225 is beyond EOD, truncated [ 470.802609][ T8767] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 470.812232][ T8791] Process accounting resumed [ 470.813585][ T8793] loop3: detected capacity change from 0 to 1 [ 470.816959][ T8794] loop4: detected capacity change from 0 to 1 14:21:09 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf802600000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:09 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ff", 0x20, 0x1c0}]) 14:21:09 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0), 0x0, 0x1c0}]) [ 470.899629][ T8817] loop1: detected capacity change from 0 to 1 [ 470.928711][ T8824] loop3: detected capacity change from 0 to 1 [ 470.943836][ T8821] Process accounting resumed 14:21:09 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, 0x0, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 470.949507][ T8817] loop1: p1 p2 p3 p4 [ 470.953685][ T8817] loop1: p1 start 115140 is beyond EOD, truncated [ 470.960239][ T8817] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 470.967966][ T8817] loop1: p3 start 225 is beyond EOD, truncated [ 470.974407][ T8817] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 470.991406][ T8830] loop4: detected capacity change from 0 to 1 14:21:10 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:10 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf802900000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:10 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e1000000887700720030", 0x30, 0x1c0}]) 14:21:10 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0), 0x0, 0x1c0}]) 14:21:10 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, 0x0, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 471.314815][ T8857] loop1: detected capacity change from 0 to 1 [ 471.323520][ T8861] loop4: detected capacity change from 0 to 1 [ 471.324243][ T8862] loop3: detected capacity change from 0 to 1 [ 471.354843][ T8857] loop1: p1 p2 p3 p4 14:21:10 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:10 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="020181ffffffc4c10100ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 471.361413][ T8857] loop1: p1 start 115140 is beyond EOD, truncated [ 471.367990][ T8857] loop1: p2 size 1073872896 extends beyond EOD, truncated 14:21:10 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ff", 0x20, 0x1c0}]) 14:21:10 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e1000000887700720030", 0x30, 0x1c0}]) 14:21:10 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, 0x0, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 471.407587][ T8857] loop1: p3 start 225 is beyond EOD, truncated [ 471.413861][ T8857] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:10 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800007000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:10 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="020181ffffffc4c10100ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:10 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="020181ffffffc4c10100ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 471.453851][ T8887] loop4: detected capacity change from 0 to 1 [ 471.453871][ T8891] loop3: detected capacity change from 0 to 1 14:21:10 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ff", 0x20, 0x1c0}]) 14:21:10 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="020163000000c4c10100ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:10 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e1000000887700720030", 0x30, 0x1c0}]) 14:21:10 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 471.566299][ T8909] loop1: detected capacity change from 0 to 1 [ 471.598251][ T8909] loop1: p1 p2 p3 p4 [ 471.599074][ T8922] loop4: detected capacity change from 0 to 1 [ 471.602329][ T8909] loop1: p1 start 115140 is beyond EOD, truncated [ 471.608949][ T8923] loop3: detected capacity change from 0 to 1 [ 471.614797][ T8909] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 471.629451][ T8909] loop1: p3 start 225 is beyond EOD, truncated [ 471.635814][ T8909] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:10 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:10 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="020163000000c4c10100ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:10 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff0000", 0x38, 0x1c0}]) 14:21:10 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf809607000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:10 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ff", 0x20, 0x1c0}]) 14:21:10 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="020163000000c4c10100ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:10 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) [ 471.747150][ T8948] loop4: detected capacity change from 0 to 1 [ 471.759475][ T8953] loop1: detected capacity change from 0 to 1 [ 471.785857][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 14:21:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'sit0\x00', 0x0}) r3 = dup3(r0, r1, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @random="57a6ad8a57f4"}, 0x14) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000240)={'sit0\x00', 0x0}) r7 = dup3(r4, r5, 0x0) bind$packet(r7, &(0x7f0000000040)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="57a6ad8a57f4"}, 0x14) sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0xb0, 0x0, 0x8, 0x70bd26, 0x25dfdbff, {}, [@HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x4}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x8000}, 0x44000) add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) r8 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r8, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x22, &(0x7f0000000400)=0x1, 0x4) read(r8, &(0x7f00000001c0)=""/234, 0xea) ioctl$SG_GET_NUM_WAITING(r8, 0x227d, &(0x7f0000000580)) 14:21:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'sit0\x00', 0x0}) r3 = dup3(r0, r1, 0x0) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @random="57a6ad8a57f4"}, 0x14) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000240)={'sit0\x00', 0x0}) r7 = dup3(r4, r5, 0x0) bind$packet(r7, &(0x7f0000000040)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="57a6ad8a57f4"}, 0x14) sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0xb0, 0x0, 0x8, 0x70bd26, 0x25dfdbff, {}, [@HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x4}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x8000}, 0x44000) add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) r8 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r8, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x22, &(0x7f0000000400)=0x1, 0x4) read(r8, &(0x7f00000001c0)=""/234, 0xea) ioctl$SG_GET_NUM_WAITING(r8, 0x227d, &(0x7f0000000580)) [ 471.793876][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 471.810478][ T8953] loop1: p1 p2 p3 p4 [ 471.812420][ T8955] loop3: detected capacity change from 0 to 1 [ 471.814529][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 471.828552][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 471.837530][ T8953] loop1: p1 start 115140 is beyond EOD, truncated 14:21:10 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e1000000887700720030", 0x30, 0x1c0}]) [ 471.844036][ T8953] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 471.853070][ T8953] loop1: p3 start 225 is beyond EOD, truncated [ 471.859399][ T8953] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 471.867693][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 471.876345][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:21:10 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf809f07000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 471.916772][ T8982] loop4: detected capacity change from 0 to 1 [ 472.017393][ T8992] loop1: detected capacity change from 0 to 1 [ 472.054970][ T8992] loop1: p1 p2 p3 p4 [ 472.059228][ T8992] loop1: p1 start 115140 is beyond EOD, truncated [ 472.065906][ T8992] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 472.073386][ T8992] loop1: p3 start 225 is beyond EOD, truncated [ 472.079664][ T8992] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:13 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:13 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff0000", 0x38, 0x1c0}]) 14:21:13 executing program 0: set_mempolicy(0x4001, &(0x7f0000000000)=0x80000001, 0x2) r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) set_mempolicy(0x4000, &(0x7f0000000080)=0x100000001, 0x3) 14:21:13 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e1000000887700720030", 0x30, 0x1c0}]) 14:21:13 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80a607000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:13 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:13 executing program 0: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e1000000887700720030", 0x30, 0x1c0}]) 14:21:13 executing program 0: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e1000000887700720030", 0x30, 0x1c0}]) [ 474.612933][ T9012] loop1: detected capacity change from 0 to 1 [ 474.626643][ T9011] loop4: detected capacity change from 0 to 1 [ 474.633659][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 474.641765][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:21:13 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e1000000887700720030", 0x30, 0x1c0}]) 14:21:13 executing program 0: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e1000000887700720030", 0x30, 0x1c0}]) [ 474.684924][ T9012] loop1: p1 p2 p3 p4 [ 474.689545][ T9012] loop1: p1 start 115140 is beyond EOD, truncated [ 474.696025][ T9012] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 474.703401][ T9022] loop3: detected capacity change from 0 to 1 [ 474.710671][ T9012] loop1: p3 start 225 is beyond EOD, truncated [ 474.716952][ T9012] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:13 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80ad07000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:13 executing program 0: set_mempolicy(0x4001, &(0x7f0000000000)=0x80000001, 0x2) r0 = syz_open_dev$sg(&(0x7f0000000180), 0x6, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x618042, 0x0) ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5387, &(0x7f00000000c0)) ioctl$SCSI_IOCTL_STOP_UNIT(r0, 0x6) read(r0, &(0x7f00000001c0)=""/170, 0xaa) [ 474.752909][ T9042] loop4: detected capacity change from 0 to 1 [ 474.791657][ T9054] loop1: detected capacity change from 0 to 1 [ 474.865016][ T9054] loop1: p1 p2 p3 p4 [ 474.869085][ T9054] loop1: p1 start 115140 is beyond EOD, truncated [ 474.875585][ T9054] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 474.884500][ T9054] loop1: p3 start 225 is beyond EOD, truncated [ 474.890743][ T9054] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:16 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff0000", 0x38, 0x1c0}]) 14:21:16 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff0000", 0x38, 0x1c0}]) 14:21:16 executing program 0: set_mempolicy(0x4001, &(0x7f0000000000)=0x80000001, 0x2) set_mempolicy(0x3, &(0x7f0000000080)=0x54b0, 0x9) r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) set_mempolicy(0x3, &(0x7f00000000c0)=0x1, 0xc3) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) set_mempolicy(0x8000, &(0x7f0000000140)=0x488, 0x6) socket$inet6_udplite(0xa, 0x2, 0x88) 14:21:16 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80f207000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:16 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:16 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:16 executing program 0: set_mempolicy(0x4001, &(0x7f0000000000)=0x80000001, 0x2) set_mempolicy(0x3, &(0x7f0000000080)=0x54b0, 0x9) r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) set_mempolicy(0x3, &(0x7f00000000c0)=0x1, 0xc3) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) set_mempolicy(0x8000, &(0x7f0000000140)=0x488, 0x6) socket$inet6_udplite(0xa, 0x2, 0x88) [ 477.663220][ T9086] loop3: detected capacity change from 0 to 1 [ 477.664441][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 477.670567][ T9084] loop1: detected capacity change from 0 to 1 [ 477.677359][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 477.681713][ T9089] loop4: detected capacity change from 0 to 1 14:21:16 executing program 0: ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffff, 0x1, 0x8}) setsockopt$inet_int(r0, 0x0, 0x18, &(0x7f0000000140)=0x6, 0x4) set_mempolicy(0x4001, &(0x7f0000000000)=0x80000001, 0x2) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) set_mempolicy(0x8000, &(0x7f0000000080)=0x60000000000000, 0xffffffffffffff81) shmat(0xffffffffffffffff, &(0x7f0000ffa000/0x3000)=nil, 0x6000) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) write$binfmt_misc(r1, &(0x7f00000001c0)={'syz0', "4e46392ba86c28bf7606a492c2aec8f818d31292dff077d9ca714e85dea75439cf55e55b9a87776ac67990867f0b7747811cc5ade49d6b4cc6a0d82514ffd60f347abab0a8c39375e030534f4625ae4af69938f3725d450d94fd4071575012c66dcb398ee4ccead3a81074dcf05f2e346bf4cf757678c65544c8e7dfbb6259b41ad66db90a302aa961ceabba301fd7220ad2e71627dac99f09b477340f48f0e0b18beccc52747283b92f707f143e81470fb6c8a64fb94a9db8f217b227c188b78583cc12f687da06ef65dcfa935bee32"}, 0xd4) 14:21:16 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff000000000080", 0x3c, 0x1c0}]) [ 477.709656][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 477.717798][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 477.736711][ T9084] loop1: p1 p2 p3 p4 [ 477.753387][ T9084] loop1: p1 start 115140 is beyond EOD, truncated 14:21:16 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff0000", 0x38, 0x1c0}]) 14:21:16 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80f507000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 477.759924][ T9084] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 477.767657][ T9084] loop1: p3 start 225 is beyond EOD, truncated [ 477.768013][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 477.774133][ T9084] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 477.789363][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:21:16 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f00000000c0)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2accbb8c43b460e4621235df3651fb660bca4e7bcfdf8046304a4bf5e0c84a65d52aa9bbbe4cfb045bf557087c2da38ac6a85f345234d5c19fc660f6fd5b418d2cf7405cc43f0c656eae80ac10b2dace6c3102f365438e475de0db28beab523f34e4393794c64bce441a989a0828af1d1e740dd9f20dbb958591", 0x9e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x24}], 0x2) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000580)) 14:21:16 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff000000000080", 0x3c, 0x1c0}]) 14:21:16 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff0000", 0x38, 0x1c0}]) [ 477.817787][ T9109] sg_write: data in/out 725173802/166 bytes for SCSI command 0xcf-- guessing data in; [ 477.817787][ T9109] program syz-executor.0 not setting count and/or reply_len properly [ 477.821856][ T9116] loop3: detected capacity change from 0 to 1 [ 477.842321][ T9119] loop4: detected capacity change from 0 to 1 14:21:16 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x1276, &(0x7f00000002c0)={0x53, 0x0, 0x6, 0x1f, @buffer={0x0, 0x7f, &(0x7f00000001c0)=""/127}, &(0x7f0000000240)="9b413dc70be1", 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0}) [ 477.885167][ T9131] loop1: detected capacity change from 0 to 1 [ 477.886459][ T9130] sg_write: data in/out 512/112 bytes for SCSI command 0x2a-- guessing data in; [ 477.886459][ T9130] program syz-executor.0 not setting count and/or reply_len properly [ 477.908944][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 477.917193][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:21:16 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x1276, &(0x7f00000002c0)={0x53, 0x0, 0x6, 0x1f, @buffer={0x0, 0x7f, &(0x7f00000001c0)=""/127}, &(0x7f0000000240)="9b413dc70be1", 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0}) [ 477.934243][ T9133] loop3: detected capacity change from 0 to 1 [ 477.944926][ T9131] loop1: p1 p2 p3 p4 [ 477.949409][ T9131] loop1: p1 start 115140 is beyond EOD, truncated [ 477.955891][ T9131] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 477.963698][ T9131] loop1: p3 start 225 is beyond EOD, truncated [ 477.969928][ T9131] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 477.992375][ T9147] loop4: detected capacity change from 0 to 1 14:21:19 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80000a000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:19 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x1276, &(0x7f00000002c0)={0x53, 0x0, 0x6, 0x1f, @buffer={0x0, 0x7f, &(0x7f00000001c0)=""/127}, &(0x7f0000000240)="9b413dc70be1", 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0}) 14:21:19 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff000000000080", 0x3c, 0x1c0}]) 14:21:19 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff000000000080", 0x3c, 0x1c0}]) 14:21:19 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:19 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:19 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x9a03000000000000, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:19 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x9a03000000000000, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 480.677541][ T9171] loop4: detected capacity change from 0 to 1 [ 480.683782][ T9170] loop1: detected capacity change from 0 to 1 14:21:19 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff000000000080", 0x3c, 0x1c0}]) [ 480.739141][ T9180] loop3: detected capacity change from 0 to 1 [ 480.744821][ T9170] loop1: p1 p2 p3 p4 [ 480.749534][ T9170] loop1: p1 start 115140 is beyond EOD, truncated [ 480.756078][ T9170] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 480.779230][ T9170] loop1: p3 start 225 is beyond EOD, truncated 14:21:19 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x9a03000000000000, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:19 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x97ffffff00000000, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:19 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da", 0x3e, 0x1c0}]) [ 480.785747][ T9170] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:19 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80000d000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:19 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000580)) ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000000440)) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r2, 0x1}, {}], 0x3, 0x80000006) ioctl$SG_SET_FORCE_PACK_ID(r2, 0x227b, &(0x7f0000000400)=0x1) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 480.855973][ T9205] loop4: detected capacity change from 0 to 1 [ 480.870063][ T9211] loop3: detected capacity change from 0 to 1 [ 480.870655][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 480.884264][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 480.892281][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 14:21:19 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000580)) ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000000440)) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r2, 0x1}, {}], 0x3, 0x80000006) ioctl$SG_SET_FORCE_PACK_ID(r2, 0x227b, &(0x7f0000000400)=0x1) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:19 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000580)) ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000000440)) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r2, 0x1}, {}], 0x3, 0x80000006) ioctl$SG_SET_FORCE_PACK_ID(r2, 0x227b, &(0x7f0000000400)=0x1) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 480.900287][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 480.917590][ T9209] loop1: detected capacity change from 0 to 1 [ 480.936199][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 480.944258][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 480.952500][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 480.960672][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 480.968492][ T1232] loop1: p1 p2 p3 p4 [ 480.972659][ T1232] loop1: p1 start 115140 is beyond EOD, truncated [ 480.979189][ T1232] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 480.986429][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 480.994420][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 481.001941][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 481.009960][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 481.014998][ T1232] loop1: p3 start 225 is beyond EOD, truncated [ 481.023901][ T1232] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 481.040123][ T9209] loop1: p1 p2 p3 p4 [ 481.044255][ T9209] loop1: p1 start 115140 is beyond EOD, truncated [ 481.050851][ T9209] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 481.058893][ T9209] loop1: p3 start 225 is beyond EOD, truncated [ 481.065084][ T9209] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:22 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:22 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000580)) ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000000440)) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r2, 0x1}, {}], 0x3, 0x80000006) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:22 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff000000000080", 0x3c, 0x1c0}]) 14:21:22 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da", 0x3e, 0x1c0}]) 14:21:22 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800110000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:22 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) [ 483.690960][ T9249] loop4: detected capacity change from 0 to 1 [ 483.706891][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 483.715376][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 483.727981][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 14:21:22 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000580)) ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000000440)) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 483.736043][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:21:22 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da", 0x3e, 0x1c0}]) 14:21:22 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000580)) ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000000440)) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 483.765269][ T9260] loop3: detected capacity change from 0 to 1 [ 483.773179][ T9261] loop1: detected capacity change from 0 to 1 [ 483.781876][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 483.790175][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 483.797669][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 483.805673][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:21:22 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000580)) ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000000440)) syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:22 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000580)) ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000000440)) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:22 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000580)) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 483.828378][ T9275] loop4: detected capacity change from 0 to 1 [ 483.834839][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 483.842882][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 483.850427][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 483.858620][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 483.866225][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 483.874241][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 483.881938][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 483.889983][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 483.897651][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 483.905866][ T9261] loop1: p1 p2 p3 p4 [ 483.905941][ T9261] loop1: p1 start 115140 is beyond EOD, [ 483.909851][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 483.923006][ T9261] truncated [ 483.926396][ T9261] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 483.934477][ T9261] loop1: p3 start 225 is beyond EOD, truncated [ 483.940891][ T9261] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:25 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:25 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:25 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da", 0x3e, 0x1c0}]) 14:21:25 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da", 0x3e, 0x1c0}]) 14:21:25 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800000030000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:25 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:25 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:25 executing program 0: ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:25 executing program 0: ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:25 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55", 0x3f, 0x1c0}]) [ 486.716656][ T9312] loop3: detected capacity change from 0 to 1 [ 486.722892][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 486.722915][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 486.738841][ T9313] loop4: detected capacity change from 0 to 1 [ 486.749735][ T9315] loop1: detected capacity change from 0 to 1 14:21:25 executing program 0: ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:25 executing program 0: r0 = syz_open_dev$sg(0x0, 0x0, 0x40241) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 486.802540][ T9315] loop1: p1 p2 p3 p4 [ 486.806759][ T9336] loop3: detected capacity change from 0 to 1 [ 486.817234][ T9315] loop1: p1 start 115140 is beyond EOD, truncated [ 486.823886][ T9315] loop1: p2 start 3 is beyond EOD, truncated [ 486.829897][ T9315] loop1: p3 start 225 is beyond EOD, truncated [ 486.836179][ T9315] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:28 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:28 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da", 0x3e, 0x1c0}]) 14:21:28 executing program 0: r0 = syz_open_dev$sg(0x0, 0x0, 0x40241) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:28 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55", 0x3f, 0x1c0}]) 14:21:28 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf8032011f0000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:28 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:28 executing program 0: r0 = syz_open_dev$sg(0x0, 0x0, 0x40241) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:28 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:28 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:28 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:28 executing program 0: syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 489.743196][ T9366] loop1: detected capacity change from 0 to 1 [ 489.753966][ T9363] loop4: detected capacity change from 0 to 1 [ 489.760572][ T9359] loop3: detected capacity change from 0 to 1 14:21:28 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:28 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55", 0x3f, 0x1c0}]) 14:21:28 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55", 0x3f, 0x1c0}]) [ 489.815392][ T9366] loop1: p1 p2 p3 p4 [ 489.834053][ T9366] loop1: p1 start 115140 is beyond EOD, truncated [ 489.840578][ T9366] loop1: p2 start 31 is beyond EOD, truncated [ 489.846704][ T9366] loop1: p3 start 225 is beyond EOD, truncated [ 489.853007][ T9366] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:28 executing program 0: syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:28 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800800000000000001004000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:28 executing program 0: syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 489.881289][ T9400] loop3: detected capacity change from 0 to 1 [ 489.937679][ T9408] loop4: detected capacity change from 0 to 1 [ 489.978488][ T9418] loop1: detected capacity change from 0 to 1 [ 490.025389][ T9418] loop1: p1 p2 p3 p4 [ 490.030096][ T9418] loop1: p1 start 115140 is beyond EOD, truncated [ 490.036563][ T9418] loop1: p2 size 1073742080 extends beyond EOD, truncated [ 490.044052][ T9418] loop1: p3 start 225 is beyond EOD, truncated [ 490.050439][ T9418] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:28 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:28 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) 14:21:28 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55", 0x3f, 0x1c0}]) 14:21:28 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40}]) 14:21:28 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800800000000000000014000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:28 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) [ 490.228613][ T9439] loop4: detected capacity change from 0 to 1 [ 490.288900][ T9438] loop1: detected capacity change from 0 to 1 [ 490.345319][ T9438] loop1: p1 p2 p3 p4 [ 490.350031][ T9438] loop1: p1 start 115140 is beyond EOD, truncated [ 490.356537][ T9438] loop1: p2 size 1073807360 extends beyond EOD, truncated [ 490.363994][ T9438] loop1: p3 start 225 is beyond EOD, truncated [ 490.370358][ T9438] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:31 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:31 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, 0x0) 14:21:31 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40}]) 14:21:31 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55", 0x3f, 0x1c0}]) 14:21:31 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800802000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:31 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:31 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x0, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:31 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x0, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 492.871872][ T9471] loop1: detected capacity change from 0 to 1 14:21:31 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x0, 0xfffffffffffffffc, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:31 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40}]) 14:21:31 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800803000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:31 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x10, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 492.915331][ T9471] loop1: p1 p2 p3 p4 [ 492.919540][ T9471] loop1: p1 start 115140 is beyond EOD, truncated [ 492.921947][ T9479] loop4: detected capacity change from 0 to 1 [ 492.926108][ T9471] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 492.944362][ T9471] loop1: p3 start 225 is beyond EOD, truncated [ 492.950647][ T9471] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 493.023171][ T9509] loop1: detected capacity change from 0 to 1 [ 493.055478][ T1232] loop1: p1 p2 p3 p4 [ 493.059847][ T1232] loop1: p1 start 115140 is beyond EOD, truncated [ 493.067121][ T1232] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 493.074618][ T1232] loop1: p3 start 225 is beyond EOD, truncated [ 493.080989][ T1232] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 493.089833][ T9509] loop1: p1 p2 p3 p4 [ 493.093872][ T9509] loop1: p1 start 115140 is beyond EOD, truncated [ 493.100395][ T9509] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 493.108217][ T9509] loop1: p3 start 225 is beyond EOD, truncated [ 493.114436][ T9509] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:34 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:34 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40}]) 14:21:34 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x3, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/181, 0xb5}]}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:34 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40}]) 14:21:34 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800804000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:34 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, 0x0, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:34 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:34 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, 0x0, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:34 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 495.903222][ T9537] loop1: detected capacity change from 0 to 1 14:21:34 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40}]) 14:21:34 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:34 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, 0x0, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) [ 495.945007][ T9537] loop1: p1 p2 p3 p4 [ 495.949309][ T9537] loop1: p1 start 115140 is beyond EOD, truncated [ 495.955782][ T9537] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 495.969447][ T9537] loop1: p3 start 225 is beyond EOD, truncated [ 495.975706][ T9537] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:37 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:37 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000), &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:37 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:37 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800805000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:37 executing program 3 (fault-call:0 fault-nth:0): syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:37 executing program 4 (fault-call:0 fault-nth:0): syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 498.926898][ T9595] FAULT_INJECTION: forcing a failure. [ 498.926898][ T9595] name failslab, interval 1, probability 0, space 0, times 0 [ 498.939665][ T9595] CPU: 1 PID: 9595 Comm: syz-executor.4 Not tainted 5.13.0-rc4-syzkaller #0 [ 498.948351][ T9595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 498.958394][ T9595] Call Trace: [ 498.961671][ T9595] dump_stack+0x137/0x19d [ 498.966187][ T9595] should_fail+0x23c/0x250 [ 498.970637][ T9595] ? __se_sys_memfd_create+0xfb/0x390 [ 498.976087][ T9595] __should_failslab+0x81/0x90 [ 498.980963][ T9595] should_failslab+0x5/0x20 [ 498.985454][ T9595] __kmalloc+0x66/0x340 [ 498.989712][ T9595] ? strnlen_user+0x137/0x1c0 [ 498.994404][ T9595] __se_sys_memfd_create+0xfb/0x390 [ 498.999601][ T9595] __x64_sys_memfd_create+0x2d/0x40 [ 499.004883][ T9595] do_syscall_64+0x4a/0x90 [ 499.009293][ T9595] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 499.015178][ T9595] RIP: 0033:0x4665d9 14:21:37 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 499.019058][ T9595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 499.038743][ T9595] RSP: 002b:00007f1942949e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 499.047177][ T9595] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00000000004665d9 [ 499.055532][ T9595] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66 [ 499.063607][ T9595] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000 14:21:37 executing program 4 (fault-call:0 fault-nth:1): syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 499.071666][ T9595] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 499.079710][ T9595] R13: 00007ffc7a3922ff R14: 0000000000000380 R15: 0000000000022000 [ 499.088442][ T9599] FAULT_INJECTION: forcing a failure. [ 499.088442][ T9599] name failslab, interval 1, probability 0, space 0, times 0 [ 499.101177][ T9599] CPU: 1 PID: 9599 Comm: syz-executor.3 Not tainted 5.13.0-rc4-syzkaller #0 [ 499.110007][ T9599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 499.120181][ T9599] Call Trace: [ 499.123456][ T9599] dump_stack+0x137/0x19d [ 499.127856][ T9599] should_fail+0x23c/0x250 [ 499.131600][ T9611] FAULT_INJECTION: forcing a failure. [ 499.131600][ T9611] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 499.132334][ T9599] ? __se_sys_memfd_create+0xfb/0x390 [ 499.132360][ T9599] __should_failslab+0x81/0x90 [ 499.155646][ T9599] should_failslab+0x5/0x20 [ 499.160229][ T9599] __kmalloc+0x66/0x340 [ 499.164385][ T9599] ? strnlen_user+0x137/0x1c0 [ 499.169061][ T9599] __se_sys_memfd_create+0xfb/0x390 [ 499.174333][ T9599] __x64_sys_memfd_create+0x2d/0x40 [ 499.179533][ T9599] do_syscall_64+0x4a/0x90 [ 499.184026][ T9599] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 499.189917][ T9599] RIP: 0033:0x4665d9 [ 499.193806][ T9599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 499.213395][ T9599] RSP: 002b:00007f53e219de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 499.221790][ T9599] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00000000004665d9 [ 499.229973][ T9599] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66 [ 499.237935][ T9599] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000 [ 499.245905][ T9599] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 499.253866][ T9599] R13: 00007ffe0d27b17f R14: 0000000000000380 R15: 0000000000022000 [ 499.262572][ T9611] CPU: 0 PID: 9611 Comm: syz-executor.4 Not tainted 5.13.0-rc4-syzkaller #0 14:21:37 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280), &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:38 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:38 executing program 3 (fault-call:0 fault-nth:1): syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 499.271253][ T9611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 499.281308][ T9611] Call Trace: [ 499.284775][ T9611] dump_stack+0x137/0x19d [ 499.289116][ T9611] should_fail+0x23c/0x250 [ 499.293529][ T9611] should_fail_usercopy+0x16/0x20 [ 499.298781][ T9611] _copy_from_user+0x1c/0xd0 [ 499.303445][ T9611] __se_sys_memfd_create+0x137/0x390 [ 499.309470][ T9611] __x64_sys_memfd_create+0x2d/0x40 [ 499.314708][ T9611] do_syscall_64+0x4a/0x90 [ 499.319228][ T9611] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 499.325134][ T9611] RIP: 0033:0x4665d9 [ 499.329036][ T9611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 499.335418][ T9606] loop1: detected capacity change from 0 to 1 [ 499.348830][ T9611] RSP: 002b:00007f1942949e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 499.348869][ T9611] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00000000004665d9 14:21:38 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280), &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 499.348881][ T9611] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66 [ 499.348892][ T9611] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000 [ 499.348902][ T9611] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 499.395464][ T9611] R13: 00007ffc7a3922ff R14: 0000000000000380 R15: 0000000000022000 [ 499.401543][ T9623] FAULT_INJECTION: forcing a failure. [ 499.401543][ T9623] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 499.416523][ T9623] CPU: 1 PID: 9623 Comm: syz-executor.3 Not tainted 5.13.0-rc4-syzkaller #0 14:21:38 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280), &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 499.425207][ T9623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 499.435279][ T9623] Call Trace: [ 499.438561][ T9623] dump_stack+0x137/0x19d [ 499.442965][ T9623] should_fail+0x23c/0x250 [ 499.447398][ T9623] should_fail_usercopy+0x16/0x20 [ 499.452439][ T9623] _copy_from_user+0x1c/0xd0 [ 499.457148][ T9623] __se_sys_memfd_create+0x137/0x390 [ 499.462465][ T9623] __x64_sys_memfd_create+0x2d/0x40 [ 499.467696][ T9623] do_syscall_64+0x4a/0x90 [ 499.472146][ T9623] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 499.478234][ T9623] RIP: 0033:0x4665d9 [ 499.482124][ T9623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 499.501799][ T9623] RSP: 002b:00007f53e219de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 499.510640][ T9623] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00000000004665d9 [ 499.518612][ T9623] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66 [ 499.526572][ T9623] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000 [ 499.534531][ T9623] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 499.542612][ T9623] R13: 00007ffe0d27b17f R14: 0000000000000380 R15: 0000000000022000 [ 499.566062][ T9606] loop1: p1 p2 p3 p4 [ 499.570422][ T9606] loop1: p1 start 115140 is beyond EOD, truncated [ 499.577023][ T9606] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 499.591766][ T9606] loop1: p3 start 225 is beyond EOD, truncated [ 499.597972][ T9606] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:40 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0x80, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:40 executing program 4 (fault-call:0 fault-nth:2): syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:40 executing program 3 (fault-call:0 fault-nth:2): syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:40 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000), &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:40 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800806000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:40 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000), &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) [ 501.933693][ T9652] loop1: detected capacity change from 0 to 1 [ 501.938767][ T9651] FAULT_INJECTION: forcing a failure. [ 501.938767][ T9651] name failslab, interval 1, probability 0, space 0, times 0 [ 501.942767][ T9654] FAULT_INJECTION: forcing a failure. [ 501.942767][ T9654] name failslab, interval 1, probability 0, space 0, times 0 [ 501.952407][ T9651] CPU: 0 PID: 9651 Comm: syz-executor.3 Not tainted 5.13.0-rc4-syzkaller #0 [ 501.973648][ T9651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 501.983710][ T9651] Call Trace: [ 501.987014][ T9651] dump_stack+0x137/0x19d [ 501.991337][ T9651] should_fail+0x23c/0x250 [ 501.995758][ T9651] ? shmem_alloc_inode+0x22/0x30 [ 502.000691][ T9651] __should_failslab+0x81/0x90 [ 502.005455][ T9651] ? shmem_match+0xa0/0xa0 [ 502.009908][ T9651] should_failslab+0x5/0x20 [ 502.014403][ T9651] kmem_cache_alloc+0x46/0x2f0 [ 502.019258][ T9651] ? do_anonymous_page+0x411/0x8b0 [ 502.024374][ T9651] ? fsnotify_perm+0x59/0x2e0 [ 502.029041][ T9651] ? shmem_match+0xa0/0xa0 [ 502.033445][ T9651] shmem_alloc_inode+0x22/0x30 [ 502.038283][ T9651] new_inode_pseudo+0x38/0x1c0 [ 502.043041][ T9651] new_inode+0x21/0x120 [ 502.047252][ T9651] shmem_get_inode+0xa1/0x480 [ 502.051919][ T9651] __shmem_file_setup+0xf1/0x1d0 [ 502.056959][ T9651] shmem_file_setup+0x37/0x40 [ 502.061660][ T9651] __se_sys_memfd_create+0x1eb/0x390 [ 502.067020][ T9651] __x64_sys_memfd_create+0x2d/0x40 [ 502.072204][ T9651] do_syscall_64+0x4a/0x90 [ 502.076674][ T9651] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 502.082691][ T9651] RIP: 0033:0x4665d9 [ 502.086581][ T9651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 502.106272][ T9651] RSP: 002b:00007f53e219de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 502.114949][ T9651] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00000000004665d9 [ 502.122904][ T9651] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66 14:21:40 executing program 3 (fault-call:0 fault-nth:3): syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 502.130945][ T9651] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000 [ 502.138982][ T9651] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 502.147011][ T9651] R13: 00007ffe0d27b17f R14: 0000000000000380 R15: 0000000000022000 [ 502.155025][ T9654] CPU: 1 PID: 9654 Comm: syz-executor.4 Not tainted 5.13.0-rc4-syzkaller #0 [ 502.163810][ T9654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 502.173962][ T9654] Call Trace: [ 502.177418][ T9654] dump_stack+0x137/0x19d 14:21:40 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0x80, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 502.181759][ T9654] should_fail+0x23c/0x250 [ 502.186168][ T9654] ? shmem_alloc_inode+0x22/0x30 [ 502.191109][ T9654] __should_failslab+0x81/0x90 [ 502.196000][ T9654] ? shmem_match+0xa0/0xa0 [ 502.200440][ T9654] should_failslab+0x5/0x20 [ 502.202090][ C0] sd 0:0:1:0: [sg0] tag#8054 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 502.204938][ T9654] kmem_cache_alloc+0x46/0x2f0 [ 502.204963][ T9654] ? do_anonymous_page+0x411/0x8b0 [ 502.215304][ C0] sd 0:0:1:0: [sg0] tag#8054 CDB: Play audio msf [ 502.215317][ C0] sd 0:0:1:0: [sg0] tag#8054 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 502.215330][ C0] sd 0:0:1:0: [sg0] tag#8054 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 502.215343][ C0] sd 0:0:1:0: [sg0] tag#8054 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 502.215359][ C0] sd 0:0:1:0: [sg0] tag#8054 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 502.220107][ T9654] ? fsnotify_perm+0x59/0x2e0 [ 502.225329][ C0] sd 0:0:1:0: [sg0] tag#8054 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 14:21:41 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0x80, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 502.231622][ T9654] ? shmem_match+0xa0/0xa0 [ 502.231647][ T9654] shmem_alloc_inode+0x22/0x30 [ 502.241445][ C0] sd 0:0:1:0: [sg0] tag#8054 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 502.251030][ T9654] new_inode_pseudo+0x38/0x1c0 [ 502.260627][ C0] sd 0:0:1:0: [sg0] tag#8054 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 502.270474][ T9654] new_inode+0x21/0x120 [ 502.275175][ C0] sd 0:0:1:0: [sg0] tag#8054 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 502.284737][ T9654] shmem_get_inode+0xa1/0x480 [ 502.284767][ T9654] __shmem_file_setup+0xf1/0x1d0 [ 502.327946][ C0] sd 0:0:1:0: [sg0] tag#8055 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 502.331548][ T9654] shmem_file_setup+0x37/0x40 [ 502.336259][ C0] sd 0:0:1:0: [sg0] tag#8055 CDB: Play audio msf [ 502.341290][ T9654] __se_sys_memfd_create+0x1eb/0x390 [ 502.351625][ C0] sd 0:0:1:0: [sg0] tag#8055 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 502.356253][ T9654] __x64_sys_memfd_create+0x2d/0x40 [ 502.356277][ T9654] do_syscall_64+0x4a/0x90 [ 502.362597][ C0] sd 0:0:1:0: [sg0] tag#8055 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 502.367847][ T9654] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 502.377410][ C0] sd 0:0:1:0: [sg0] tag#8055 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 502.382565][ T9654] RIP: 0033:0x4665d9 [ 502.382577][ T9654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 14:21:41 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xc0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d87", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:41 executing program 4 (fault-call:0 fault-nth:3): syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 502.387001][ C0] sd 0:0:1:0: [sg0] tag#8055 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 502.396505][ T9654] RSP: 002b:00007f1942949e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 502.396527][ T9654] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00000000004665d9 [ 502.402399][ C0] sd 0:0:1:0: [sg0] tag#8055 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 502.402414][ C0] sd 0:0:1:0: [sg0] tag#8055 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 502.402444][ C0] sd 0:0:1:0: [sg0] tag#8055 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 502.402457][ C0] sd 0:0:1:0: [sg0] tag#8055 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 502.411970][ T9654] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66 [ 502.411984][ T9654] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000 [ 502.411996][ T9654] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 502.450018][ C0] sd 0:0:1:0: [sg0] tag#8056 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 502.453598][ T9654] R13: 00007ffc7a3922ff R14: 0000000000000380 R15: 0000000000022000 [ 502.545328][ C0] sd 0:0:1:0: [sg0] tag#8056 CDB: Play audio msf [ 502.551690][ C0] sd 0:0:1:0: [sg0] tag#8056 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 502.561272][ C0] sd 0:0:1:0: [sg0] tag#8056 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 502.570832][ C0] sd 0:0:1:0: [sg0] tag#8056 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 502.580405][ C0] sd 0:0:1:0: [sg0] tag#8056 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 502.590284][ C0] sd 0:0:1:0: [sg0] tag#8056 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 502.599854][ C0] sd 0:0:1:0: [sg0] tag#8056 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 502.609433][ C0] sd 0:0:1:0: [sg0] tag#8056 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 502.618996][ C0] sd 0:0:1:0: [sg0] tag#8056 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 14:21:41 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xc0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d87", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 502.628631][ C0] sd 0:0:1:0: [sg0] tag#8056 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 502.638393][ C0] sd 0:0:1:0: [sg0] tag#8056 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 502.647965][ C0] sd 0:0:1:0: [sg0] tag#8056 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 34 06 [ 502.657550][ C0] sd 0:0:1:0: [sg0] tag#8056 CDB[b0]: dd cf b7 e4 11 20 10 df f1 8d 90 f8 d6 b7 2d 87 [ 502.688490][ T9671] FAULT_INJECTION: forcing a failure. [ 502.688490][ T9671] name failslab, interval 1, probability 0, space 0, times 0 [ 502.701151][ T9671] CPU: 1 PID: 9671 Comm: syz-executor.4 Not tainted 5.13.0-rc4-syzkaller #0 [ 502.704407][ T9676] FAULT_INJECTION: forcing a failure. [ 502.704407][ T9676] name failslab, interval 1, probability 0, space 0, times 0 [ 502.709833][ T9671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 502.709845][ T9671] Call Trace: [ 502.709852][ T9671] dump_stack+0x137/0x19d [ 502.740243][ T9671] should_fail+0x23c/0x250 [ 502.744743][ T9671] ? security_inode_alloc+0x30/0x180 [ 502.750041][ T9671] __should_failslab+0x81/0x90 [ 502.754805][ T9671] should_failslab+0x5/0x20 [ 502.759304][ T9671] kmem_cache_alloc+0x46/0x2f0 [ 502.764167][ T9671] security_inode_alloc+0x30/0x180 [ 502.769335][ T9671] inode_init_always+0x20b/0x420 [ 502.774263][ T9671] ? shmem_match+0xa0/0xa0 [ 502.778665][ T9671] new_inode_pseudo+0x73/0x1c0 [ 502.783416][ T9671] new_inode+0x21/0x120 [ 502.787556][ T9671] shmem_get_inode+0xa1/0x480 [ 502.792246][ T9671] __shmem_file_setup+0xf1/0x1d0 [ 502.797215][ T9671] shmem_file_setup+0x37/0x40 [ 502.801878][ T9671] __se_sys_memfd_create+0x1eb/0x390 [ 502.807148][ T9671] __x64_sys_memfd_create+0x2d/0x40 [ 502.812339][ T9671] do_syscall_64+0x4a/0x90 [ 502.816800][ T9671] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 502.822761][ T9671] RIP: 0033:0x4665d9 [ 502.826651][ T9671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 502.846246][ T9671] RSP: 002b:00007f1942949e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 502.854646][ T9671] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00000000004665d9 [ 502.862600][ T9671] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66 [ 502.870555][ T9671] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000 [ 502.878653][ T9671] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 14:21:41 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000), &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 502.886620][ T9671] R13: 00007ffc7a3922ff R14: 0000000000000380 R15: 0000000000022000 [ 502.894588][ T9676] CPU: 0 PID: 9676 Comm: syz-executor.3 Not tainted 5.13.0-rc4-syzkaller #0 [ 502.903323][ T9676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 502.913431][ T9676] Call Trace: [ 502.916797][ T9676] dump_stack+0x137/0x19d [ 502.921164][ T9676] should_fail+0x23c/0x250 [ 502.925593][ T9676] ? security_inode_alloc+0x30/0x180 [ 502.930898][ T9676] __should_failslab+0x81/0x90 14:21:41 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xc0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d87", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 502.935690][ T9676] should_failslab+0x5/0x20 [ 502.940195][ T9676] kmem_cache_alloc+0x46/0x2f0 [ 502.944977][ T9676] security_inode_alloc+0x30/0x180 [ 502.950132][ T9676] inode_init_always+0x20b/0x420 [ 502.955067][ T9676] ? shmem_match+0xa0/0xa0 [ 502.959490][ T9676] new_inode_pseudo+0x73/0x1c0 [ 502.964257][ T9676] new_inode+0x21/0x120 [ 502.968425][ T9676] shmem_get_inode+0xa1/0x480 [ 502.973127][ C1] sd 0:0:1:0: [sg0] tag#8057 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 502.973103][ T9676] __shmem_file_setup+0xf1/0x1d0 [ 502.983485][ C1] sd 0:0:1:0: [sg0] tag#8057 CDB: Play audio msf [ 502.988462][ T9676] shmem_file_setup+0x37/0x40 [ 502.988486][ T9676] __se_sys_memfd_create+0x1eb/0x390 [ 502.994789][ C1] sd 0:0:1:0: [sg0] tag#8057 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 502.999430][ T9676] __x64_sys_memfd_create+0x2d/0x40 [ 503.004790][ C1] sd 0:0:1:0: [sg0] tag#8057 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 503.014329][ T9676] do_syscall_64+0x4a/0x90 [ 503.014351][ T9676] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 503.019558][ C1] sd 0:0:1:0: [sg0] tag#8057 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 503.029049][ T9676] RIP: 0033:0x4665d9 [ 503.029068][ T9676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 503.033462][ C1] sd 0:0:1:0: [sg0] tag#8057 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 14:21:41 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xe0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c30", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 503.033476][ C1] sd 0:0:1:0: [sg0] tag#8057 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 503.033488][ C1] sd 0:0:1:0: [sg0] tag#8057 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 503.033501][ C1] sd 0:0:1:0: [sg0] tag#8057 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 503.039375][ T9676] RSP: 002b:00007f53e219de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 503.039396][ T9676] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00000000004665d9 [ 503.048930][ C1] sd 0:0:1:0: [sg0] tag#8057 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 503.052833][ T9676] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66 [ 503.072455][ C1] sd 0:0:1:0: [sg0] tag#8057 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 503.072468][ C1] sd 0:0:1:0: [sg0] tag#8057 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 503.072480][ C1] sd 0:0:1:0: [sg0] tag#8057 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 34 06 [ 503.072513][ C1] sd 0:0:1:0: [sg0] tag#8057 CDB[b0]: dd cf b7 e4 11 20 10 df f1 8d 90 f8 d6 b7 2d 87 [ 503.082098][ T9676] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000 [ 503.082111][ T9676] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 503.137755][ C1] sd 0:0:1:0: [sg0] tag#8058 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 503.144789][ T9676] R13: 00007ffe0d27b17f R14: 0000000000000380 R15: 0000000000022000 [ 503.145371][ T9652] loop1: p1 p2 p3 p4 [ 503.154795][ C1] sd 0:0:1:0: [sg0] tag#8058 CDB: Play audio msf [ 503.164508][ T9652] loop1: p1 start 115140 is beyond EOD, [ 503.174004][ C1] sd 0:0:1:0: [sg0] tag#8058 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 503.174019][ C1] sd 0:0:1:0: [sg0] tag#8058 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 503.174031][ C1] sd 0:0:1:0: [sg0] tag#8058 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 503.174053][ C1] sd 0:0:1:0: [sg0] tag#8058 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 503.174065][ C1] sd 0:0:1:0: [sg0] tag#8058 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 14:21:41 executing program 3 (fault-call:0 fault-nth:4): syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 503.174080][ C1] sd 0:0:1:0: [sg0] tag#8058 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 503.183607][ T9652] truncated [ 503.183613][ T9652] loop1: p2 size 1073872896 extends beyond EOD, [ 503.191597][ C1] sd 0:0:1:0: [sg0] tag#8058 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 503.199746][ T9652] truncated [ 503.243011][ T9652] loop1: p3 start 225 is beyond EOD, [ 503.243843][ C1] sd 0:0:1:0: [sg0] tag#8058 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 503.253389][ T9652] truncated [ 503.262932][ C1] sd 0:0:1:0: [sg0] tag#8058 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 503.272462][ T9652] loop1: p4 size 3657465856 extends beyond EOD, [ 503.281988][ C1] sd 0:0:1:0: [sg0] tag#8058 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 503.291509][ T9652] truncated [ 503.361123][ C1] sd 0:0:1:0: [sg0] tag#8058 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 34 06 [ 503.370690][ C1] sd 0:0:1:0: [sg0] tag#8058 CDB[b0]: dd cf b7 e4 11 20 10 df f1 8d 90 f8 d6 b7 2d 87 [ 503.380261][ C1] sd 0:0:1:0: [sg0] tag#8058 CDB[c0]: 04 f7 f1 51 43 4d 12 88 97 7c 89 fd 60 fe ed a6 [ 503.389949][ C1] sd 0:0:1:0: [sg0] tag#8058 CDB[d0]: 9b 92 b1 d7 de 5d 7f 57 ee d4 0f be 3b 18 5c 30 [ 503.405328][ T9695] FAULT_INJECTION: forcing a failure. [ 503.405328][ T9695] name failslab, interval 1, probability 0, space 0, times 0 [ 503.405792][ T1232] loop1: p1 p2 p3 p4 [ 503.417985][ T9695] CPU: 1 PID: 9695 Comm: syz-executor.3 Not tainted 5.13.0-rc4-syzkaller #0 [ 503.430629][ T9695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 503.432690][ T1232] loop1: p1 start 115140 is beyond EOD, [ 503.440697][ T9695] Call Trace: [ 503.440707][ T9695] dump_stack+0x137/0x19d [ 503.440729][ T9695] should_fail+0x23c/0x250 [ 503.446467][ T1232] truncated [ 503.449710][ T9695] ? __d_alloc+0x36/0x370 [ 503.454014][ T1232] loop1: p2 size 1073872896 extends beyond EOD, [ 503.458423][ T9695] __should_failslab+0x81/0x90 [ 503.461547][ T1232] truncated [ 503.466478][ T1232] loop1: p3 start 225 is beyond EOD, [ 503.472156][ T9695] should_failslab+0x5/0x20 14:21:42 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800807000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 503.476960][ T1232] truncated [ 503.480039][ T9695] kmem_cache_alloc+0x46/0x2f0 [ 503.485384][ T1232] loop1: p4 size 3657465856 extends beyond EOD, [ 503.489972][ T9695] ? __init_rwsem+0x59/0x70 [ 503.489991][ T9695] __d_alloc+0x36/0x370 [ 503.490017][ T9695] ? current_time+0xdb/0x190 [ 503.493113][ T1232] truncated [ 503.520616][ T9695] d_alloc_pseudo+0x1a/0x50 [ 503.525111][ T9695] alloc_file_pseudo+0x63/0x130 [ 503.529954][ T9695] __shmem_file_setup+0x14c/0x1d0 [ 503.535004][ T9695] shmem_file_setup+0x37/0x40 [ 503.539755][ T9695] __se_sys_memfd_create+0x1eb/0x390 [ 503.545026][ T9695] __x64_sys_memfd_create+0x2d/0x40 [ 503.550281][ T9695] do_syscall_64+0x4a/0x90 [ 503.554701][ T9695] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 503.560624][ T9695] RIP: 0033:0x4665d9 [ 503.564515][ T9695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 503.584195][ T9695] RSP: 002b:00007f53e219de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 503.592605][ T9695] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00000000004665d9 [ 503.600647][ T9695] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66 [ 503.608616][ T9695] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000 [ 503.618497][ T9695] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 503.626455][ T9695] R13: 00007ffe0d27b17f R14: 0000000000000380 R15: 0000000000022000 [ 503.681693][ T9701] loop1: detected capacity change from 0 to 1 [ 503.745833][ T9701] loop1: p1 p2 p3 p4 [ 503.750078][ T9701] loop1: p1 start 115140 is beyond EOD, truncated [ 503.756701][ T9701] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 503.765070][ T9701] loop1: p3 start 225 is beyond EOD, truncated [ 503.771456][ T9701] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 503.780680][ T1232] loop1: p1 p2 p3 p4 [ 503.784838][ T1232] loop1: p1 start 115140 is beyond EOD, truncated [ 503.791323][ T1232] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 503.799710][ T1232] loop1: p3 start 225 is beyond EOD, truncated [ 503.805937][ T1232] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:43 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000), &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:43 executing program 4 (fault-call:0 fault-nth:4): syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:43 executing program 3 (fault-call:0 fault-nth:5): syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:43 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000), &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:43 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800808000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:43 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xe0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c30", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 504.948901][ T9738] FAULT_INJECTION: forcing a failure. [ 504.948901][ T9738] name failslab, interval 1, probability 0, space 0, times 0 [ 504.949047][ T9737] FAULT_INJECTION: forcing a failure. [ 504.949047][ T9737] name failslab, interval 1, probability 0, space 0, times 0 [ 504.961563][ T9738] CPU: 1 PID: 9738 Comm: syz-executor.4 Not tainted 5.13.0-rc4-syzkaller #0 [ 504.982912][ T9738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 504.993098][ T9738] Call Trace: [ 504.996361][ T9738] dump_stack+0x137/0x19d [ 505.000715][ T9738] should_fail+0x23c/0x250 [ 505.005116][ T9738] ? __d_alloc+0x36/0x370 [ 505.009426][ T9738] __should_failslab+0x81/0x90 [ 505.014176][ T9738] should_failslab+0x5/0x20 [ 505.018670][ T9738] kmem_cache_alloc+0x46/0x2f0 [ 505.023419][ T9738] ? __init_rwsem+0x59/0x70 [ 505.027902][ T9738] __d_alloc+0x36/0x370 [ 505.032036][ T9738] ? current_time+0xdb/0x190 [ 505.037059][ T9738] d_alloc_pseudo+0x1a/0x50 [ 505.041545][ T9738] alloc_file_pseudo+0x63/0x130 [ 505.046467][ T9738] __shmem_file_setup+0x14c/0x1d0 [ 505.051490][ T9738] shmem_file_setup+0x37/0x40 [ 505.056190][ T9738] __se_sys_memfd_create+0x1eb/0x390 [ 505.061509][ T9738] __x64_sys_memfd_create+0x2d/0x40 [ 505.066705][ T9738] do_syscall_64+0x4a/0x90 [ 505.071129][ T9738] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 505.077044][ T9738] RIP: 0033:0x4665d9 [ 505.080922][ T9738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 505.100672][ T9738] RSP: 002b:00007f1942949e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 505.109109][ T9738] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00000000004665d9 [ 505.117175][ T9738] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66 [ 505.125236][ T9738] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000 [ 505.133194][ T9738] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 505.141159][ T9738] R13: 00007ffc7a3922ff R14: 0000000000000380 R15: 0000000000022000 [ 505.149205][ T9737] CPU: 0 PID: 9737 Comm: syz-executor.3 Not tainted 5.13.0-rc4-syzkaller #0 [ 505.155681][ C1] sd 0:0:1:0: [sg0] tag#8032 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 505.158067][ T9737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 505.158078][ T9737] Call Trace: [ 505.158085][ T9737] dump_stack+0x137/0x19d [ 505.168433][ C1] sd 0:0:1:0: [sg0] tag#8032 CDB: Play audio msf [ 505.178462][ T9737] should_fail+0x23c/0x250 [ 505.178485][ T9737] ? __alloc_file+0x2e/0x1a0 [ 505.178503][ T9737] __should_failslab+0x81/0x90 [ 505.181803][ C1] sd 0:0:1:0: [sg0] tag#8032 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 505.186110][ T9737] should_failslab+0x5/0x20 [ 505.186134][ T9737] kmem_cache_alloc+0x46/0x2f0 [ 505.192461][ C1] sd 0:0:1:0: [sg0] tag#8032 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 505.196844][ T9737] ? inode_doinit_with_dentry+0x382/0x950 [ 505.201449][ C1] sd 0:0:1:0: [sg0] tag#8032 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 505.206186][ T9737] __alloc_file+0x2e/0x1a0 [ 505.206205][ T9737] alloc_empty_file+0xcd/0x1c0 [ 505.215755][ C1] sd 0:0:1:0: [sg0] tag#8032 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 505.220302][ T9737] alloc_file+0x3a/0x280 [ 505.225222][ C1] sd 0:0:1:0: [sg0] tag#8032 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 505.235166][ T9737] alloc_file_pseudo+0xe2/0x130 [ 505.235186][ T9737] __shmem_file_setup+0x14c/0x1d0 [ 505.240984][ C1] sd 0:0:1:0: [sg0] tag#8032 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 505.250652][ T9737] shmem_file_setup+0x37/0x40 [ 505.255093][ C1] sd 0:0:1:0: [sg0] tag#8032 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 505.259820][ T9737] __se_sys_memfd_create+0x1eb/0x390 [ 505.269363][ C1] sd 0:0:1:0: [sg0] tag#8032 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 505.273579][ T9737] __x64_sys_memfd_create+0x2d/0x40 [ 505.283256][ C1] sd 0:0:1:0: [sg0] tag#8032 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 505.288057][ T9737] do_syscall_64+0x4a/0x90 [ 505.293121][ C1] sd 0:0:1:0: [sg0] tag#8032 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 505.302630][ T9737] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 505.302655][ T9737] RIP: 0033:0x4665d9 [ 505.307327][ C1] sd 0:0:1:0: [sg0] tag#8032 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 34 06 [ 505.317189][ T9737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 505.317207][ T9737] RSP: 002b:00007f53e219de98 EFLAGS: 00000246 [ 505.322487][ C1] sd 0:0:1:0: [sg0] tag#8032 CDB[b0]: dd cf b7 e4 11 20 10 df f1 8d 90 f8 d6 b7 2d 87 [ 505.332687][ T9737] ORIG_RAX: 000000000000013f [ 505.332696][ T9737] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00000000004665d9 [ 505.337910][ C1] sd 0:0:1:0: [sg0] tag#8032 CDB[c0]: 04 f7 f1 51 43 4d 12 88 97 7c 89 fd 60 fe ed a6 [ 505.347390][ T9737] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66 14:21:44 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xe0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c30", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:44 executing program 4 (fault-call:0 fault-nth:5): syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 505.347404][ T9737] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000 [ 505.351804][ C1] sd 0:0:1:0: [sg0] tag#8032 CDB[d0]: 9b 92 b1 d7 de 5d 7f 57 ee d4 0f be 3b 18 5c 30 [ 505.361308][ T9737] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 505.436692][ C1] sd 0:0:1:0: [sg0] tag#8033 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 505.438420][ T9737] R13: 00007ffe0d27b17f R14: 0000000000000380 R15: 0000000000022000 [ 505.446430][ C1] sd 0:0:1:0: [sg0] tag#8033 CDB: Play audio msf [ 505.465865][ T9748] FAULT_INJECTION: forcing a failure. [ 505.465865][ T9748] name failslab, interval 1, probability 0, space 0, times 0 [ 505.471953][ C1] sd 0:0:1:0: [sg0] tag#8033 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 505.482251][ T9748] CPU: 0 PID: 9748 Comm: syz-executor.4 Not tainted 5.13.0-rc4-syzkaller #0 [ 505.490241][ C1] sd 0:0:1:0: [sg0] tag#8033 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 505.496508][ T9748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 505.496519][ T9748] Call Trace: [ 505.496528][ T9748] dump_stack+0x137/0x19d [ 505.509219][ C1] sd 0:0:1:0: [sg0] tag#8033 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 505.518795][ T9748] should_fail+0x23c/0x250 [ 505.518818][ T9748] ? __alloc_file+0x2e/0x1a0 [ 505.518833][ T9748] __should_failslab+0x81/0x90 [ 505.527513][ C1] sd 0:0:1:0: [sg0] tag#8033 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 505.537007][ T9748] should_failslab+0x5/0x20 [ 505.537025][ T9748] kmem_cache_alloc+0x46/0x2f0 [ 505.547558][ C1] sd 0:0:1:0: [sg0] tag#8033 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 505.550800][ T9748] ? inode_doinit_with_dentry+0x382/0x950 [ 505.555111][ C1] sd 0:0:1:0: [sg0] tag#8033 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 505.564886][ T9748] __alloc_file+0x2e/0x1a0 [ 505.564905][ T9748] alloc_empty_file+0xcd/0x1c0 [ 505.569309][ C1] sd 0:0:1:0: [sg0] tag#8033 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 505.573855][ T9748] alloc_file+0x3a/0x280 [ 505.578617][ C1] sd 0:0:1:0: [sg0] tag#8033 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 505.588119][ T9748] alloc_file_pseudo+0xe2/0x130 [ 505.588140][ T9748] __shmem_file_setup+0x14c/0x1d0 [ 505.592621][ C1] sd 0:0:1:0: [sg0] tag#8033 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 505.597354][ T9748] shmem_file_setup+0x37/0x40 [ 505.606985][ C1] sd 0:0:1:0: [sg0] tag#8033 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 505.612921][ T9748] __se_sys_memfd_create+0x1eb/0x390 [ 505.622542][ C1] sd 0:0:1:0: [sg0] tag#8033 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 34 06 [ 505.626925][ T9748] __x64_sys_memfd_create+0x2d/0x40 [ 505.631682][ C1] sd 0:0:1:0: [sg0] tag#8033 CDB[b0]: dd cf b7 e4 11 20 10 df f1 8d 90 f8 d6 b7 2d 87 [ 505.641306][ T9748] do_syscall_64+0x4a/0x90 [ 505.645546][ C1] sd 0:0:1:0: [sg0] tag#8033 CDB[c0]: 04 f7 f1 51 43 4d 12 88 97 7c 89 fd 60 fe ed a6 [ 505.655049][ T9748] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 505.660002][ C1] sd 0:0:1:0: [sg0] tag#8033 CDB[d0]: 9b 92 b1 d7 de 5d 7f 57 ee d4 0f be 3b 18 5c 30 14:21:44 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xf0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:44 executing program 3 (fault-call:0 fault-nth:6): syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 505.664984][ T9748] RIP: 0033:0x4665d9 [ 505.685838][ T9739] loop1: detected capacity change from 0 to 1 [ 505.688931][ T9748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 505.778672][ T9748] RSP: 002b:00007f1942949e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 505.787095][ T9748] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00000000004665d9 [ 505.790395][ C1] sd 0:0:1:0: [sg0] tag#8034 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 505.795145][ T9748] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66 [ 505.795157][ T9748] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000 [ 505.795205][ T9748] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 505.805538][ C1] sd 0:0:1:0: [sg0] tag#8034 CDB: Play audio msf [ 505.813461][ T9748] R13: 00007ffc7a3922ff R14: 0000000000000380 R15: 0000000000022000 [ 505.832989][ T9759] FAULT_INJECTION: forcing a failure. [ 505.832989][ T9759] name failslab, interval 1, probability 0, space 0, times 0 [ 505.835805][ C1] sd 0:0:1:0: [sg0] tag#8034 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 505.843817][ T9759] CPU: 0 PID: 9759 Comm: syz-executor.3 Not tainted 5.13.0-rc4-syzkaller #0 [ 505.856468][ C1] sd 0:0:1:0: [sg0] tag#8034 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 505.865919][ T9759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 505.865931][ T9759] Call Trace: [ 505.865938][ T9759] dump_stack+0x137/0x19d [ 505.874628][ C1] sd 0:0:1:0: [sg0] tag#8034 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 505.884119][ T9759] should_fail+0x23c/0x250 [ 505.884141][ T9759] ? security_file_alloc+0x30/0x190 [ 505.894218][ C1] sd 0:0:1:0: [sg0] tag#8034 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 505.897458][ T9759] __should_failslab+0x81/0x90 [ 505.901791][ C1] sd 0:0:1:0: [sg0] tag#8034 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 505.911297][ T9759] should_failslab+0x5/0x20 [ 505.911314][ T9759] kmem_cache_alloc+0x46/0x2f0 [ 505.915746][ C1] sd 0:0:1:0: [sg0] tag#8034 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 505.920880][ T9759] security_file_alloc+0x30/0x190 [ 505.930426][ C1] sd 0:0:1:0: [sg0] tag#8034 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 505.935149][ T9759] __alloc_file+0x83/0x1a0 [ 505.944706][ C1] sd 0:0:1:0: [sg0] tag#8034 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 505.949156][ T9759] alloc_empty_file+0xcd/0x1c0 [ 505.949177][ T9759] alloc_file+0x3a/0x280 14:21:44 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 505.953957][ C1] sd 0:0:1:0: [sg0] tag#8034 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 505.963495][ T9759] alloc_file_pseudo+0xe2/0x130 [ 505.963515][ T9759] __shmem_file_setup+0x14c/0x1d0 [ 505.968724][ C1] sd 0:0:1:0: [sg0] tag#8034 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 505.978230][ T9759] shmem_file_setup+0x37/0x40 [ 505.982667][ C1] sd 0:0:1:0: [sg0] tag#8034 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 34 06 [ 505.992200][ T9759] __se_sys_memfd_create+0x1eb/0x390 14:21:44 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xf0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 505.996992][ C1] sd 0:0:1:0: [sg0] tag#8034 CDB[b0]: dd cf b7 e4 11 20 10 df f1 8d 90 f8 d6 b7 2d 87 [ 506.001192][ T9759] __x64_sys_memfd_create+0x2d/0x40 [ 506.010902][ C1] sd 0:0:1:0: [sg0] tag#8034 CDB[c0]: 04 f7 f1 51 43 4d 12 88 97 7c 89 fd 60 fe ed a6 [ 506.015711][ T9759] do_syscall_64+0x4a/0x90 [ 506.020731][ C1] sd 0:0:1:0: [sg0] tag#8034 CDB[d0]: 9b 92 b1 d7 de 5d 7f 57 ee d4 0f be 3b 18 5c 30 [ 506.030249][ T9759] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 506.034948][ C1] sd 0:0:1:0: [sg0] tag#8034 CDB[e0]: 57 a6 4d 9b 5c cf 4b b9 ed 74 5b 60 d7 e6 9d 1f [ 506.044566][ T9759] RIP: 0033:0x4665d9 [ 506.109977][ T9759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 506.129965][ T9759] RSP: 002b:00007f53e219de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 506.138395][ T9759] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00000000004665d9 [ 506.146396][ T9759] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66 [ 506.154373][ T9759] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000 [ 506.162341][ T9759] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 506.168284][ C1] sd 0:0:1:0: [sg0] tag#8035 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 506.170427][ T9759] R13: 00007ffe0d27b17f R14: 0000000000000380 R15: 0000000000022000 [ 506.189199][ C1] sd 0:0:1:0: [sg0] tag#8035 CDB: Play audio msf [ 506.195540][ C1] sd 0:0:1:0: [sg0] tag#8035 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 506.205233][ C1] sd 0:0:1:0: [sg0] tag#8035 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 506.214802][ C1] sd 0:0:1:0: [sg0] tag#8035 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 506.224453][ C1] sd 0:0:1:0: [sg0] tag#8035 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 506.234043][ C1] sd 0:0:1:0: [sg0] tag#8035 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 506.243668][ C1] sd 0:0:1:0: [sg0] tag#8035 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 506.253240][ C1] sd 0:0:1:0: [sg0] tag#8035 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 506.262815][ C1] sd 0:0:1:0: [sg0] tag#8035 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 506.272386][ C1] sd 0:0:1:0: [sg0] tag#8035 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 506.281970][ C1] sd 0:0:1:0: [sg0] tag#8035 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 506.291629][ C1] sd 0:0:1:0: [sg0] tag#8035 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 34 06 [ 506.301235][ C1] sd 0:0:1:0: [sg0] tag#8035 CDB[b0]: dd cf b7 e4 11 20 10 df f1 8d 90 f8 d6 b7 2d 87 [ 506.310810][ C1] sd 0:0:1:0: [sg0] tag#8035 CDB[c0]: 04 f7 f1 51 43 4d 12 88 97 7c 89 fd 60 fe ed a6 [ 506.320477][ C1] sd 0:0:1:0: [sg0] tag#8035 CDB[d0]: 9b 92 b1 d7 de 5d 7f 57 ee d4 0f be 3b 18 5c 30 [ 506.330264][ C1] sd 0:0:1:0: [sg0] tag#8035 CDB[e0]: 57 a6 4d 9b 5c cf 4b b9 ed 74 5b 60 d7 e6 9d 1f [ 506.357704][ T9739] loop1: p1 p2 p3 p4 [ 506.361781][ T9739] loop1: p1 start 115140 is beyond EOD, truncated [ 506.368393][ T9739] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 506.379153][ T9739] loop1: p3 start 225 is beyond EOD, truncated [ 506.385326][ T9739] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:21:46 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:46 executing program 4 (fault-call:0 fault-nth:6): syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:46 executing program 3 (fault-call:0 fault-nth:7): syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:46 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xf0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:46 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800809000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:46 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 507.958024][ C1] sd 0:0:1:0: [sg0] tag#8036 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 507.968742][ C1] sd 0:0:1:0: [sg0] tag#8036 CDB: Play audio msf [ 507.971914][ T9794] FAULT_INJECTION: forcing a failure. [ 507.971914][ T9794] name failslab, interval 1, probability 0, space 0, times 0 [ 507.975082][ C1] sd 0:0:1:0: [sg0] tag#8036 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 507.975102][ C1] sd 0:0:1:0: [sg0] tag#8036 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 507.987854][ T9794] CPU: 0 PID: 9794 Comm: syz-executor.4 Not tainted 5.13.0-rc4-syzkaller #0 [ 507.997409][ C1] sd 0:0:1:0: [sg0] tag#8036 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 508.006905][ T9794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 508.006917][ T9794] Call Trace: [ 508.015587][ C1] sd 0:0:1:0: [sg0] tag#8036 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 508.025089][ T9794] dump_stack+0x137/0x19d [ 508.025113][ T9794] should_fail+0x23c/0x250 [ 508.035163][ C1] sd 0:0:1:0: [sg0] tag#8036 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 508.038411][ T9794] ? security_file_alloc+0x30/0x190 [ 508.047961][ C1] sd 0:0:1:0: [sg0] tag#8036 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 508.052337][ T9794] __should_failslab+0x81/0x90 [ 508.056687][ C1] sd 0:0:1:0: [sg0] tag#8036 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 508.066286][ T9794] should_failslab+0x5/0x20 [ 508.066304][ T9794] kmem_cache_alloc+0x46/0x2f0 [ 508.071576][ C1] sd 0:0:1:0: [sg0] tag#8036 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 508.081083][ T9794] security_file_alloc+0x30/0x190 [ 508.081103][ T9794] __alloc_file+0x83/0x1a0 [ 508.085874][ C1] sd 0:0:1:0: [sg0] tag#8036 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 508.095376][ T9794] alloc_empty_file+0xcd/0x1c0 [ 508.099913][ C1] sd 0:0:1:0: [sg0] tag#8036 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 508.099930][ C1] sd 0:0:1:0: [sg0] tag#8036 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 34 06 [ 508.104749][ T9794] alloc_file+0x3a/0x280 [ 508.114322][ C1] sd 0:0:1:0: [sg0] tag#8036 CDB[b0]: dd cf b7 e4 11 20 10 df f1 8d 90 f8 d6 b7 2d 87 [ 508.119418][ T9794] alloc_file_pseudo+0xe2/0x130 [ 508.123883][ C1] sd 0:0:1:0: [sg0] tag#8036 CDB[c0]: 04 f7 f1 51 43 4d 12 88 97 7c 89 fd 60 fe ed a6 [ 508.133668][ T9794] __shmem_file_setup+0x14c/0x1d0 [ 508.133701][ T9794] shmem_file_setup+0x37/0x40 [ 508.138497][ C1] sd 0:0:1:0: [sg0] tag#8036 CDB[d0]: 9b 92 b1 d7 de 5d 7f 57 ee d4 0f be 3b 18 5c 30 [ 508.138512][ C1] sd 0:0:1:0: [sg0] tag#8036 CDB[e0]: 57 a6 4d 9b 5c cf 4b b9 ed 74 5b 60 d7 e6 9d 1f [ 508.150395][ T9793] FAULT_INJECTION: forcing a failure. [ 508.150395][ T9793] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 508.157578][ T9794] __se_sys_memfd_create+0x1eb/0x390 [ 508.157606][ T9794] __x64_sys_memfd_create+0x2d/0x40 [ 508.238127][ T9794] do_syscall_64+0x4a/0x90 [ 508.242541][ T9794] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 508.248446][ T9794] RIP: 0033:0x4665d9 [ 508.252324][ T9794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 508.272009][ T9794] RSP: 002b:00007f1942949e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 508.280413][ T9794] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 00000000004665d9 [ 508.288371][ T9794] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66 [ 508.296326][ T9794] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000 [ 508.304348][ T9794] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 508.312301][ T9794] R13: 00007ffc7a3922ff R14: 0000000000000380 R15: 0000000000022000 [ 508.320284][ T9793] CPU: 1 PID: 9793 Comm: syz-executor.3 Not tainted 5.13.0-rc4-syzkaller #0 [ 508.322321][ T9790] loop1: detected capacity change from 0 to 1 [ 508.329082][ T9793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 508.329095][ T9793] Call Trace: [ 508.329102][ T9793] dump_stack+0x137/0x19d [ 508.353076][ T9793] should_fail+0x23c/0x250 14:21:47 executing program 4 (fault-call:0 fault-nth:7): syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:47 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xf8, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 508.357511][ T9793] __alloc_pages+0x102/0x320 [ 508.362114][ T9793] alloc_pages_vma+0x391/0x660 [ 508.366893][ T9793] shmem_getpage_gfp+0x980/0x1410 [ 508.371924][ T9793] ? mls_context_isvalid+0x76/0x1e0 [ 508.377151][ T9793] shmem_write_begin+0x7e/0x100 [ 508.382004][ T9793] generic_perform_write+0x196/0x3a0 [ 508.387453][ T9793] ? file_update_time+0x1bd/0x3e0 [ 508.392579][ T9793] __generic_file_write_iter+0x161/0x300 [ 508.398287][ T9793] ? generic_write_checks+0x250/0x290 [ 508.399276][ T9802] FAULT_INJECTION: forcing a failure. [ 508.399276][ T9802] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 508.404251][ T9793] generic_file_write_iter+0x75/0x130 [ 508.422858][ T9793] vfs_write+0x69d/0x770 [ 508.427090][ T9793] __x64_sys_pwrite64+0xf5/0x150 [ 508.432022][ T9793] do_syscall_64+0x4a/0x90 [ 508.436487][ T9793] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 508.442388][ T9793] RIP: 0033:0x419777 [ 508.446272][ T9793] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b [ 508.466079][ T9793] RSP: 002b:00007f53e219de70 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 508.474475][ T9793] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000419777 [ 508.482517][ T9793] RDX: 0000000000000040 RSI: 00000000200000c0 RDI: 0000000000000004 [ 508.490470][ T9793] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 508.498438][ T9793] R10: 00000000000001c0 R11: 0000000000000293 R12: 0000000000000004 [ 508.506422][ T9793] R13: 0000000000000004 R14: 0000000020000080 R15: 0000000000000000 [ 508.514465][ T9802] CPU: 0 PID: 9802 Comm: syz-executor.4 Not tainted 5.13.0-rc4-syzkaller #0 [ 508.518943][ C1] sd 0:0:1:0: [sg0] tag#8037 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 508.523215][ T9802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 508.533541][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB: Play audio msf [ 508.543641][ T9802] Call Trace: [ 508.543650][ T9802] dump_stack+0x137/0x19d [ 508.549985][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 508.549999][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 508.550012][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 508.550025][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 508.550038][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 508.553640][ T9802] should_fail+0x23c/0x250 [ 508.557993][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 508.567571][ T9802] __alloc_pages+0x102/0x320 [ 508.567591][ T9802] alloc_pages_vma+0x391/0x660 [ 508.577130][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 508.586629][ T9802] shmem_getpage_gfp+0x980/0x1410 [ 508.596690][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 508.606179][ T9802] ? mls_context_isvalid+0x76/0x1e0 [ 508.610624][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 508.620159][ T9802] shmem_write_begin+0x7e/0x100 [ 508.624762][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 508.629488][ T9802] generic_perform_write+0x196/0x3a0 [ 508.639200][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 34 06 [ 508.644180][ T9802] ? file_update_time+0x1bd/0x3e0 14:21:47 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xf8, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 508.653730][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB[b0]: dd cf b7 e4 11 20 10 df f1 8d 90 f8 d6 b7 2d 87 [ 508.659134][ T9802] __generic_file_write_iter+0x161/0x300 [ 508.668711][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB[c0]: 04 f7 f1 51 43 4d 12 88 97 7c 89 fd 60 fe ed a6 [ 508.668725][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB[d0]: 9b 92 b1 d7 de 5d 7f 57 ee d4 0f be 3b 18 5c 30 [ 508.668740][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB[e0]: 57 a6 4d 9b 5c cf 4b b9 ed 74 5b 60 d7 e6 9d 1f [ 508.673552][ T9802] ? generic_write_checks+0x250/0x290 [ 508.683096][ C1] sd 0:0:1:0: [sg0] tag#8037 CDB[f0]: 2e 55 83 3a 64 f3 71 e4 [ 508.688329][ T9802] generic_file_write_iter+0x75/0x130 [ 508.744531][ C1] sd 0:0:1:0: [sg0] tag#8038 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 508.747384][ T9802] vfs_write+0x69d/0x770 [ 508.747404][ T9802] __x64_sys_pwrite64+0xf5/0x150 [ 508.747420][ T9802] do_syscall_64+0x4a/0x90 [ 508.752798][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB: Play audio msf [ 508.760304][ T9802] entry_SYSCALL_64_after_hwframe+0x44/0xae 14:21:47 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 508.765698][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 508.780667][ T9802] RIP: 0033:0x419777 [ 508.780681][ T9802] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b [ 508.784941][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 508.789929][ T9802] RSP: 002b:00007f1942949e70 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 14:21:47 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 508.789949][ T9802] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000419777 [ 508.794344][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 508.800647][ T9802] RDX: 0000000000000040 RSI: 00000000200000c0 RDI: 0000000000000004 [ 508.800660][ T9802] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 508.800670][ T9802] R10: 00000000000001c0 R11: 0000000000000293 R12: 0000000000000004 [ 508.806673][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 508.816190][ T9802] R13: 0000000000000004 R14: 0000000020000080 R15: 0000000000000000 [ 508.917496][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 508.927060][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 508.936654][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 508.946215][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 508.955803][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 508.965356][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 508.974943][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 34 06 [ 508.984543][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB[b0]: dd cf b7 e4 11 20 10 df f1 8d 90 f8 d6 b7 2d 87 [ 508.994599][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB[c0]: 04 f7 f1 51 43 4d 12 88 97 7c 89 fd 60 fe ed a6 14:21:47 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xf8, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 509.004181][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB[d0]: 9b 92 b1 d7 de 5d 7f 57 ee d4 0f be 3b 18 5c 30 [ 509.013934][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB[e0]: 57 a6 4d 9b 5c cf 4b b9 ed 74 5b 60 d7 e6 9d 1f [ 509.023522][ C1] sd 0:0:1:0: [sg0] tag#8038 CDB[f0]: 2e 55 83 3a 64 f3 71 e4 [ 509.047386][ C1] sd 0:0:1:0: [sg0] tag#8039 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 509.057849][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB: Play audio msf [ 509.064199][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 509.069267][ T9790] loop1: p1 p2 p3 p4 [ 509.073940][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 509.087562][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 509.094301][ T9790] loop1: p1 start 115140 is beyond EOD, truncated [ 509.097141][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 509.103553][ T9790] loop1: p2 size 1073872896 extends beyond EOD, [ 509.113113][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 509.113130][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 509.113146][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 509.119455][ T9790] truncated [ 509.148148][ T9790] loop1: p3 start 225 is beyond EOD, [ 509.151246][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 509.151266][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 509.156625][ T9790] truncated [ 509.156630][ T9790] loop1: p4 size 3657465856 extends beyond EOD, [ 509.166157][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 509.175658][ T9790] truncated [ 509.188575][ T9802] loop4: detected capacity change from 0 to 1 [ 509.194901][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 34 06 [ 509.205984][ T9822] loop3: detected capacity change from 0 to 1 [ 509.213827][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB[b0]: dd cf b7 e4 11 20 10 df f1 8d 90 f8 d6 b7 2d 87 [ 509.213847][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB[c0]: 04 f7 f1 51 43 4d 12 88 97 7c 89 fd 60 fe ed a6 [ 509.239152][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB[d0]: 9b 92 b1 d7 de 5d 7f 57 ee d4 0f be 3b 18 5c 30 [ 509.248816][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB[e0]: 57 a6 4d 9b 5c cf 4b b9 ed 74 5b 60 d7 e6 9d 1f [ 509.258395][ C1] sd 0:0:1:0: [sg0] tag#8039 CDB[f0]: 2e 55 83 3a 64 f3 71 e4 [ 509.274236][ T1232] loop1: p1 p2 p3 p4 [ 509.278676][ T1232] loop1: p1 start 115140 is beyond EOD, truncated [ 509.285176][ T1232] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 509.293643][ T1232] loop1: p3 start 225 is beyond EOD, truncated [ 509.299879][ T1232] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 509.306439][ T9822] loop3: p1 p2 p3 p4 [ 509.311301][ T9822] loop3: p1 start 115140 is beyond EOD, truncated [ 509.317759][ T9822] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 509.325422][ T9822] loop3: p3 start 225 is beyond EOD, truncated [ 509.331611][ T9822] loop3: p4 size 3657465856 extends beyond EOD, truncated 14:21:49 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:49 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xfc, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73e", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:49 executing program 4: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:49 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80080a000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:49 executing program 3: syz_read_part_table(0x2, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:49 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) [ 510.978728][ T9857] loop1: detected capacity change from 0 to 1 [ 510.981979][ C1] sd 0:0:1:0: [sg0] tag#8040 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 510.994454][ T9862] loop3: detected capacity change from 0 to 1 [ 510.995185][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB: Play audio msf [ 510.995199][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 510.995212][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 510.995225][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 510.995238][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 511.009801][ T9863] loop4: detected capacity change from 0 to 1 [ 511.017274][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 511.062098][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 511.071644][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 511.081446][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 511.091012][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 511.101266][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 511.110849][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 34 06 [ 511.120432][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB[b0]: dd cf b7 e4 11 20 10 df f1 8d 90 f8 d6 b7 2d 87 [ 511.130178][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB[c0]: 04 f7 f1 51 43 4d 12 88 97 7c 89 fd 60 fe ed a6 [ 511.139901][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB[d0]: 9b 92 b1 d7 de 5d 7f 57 ee d4 0f be 3b 18 5c 30 [ 511.149558][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB[e0]: 57 a6 4d 9b 5c cf 4b b9 ed 74 5b 60 d7 e6 9d 1f [ 511.159494][ C1] sd 0:0:1:0: [sg0] tag#8040 CDB[f0]: 2e 55 83 3a 64 f3 71 e4 c4 62 f7 3e 14:21:49 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xfc, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73e", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 511.179121][ T9857] loop1: p1 p2 p3 p4 [ 511.183518][ T9857] loop1: p1 start 115140 is beyond EOD, truncated [ 511.190301][ T9857] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 511.199356][ T9857] loop1: p3 start 225 is beyond EOD, truncated [ 511.200464][ C1] sd 0:0:1:0: [sg0] tag#8041 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 511.205593][ T9857] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 511.223641][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB: Play audio msf [ 511.230008][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 511.236288][ T9862] loop3: p1 p2 p3 p4 [ 511.239867][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 511.244254][ T9863] loop4: p1 p2 p3 p4 [ 511.253471][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 511.253492][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 511.261502][ T9862] loop3: p1 start 115140 is beyond EOD, [ 511.267641][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 511.277480][ T9862] truncated [ 511.283203][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 511.292779][ T9862] loop3: p2 size 1073872896 extends beyond EOD, [ 511.295858][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 511.305391][ T9862] truncated [ 511.311728][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 511.311746][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 511.332301][ T9863] loop4: p1 start 115140 is beyond EOD, [ 511.334016][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 511.334031][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 34 06 [ 511.334044][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB[b0]: dd cf b7 e4 11 20 10 df f1 8d 90 f8 d6 b7 2d 87 14:21:50 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xfc, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73e", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 511.334056][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB[c0]: 04 f7 f1 51 43 4d 12 88 97 7c 89 fd 60 fe ed a6 [ 511.334070][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB[d0]: 9b 92 b1 d7 de 5d 7f 57 ee d4 0f be 3b 18 5c 30 [ 511.334083][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB[e0]: 57 a6 4d 9b 5c cf 4b b9 ed 74 5b 60 d7 e6 9d 1f [ 511.334097][ C1] sd 0:0:1:0: [sg0] tag#8041 CDB[f0]: 2e 55 83 3a 64 f3 71 e4 c4 62 f7 3e [ 511.343754][ T9863] truncated [ 511.374165][ C1] sd 0:0:1:0: [sg0] tag#8042 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 511.378259][ T9863] loop4: p2 size 1073872896 extends beyond EOD, [ 511.387937][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB: Play audio msf [ 511.397456][ T9863] truncated [ 511.406983][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 511.406998][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 511.407030][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 511.430019][ T9863] loop4: p3 start 225 is beyond EOD, [ 511.435283][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 511.441639][ T9863] truncated [ 511.444745][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 511.454380][ T9863] loop4: p4 size 3657465856 extends beyond EOD, [ 511.463905][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 511.473660][ T9863] truncated [ 511.479221][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 511.493108][ T9862] loop3: p3 start 225 is beyond EOD, [ 511.501432][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 511.507975][ T9862] truncated [ 511.518276][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 511.521455][ T9862] loop3: p4 size 3657465856 extends beyond EOD, [ 511.531285][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 511.531304][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 34 06 [ 511.536659][ T9862] truncated [ 511.546301][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB[b0]: dd cf b7 e4 11 20 10 df f1 8d 90 f8 d6 b7 2d 87 [ 511.597841][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB[c0]: 04 f7 f1 51 43 4d 12 88 97 7c 89 fd 60 fe ed a6 [ 511.607398][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB[d0]: 9b 92 b1 d7 de 5d 7f 57 ee d4 0f be 3b 18 5c 30 [ 511.617072][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB[e0]: 57 a6 4d 9b 5c cf 4b b9 ed 74 5b 60 d7 e6 9d 1f 14:21:50 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xfe, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 511.626751][ C1] sd 0:0:1:0: [sg0] tag#8042 CDB[f0]: 2e 55 83 3a 64 f3 71 e4 c4 62 f7 3e 14:21:50 executing program 4: syz_read_part_table(0x2, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:50 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xfe, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:50 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80080b000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 511.681525][ T9862] loop3: detected capacity change from 0 to 1 [ 511.716492][ T9909] loop1: detected capacity change from 0 to 1 [ 511.733631][ T9910] loop4: detected capacity change from 0 to 1 [ 511.749767][ T9862] loop3: p1 p2 p3 p4 [ 511.753867][ T9862] loop3: p1 start 115140 is beyond EOD, truncated [ 511.760333][ T9862] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 511.767767][ T9909] loop1: p1 p2 p3 p4 [ 511.768171][ T9862] loop3: p3 start 225 is beyond EOD, truncated [ 511.772081][ T9909] loop1: p1 start 115140 is beyond EOD, truncated [ 511.778026][ T9862] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 511.784470][ T9909] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 511.799325][ T1232] loop4: p1 p2 p3 p4 [ 511.803653][ T9909] loop1: p3 start 225 is beyond EOD, truncated [ 511.803965][ T1232] loop4: p1 start 115140 is beyond EOD, [ 511.809847][ T9909] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 511.822909][ T1232] truncated [ 511.826177][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 511.843167][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 511.849460][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 511.858393][ T9910] loop4: p1 p2 p3 p4 [ 511.862438][ T9910] loop4: p1 start 115140 is beyond EOD, truncated [ 511.868930][ T9910] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 511.884976][ T9910] loop4: p3 start 225 is beyond EOD, truncated [ 511.891307][ T9910] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 511.944205][ T9910] loop4: detected capacity change from 0 to 1 [ 511.986231][ T1232] loop4: p1 p2 p3 p4 [ 511.990495][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 511.997091][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 512.005095][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 512.011340][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 512.020257][ T9910] loop4: p1 p2 p3 p4 [ 512.024476][ T9910] loop4: p1 start 115140 is beyond EOD, truncated [ 512.030940][ T9910] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 512.039229][ T9910] loop4: p3 start 225 is beyond EOD, truncated [ 512.045621][ T9910] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 512.088723][ T1232] loop4: p1 p2 p3 p4 [ 512.093273][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 512.099966][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 512.108663][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 512.114828][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:21:52 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:52 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:52 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xfe, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) 14:21:52 executing program 3: syz_read_part_table(0x3, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:52 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80080c000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:52 executing program 4: syz_read_part_table(0x3, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:52 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 514.014838][ T9978] loop4: detected capacity change from 0 to 1 [ 514.016192][ T9976] loop3: detected capacity change from 0 to 1 [ 514.033140][ T9975] loop1: detected capacity change from 0 to 1 14:21:52 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x3, &(0x7f0000000140)}) 14:21:52 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)}) [ 514.059396][ T9978] loop4: p1 p2 p3 p4 [ 514.064319][ T9978] loop4: p1 start 115140 is beyond EOD, truncated [ 514.070860][ T9978] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 514.085323][ T9976] loop3: p1 p2 p3 p4 [ 514.090234][ T9975] loop1: p1 p2 p3 p4 [ 514.096619][ T9976] loop3: p1 start 115140 is beyond EOD, truncated [ 514.099115][ T9975] loop1: p1 start 115140 is beyond EOD, truncated 14:21:52 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 514.103079][ T9976] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 514.109928][ T9975] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 514.120632][ T9975] loop1: p3 start 225 is beyond EOD, truncated [ 514.130967][ T9975] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 514.144413][ T9978] loop4: p3 start 225 is beyond EOD, truncated [ 514.150798][ T9978] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:21:52 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xe0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c30", &(0x7f00000015c0)=""/4096, 0x1, 0x0, 0x3, &(0x7f0000000140)}) [ 514.155336][ T9976] loop3: p3 start 225 is beyond EOD, truncated [ 514.164235][ T9976] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 514.175278][ C1] sd 0:0:1:0: [sg0] tag#8043 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 514.185806][ C1] sd 0:0:1:0: [sg0] tag#8043 CDB: Play audio msf [ 514.192153][ C1] sd 0:0:1:0: [sg0] tag#8043 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 514.201757][ C1] sd 0:0:1:0: [sg0] tag#8043 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 514.211831][ C1] sd 0:0:1:0: [sg0] tag#8043 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 514.221521][ C1] sd 0:0:1:0: [sg0] tag#8043 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 514.231320][ C1] sd 0:0:1:0: [sg0] tag#8043 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 514.240927][ C1] sd 0:0:1:0: [sg0] tag#8043 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 514.250651][ C1] sd 0:0:1:0: [sg0] tag#8043 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 514.260247][ C1] sd 0:0:1:0: [sg0] tag#8043 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 514.269829][ C1] sd 0:0:1:0: [sg0] tag#8043 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 514.279428][ C1] sd 0:0:1:0: [sg0] tag#8043 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 514.289017][ C1] sd 0:0:1:0: [sg0] tag#8043 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 34 06 [ 514.298613][ C1] sd 0:0:1:0: [sg0] tag#8043 CDB[b0]: dd cf b7 e4 11 20 10 df f1 8d 90 f8 d6 b7 2d 87 14:21:53 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800805000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 514.308326][ C1] sd 0:0:1:0: [sg0] tag#8043 CDB[c0]: 04 f7 f1 51 43 4d 12 88 97 7c 89 fd 60 fe ed a6 [ 514.317928][ C1] sd 0:0:1:0: [sg0] tag#8043 CDB[d0]: 9b 92 b1 d7 de 5d 7f 57 ee d4 0f be 3b 18 5c 30 [ 514.369575][ T9978] loop4: detected capacity change from 0 to 1 [ 514.376534][ T9976] loop3: detected capacity change from 0 to 1 [ 514.409257][ T9976] loop3: p1 p2 p3 p4 [ 514.417064][ T9976] loop3: p1 start 115140 is beyond EOD, [ 514.417075][ T9978] loop4: p1 p2 p3 p4 [ 514.417670][ T9978] loop4: p1 start 115140 is beyond EOD, [ 514.422884][ T9976] truncated [ 514.422889][ T9976] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 514.426897][ T9978] truncated [ 514.426902][ T9978] loop4: p2 size 1073872896 extends beyond EOD, [ 514.439848][ T9976] loop3: p3 start 225 is beyond EOD, [ 514.442854][ T9978] truncated [ 514.445944][ T9976] truncated [ 514.445948][ T9976] loop3: p4 size 3657465856 extends beyond EOD, [ 514.454590][ T9978] loop4: p3 start 225 is beyond EOD, [ 514.457860][ T9976] truncated [ 514.478989][ T9978] truncated [ 514.482102][ T9978] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 514.523858][ T1232] loop3: p1 p2 p3 p4 [ 514.535381][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 514.541990][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 514.550022][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 514.556369][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated 14:21:55 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:55 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800805000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:55 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80080d000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:55 executing program 4: syz_read_part_table(0x4, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:55 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 14:21:55 executing program 3: syz_read_part_table(0x4, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:55 executing program 0: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800805000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:55 executing program 0 (fault-call:1 fault-nth:0): r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 517.027529][T10063] loop3: detected capacity change from 0 to 1 [ 517.033166][T10066] loop4: detected capacity change from 0 to 1 [ 517.040218][T10065] loop1: detected capacity change from 0 to 1 [ 517.067801][T10080] FAULT_INJECTION: forcing a failure. [ 517.067801][T10080] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 517.080991][T10080] CPU: 0 PID: 10080 Comm: syz-executor.0 Not tainted 5.13.0-rc4-syzkaller #0 [ 517.089394][T10063] loop3: p1 p2 p3 p4 [ 517.089836][T10080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 517.093927][T10063] loop3: p1 start 115140 is beyond EOD, [ 517.103862][T10080] Call Trace: [ 517.103905][T10080] dump_stack+0x137/0x19d [ 517.109590][T10063] truncated [ 517.112926][T10080] should_fail+0x23c/0x250 [ 517.117278][T10063] loop3: p2 size 1073872896 extends beyond EOD, [ 517.120343][T10080] should_fail_usercopy+0x16/0x20 [ 517.124733][T10063] truncated [ 517.129996][T10063] loop3: p3 start 225 is beyond EOD, [ 517.131161][T10080] _copy_from_user+0x1c/0xd0 [ 517.136393][T10063] truncated [ 517.136397][T10063] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 517.144572][T10066] loop4: p1 p2 p3 p4 [ 517.144877][T10080] get_sg_io_hdr+0x6a/0x320 [ 517.151756][T10066] loop4: p1 start 115140 is beyond EOD, [ 517.152558][T10080] ? path_openat+0x19ab/0x20b0 [ 517.152577][T10080] ? _raw_write_lock_irqsave+0x24/0x60 [ 517.152599][T10080] ? __list_add_valid+0x28/0x90 [ 517.159749][T10066] truncated [ 517.163669][T10080] ? _raw_write_unlock_irqrestore+0xe/0x20 [ 517.168176][T10066] loop4: p2 size 1073872896 extends beyond EOD, [ 517.173756][T10080] ? sg_add_request+0x3e5/0x400 [ 517.173831][T10080] sg_new_write+0xbd/0xcb0 [ 517.178602][T10066] truncated [ 517.184103][T10080] ? avc_has_extended_perms+0x5d8/0x7b0 [ 517.192407][T10066] loop4: p3 start 225 is beyond EOD, [ 517.197848][T10080] ? do_filp_open+0x17a/0x1f0 [ 517.204248][T10066] truncated [ 517.204253][T10066] loop4: p4 size 3657465856 extends beyond EOD, [ 517.209071][T10080] ? fsnotify_perm+0x59/0x2e0 [ 517.209090][T10080] ? __fsnotify_parent+0x32f/0x430 [ 517.213488][T10066] truncated [ 517.255030][T10080] ? __cond_resched+0x11/0x40 [ 517.259924][T10080] ? scsi_block_when_processing_errors+0x172/0x1a0 [ 517.266623][T10080] sg_ioctl_common+0xe3a/0x1770 [ 517.271480][T10080] ? do_vfs_ioctl+0x7c2/0x1410 [ 517.276238][T10080] ? iput+0xb5/0x590 [ 517.280131][T10080] sg_ioctl+0x54/0xc0 [ 517.284205][T10080] ? sg_poll+0x240/0x240 [ 517.288564][T10080] __se_sys_ioctl+0xcb/0x140 [ 517.293160][T10080] __x64_sys_ioctl+0x3f/0x50 [ 517.297864][T10080] do_syscall_64+0x4a/0x90 [ 517.302275][T10080] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 517.308193][T10080] RIP: 0033:0x4665d9 [ 517.312244][T10080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 517.332025][T10080] RSP: 002b:00007f51e598d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 517.340491][T10080] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 517.348634][T10080] RDX: 0000000020000380 RSI: 0000000000002285 RDI: 0000000000000003 [ 517.356615][T10080] RBP: 00007f51e598d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 517.364604][T10080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 517.372582][T10080] R13: 00007fff97f05abf R14: 00007f51e598d300 R15: 0000000000022000 [ 517.384301][T10065] loop1: p1 p2 p3 p4 [ 517.397138][T10065] loop1: p1 start 115140 is beyond EOD, truncated [ 517.403570][T10065] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 517.410963][T10063] loop3: detected capacity change from 0 to 1 14:21:56 executing program 0 (fault-call:1 fault-nth:1): r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 517.416570][T10065] loop1: p3 start 225 is beyond EOD, truncated [ 517.424025][T10065] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 517.436681][T10066] loop4: detected capacity change from 0 to 1 [ 517.451466][T10104] FAULT_INJECTION: forcing a failure. [ 517.451466][T10104] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 517.464659][T10104] CPU: 0 PID: 10104 Comm: syz-executor.0 Not tainted 5.13.0-rc4-syzkaller #0 [ 517.473474][T10104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 517.483593][T10104] Call Trace: [ 517.486882][T10104] dump_stack+0x137/0x19d [ 517.491256][T10104] should_fail+0x23c/0x250 [ 517.495775][T10104] should_fail_usercopy+0x16/0x20 [ 517.500794][T10104] _copy_to_user+0x1c/0x90 [ 517.505294][T10104] simple_read_from_buffer+0xab/0x120 [ 517.510656][T10104] proc_fail_nth_read+0xf6/0x140 [ 517.515624][T10104] ? rw_verify_area+0x136/0x250 [ 517.520499][T10104] ? proc_fault_inject_write+0x200/0x200 [ 517.526131][T10104] vfs_read+0x154/0x5d0 [ 517.530278][T10104] ? sg_ioctl_common+0x1140/0x1770 [ 517.535484][T10104] ? __fget_light+0x21b/0x260 [ 517.540272][T10104] ? __cond_resched+0x11/0x40 [ 517.545026][T10104] ksys_read+0xce/0x180 [ 517.549180][T10104] __x64_sys_read+0x3e/0x50 [ 517.553789][T10104] do_syscall_64+0x4a/0x90 [ 517.558276][T10104] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 517.564178][T10104] RIP: 0033:0x41935c [ 517.568073][T10104] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 517.587789][T10104] RSP: 002b:00007f51e598d170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 517.596311][T10104] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000041935c [ 517.604322][T10104] RDX: 000000000000000f RSI: 00007f51e598d1e0 RDI: 0000000000000004 [ 517.612281][T10104] RBP: 00007f51e598d1d0 R08: 0000000000000000 R09: 0000000000000000 14:21:56 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:21:56 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 517.620369][T10104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 517.628775][T10104] R13: 00007fff97f05abf R14: 00007f51e598d300 R15: 0000000000022000 [ 517.656750][T10063] loop3: p1 p2 p3 p4 [ 517.661012][ T1232] loop4: p1 p2 p3 p4 14:21:56 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80080e000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 517.670518][T10063] loop3: p1 start 115140 is beyond EOD, truncated [ 517.677002][T10063] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 517.684974][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 517.689961][T10113] loop1: detected capacity change from 0 to 1 [ 517.691641][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 517.709912][T10063] loop3: p3 start 225 is beyond EOD, truncated [ 517.716088][T10063] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 517.731672][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 517.736525][T10113] loop1: p1 p2 p3 p4 [ 517.737989][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 517.742299][T10113] loop1: p1 start 115140 is beyond EOD, truncated [ 517.755799][T10113] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 517.763814][T10113] loop1: p3 start 225 is beyond EOD, truncated [ 517.764162][T10066] loop4: p1 p2 p3 p4 [ 517.770033][T10113] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 517.781521][T10066] loop4: p1 start 115140 is beyond EOD, truncated [ 517.787984][T10066] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 517.795480][T10066] loop4: p3 start 225 is beyond EOD, truncated [ 517.802030][T10066] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 517.898928][ T1232] loop4: p1 p2 p3 p4 [ 517.903260][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 517.909903][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 517.918003][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 517.924375][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:21:58 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:21:58 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x1267, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:21:58 executing program 3: syz_read_part_table(0x5, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:58 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80080f000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:58 executing program 4: syz_read_part_table(0x5, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:21:58 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, 0x0, 0x0) 14:21:58 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x1274, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:21:58 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x1275, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 520.043597][T10158] loop4: detected capacity change from 0 to 1 [ 520.051099][T10162] loop1: detected capacity change from 0 to 1 [ 520.057805][T10163] loop3: detected capacity change from 0 to 1 [ 520.090799][T10158] loop4: p1 p2 p3 p4 [ 520.095390][T10158] loop4: p1 start 115140 is beyond EOD, truncated [ 520.101859][T10158] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 520.112280][T10162] loop1: p1 p2 p3 p4 [ 520.112389][T10158] loop4: p3 start 225 is beyond EOD, truncated [ 520.117311][T10163] loop3: p1 p2 p3 p4 [ 520.122467][T10158] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 520.128618][T10162] loop1: p1 start 115140 is beyond EOD, truncated 14:21:58 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x1276, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 520.140047][T10163] loop3: p1 start 115140 is beyond EOD, truncated [ 520.140478][T10162] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 520.147066][T10163] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 520.157156][T10162] loop1: p3 start 225 is beyond EOD, truncated [ 520.167561][T10162] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 520.177931][ T1232] loop4: p1 p2 p3 p4 [ 520.178138][T10163] loop3: p3 start 225 is beyond EOD, truncated 14:21:58 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2201, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:21:58 executing program 4: syz_read_part_table(0x6, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 520.182071][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 520.188184][T10163] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 520.194655][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 520.213891][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 520.220116][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:21:58 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800810000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 520.251842][T10163] loop3: detected capacity change from 0 to 1 [ 520.263138][T10211] loop1: detected capacity change from 0 to 1 [ 520.309558][T10163] loop3: p1 p2 p3 p4 [ 520.310316][T10211] loop1: p1 p2 p3 p4 [ 520.313852][T10163] loop3: p1 start 115140 is beyond EOD, truncated [ 520.323618][T10211] loop1: p1 start 115140 is beyond EOD, truncated [ 520.324154][T10163] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 520.330597][T10211] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 520.339229][T10220] loop4: detected capacity change from 0 to 1 [ 520.348036][T10211] loop1: p3 start 225 is beyond EOD, truncated [ 520.357108][T10211] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 520.365228][T10163] loop3: p3 start 225 is beyond EOD, truncated [ 520.371440][T10163] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 520.386651][T10220] loop4: p1 p2 p3 p4 [ 520.390857][T10220] loop4: p1 start 115140 is beyond EOD, truncated [ 520.397349][T10220] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 520.405851][T10220] loop4: p3 start 225 is beyond EOD, truncated [ 520.412076][T10220] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 520.427258][ T1232] loop3: p1 p2 p3 p4 [ 520.431619][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 520.438109][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 520.447867][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 520.454050][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 520.502991][T10220] loop4: detected capacity change from 0 to 1 [ 520.547002][ T1232] loop4: p1 p2 p3 p4 [ 520.551170][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 520.557737][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 520.565223][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 520.571418][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 520.580371][T10220] loop4: p1 p2 p3 p4 [ 520.584581][T10220] loop4: p1 start 115140 is beyond EOD, truncated [ 520.591059][T10220] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 520.598771][T10220] loop4: p3 start 225 is beyond EOD, truncated [ 520.604930][T10220] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:22:01 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:01 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2202, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:01 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800811000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:01 executing program 3: syz_read_part_table(0x6, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:01 executing program 4: syz_read_part_table(0x7, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:01 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, 0x0, 0x0) 14:22:01 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2203, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:01 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2205, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 523.051400][T10283] loop4: detected capacity change from 0 to 1 [ 523.059125][T10278] loop3: detected capacity change from 0 to 1 [ 523.065379][T10281] loop1: detected capacity change from 0 to 1 14:22:01 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2270, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 523.111043][T10281] loop1: p1 p2 p3 p4 [ 523.111184][T10278] loop3: p1 p2 p3 p4 [ 523.115289][T10281] loop1: p1 start 115140 is beyond EOD, truncated [ 523.119438][T10283] loop4: p1 p2 p3 p4 [ 523.125537][T10281] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 523.134300][T10278] loop3: p1 start 115140 is beyond EOD, truncated [ 523.141728][T10283] loop4: p1 start 115140 is beyond EOD, [ 523.143350][T10278] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 523.156189][T10283] truncated 14:22:01 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2271, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 523.159313][T10283] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 523.166788][T10281] loop1: p3 start 225 is beyond EOD, truncated [ 523.167839][T10278] loop3: p3 start 225 is beyond EOD, truncated [ 523.172974][T10281] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 523.179126][T10278] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 523.187131][T10283] loop4: p3 start 225 is beyond EOD, truncated [ 523.199538][T10283] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 523.200557][ T1232] loop3: p1 p2 p3 p4 14:22:01 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800812000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:01 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2272, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 523.215201][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 523.221681][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 523.229647][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 523.235853][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 523.258728][T10283] loop4: detected capacity change from 0 to 1 [ 523.265491][T10333] loop1: detected capacity change from 0 to 1 [ 523.287079][T10283] loop4: p1 p2 p3 p4 [ 523.291134][T10283] loop4: p1 start 115140 is beyond EOD, truncated [ 523.297690][T10283] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 523.306302][T10283] loop4: p3 start 225 is beyond EOD, truncated [ 523.312550][T10283] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 523.313337][T10333] loop1: p1 p2 p3 p4 [ 523.324032][T10333] loop1: p1 start 115140 is beyond EOD, truncated [ 523.330507][T10333] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 523.338248][T10333] loop1: p3 start 225 is beyond EOD, truncated [ 523.344578][T10333] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:22:04 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:04 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2275, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:04 executing program 3: syz_read_part_table(0x7, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:04 executing program 4: syz_read_part_table(0x8, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:04 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800813000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:04 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) acct(&(0x7f00000000c0)='./file0\x00') timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, 0x0, 0x0) 14:22:04 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2276, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:04 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2279, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:04 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x227a, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 526.084392][T10372] loop1: detected capacity change from 0 to 1 [ 526.090889][T10374] loop4: detected capacity change from 0 to 1 [ 526.099000][T10378] loop3: detected capacity change from 0 to 1 14:22:04 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) [ 526.133394][T10372] loop1: p1 p2 p3 p4 [ 526.137564][T10374] loop4: p1 p2 p3 p4 [ 526.142476][T10374] loop4: p1 start 115140 is beyond EOD, truncated [ 526.148943][T10374] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 526.156604][T10378] loop3: p1 p2 p3 p4 [ 526.156637][T10372] loop1: p1 start 115140 is beyond EOD, truncated [ 526.166998][T10378] loop3: p1 start 115140 is beyond EOD, truncated [ 526.167904][T10372] loop1: p2 size 1073872896 extends beyond EOD, truncated 14:22:04 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x227b, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 526.168876][T10374] loop4: p3 start 225 is beyond EOD, [ 526.174388][T10378] loop3: p2 size 1073872896 extends beyond EOD, [ 526.181595][T10374] truncated [ 526.181601][T10374] loop4: p4 size 3657465856 extends beyond EOD, [ 526.186991][T10378] truncated [ 526.193367][T10374] truncated [ 526.211458][ T1232] loop4: p1 p2 p3 p4 [ 526.215666][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 526.222169][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated 14:22:04 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:04 executing program 4: syz_read_part_table(0x9, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:04 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) [ 526.230048][T10372] loop1: p3 start 225 is beyond EOD, truncated [ 526.230117][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 526.236250][T10372] loop1: p4 size 3657465856 extends beyond EOD, [ 526.242489][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 526.256182][T10372] truncated [ 526.258378][T10378] loop3: p3 start 225 is beyond EOD, truncated [ 526.265462][T10378] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 526.305502][T10378] loop3: detected capacity change from 0 to 1 [ 526.324013][T10431] loop4: detected capacity change from 0 to 1 [ 526.350899][T10378] loop3: p1 p2 p3 p4 [ 526.354995][T10378] loop3: p1 start 115140 is beyond EOD, truncated [ 526.361843][T10378] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 526.369291][T10431] loop4: p1 p2 p3 p4 [ 526.369612][T10378] loop3: p3 start 225 is beyond EOD, truncated [ 526.374934][T10431] loop4: p1 start 115140 is beyond EOD, [ 526.379470][T10378] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 526.385104][T10431] truncated 14:22:05 executing program 3: syz_read_part_table(0x8, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:05 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x227d, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:05 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800824000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 526.395403][T10431] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 526.414882][T10447] loop1: detected capacity change from 0 to 1 [ 526.421649][T10431] loop4: p3 start 225 is beyond EOD, truncated [ 526.427950][T10431] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 526.462625][T10450] loop3: detected capacity change from 0 to 1 [ 526.469018][T10447] loop1: p1 p2 p3 p4 [ 526.473378][T10447] loop1: p1 start 115140 is beyond EOD, truncated [ 526.479845][T10447] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 526.493630][T10447] loop1: p3 start 225 is beyond EOD, truncated [ 526.499872][T10447] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 526.517612][T10450] loop3: p1 p2 p3 p4 [ 526.521987][T10450] loop3: p1 start 115140 is beyond EOD, truncated [ 526.528560][T10450] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 526.537149][T10450] loop3: p3 start 225 is beyond EOD, truncated [ 526.545098][T10450] loop3: p4 size 3657465856 extends beyond EOD, truncated 14:22:05 executing program 3: syz_read_part_table(0x9, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:05 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:05 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x227e, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:05 executing program 4: syz_read_part_table(0xa, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:05 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800825000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:05 executing program 5 (fault-call:5 fault-nth:0): r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) 14:22:05 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x227f, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 526.933372][T10493] loop3: detected capacity change from 0 to 1 [ 526.946776][T10489] loop4: detected capacity change from 0 to 1 [ 526.950929][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 526.961036][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 526.969428][T10503] FAULT_INJECTION: forcing a failure. [ 526.969428][T10503] name failslab, interval 1, probability 0, space 0, times 0 [ 526.982073][T10503] CPU: 1 PID: 10503 Comm: syz-executor.5 Not tainted 5.13.0-rc4-syzkaller #0 [ 526.990842][T10503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 526.999828][T10493] loop3: p1 p2 p3 p4 [ 527.000948][T10503] Call Trace: [ 527.001023][T10503] dump_stack+0x137/0x19d [ 527.005051][T10493] loop3: p1 start 115140 is beyond EOD, [ 527.008190][T10503] should_fail+0x23c/0x250 [ 527.008212][T10503] ? __anon_vma_prepare+0x41/0x2d0 [ 527.012539][T10493] truncated 14:22:05 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2282, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 527.012544][T10493] loop3: p2 size 1073872896 extends beyond EOD, [ 527.018232][T10503] __should_failslab+0x81/0x90 [ 527.022668][T10493] truncated [ 527.041294][T10493] loop3: p3 start 225 is beyond EOD, [ 527.042077][T10503] should_failslab+0x5/0x20 [ 527.042096][T10503] kmem_cache_alloc+0x46/0x2f0 [ 527.042117][T10503] __anon_vma_prepare+0x41/0x2d0 [ 527.045215][T10493] truncated [ 527.045220][T10493] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 527.072304][T10498] loop1: detected capacity change from 0 to 1 14:22:05 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2283, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 527.075816][T10503] wp_page_copy+0xb06/0x10c0 [ 527.075846][T10503] do_wp_page+0x5a8/0xba0 [ 527.090845][T10503] handle_mm_fault+0xb31/0x1a70 [ 527.091676][T10489] loop4: p1 p2 p3 p4 [ 527.095734][T10503] do_user_addr_fault+0x60c/0xc00 [ 527.095757][T10503] exc_page_fault+0x94/0x230 [ 527.103247][T10489] loop4: p1 start 115140 is beyond EOD, [ 527.104903][T10503] asm_exc_page_fault+0x1e/0x30 [ 527.104932][T10503] RIP: 0010:__put_user_nocheck_4+0x3/0x11 [ 527.109702][T10489] truncated [ 527.115275][T10503] Code: 00 00 48 39 d9 73 54 0f 1f 00 66 89 01 31 c9 0f 1f 00 c3 0f 1f 44 00 00 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 1f 00 <89> 01 31 c9 0f 1f 00 c3 66 0f 1f 44 00 00 48 bb f9 ef ff ff ff 7f [ 527.120141][T10489] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 527.123388][T10489] loop4: p3 start 225 is beyond EOD, [ 527.125906][T10503] RSP: 0018:ffffc90011f1fdf0 EFLAGS: 00010297 [ 527.125922][T10503] RAX: 0000000000000002 RBX: 00007fffffffeffd RCX: 00000000200001c0 [ 527.125935][T10503] RDX: ffffc9000332c000 RSI: 0000000000000282 RDI: ffff888157b78030 14:22:05 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2284, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:05 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 527.125947][T10503] RBP: ffff888157b78080 R08: 0000000000000000 R09: 0001888157b781c7 [ 527.125958][T10503] R10: 0000000000000021 R11: ffff888108a75080 R12: ffff888157b78030 [ 527.129094][T10489] truncated [ 527.148654][T10503] R13: 0000000000000002 R14: ffff888157b78080 R15: 0000000000000282 [ 527.148673][T10503] sg_ioctl_common+0xabb/0x1770 [ 527.148692][T10503] ? iput+0xad/0x590 [ 527.148766][T10503] sg_ioctl+0x54/0xc0 [ 527.155862][T10489] loop4: p4 size 3657465856 extends beyond EOD, [ 527.161212][T10503] ? sg_poll+0x240/0x240 14:22:05 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2287, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 527.161229][T10503] __se_sys_ioctl+0xcb/0x140 [ 527.167301][T10489] truncated [ 527.175235][T10503] __x64_sys_ioctl+0x3f/0x50 [ 527.246303][T10503] do_syscall_64+0x4a/0x90 [ 527.250782][T10503] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 527.256780][T10503] RIP: 0033:0x4665d9 [ 527.260754][T10503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 527.281147][T10503] RSP: 002b:00007fb225868188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 527.289582][T10503] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 527.297693][T10503] RDX: 00000000200001c0 RSI: 000000000000227d RDI: 0000000000000003 [ 527.305654][T10503] RBP: 00007fb2258681d0 R08: 0000000000000000 R09: 0000000000000000 [ 527.313632][T10503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 527.321738][T10503] R13: 00007ffc297abdcf R14: 00007fb225868300 R15: 0000000000022000 [ 527.359062][T10498] loop1: p1 p2 p3 p4 [ 527.363116][T10498] loop1: p1 start 115140 is beyond EOD, truncated [ 527.369752][T10498] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 527.380684][T10493] loop3: detected capacity change from 0 to 1 [ 527.387499][T10498] loop1: p3 start 225 is beyond EOD, truncated [ 527.391020][T10489] loop4: detected capacity change from 0 to 1 [ 527.393668][T10498] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 527.418912][T10493] loop3: p1 p2 p3 p4 [ 527.423254][T10493] loop3: p1 start 115140 is beyond EOD, truncated [ 527.429956][T10493] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 527.437479][T10493] loop3: p3 start 225 is beyond EOD, truncated [ 527.443633][T10493] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 527.451467][T10489] loop4: p1 p2 p3 p4 [ 527.455547][T10489] loop4: p1 start 115140 is beyond EOD, truncated [ 527.462043][T10489] loop4: p2 size 1073872896 extends beyond EOD, truncated 14:22:06 executing program 3: syz_read_part_table(0xa, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 527.477570][T10489] loop4: p3 start 225 is beyond EOD, truncated [ 527.483939][T10489] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:22:06 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:06 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2288, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:06 executing program 5 (fault-call:5 fault-nth:1): r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) 14:22:06 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800826000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:06 executing program 4: syz_read_part_table(0xb, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 527.601834][T10566] loop3: detected capacity change from 0 to 1 [ 527.648315][T10566] loop3: p1 p2 p3 p4 [ 527.652634][T10566] loop3: p1 start 115140 is beyond EOD, truncated [ 527.654840][T10574] loop1: detected capacity change from 0 to 1 [ 527.659214][T10566] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 527.678772][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 527.679617][T10571] FAULT_INJECTION: forcing a failure. [ 527.679617][T10571] name failslab, interval 1, probability 0, space 0, times 0 [ 527.686791][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 527.700062][T10566] loop3: p3 start 225 is beyond EOD, [ 527.707174][T10571] CPU: 0 PID: 10571 Comm: syz-executor.5 Not tainted 5.13.0-rc4-syzkaller #0 [ 527.707195][T10571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 527.707204][T10571] Call Trace: [ 527.707211][T10571] dump_stack+0x137/0x19d [ 527.712567][T10566] truncated [ 527.712573][T10566] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 527.712873][T10574] loop1: p1 p2 p3 p4 [ 527.721357][T10571] should_fail+0x23c/0x250 [ 527.721381][T10571] ? __anon_vma_prepare+0x92/0x2d0 [ 527.733676][T10580] loop4: detected capacity change from 0 to 1 [ 527.734890][T10571] __should_failslab+0x81/0x90 [ 527.734916][T10571] should_failslab+0x5/0x20 [ 527.734950][T10571] kmem_cache_alloc+0x46/0x2f0 [ 527.742336][T10574] loop1: p1 start 115140 is beyond EOD, [ 527.742362][T10571] ? __anon_vma_prepare+0x41/0x2d0 [ 527.749483][T10574] truncated 14:22:06 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2289, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:06 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x4b47, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:06 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x4b49, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 527.753413][T10571] __anon_vma_prepare+0x92/0x2d0 [ 527.757832][T10574] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 527.759503][T10574] loop1: p3 start 225 is beyond EOD, [ 527.762973][T10571] wp_page_copy+0xb06/0x10c0 [ 527.769068][T10574] truncated [ 527.773790][T10571] do_wp_page+0x5a8/0xba0 [ 527.773856][T10571] handle_mm_fault+0xb31/0x1a70 [ 527.778359][T10574] loop1: p4 size 3657465856 extends beyond EOD, [ 527.783086][T10571] do_user_addr_fault+0x60c/0xc00 [ 527.788975][T10574] truncated 14:22:06 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x5382, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:06 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x5385, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:06 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x5386, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 527.794067][T10571] exc_page_fault+0x94/0x230 [ 527.850600][T10571] asm_exc_page_fault+0x1e/0x30 [ 527.855598][T10571] RIP: 0010:__put_user_nocheck_4+0x3/0x11 [ 527.861507][T10571] Code: 00 00 48 39 d9 73 54 0f 1f 00 66 89 01 31 c9 0f 1f 00 c3 0f 1f 44 00 00 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 1f 00 <89> 01 31 c9 0f 1f 00 c3 66 0f 1f 44 00 00 48 bb f9 ef ff ff ff 7f [ 527.881289][T10571] RSP: 0018:ffffc90011f97df0 EFLAGS: 00010297 [ 527.887360][T10571] RAX: 0000000000000001 RBX: 00007fffffffeffd RCX: 00000000200001c0 [ 527.895329][T10571] RDX: ffffc9000332c000 RSI: 0000000000000282 RDI: ffff888152060030 [ 527.903315][T10571] RBP: ffff888152060080 R08: 0000000000000000 R09: 00018881520601c7 [ 527.911306][T10571] R10: 0000000000000021 R11: ffff88815206a040 R12: ffff888152060030 [ 527.919306][T10571] R13: 0000000000000001 R14: ffff888152060080 R15: 0000000000000282 [ 527.927398][T10571] sg_ioctl_common+0xabb/0x1770 [ 527.932409][T10571] ? iput+0xad/0x590 [ 527.936299][T10571] sg_ioctl+0x54/0xc0 [ 527.940260][T10571] ? sg_poll+0x240/0x240 [ 527.944488][T10571] __se_sys_ioctl+0xcb/0x140 [ 527.949079][T10571] __x64_sys_ioctl+0x3f/0x50 [ 527.953804][T10571] do_syscall_64+0x4a/0x90 [ 527.958224][T10571] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 527.964350][T10571] RIP: 0033:0x4665d9 [ 527.968407][T10571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 527.988034][T10571] RSP: 002b:00007fb225868188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 527.996458][T10571] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 528.004490][T10571] RDX: 00000000200001c0 RSI: 000000000000227d RDI: 0000000000000003 [ 528.012464][T10571] RBP: 00007fb2258681d0 R08: 0000000000000000 R09: 0000000000000000 [ 528.020436][T10571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 528.028476][T10571] R13: 00007ffc297abdcf R14: 00007fb225868300 R15: 0000000000022000 [ 528.077119][T10580] loop4: p1 p2 p3 p4 [ 528.081328][T10580] loop4: p1 start 115140 is beyond EOD, truncated [ 528.087781][T10580] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 528.098387][T10580] loop4: p3 start 225 is beyond EOD, truncated [ 528.104584][T10580] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 528.121226][T10566] loop3: detected capacity change from 0 to 1 [ 528.166616][T10580] loop4: detected capacity change from 0 to 1 [ 528.166746][T10566] loop3: p1 p2 p3 p4 [ 528.178407][T10566] loop3: p1 start 115140 is beyond EOD, truncated [ 528.185148][T10566] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 528.193168][T10566] loop3: p3 start 225 is beyond EOD, truncated [ 528.199463][T10566] loop3: p4 size 3657465856 extends beyond EOD, truncated 14:22:06 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x541b, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 528.220752][T10580] loop4: p1 p2 p3 p4 [ 528.224817][T10580] loop4: p1 start 115140 is beyond EOD, truncated [ 528.231421][T10580] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 528.239084][T10580] loop4: p3 start 225 is beyond EOD, truncated [ 528.245431][T10580] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:22:07 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:07 executing program 5 (fault-call:5 fault-nth:2): r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) 14:22:07 executing program 3: syz_read_part_table(0xb, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:07 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80082e000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:07 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x5421, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:07 executing program 4: syz_read_part_table(0xc, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 528.294793][ T1232] loop3: p1 p2 p3 p4 [ 528.299106][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 528.305563][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 528.313376][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 528.319583][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated 14:22:07 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x5450, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 528.342304][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 528.342576][T10640] FAULT_INJECTION: forcing a failure. [ 528.342576][T10640] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 528.350444][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 528.350896][T10642] loop1: detected capacity change from 0 to 1 [ 528.363753][T10640] CPU: 0 PID: 10640 Comm: syz-executor.5 Not tainted 5.13.0-rc4-syzkaller #0 14:22:07 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x5451, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:07 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x5452, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 528.386375][T10640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 528.396426][T10640] Call Trace: [ 528.399705][T10640] dump_stack+0x137/0x19d [ 528.404039][T10640] should_fail+0x23c/0x250 [ 528.408456][T10640] __alloc_pages+0x102/0x320 [ 528.413035][T10640] alloc_pages_vma+0x391/0x660 [ 528.417846][T10640] ? __anon_vma_prepare+0x236/0x2d0 [ 528.422576][T10655] loop4: detected capacity change from 0 to 1 [ 528.423037][T10640] wp_page_copy+0x14c/0x10c0 [ 528.433663][T10640] do_wp_page+0x5a8/0xba0 [ 528.438002][T10640] handle_mm_fault+0xb31/0x1a70 14:22:07 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x5460, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:07 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x40049409, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 528.442990][T10640] do_user_addr_fault+0x60c/0xc00 [ 528.448000][T10640] exc_page_fault+0x94/0x230 [ 528.452609][T10640] asm_exc_page_fault+0x1e/0x30 [ 528.457471][T10640] RIP: 0010:__put_user_nocheck_4+0x3/0x11 [ 528.463226][T10640] Code: 00 00 48 39 d9 73 54 0f 1f 00 66 89 01 31 c9 0f 1f 00 c3 0f 1f 44 00 00 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 1f 00 <89> 01 31 c9 0f 1f 00 c3 66 0f 1f 44 00 00 48 bb f9 ef ff ff ff 7f [ 528.482932][T10640] RSP: 0018:ffffc90000273df0 EFLAGS: 00010297 14:22:07 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:22:07 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x40086602, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 528.489050][T10640] RAX: 0000000000000001 RBX: 00007fffffffeffd RCX: 00000000200001c0 [ 528.497056][T10640] RDX: ffffc9000332c000 RSI: 0000000000000282 RDI: ffff888153bc8030 [ 528.505644][T10640] RBP: ffff888153bc8080 R08: 0000000000000000 R09: 0001888153bc81c7 [ 528.513611][T10640] R10: 0000000000000021 R11: ffff888108a75080 R12: ffff888153bc8030 [ 528.521589][T10640] R13: 0000000000000001 R14: ffff888153bc8080 R15: 0000000000000282 [ 528.529599][T10640] sg_ioctl_common+0xabb/0x1770 [ 528.534479][T10640] ? iput+0xad/0x590 [ 528.538365][T10640] sg_ioctl+0x54/0xc0 [ 528.542468][T10640] ? sg_poll+0x240/0x240 [ 528.546701][T10640] __se_sys_ioctl+0xcb/0x140 [ 528.551458][T10640] __x64_sys_ioctl+0x3f/0x50 [ 528.556048][T10640] do_syscall_64+0x4a/0x90 [ 528.560449][T10640] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 528.566326][T10640] RIP: 0033:0x4665d9 [ 528.570206][T10640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 528.589818][T10640] RSP: 002b:00007fb225868188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 528.598240][T10640] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 528.606197][T10640] RDX: 00000000200001c0 RSI: 000000000000227d RDI: 0000000000000003 [ 528.614157][T10640] RBP: 00007fb2258681d0 R08: 0000000000000000 R09: 0000000000000000 [ 528.622269][T10640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 528.630238][T10640] R13: 00007ffc297abdcf R14: 00007fb225868300 R15: 0000000000022000 14:22:07 executing program 5 (fault-call:5 fault-nth:3): r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) [ 528.652720][T10641] loop3: detected capacity change from 0 to 1 [ 528.667338][T10642] loop1: p1 p2 p3 p4 [ 528.670942][ T1232] loop4: p1 p2 p3 p4 [ 528.671550][T10642] loop1: p1 start 115140 is beyond EOD, truncated [ 528.678735][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 528.681818][T10642] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 528.688306][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 528.701146][T10642] loop1: p3 start 225 is beyond EOD, truncated [ 528.703968][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 528.708687][T10642] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 528.714933][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 528.723857][T10678] FAULT_INJECTION: forcing a failure. [ 528.723857][T10678] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 528.729340][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 528.742345][T10678] CPU: 0 PID: 10678 Comm: syz-executor.5 Not tainted 5.13.0-rc4-syzkaller #0 [ 528.750591][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 528.759505][T10678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 528.759518][T10678] Call Trace: [ 528.759525][T10678] dump_stack+0x137/0x19d [ 528.773547][T10641] loop3: p1 p2 p3 p4 [ 528.777177][T10678] should_fail+0x23c/0x250 [ 528.777200][T10678] should_fail_usercopy+0x16/0x20 [ 528.777217][T10678] _copy_to_user+0x1c/0x90 [ 528.777237][T10678] simple_read_from_buffer+0xab/0x120 [ 528.782053][T10641] loop3: p1 start 115140 is beyond EOD, [ 528.784812][T10678] proc_fail_nth_read+0xf6/0x140 [ 528.784837][T10678] ? rw_verify_area+0x136/0x250 [ 528.784877][T10678] ? proc_fault_inject_write+0x200/0x200 [ 528.784893][T10678] vfs_read+0x154/0x5d0 [ 528.784904][T10678] ? sg_ioctl_common+0xabb/0x1770 [ 528.788887][T10641] truncated [ 528.788892][T10641] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 528.791371][T10641] loop3: p3 start 225 is beyond EOD, [ 528.793312][T10678] ? __fget_light+0x21b/0x260 [ 528.798366][T10641] truncated [ 528.802756][T10678] ? __cond_resched+0x11/0x40 [ 528.808125][T10641] loop3: p4 size 3657465856 extends beyond EOD, [ 528.813726][T10678] ksys_read+0xce/0x180 [ 528.818683][T10641] truncated [ 528.823484][T10678] __x64_sys_read+0x3e/0x50 [ 528.823502][T10678] do_syscall_64+0x4a/0x90 [ 528.888663][T10678] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 528.894544][T10678] RIP: 0033:0x41935c [ 528.898514][T10678] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 528.918124][T10678] RSP: 002b:00007fb225868170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 528.926636][T10678] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000041935c [ 528.934674][T10678] RDX: 000000000000000f RSI: 00007fb2258681e0 RDI: 0000000000000005 [ 528.942641][T10678] RBP: 00007fb2258681d0 R08: 0000000000000000 R09: 0000000000000000 [ 528.950609][T10678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 528.958629][T10678] R13: 00007ffc297abdcf R14: 00007fb225868300 R15: 0000000000022000 [ 528.973878][T10655] loop4: p1 p2 p3 p4 [ 528.978324][T10655] loop4: p1 start 115140 is beyond EOD, truncated [ 528.984765][T10655] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 528.992723][T10655] loop4: p3 start 225 is beyond EOD, truncated [ 528.999171][T10655] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 529.019635][T10641] loop3: detected capacity change from 0 to 1 14:22:07 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) 14:22:07 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:22:07 executing program 3: syz_read_part_table(0xc, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 529.057501][T10641] loop3: p1 p2 p3 p4 [ 529.061709][T10641] loop3: p1 start 115140 is beyond EOD, truncated [ 529.068265][T10641] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 529.077635][T10655] loop4: detected capacity change from 0 to 1 [ 529.078301][T10641] loop3: p3 start 225 is beyond EOD, truncated [ 529.089917][T10641] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 529.114017][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 529.122313][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 529.137350][T10655] loop4: p1 p2 p3 p4 [ 529.141433][T10655] loop4: p1 start 115140 is beyond EOD, truncated [ 529.147980][T10655] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 529.164602][T10655] loop4: p3 start 225 is beyond EOD, truncated [ 529.170825][T10655] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:22:07 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x40087602, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:07 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800848000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:07 executing program 4: syz_read_part_table(0xd, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:07 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2, &(0x7f00000001c0)) 14:22:07 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x401c5820, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:07 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x1267, &(0x7f00000001c0)) 14:22:07 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x4020940d, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 529.235445][T10719] loop3: detected capacity change from 0 to 1 [ 529.243396][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 529.251455][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:08 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x80086601, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:08 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x80087601, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 529.300469][ T1232] loop3: p1 p2 p3 p4 [ 529.304661][T10739] loop1: detected capacity change from 0 to 1 [ 529.311512][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 529.317047][T10747] loop4: detected capacity change from 0 to 1 [ 529.319633][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 529.326465][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 529.339767][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated 14:22:08 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x801c581f, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 529.355904][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 529.362277][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 529.370906][T10739] loop1: p1 p2 p3 p4 [ 529.370947][T10747] loop4: p1 p2 p3 p4 [ 529.374963][T10739] loop1: p1 start 115140 is beyond EOD, truncated [ 529.378958][T10747] loop4: p1 start 115140 is beyond EOD, [ 529.385316][T10739] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 529.390870][T10739] loop1: p3 start 225 is beyond EOD, [ 529.390987][T10747] truncated [ 529.398216][T10739] truncated [ 529.403552][T10747] loop4: p2 size 1073872896 extends beyond EOD, [ 529.406645][T10739] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 529.423391][T10747] truncated [ 529.429477][T10747] loop4: p3 start 225 is beyond EOD, truncated [ 529.429763][T10719] loop3: p1 p2 p3 p4 [ 529.435663][T10747] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 529.441182][T10719] loop3: p1 start 115140 is beyond EOD, truncated [ 529.453450][T10719] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 529.461065][T10719] loop3: p3 start 225 is beyond EOD, truncated [ 529.467454][T10719] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 529.502491][T10747] loop4: detected capacity change from 0 to 1 [ 529.515512][T10719] loop3: detected capacity change from 0 to 1 [ 529.527279][ T1232] loop4: p1 p2 p3 p4 [ 529.531415][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 529.538260][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 529.539271][T10719] loop3: p1 p2 p3 p4 [ 529.546153][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 529.550261][T10719] loop3: p1 start 115140 is beyond EOD, truncated [ 529.555692][ T1232] loop4: p4 size 3657465856 extends beyond EOD, [ 529.562476][T10719] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 529.569054][ T1232] truncated [ 529.578566][T10719] loop3: p3 start 225 is beyond EOD, truncated [ 529.585485][T10719] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 529.593758][T10747] loop4: p1 p2 p3 p4 14:22:08 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0xc0045878, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 529.597838][T10747] loop4: p1 start 115140 is beyond EOD, truncated [ 529.604524][T10747] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 529.612291][T10747] loop4: p3 start 225 is beyond EOD, truncated [ 529.618517][T10747] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:22:08 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80084c000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:08 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x1274, &(0x7f00000001c0)) 14:22:08 executing program 3: syz_read_part_table(0xd, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:08 executing program 4: syz_read_part_table(0xe, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:08 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:22:08 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0xc0045878, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:08 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0xc0189436, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:08 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x1275, &(0x7f00000001c0)) [ 529.970434][T10823] loop1: detected capacity change from 0 to 1 [ 529.976595][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 529.976612][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 529.992262][T10821] loop3: detected capacity change from 0 to 1 [ 530.001685][T10827] loop4: detected capacity change from 0 to 1 14:22:08 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0xc020660b, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:08 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x1276, &(0x7f00000001c0)) 14:22:08 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0xc0481273, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:08 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 530.017087][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 530.025966][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 530.057292][T10827] loop4: p1 p2 p3 p4 [ 530.061746][T10823] loop1: p1 p2 p3 p4 [ 530.065799][T10821] loop3: p1 p2 p3 p4 [ 530.077424][T10827] loop4: p1 start 115140 is beyond EOD, truncated [ 530.079341][T10823] loop1: p1 start 115140 is beyond EOD, truncated [ 530.083899][T10827] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 530.088539][T10821] loop3: p1 start 115140 is beyond EOD, [ 530.090408][T10823] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 530.090959][T10823] loop1: p3 start 225 is beyond EOD, [ 530.097661][T10821] truncated [ 530.097666][T10821] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 530.113678][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 530.116221][T10823] truncated [ 530.116228][T10823] loop1: p4 size 3657465856 extends beyond EOD, [ 530.119345][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 530.151718][T10823] truncated [ 530.152745][T10821] loop3: p3 start 225 is beyond EOD, truncated [ 530.155183][T10827] loop4: p3 start 225 is beyond EOD, [ 530.161155][T10821] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 530.173955][T10827] truncated [ 530.177092][T10827] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 530.209135][T10821] loop3: detected capacity change from 0 to 1 14:22:08 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800860000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:08 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x2, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 530.231718][T10827] loop4: detected capacity change from 0 to 1 [ 530.255319][T10886] loop1: detected capacity change from 0 to 1 [ 530.264204][T10821] loop3: p1 p2 p3 p4 [ 530.270158][T10821] loop3: p1 start 115140 is beyond EOD, truncated [ 530.271461][T10827] loop4: p1 p2 p3 p4 [ 530.276615][T10821] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 530.283375][T10886] loop1: p1 p2 p3 p4 [ 530.292215][T10821] loop3: p3 start 225 is beyond EOD, truncated [ 530.294434][T10886] loop1: p1 start 115140 is beyond EOD, truncated [ 530.298494][T10821] loop3: p4 size 3657465856 extends beyond EOD, [ 530.304910][T10886] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 530.311255][T10821] truncated [ 530.319069][T10827] loop4: p1 start 115140 is beyond EOD, truncated 14:22:09 executing program 3: syz_read_part_table(0xe, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 530.327914][T10827] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 530.332526][T10886] loop1: p3 start 225 is beyond EOD, truncated [ 530.341335][T10886] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 530.347318][ T1232] loop3: p1 p2 p3 p4 [ 530.350194][T10827] loop4: p3 start 225 is beyond EOD, truncated [ 530.353220][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 530.358622][T10827] loop4: p4 size 3657465856 extends beyond EOD, [ 530.365038][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 530.365496][ T1232] loop3: p3 start 225 is beyond EOD, [ 530.371554][T10827] truncated [ 530.378594][ T1232] truncated [ 530.378601][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 530.435134][ T1232] loop4: p1 p2 p3 p4 [ 530.439220][T10906] loop3: detected capacity change from 0 to 1 [ 530.440938][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 530.451917][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 530.459359][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 530.465526][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 530.490080][T10906] loop3: p1 p2 p3 p4 [ 530.494183][T10906] loop3: p1 start 115140 is beyond EOD, truncated [ 530.500639][T10906] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 530.508184][T10906] loop3: p3 start 225 is beyond EOD, truncated [ 530.514580][T10906] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 530.523797][ T1232] loop3: p1 p2 p3 p4 [ 530.528284][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 530.534690][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 530.542565][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 530.548854][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 530.589203][T10906] loop3: detected capacity change from 0 to 1 [ 530.627375][T10906] loop3: p1 p2 p3 p4 [ 530.631615][T10906] loop3: p1 start 115140 is beyond EOD, truncated 14:22:09 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:22:09 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2201, &(0x7f00000001c0)) 14:22:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x2000000, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:09 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800866000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:09 executing program 4: syz_read_part_table(0xf, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 530.638061][T10906] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 530.645705][T10906] loop3: p3 start 225 is beyond EOD, truncated [ 530.652011][T10906] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 530.660599][ T1232] loop3: p1 p2 p3 p4 [ 530.664749][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 530.671355][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 530.679388][ T1232] loop3: p3 start 225 is beyond EOD, truncated 14:22:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xffffff7f, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:09 executing program 3: syz_read_part_table(0xf, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 530.685553][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 530.707122][T10955] loop1: detected capacity change from 0 to 1 [ 530.709914][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 530.721315][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 530.729186][T10958] loop4: detected capacity change from 0 to 1 14:22:09 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2202, &(0x7f00000001c0)) 14:22:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 530.747796][T10955] loop1: p1 p2 p3 p4 [ 530.755376][T10955] loop1: p1 start 115140 is beyond EOD, truncated [ 530.761858][T10955] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 530.769632][T10955] loop1: p3 start 225 is beyond EOD, truncated [ 530.771663][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 530.775797][T10955] loop1: p4 size 3657465856 extends beyond EOD, [ 530.783873][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:09 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2203, &(0x7f00000001c0)) [ 530.797882][T10955] truncated [ 530.801190][T10958] loop4: p1 p2 p3 p4 [ 530.805257][T10958] loop4: p1 start 115140 is beyond EOD, truncated [ 530.811695][T10958] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 530.819323][T10958] loop4: p3 start 225 is beyond EOD, truncated [ 530.826372][T10958] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:22:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x2, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 530.844120][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 530.852369][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 530.863944][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 530.872095][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 530.883353][T10958] loop4: detected capacity change from 0 to 1 [ 530.901871][T10999] loop3: detected capacity change from 0 to 1 [ 530.941062][T10999] loop3: p1 p2 p3 p4 [ 530.946221][T10999] loop3: p1 start 115140 is beyond EOD, truncated [ 530.952699][T10999] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 530.960422][T10999] loop3: p3 start 225 is beyond EOD, truncated [ 530.966733][T10999] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 530.999637][T10999] loop3: detected capacity change from 0 to 1 [ 531.039544][T10999] loop3: p1 p2 p3 p4 [ 531.043712][T10999] loop3: p1 start 115140 is beyond EOD, truncated [ 531.050183][T10999] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 531.057909][T10999] loop3: p3 start 225 is beyond EOD, truncated [ 531.064569][T10999] loop3: p4 size 3657465856 extends beyond EOD, truncated 14:22:09 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:22:09 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800868000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:09 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2205, &(0x7f00000001c0)) 14:22:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:09 executing program 4: syz_read_part_table(0x10, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:09 executing program 3: syz_read_part_table(0x10, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x2, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 531.135667][T11028] loop1: detected capacity change from 0 to 1 [ 531.137112][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 531.150136][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 531.158574][T11029] loop4: detected capacity change from 0 to 1 [ 531.159890][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 531.172926][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 531.183825][ T1232] loop3: p1 p2 p3 p4 [ 531.187255][T11028] loop1: p1 p2 p3 p4 [ 531.190531][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 531.192292][T11028] loop1: p1 start 115140 is beyond EOD, truncated [ 531.198612][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 531.205029][T11028] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 531.210123][T11028] loop1: p3 start 225 is beyond EOD, truncated [ 531.222350][T11029] loop4: p1 p2 p3 p4 14:22:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x2, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:09 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2270, &(0x7f00000001c0)) 14:22:09 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x2000000, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 531.225442][T11028] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 531.237948][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 531.244193][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 531.261313][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 531.269448][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 531.277745][T11029] loop4: p1 start 115140 is beyond EOD, truncated 14:22:10 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80086c000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 531.284208][T11029] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 531.299455][T11029] loop4: p3 start 225 is beyond EOD, truncated [ 531.305650][T11029] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 531.321484][T11064] loop1: detected capacity change from 0 to 1 [ 531.347468][T11061] loop3: detected capacity change from 0 to 1 [ 531.367310][T11064] loop1: p1 p2 p3 p4 [ 531.371459][T11029] loop4: detected capacity change from 0 to 1 [ 531.371525][T11064] loop1: p1 start 115140 is beyond EOD, truncated [ 531.384186][T11064] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 531.391846][T11061] loop3: p1 p2 p3 p4 [ 531.392058][T11064] loop1: p3 start 225 is beyond EOD, truncated [ 531.397853][T11029] loop4: p1 p2 p3 p4 [ 531.403315][T11064] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 531.415657][T11061] loop3: p1 start 115140 is beyond EOD, truncated [ 531.416584][T11029] loop4: p1 start 115140 is beyond EOD, [ 531.422191][T11061] loop3: p2 size 1073872896 extends beyond EOD, [ 531.422231][T11029] truncated [ 531.428112][T11061] truncated [ 531.434454][T11029] loop4: p2 size 1073872896 extends beyond EOD, [ 531.438176][T11061] loop3: p3 start 225 is beyond EOD, [ 531.440686][T11029] truncated [ 531.442137][ T1232] loop1: p1 p2 p3 p4 [ 531.447007][T11061] truncated [ 531.452781][ T1232] loop1: p1 start 115140 is beyond EOD, [ 531.455551][T11061] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 531.467477][T11029] loop4: p3 start 225 is beyond EOD, [ 531.468436][ T1232] truncated [ 531.475585][T11029] truncated [ 531.475590][T11029] loop4: p4 size 3657465856 extends beyond EOD, [ 531.480958][ T1232] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 531.483065][ T1232] loop1: p3 start 225 is beyond EOD, [ 531.484120][T11029] truncated [ 531.487259][ T1232] truncated [ 531.487264][ T1232] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 531.522441][T11061] loop3: detected capacity change from 0 to 1 [ 531.567406][ T1232] loop3: p1 p2 p3 p4 [ 531.571520][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 531.577974][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 531.585862][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 531.592114][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 531.601435][T11061] loop3: p1 p2 p3 p4 [ 531.605647][T11061] loop3: p1 start 115140 is beyond EOD, truncated [ 531.612107][T11061] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 531.620924][T11061] loop3: p3 start 225 is beyond EOD, truncated [ 531.627372][T11061] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 531.666056][ T1232] loop3: p1 p2 p3 p4 [ 531.670877][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 531.677481][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 531.685059][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 531.691326][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated 14:22:10 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:22:10 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0xffffff7f, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:10 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2271, &(0x7f00000001c0)) 14:22:10 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800874000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:10 executing program 4: syz_read_part_table(0x11, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:10 executing program 3: syz_read_part_table(0x11, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:10 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130477c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:10 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2272, &(0x7f00000001c0)) 14:22:10 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130677c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 531.996704][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 532.004841][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 532.010474][T11145] loop4: detected capacity change from 0 to 1 [ 532.018797][T11142] loop3: detected capacity change from 0 to 1 [ 532.020238][T11143] loop1: detected capacity change from 0 to 1 [ 532.057472][T11142] loop3: p1 p2 p3 p4 [ 532.061618][T11142] loop3: p1 start 115140 is beyond EOD, truncated [ 532.068162][T11142] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 532.077832][T11145] loop4: p1 p2 p3 p4 [ 532.082240][T11145] loop4: p1 start 115140 is beyond EOD, truncated [ 532.087403][T11143] loop1: p1 p2 p3 p4 [ 532.088843][T11145] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 532.092885][T11143] loop1: p1 start 115140 is beyond EOD, truncated [ 532.103167][T11142] loop3: p3 start 225 is beyond EOD, [ 532.106555][T11143] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 532.113691][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 532.119103][T11142] truncated [ 532.119109][T11142] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 532.127289][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 532.133469][T11143] loop1: p3 start 225 is beyond EOD, truncated 14:22:10 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2275, &(0x7f00000001c0)) 14:22:10 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400430b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 532.151922][T11143] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 532.160320][T11145] loop4: p3 start 225 is beyond EOD, truncated [ 532.166536][T11145] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 532.185139][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 532.193355][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 532.204224][ T1232] loop4: p1 p2 p3 p4 14:22:10 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2276, &(0x7f00000001c0)) [ 532.209627][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 532.216071][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 532.233009][T11142] loop3: detected capacity change from 0 to 1 [ 532.239562][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 532.245783][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 532.245806][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 532.261569][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 532.277420][T11142] loop3: p1 p2 p3 p4 [ 532.282703][T11142] loop3: p1 start 115140 is beyond EOD, truncated [ 532.289367][T11142] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 532.299745][T11142] loop3: p3 start 225 is beyond EOD, truncated [ 532.305932][T11142] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 532.329676][ T1232] loop3: p1 p2 p3 p4 [ 532.333876][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 532.340432][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 532.348310][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 532.355072][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated 14:22:11 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:11 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400630b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:11 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2279, &(0x7f00000001c0)) 14:22:11 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80087a000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:11 executing program 4: syz_read_part_table(0x12, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:11 executing program 3: syz_read_part_table(0x12, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:11 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:11 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227a, &(0x7f00000001c0)) [ 532.722552][T11225] loop3: detected capacity change from 0 to 1 [ 532.728938][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 532.731355][T11228] loop1: detected capacity change from 0 to 1 [ 532.737069][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 532.748433][T11231] loop4: detected capacity change from 0 to 1 14:22:11 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x2, 0x0, 0x0, 0x0}) [ 532.779467][T11225] loop3: p1 p2 p3 p4 [ 532.783620][T11225] loop3: p1 start 115140 is beyond EOD, truncated [ 532.790282][T11225] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 532.798847][T11225] loop3: p3 start 225 is beyond EOD, truncated [ 532.805307][T11225] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 532.805985][T11231] loop4: p1 p2 p3 p4 [ 532.816577][T11228] loop1: p1 p2 p3 p4 [ 532.823190][T11228] loop1: p1 start 115140 is beyond EOD, truncated 14:22:11 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x2000000, 0x0, 0x0, 0x0}) [ 532.824686][T11231] loop4: p1 start 115140 is beyond EOD, truncated [ 532.829705][T11228] loop1: p2 size 1073872896 extends beyond EOD, [ 532.836103][T11231] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 532.849903][T11228] truncated [ 532.853129][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 532.861166][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 532.867595][T11231] loop4: p3 start 225 is beyond EOD, truncated 14:22:11 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0xffffff7f, 0x0, 0x0, 0x0}) 14:22:11 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227b, &(0x7f00000001c0)) [ 532.874918][T11231] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 532.894536][T11228] loop1: p3 start 225 is beyond EOD, truncated [ 532.900872][T11228] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 532.908624][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 532.916661][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 532.939076][T11225] loop3: detected capacity change from 0 to 1 [ 532.947545][T11231] loop4: detected capacity change from 0 to 1 [ 532.977560][T11225] loop3: p1 p2 p3 p4 [ 532.981963][T11225] loop3: p1 start 115140 is beyond EOD, truncated [ 532.988462][T11225] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 532.995994][T11231] loop4: p1 p2 p3 p4 [ 533.002218][T11225] loop3: p3 start 225 is beyond EOD, truncated [ 533.004876][T11231] loop4: p1 start 115140 is beyond EOD, truncated [ 533.008570][T11225] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 533.015003][T11231] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 533.033225][T11231] loop4: p3 start 225 is beyond EOD, truncated [ 533.039530][T11231] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 533.078290][ T1232] loop4: p1 p2 p3 p4 [ 533.084430][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 533.091067][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 533.099043][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 533.105226][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:22:11 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:11 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227c, &(0x7f00000001c0)) 14:22:11 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:11 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800890000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:11 executing program 3: syz_read_part_table(0x13, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:11 executing program 4: syz_read_part_table(0x13, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:11 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x2, 0x0, 0x0}) 14:22:11 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x2000000, 0x0, 0x0}) 14:22:11 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227e, &(0x7f00000001c0)) [ 533.243505][T11314] loop4: detected capacity change from 0 to 1 [ 533.258754][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 533.266785][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:12 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0xffffff7f, 0x0, 0x0}) [ 533.294562][T11321] loop3: detected capacity change from 0 to 1 [ 533.300742][T11322] loop1: detected capacity change from 0 to 1 [ 533.310483][T11314] loop4: p1 p2 p3 p4 [ 533.319610][T11314] loop4: p1 start 115140 is beyond EOD, truncated [ 533.326084][T11314] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 533.333306][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 14:22:12 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227f, &(0x7f00000001c0)) [ 533.341437][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 533.349780][T11314] loop4: p3 start 225 is beyond EOD, truncated [ 533.355959][T11314] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 533.366599][T11321] loop3: p1 p2 p3 p4 [ 533.368077][T11322] loop1: p1 p2 p3 p4 [ 533.371308][T11321] loop3: p1 start 115140 is beyond EOD, truncated [ 533.378104][T11322] loop1: p1 start 115140 is beyond EOD, truncated [ 533.381367][T11321] loop3: p2 size 1073872896 extends beyond EOD, truncated 14:22:12 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 533.387783][T11322] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 533.395206][T11321] loop3: p3 start 225 is beyond EOD, truncated [ 533.408238][T11321] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 533.424394][T11314] loop4: detected capacity change from 0 to 1 [ 533.437303][T11322] loop1: p3 start 225 is beyond EOD, truncated [ 533.443503][T11322] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 533.451271][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 533.459303][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 533.492609][T11314] loop4: p1 p2 p3 p4 [ 533.508759][T11314] loop4: p1 start 115140 is beyond EOD, truncated [ 533.515220][T11314] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 533.524363][T11314] loop4: p3 start 225 is beyond EOD, truncated [ 533.530795][T11314] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 533.578418][ T1232] loop4: p1 p2 p3 p4 [ 533.582529][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 533.589102][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 533.596666][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 533.602926][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:22:12 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:12 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x2, 0x0}) 14:22:12 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2282, &(0x7f00000001c0)) 14:22:12 executing program 3: syz_read_part_table(0x24, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:12 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf8008c0000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:12 executing program 4: syz_read_part_table(0x24, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:12 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x2000000, 0x0}) 14:22:12 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2283, &(0x7f00000001c0)) [ 534.105043][T11393] loop3: detected capacity change from 0 to 1 [ 534.108895][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 534.119542][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 534.123287][T11395] loop1: detected capacity change from 0 to 1 [ 534.127070][T11399] loop4: detected capacity change from 0 to 1 14:22:12 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2284, &(0x7f00000001c0)) [ 534.154922][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 534.162993][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 534.171493][T11393] loop3: p1 p2 p3 p4 [ 534.176487][T11399] loop4: p1 p2 p3 p4 [ 534.180079][T11393] loop3: p1 start 115140 is beyond EOD, truncated [ 534.186917][T11393] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 534.191923][T11399] loop4: p1 start 115140 is beyond EOD, truncated [ 534.194522][T11395] loop1: p1 p2 p3 p4 [ 534.200600][T11399] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 534.204769][T11395] loop1: p1 start 115140 is beyond EOD, truncated [ 534.218259][T11395] loop1: p2 size 1073872896 extends beyond EOD, truncated [ 534.225931][T11395] loop1: p3 start 225 is beyond EOD, truncated [ 534.232149][T11395] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 534.243094][T11393] loop3: p3 start 225 is beyond EOD, truncated 14:22:12 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0xffffff7f, 0x0}) 14:22:13 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2285, &(0x7f00000001c0)) 14:22:13 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 534.243931][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 534.249296][T11393] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 534.255946][T11399] loop4: p3 start 225 is beyond EOD, [ 534.257594][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 534.264665][T11399] truncated [ 534.264671][T11399] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 534.386692][T11399] loop4: detected capacity change from 0 to 1 [ 534.389810][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 534.400787][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 534.409309][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 534.417451][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 534.463600][T11399] loop4: p1 p2 p3 p4 [ 534.468064][T11399] loop4: p1 start 115140 is beyond EOD, truncated [ 534.474504][T11399] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 534.483683][T11399] loop4: p3 start 225 is beyond EOD, truncated [ 534.489895][T11399] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:22:13 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, 0x0) clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0) 14:22:13 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf8008cd010000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:13 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) 14:22:13 executing program 3: syz_read_part_table(0x25, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:13 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2286, &(0x7f00000001c0)) 14:22:13 executing program 4: syz_read_part_table(0x25, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:13 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, 0x0) clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0) 14:22:13 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 534.967802][T11472] loop3: detected capacity change from 0 to 1 [ 534.974272][T11474] loop1: detected capacity change from 0 to 1 [ 534.974312][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 534.987753][T11478] loop4: detected capacity change from 0 to 1 [ 534.988490][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 535.007574][T11472] loop3: p1 p2 p3 p4 14:22:13 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2287, &(0x7f00000001c0)) 14:22:13 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, 0x0) clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0) 14:22:13 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:13 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) [ 535.017701][T11474] loop1: p1 p2 p3 p4 [ 535.028953][T11474] loop1: p1 start 115140 is beyond EOD, truncated [ 535.035576][T11474] loop1: p2 start 1 is beyond EOD, truncated [ 535.041622][T11474] loop1: p3 start 225 is beyond EOD, truncated [ 535.047967][T11474] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 535.057527][T11472] loop3: p1 start 115140 is beyond EOD, truncated 14:22:13 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 535.063981][T11472] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 535.072331][T11478] loop4: p1 p2 p3 p4 [ 535.076495][T11478] loop4: p1 start 115140 is beyond EOD, truncated [ 535.083038][T11478] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 535.091641][T11478] loop4: p3 start 225 is beyond EOD, truncated [ 535.097836][T11478] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:22:13 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800804020000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:13 executing program 4: syz_read_part_table(0x26, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 535.135817][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 535.136767][T11472] loop3: p3 start 225 is beyond EOD, truncated [ 535.143880][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 535.150262][T11472] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 535.185368][T11518] loop1: detected capacity change from 0 to 1 [ 535.202113][T11472] loop3: detected capacity change from 0 to 1 [ 535.208540][T11528] loop4: detected capacity change from 0 to 1 [ 535.237570][T11472] loop3: p1 p2 p3 p4 [ 535.239644][T11518] loop1: p1 p2 p3 p4 [ 535.242039][T11472] loop3: p1 start 115140 is beyond EOD, truncated [ 535.245620][T11528] loop4: p1 p2 p3 p4 [ 535.252038][T11472] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 535.259556][T11518] loop1: p1 start 115140 is beyond EOD, truncated [ 535.264432][T11472] loop3: p3 start 225 is beyond EOD, truncated [ 535.269776][T11518] loop1: p2 start 2 is beyond EOD, truncated [ 535.275916][T11472] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 535.281997][T11518] loop1: p3 start 225 is beyond EOD, truncated [ 535.282011][T11518] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 535.287854][T11528] loop4: p1 start 115140 is beyond EOD, truncated [ 535.308983][T11528] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 535.316354][T11528] loop4: p3 start 225 is beyond EOD, truncated [ 535.322641][T11528] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 535.331440][ T1232] loop4: p1 p2 p3 p4 14:22:14 executing program 3: syz_read_part_table(0x26, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:14 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) 14:22:14 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2288, &(0x7f00000001c0)) 14:22:14 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800878020000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 535.335484][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 535.341960][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 535.360835][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 535.368993][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 535.381818][ T1232] loop4: p3 start 225 is beyond EOD, truncated 14:22:14 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:14 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) [ 535.388043][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 535.389728][T11560] loop1: detected capacity change from 0 to 1 [ 535.402551][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 535.410608][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 535.423138][T11563] loop3: detected capacity change from 0 to 1 14:22:14 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 535.449457][T11560] loop1: p1 p2 p3 p4 [ 535.451974][T11528] loop4: detected capacity change from 0 to 1 [ 535.453562][T11560] loop1: p1 start 115140 is beyond EOD, truncated [ 535.465962][T11560] loop1: p2 start 2 is beyond EOD, truncated [ 535.471975][T11560] loop1: p3 start 225 is beyond EOD, truncated [ 535.478222][T11560] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 535.485842][ T1232] loop3: p1 p2 p3 p4 [ 535.490060][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 535.490163][T11528] loop4: p1 p2 p3 p4 [ 535.496660][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 535.503559][T11528] loop4: p1 start 115140 is beyond EOD, truncated [ 535.510154][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 535.514221][T11528] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 535.520486][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 535.529334][T11563] loop3: p1 p2 p3 p4 [ 535.540214][T11528] loop4: p3 start 225 is beyond EOD, [ 535.540221][T11563] loop3: p1 start 115140 is beyond EOD, truncated [ 535.545669][T11528] truncated [ 535.552137][T11563] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 535.555216][T11528] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 535.563233][T11563] loop3: p3 start 225 is beyond EOD, truncated [ 535.575710][T11563] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 535.621156][T11563] loop3: detected capacity change from 0 to 1 [ 535.657603][T11563] loop3: p1 p2 p3 p4 [ 535.661668][T11563] loop3: p1 start 115140 is beyond EOD, truncated [ 535.668420][T11563] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 535.676900][T11563] loop3: p3 start 225 is beyond EOD, truncated [ 535.683125][T11563] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 535.691751][ T1232] loop3: p1 p2 p3 p4 [ 535.695815][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 535.702356][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 535.710186][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 535.716452][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated 14:22:14 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) 14:22:14 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x2289, &(0x7f00000001c0)) 14:22:14 executing program 4: syz_read_part_table(0x2e, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:14 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:14 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800800030000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:14 executing program 3: syz_read_part_table(0x2e, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:14 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 535.921682][T11633] loop3: detected capacity change from 0 to 1 [ 535.923320][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 535.929287][T11635] loop1: detected capacity change from 0 to 1 [ 535.935816][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 535.936028][T11634] loop4: detected capacity change from 0 to 1 [ 535.957525][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 14:22:14 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) 14:22:14 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x4b47, &(0x7f00000001c0)) 14:22:14 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 535.965714][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 535.978858][T11633] loop3: p1 p2 p3 p4 [ 535.983211][T11633] loop3: p1 start 115140 is beyond EOD, truncated [ 535.989690][T11633] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 535.998433][T11633] loop3: p3 start 225 is beyond EOD, truncated [ 536.004816][T11633] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 536.021179][T11635] loop1: p1 p2 p3 p4 [ 536.025427][T11635] loop1: p1 start 115140 is beyond EOD, truncated [ 536.025946][T11634] loop4: p1 p2 p3 p4 [ 536.031877][T11635] loop1: p2 start 3 is beyond EOD, truncated [ 536.031894][T11635] loop1: p3 start 225 is beyond EOD, truncated [ 536.031905][T11635] loop1: p4 size 3657465856 extends beyond EOD, [ 536.037105][T11634] loop4: p1 start 115140 is beyond EOD, [ 536.041895][T11635] truncated [ 536.054412][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 14:22:14 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800874030000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:14 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) 14:22:14 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x4b49, &(0x7f00000001c0)) [ 536.054429][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 536.078718][T11634] truncated [ 536.081864][T11634] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 536.095834][T11634] loop4: p3 start 225 is beyond EOD, truncated [ 536.102128][T11634] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:22:14 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}) [ 536.117753][T11633] loop3: detected capacity change from 0 to 1 [ 536.140378][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 536.148428][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 536.178695][T11633] loop3: p1 p2 p3 p4 [ 536.183032][T11633] loop3: p1 start 115140 is beyond EOD, truncated [ 536.187211][T11634] loop4: detected capacity change from 0 to 1 [ 536.189483][T11633] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 536.202977][T11633] loop3: p3 start 225 is beyond EOD, truncated [ 536.209296][T11633] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 536.216795][T11677] loop1: detected capacity change from 0 to 1 [ 536.217032][T11634] loop4: p1 p2 p3 p4 [ 536.227006][T11634] loop4: p1 start 115140 is beyond EOD, truncated [ 536.233453][T11634] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 536.241227][T11634] loop4: p3 start 225 is beyond EOD, truncated [ 536.247628][T11634] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 536.283999][T11677] loop1: p1 p2 p3 p4 [ 536.288856][T11677] loop1: p1 start 115140 is beyond EOD, truncated [ 536.293646][ T1232] loop3: p1 p2 p3 p4 [ 536.295385][T11677] loop1: p2 start 3 is beyond EOD, truncated [ 536.299881][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 536.305374][T11677] loop1: p3 start 225 is beyond EOD, truncated [ 536.311841][ T1232] loop3: p2 size 1073872896 extends beyond EOD, [ 536.317971][T11677] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 536.331671][ T1232] truncated [ 536.335467][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 536.341781][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated 14:22:15 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:15 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x5382, &(0x7f00000001c0)) 14:22:15 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f}) 14:22:15 executing program 3: syz_read_part_table(0x48, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:15 executing program 4: syz_read_part_table(0x48, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:15 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf80089a030000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:15 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:15 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x5385, &(0x7f00000001c0)) 14:22:15 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) [ 536.581229][T11715] loop3: detected capacity change from 0 to 1 [ 536.589673][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 536.594292][T11723] loop4: detected capacity change from 0 to 1 [ 536.597899][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 536.608655][T11725] loop1: detected capacity change from 0 to 1 [ 536.654195][T11715] loop3: p1 p2 p3 p4 [ 536.661264][T11723] loop4: p1 p2 p3 p4 [ 536.665903][T11725] loop1: p1 p2 p3 p4 [ 536.670208][T11725] loop1: p1 start 115140 is beyond EOD, truncated [ 536.670347][T11723] loop4: p1 start 115140 is beyond EOD, truncated [ 536.676667][T11725] loop1: p2 start 3 is beyond EOD, [ 536.683074][T11723] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 536.684634][T11715] loop3: p1 start 115140 is beyond EOD, [ 536.688314][T11725] truncated [ 536.695405][T11715] truncated [ 536.695411][T11715] loop3: p2 size 1073872896 extends beyond EOD, [ 536.701078][T11725] loop1: p3 start 225 is beyond EOD, [ 536.704225][T11715] truncated [ 536.720112][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 536.722158][T11725] truncated [ 536.722165][T11725] loop1: p4 size 3657465856 extends beyond EOD, [ 536.730192][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 536.733278][T11725] truncated 14:22:15 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}) 14:22:15 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800802040000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:15 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x5386, &(0x7f00000001c0)) [ 536.753901][T11723] loop4: p3 start 225 is beyond EOD, truncated [ 536.757950][T11715] loop3: p3 start 225 is beyond EOD, truncated [ 536.760277][T11723] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 536.766532][T11715] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 536.782337][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 536.790605][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 536.834444][T11715] loop3: detected capacity change from 0 to 1 [ 536.840626][T11723] loop4: detected capacity change from 0 to 1 [ 536.840704][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 536.854858][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 536.882289][T11771] loop1: detected capacity change from 0 to 1 [ 536.935782][T11723] loop4: p1 p2 p3 p4 [ 536.938485][T11771] loop1: p1 p2 p3 p4 [ 536.942172][T11723] loop4: p1 start 115140 is beyond EOD, truncated [ 536.943946][T11715] loop3: p1 p2 p3 p4 [ 536.950217][T11723] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 536.958669][T11771] loop1: p1 start 115140 is beyond EOD, truncated [ 536.967959][T11771] loop1: p2 start 4 is beyond EOD, truncated [ 536.973970][T11771] loop1: p3 start 225 is beyond EOD, truncated [ 536.979219][T11715] loop3: p1 start 115140 is beyond EOD, 14:22:15 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)) clock_nanosleep(0x8, 0x0, 0x0, 0x0) 14:22:15 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f}) 14:22:15 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x541b, &(0x7f00000001c0)) [ 536.980135][T11771] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 536.980127][T11715] truncated [ 536.991580][T11723] loop4: p3 start 225 is beyond EOD, [ 536.993074][T11715] loop3: p2 size 1073872896 extends beyond EOD, [ 536.996263][T11723] truncated [ 536.996268][T11723] loop4: p4 size 3657465856 extends beyond EOD, [ 537.001747][T11715] truncated [ 537.013089][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 537.018031][T11723] truncated [ 537.021297][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 537.061260][T11715] loop3: p3 start 225 is beyond EOD, truncated [ 537.067555][T11715] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 537.075997][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 537.084108][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:15 executing program 3: syz_read_part_table(0x4c, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:15 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800806040000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:15 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)) clock_nanosleep(0x8, 0x0, 0x0, 0x0) 14:22:15 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:15 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x5421, &(0x7f00000001c0)) 14:22:15 executing program 4: syz_read_part_table(0x4c, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 537.128192][ T1232] loop4: p1 p2 p3 p4 [ 537.132406][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 537.138892][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 537.147030][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 537.153322][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:22:15 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)) clock_nanosleep(0x8, 0x0, 0x0, 0x0) 14:22:15 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) 14:22:15 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x5450, &(0x7f00000001c0)) [ 537.174852][T11801] loop1: detected capacity change from 0 to 1 [ 537.181028][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 537.189158][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:15 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, 0x0}, 0x0) 14:22:15 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}) 14:22:15 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f}) [ 537.226436][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 537.234572][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 537.245303][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 537.253427][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 537.275402][T11801] loop1: p1 p2 p3 p4 [ 537.281441][T11801] loop1: p1 start 115140 is beyond EOD, truncated [ 537.288041][T11801] loop1: p2 start 4 is beyond EOD, truncated [ 537.289096][T11829] loop3: detected capacity change from 0 to 1 [ 537.294109][T11801] loop1: p3 start 225 is beyond EOD, truncated [ 537.294124][T11801] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 537.368286][ T1232] loop3: p1 p2 p3 p4 [ 537.369397][T11838] loop4: detected capacity change from 0 to 1 [ 537.378114][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 537.384774][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 537.392815][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 537.397797][T11838] loop4: p1 p2 p3 p4 [ 537.399075][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 537.404118][T11838] loop4: p1 start 115140 is beyond EOD, truncated [ 537.416782][T11838] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 537.425689][T11829] loop3: p1 p2 p3 p4 [ 537.430582][T11829] loop3: p1 start 115140 is beyond EOD, truncated [ 537.437250][T11829] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 537.438750][T11838] loop4: p3 start 225 is beyond EOD, truncated [ 537.448221][T11829] loop3: p3 start 225 is beyond EOD, truncated [ 537.451026][T11838] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 537.457236][T11829] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 537.540404][T11838] loop4: detected capacity change from 0 to 1 [ 537.546278][T11829] loop3: detected capacity change from 0 to 1 [ 537.598828][T11829] loop3: p1 p2 p3 p4 [ 537.599299][T11838] loop4: p1 p2 p3 p4 [ 537.603127][T11829] loop3: p1 start 115140 is beyond EOD, truncated [ 537.607249][T11838] loop4: p1 start 115140 is beyond EOD, truncated [ 537.613646][T11829] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 537.620067][T11838] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 537.628115][T11829] loop3: p3 start 225 is beyond EOD, truncated [ 537.637686][T11838] loop4: p3 start 225 is beyond EOD, truncated 14:22:16 executing program 3: syz_read_part_table(0x60, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:16 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, 0x0}, 0x0) 14:22:16 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x5451, &(0x7f00000001c0)) 14:22:16 executing program 0: syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @buffer={0x0, 0x16, &(0x7f0000000000)=""/22}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:16 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800880040000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 537.640559][T11829] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 537.646661][T11838] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 537.662030][ T1232] loop3: p1 p2 p3 p4 [ 537.666100][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 537.672639][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 537.683161][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 537.689364][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated 14:22:16 executing program 4: syz_read_part_table(0x60, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:16 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = ioctl$NS_GET_PARENT(r2, 0xb702, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r5, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) poll(&(0x7f0000000080)=[{r1, 0x250}, {r2}, {0xffffffffffffffff, 0x1000}, {r3, 0x2000}, {r4}], 0x5, 0x4) ioctl$SCSI_IOCTL_STOP_UNIT(r2, 0x6) [ 537.699662][T11881] loop1: detected capacity change from 0 to 1 [ 537.709844][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 537.717908][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:16 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x5452, &(0x7f00000001c0)) 14:22:16 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)) clock_nanosleep(0x8, 0x0, &(0x7f0000000280)={0x0, 0x0}, 0x0) [ 537.748917][T11881] loop1: p1 p2 p3 p4 [ 537.760393][T11881] loop1: p1 start 115140 is beyond EOD, truncated [ 537.766853][T11881] loop1: p2 start 4 is beyond EOD, truncated [ 537.767247][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 537.772867][T11881] loop1: p3 start 225 is beyond EOD, truncated [ 537.780874][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:16 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:16 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x5460, &(0x7f00000001c0)) 14:22:16 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x100000000000000, 0x80002) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000080)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, &(0x7f00000001c0)}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0xf7fffffe, 0x0}) [ 537.787358][T11881] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 537.795603][T11890] loop3: detected capacity change from 0 to 1 [ 537.815954][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 537.824004][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 537.871299][ T1232] loop3: p1 p2 p3 p4 [ 537.872830][T11914] loop4: detected capacity change from 0 to 1 [ 537.875480][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 537.887861][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 537.895027][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 537.895046][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 537.911090][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 537.917388][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 537.926337][T11890] loop3: p1 p2 p3 p4 [ 537.930766][T11914] loop4: p1 p2 p3 p4 [ 537.930807][T11890] loop3: p1 start 115140 is beyond EOD, truncated [ 537.935165][T11914] loop4: p1 start 115140 is beyond EOD, truncated [ 537.941514][T11890] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 537.948053][T11914] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 537.957201][T11890] loop3: p3 start 225 is beyond EOD, truncated [ 537.963069][T11914] loop4: p3 start 225 is beyond EOD, truncated [ 537.968663][T11890] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 537.982095][T11914] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 538.019513][T11890] __loop_clr_fd: partition scan of loop3 failed (rc=-16) [ 538.038305][T11890] loop3: detected capacity change from 0 to 1 [ 538.050339][T11914] loop4: detected capacity change from 0 to 1 [ 538.068476][T11890] loop3: p1 p2 p3 p4 [ 538.072656][T11890] loop3: p1 start 115140 is beyond EOD, truncated [ 538.079130][T11890] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 538.086650][T11890] loop3: p3 start 225 is beyond EOD, truncated [ 538.087898][T11914] loop4: p1 p2 p3 p4 [ 538.092847][T11890] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 538.097216][T11914] loop4: p1 start 115140 is beyond EOD, truncated [ 538.110763][T11914] loop4: p2 size 1073872896 extends beyond EOD, truncated 14:22:16 executing program 3: syz_read_part_table(0x68, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:16 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf8008f5040000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:16 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r2, 0x1}, {}], 0x3, 0x80000006) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000640)={0x0, 0xfffffffffffffffe, 0x26, 0xff, @buffer={0x0, 0x6f, &(0x7f00000004c0)=""/111}, &(0x7f0000000200)="bf09580ca810e005c96df0c36c7980e4d0d87aa9807865784af2ab589e53956e4d8aabd59255", &(0x7f0000000540)=""/231, 0x2, 0x20, 0x0, &(0x7f0000000400)}) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=ANY=[@ANYBLOB="26100000", @ANYRES16=r4, @ANYBLOB="010000000000000000001a000000"], 0x14}}, 0x0) readv(r3, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/141, 0x8d}, {&(0x7f00000000c0)=""/155, 0x9b}], 0x2) 14:22:16 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x40049409, &(0x7f00000001c0)) 14:22:16 executing program 4: syz_read_part_table(0x68, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 538.119412][T11914] loop4: p3 start 225 is beyond EOD, truncated [ 538.126204][T11914] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 538.135467][ T1232] loop4: p1 p2 p3 p4 [ 538.139856][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 538.146285][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 538.154517][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 538.160939][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:22:16 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x40086602, &(0x7f00000001c0)) [ 538.182492][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 538.190811][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 538.199049][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 538.207188][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 538.207612][T11963] loop1: detected capacity change from 0 to 1 [ 538.224050][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 14:22:16 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x40087602, &(0x7f00000001c0)) [ 538.232214][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 538.239061][T11979] loop3: detected capacity change from 0 to 1 [ 538.255509][T11974] loop4: detected capacity change from 0 to 1 [ 538.259853][T11963] loop1: p1 p2 p3 p4 [ 538.265853][T11963] loop1: p1 start 115140 is beyond EOD, truncated [ 538.272399][T11963] loop1: p2 start 4 is beyond EOD, truncated [ 538.278408][T11963] loop1: p3 start 225 is beyond EOD, truncated [ 538.284591][T11963] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 538.307977][T11974] loop4: p1 p2 p3 p4 [ 538.312313][T11979] loop3: p1 p2 p3 p4 [ 538.312389][T11974] loop4: p1 start 115140 is beyond EOD, truncated [ 538.316708][T11979] loop3: p1 start 115140 is beyond EOD, truncated 14:22:17 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800800050000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 538.322878][T11974] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 538.329307][T11979] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 538.344912][T11974] loop4: p3 start 225 is beyond EOD, truncated [ 538.351145][T11974] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 538.365574][T11979] loop3: p3 start 225 is beyond EOD, truncated [ 538.367643][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 14:22:17 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x401c5820, &(0x7f00000001c0)) [ 538.372063][T11979] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 538.380074][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 538.397270][ T1232] loop3: p1 p2 p3 p4 [ 538.401560][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 538.408167][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 538.417508][T12006] loop1: detected capacity change from 0 to 1 [ 538.420532][ T1232] loop3: p3 start 225 is beyond EOD, truncated 14:22:17 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:17 executing program 4: syz_read_part_table(0x6c, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 538.429891][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 538.452744][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 538.460937][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 538.469266][T12006] loop1: p1 p2 p3 p4 [ 538.473565][T12006] loop1: p1 start 115140 is beyond EOD, truncated 14:22:17 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x4020940d, &(0x7f00000001c0)) [ 538.480135][T12006] loop1: p2 start 5 is beyond EOD, truncated [ 538.486329][T12006] loop1: p3 start 225 is beyond EOD, truncated [ 538.492631][T12006] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 538.500766][T12020] loop4: detected capacity change from 0 to 1 [ 538.511161][T11979] loop3: detected capacity change from 0 to 1 [ 538.518352][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 538.526463][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 538.534429][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 538.542434][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 538.557775][T12020] loop4: p1 p2 p3 p4 [ 538.562067][T12020] loop4: p1 start 115140 is beyond EOD, truncated [ 538.568546][T12020] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 538.577594][ T1232] loop3: p1 p2 p3 p4 [ 538.578610][T12020] loop4: p3 start 225 is beyond EOD, truncated [ 538.587585][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 538.588055][T12020] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 538.594674][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 538.610327][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 538.616670][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 538.627541][T11979] loop3: p1 p2 p3 p4 [ 538.631831][T11979] loop3: p1 start 115140 is beyond EOD, truncated [ 538.638496][T11979] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 538.646323][T11979] loop3: p3 start 225 is beyond EOD, truncated [ 538.652641][T11979] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 538.658345][T12020] loop4: detected capacity change from 0 to 1 14:22:17 executing program 3: syz_read_part_table(0x6c, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:17 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x80086601, &(0x7f00000001c0)) [ 538.717876][T12020] loop4: p1 p2 p3 p4 [ 538.722180][T12020] loop4: p1 start 115140 is beyond EOD, truncated [ 538.728783][T12020] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 538.737821][T12020] loop4: p3 start 225 is beyond EOD, truncated [ 538.744050][T12020] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 538.751977][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 538.760806][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 538.772920][ T1232] loop4: p1 p2 p3 p4 [ 538.775478][T12066] loop3: detected capacity change from 0 to 1 [ 538.777098][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 538.789757][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 538.797400][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 538.803690][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 538.827798][T12066] loop3: p1 p2 p3 p4 [ 538.831994][T12066] loop3: p1 start 115140 is beyond EOD, truncated [ 538.838576][T12066] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 538.846265][T12066] loop3: p3 start 225 is beyond EOD, truncated [ 538.852583][T12066] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 538.862318][ T1232] loop3: p1 p2 p3 p4 [ 538.866541][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 538.872982][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 538.881149][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 538.887475][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 538.937719][T12066] loop3: detected capacity change from 0 to 1 [ 538.977938][T12066] loop3: p1 p2 p3 p4 [ 538.982293][T12066] loop3: p1 start 115140 is beyond EOD, truncated [ 538.988817][T12066] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 538.996236][T12066] loop3: p3 start 225 is beyond EOD, truncated [ 539.002594][T12066] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 539.010886][ T1232] loop3: p1 p2 p3 p4 [ 539.015028][ T1232] loop3: p1 start 115140 is beyond EOD, truncated 14:22:17 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xffffffffffffffff, 0x10f, 0xfc, @scatter={0x0, 0x0, 0x0}, &(0x7f00000001c0)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36080088a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f95ecacfe854fa29a2857505ba38e67c8d715f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f15156753310f66267434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:17 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800800060000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:17 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:17 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x80087601, &(0x7f00000001c0)) 14:22:17 executing program 4: syz_read_part_table(0x74, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:17 executing program 3: syz_read_part_table(0x74, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 539.021791][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 539.029096][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 539.029524][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 539.037110][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 539.043289][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated 14:22:17 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x801c581f, &(0x7f00000001c0)) [ 539.092754][T12107] loop1: detected capacity change from 0 to 1 [ 539.098534][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 539.107158][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 539.119197][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 539.128519][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid command operation code 14:22:17 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) preadv(r1, &(0x7f0000000140)=[{&(0x7f0000000480)=""/196, 0xc4}, {&(0x7f0000000580)=""/135, 0x87}, {&(0x7f0000000640)=""/242, 0xf2}], 0x3, 0x9, 0x6) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f00000001c0)="b276514907c8eb20815082110f1554c58810e3124ead1ccd89774b4dfda521c135c20f92d088e9e3af7cead56f8121814419a2813db046989e597a47b4046bb61e99c2c3dc7c4b8997ea8c49d995f3d82d6a2ebd099f199512b1a7ddaa420b1cb84d1e7b2b3089d3", 0x68}, {&(0x7f0000000400)="a5394bbc84cfe4fee0d1fa871c82ee2ecc3bbde25cc3af7035f8a57d2283e1667c86aba5d1cf8f2086676b31d35da6483f83dc5fe799634fa1a583df7625773dc9f126576f52bb763403e96400bf6778cec81aced8b546bcba670d57a1303649976b84934e5f4045e18204463808aff0efad091800e24e052d", 0x79}], 0x2) poll(&(0x7f00000000c0)=[{r1}, {r2, 0x1}, {}], 0x3, 0x80000006) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r4, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000780), r3) sendmsg$ETHTOOL_MSG_FEATURES_SET(r5, &(0x7f0000000a80)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000a40)={&(0x7f00000007c0)={0x270, r6, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@ETHTOOL_A_FEATURES_HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @ETHTOOL_A_FEATURES_WANTED={0x210, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8}, @ETHTOOL_A_BITSET_BITS={0x94, 0x3, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '}\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\\\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sg#\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x18f}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'ethtool\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'ethtool\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xbaa}]}]}, @ETHTOOL_A_BITSET_BITS={0xc4, 0x3, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffff}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sg#\x00'}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x10001}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, ',\x00'}]}, {0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '-:\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'ethtool\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sg#\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x10001}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x2}, @ETHTOOL_A_BITSET_MASK={0x4c, 0x5, "92007b99afb8bdfd10bcab44abf0add81820b0e23b01d6ac6d8173aeeabac2c19ca36346ee14e79b7bde97b0764ca44bfdc7886f8ad920b16c4e12e91d4c7f45e69ad4753b99d0ab"}, @ETHTOOL_A_BITSET_BITS={0x58, 0x3, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}]}, {0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xf33}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '+{#/#^\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffff7}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}]}]}, 0x270}, 0x1, 0x0, 0x0, 0x40880}, 0x1) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r7, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) dup2(r3, r5) ioctl$SG_GET_PACK_ID(r2, 0x227c, &(0x7f0000000000)) [ 539.148379][T12107] loop1: p1 p2 p3 p4 [ 539.152444][T12107] loop1: p1 start 115140 is beyond EOD, truncated [ 539.158901][T12107] loop1: p2 start 6 is beyond EOD, truncated [ 539.164961][T12107] loop1: p3 start 225 is beyond EOD, truncated [ 539.171289][T12107] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 539.180708][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 539.188865][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:17 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0xc0045878, &(0x7f00000001c0)) [ 539.192672][T12113] loop4: detected capacity change from 0 to 1 14:22:17 executing program 0: setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x47, &(0x7f0000000040)=0x10001, 0x4) r0 = syz_open_dev$sg(&(0x7f00000000c0), 0x1, 0x8841) ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f0000000000)) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r2, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r1, 0x40089413, &(0x7f0000000080)=0xff) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x1, 0x0, 0x0, 0x0}) poll(&(0x7f0000000100)=[{r1, 0x320}], 0x1, 0x3fffc0) 14:22:17 executing program 0: ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x8, 0x50, 0xffffffffffffffff, 0x53cff000) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x3d, 0x3f, @buffer={0x0, 0x1000, &(0x7f0000000400)=""/4096}, &(0x7f0000000040)="83efcb9e1dc77df92ad3c6a8dda914fae92594246cf16c7b081f4385ff49529f7e02b7ff03369a93db46eacff6bdff1ff1e4dc975ab5cfcb2675049215", &(0x7f0000000080)=""/11, 0x200, 0x10006, 0xffffffffffffffff, &(0x7f00000000c0)}) [ 539.223550][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 539.231703][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 539.239455][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 539.247463][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 539.258874][ T1232] loop4: p1 p2 p3 p4 [ 539.265521][ T1232] loop4: p1 start 115140 is beyond EOD, truncated 14:22:17 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800804060000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:18 executing program 0: syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) [ 539.271266][T12129] loop3: detected capacity change from 0 to 1 [ 539.271995][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 539.287144][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 539.293352][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 539.300746][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 539.308783][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:18 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0xc0045878, &(0x7f00000001c0)) [ 539.320448][T12152] loop1: detected capacity change from 0 to 1 [ 539.320548][T12113] loop4: p1 p2 p3 p4 [ 539.331062][T12113] loop4: p1 start 115140 is beyond EOD, truncated [ 539.337829][T12113] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 539.345315][T12113] loop4: p3 start 225 is beyond EOD, truncated [ 539.351534][T12113] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 539.356239][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 539.366722][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 539.382516][T12152] loop1: p1 p2 p3 p4 [ 539.386802][T12152] loop1: p1 start 115140 is beyond EOD, truncated [ 539.393255][T12152] loop1: p2 start 6 is beyond EOD, truncated [ 539.399290][T12152] loop1: p3 start 225 is beyond EOD, truncated [ 539.403946][T12129] loop3: p1 p2 p3 p4 [ 539.405475][T12152] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 539.410382][T12129] loop3: p1 start 115140 is beyond EOD, truncated [ 539.423341][T12129] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 539.431076][T12129] loop3: p3 start 225 is beyond EOD, truncated [ 539.437347][T12129] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 539.449166][ T1232] loop3: p1 p2 p3 p4 [ 539.454006][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 539.460454][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 539.468504][T12113] loop4: detected capacity change from 0 to 1 [ 539.471409][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 539.481026][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 539.498291][T12113] loop4: p1 p2 p3 p4 [ 539.502544][T12113] loop4: p1 start 115140 is beyond EOD, truncated [ 539.509207][T12113] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 539.517253][T12113] loop4: p3 start 225 is beyond EOD, truncated [ 539.517826][T12129] loop3: detected capacity change from 0 to 1 [ 539.523548][T12113] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 539.557850][T12129] loop3: p1 p2 p3 p4 [ 539.561947][T12129] loop3: p1 start 115140 is beyond EOD, truncated [ 539.568480][T12129] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 539.576027][T12129] loop3: p3 start 225 is beyond EOD, truncated [ 539.582336][T12129] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 539.590787][ T1232] loop4: p1 p2 p3 p4 [ 539.595075][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 539.601511][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 539.609313][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 539.615537][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:22:18 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_nanosleep(0x0, 0x0, &(0x7f0000000280), 0x0) 14:22:18 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90962c22772e11b44e69d90c741bddc8bb8c43b460e4629200", 0x22}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x24}], 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r2, 0x1}, {}], 0x3, 0x80000006) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x2272, &(0x7f0000000600)) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000480)={0x0, 0xfffffffffffffffc, 0x50, 0x71, @scatter={0x3, 0x0, &(0x7f00000001c0)=[{}, {&(0x7f0000000040)=""/83, 0x53}, {&(0x7f00000000c0)=""/136, 0x88}]}, &(0x7f0000000200)="c42515aeaf21c3f2bc48a6e899219c957b84cc818f7f704ad47ab251b6e095b20fe6164063c5e6b18f49bbd867a536ca407f905af01236a87c300fbb2096d2eb7bba80c73042f0797cc356195f51248e", &(0x7f0000000400)=""/61, 0x32, 0x10016, 0x3, &(0x7f0000000440)}) r3 = dup(r2) ioctl$SG_SET_FORCE_PACK_ID(r3, 0x227b, &(0x7f0000000580)=0x1) r4 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r4, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) poll(&(0x7f00000000c0)=[{r4}, {r5, 0x213}, {}], 0x3, 0x80000006) ioctl$SG_SET_RESERVED_SIZE(r5, 0x2275, &(0x7f00000005c0)=0x7) r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x400) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r6) openat2(r2, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540)={0x139000, 0x48, 0x11}, 0x18) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:18 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0xc0189436, &(0x7f00000001c0)) 14:22:18 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800800070000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:18 executing program 4: syz_read_part_table(0x7a, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:18 executing program 3: syz_read_part_table(0x7a, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:18 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0xc020660b, &(0x7f00000001c0)) [ 539.953206][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 539.953621][T12225] loop3: detected capacity change from 0 to 1 [ 539.961312][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 539.977446][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 539.985793][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 539.994020][T12222] loop4: detected capacity change from 0 to 1 14:22:18 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_nanosleep(0x0, 0x0, &(0x7f0000000280), 0x0) 14:22:18 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0xc0481273, &(0x7f00000001c0)) [ 539.996269][T12220] loop1: detected capacity change from 0 to 1 [ 540.017362][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 540.025601][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 540.033183][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 540.041193][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:18 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$sock_SIOCADDRT(r1, 0x890b, &(0x7f0000000200)={0x0, @ax25={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}}, @llc={0x1a, 0x10e, 0x6, 0x9, 0x1f, 0x9, @local}, @nfc={0x27, 0x1, 0x0, 0xdadbc6d81293541d}, 0x6, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)='ip6gretap0\x00', 0x7, 0x6}) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) r2 = open_tree(r1, &(0x7f0000000080)='./file0\x00', 0x9000) openat(r2, &(0x7f00000000c0)='./file0\x00', 0xc0, 0x64) 14:22:18 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_nanosleep(0x0, 0x0, &(0x7f0000000280), 0x0) [ 540.078857][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 540.087054][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 540.111980][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 540.120125][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:18 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000200)=[{&(0x7f0000000080)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x24}, {&(0x7f0000000240)="0d4317709ccefb5f280edf0cd4583404415d1297ceae649f5c9dc243f595c19a2b2fd9f7ed3d342b263a52a4f03da79c3980c257dccc00840dee48b11d3099e1b4e381193439142eae27584ab4d0367621926cd71899b3208e3e9ccb891cb04f47f4e85acda994127a92f9c911f89cca1dfe8fc755ef41c38394bfb1cd277197e10b3b42ba3a87c5742645b724cf76837a1588cd3ecc42", 0xbf}], 0x3) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) 14:22:18 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) [ 540.142708][T12220] loop1: p1 p2 p3 p4 [ 540.148653][T12222] loop4: p1 p2 p3 p4 [ 540.151486][T12225] loop3: p1 p2 p3 p4 [ 540.152979][T12222] loop4: p1 start 115140 is beyond EOD, truncated [ 540.156766][T12225] loop3: p1 start 115140 is beyond EOD, truncated [ 540.163165][T12222] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 540.169577][T12225] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 540.183557][T12220] loop1: p1 start 115140 is beyond EOD, truncated [ 540.184843][T12222] loop4: p3 start 225 is beyond EOD, truncated [ 540.190326][T12220] loop1: p2 start 7 is beyond EOD, truncated [ 540.196771][T12222] loop4: p4 size 3657465856 extends beyond EOD, [ 540.203201][T12220] loop1: p3 start 225 is beyond EOD, truncated [ 540.203215][T12220] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 540.219252][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 540.223083][T12222] truncated [ 540.234214][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:18 executing program 5: r0 = syz_open_dev$sg(&(0x7f00000000c0), 0x10, 0x574100) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r3, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x101000) close_range(r0, r4, 0x2) open_by_handle_at(r2, &(0x7f0000000080)=@orangefs_parent={0x28, 0x2, {{"2a3d5b16b78aa63b400ad35d1f58296e", 0x7}, {"9829c081c353dcd56dd082e31b387f06", 0x2c9}}}, 0x402200) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) ioctl$SG_GET_REQUEST_TABLE(r1, 0x2286, &(0x7f0000000200)) [ 540.238407][T12225] loop3: p3 start 225 is beyond EOD, truncated [ 540.245722][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 540.247885][T12225] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 540.255857][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:19 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:22:19 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800800090000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 540.356132][T12222] loop4: detected capacity change from 0 to 1 [ 540.365357][T12225] loop3: detected capacity change from 0 to 1 [ 540.377906][T12282] loop1: detected capacity change from 0 to 1 [ 540.397888][T12222] loop4: p1 p2 p3 p4 [ 540.402332][T12222] loop4: p1 start 115140 is beyond EOD, truncated [ 540.408935][T12222] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 540.417068][T12282] loop1: p1 p2 p3 p4 [ 540.423601][T12222] loop4: p3 start 225 is beyond EOD, truncated [ 540.427865][T12282] loop1: p1 start 115140 is beyond EOD, truncated [ 540.429812][T12222] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 540.436270][T12282] loop1: p2 start 9 is beyond EOD, truncated [ 540.449612][T12282] loop1: p3 start 225 is beyond EOD, truncated 14:22:19 executing program 4: syz_read_part_table(0x90, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:19 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000400)=[{&(0x7f0000000280)=""/221, 0xdd}, {&(0x7f0000000680)=""/17, 0x11}, {&(0x7f00000003c0)=""/27, 0x1b}, {&(0x7f0000000580)=""/194, 0xc2}], 0x4, 0x4d9f, 0x10001) r2 = socket(0x6, 0xa, 0xfffffffc) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="010000000000deffffd154665ed5e8001000000000000000001a4fb5c64fe3274f91e66452649b2bd1992a31ec58b7fe35b76fa8f355b17a7fd3572915e8c1fe793bbd202df75e6308c64c0eb12a2fc9c2b81335fed78d3c8e9535d5f5eaa1540671f8b815b077fffe2ea1363f036b6788c1023347e7ab423231afaf14982fe2d922efb53749512931df7584a77023a06255366fada6f888f40455e6261af374"], 0x14}}, 0x0) setreuid(0xee00, 0xffffffffffffffff) keyctl$clear(0xb, 0xfffffffffffffffc) r5 = syz_open_dev$sg(&(0x7f0000000140), 0x9, 0x10000) splice(r3, &(0x7f00000000c0), r5, &(0x7f0000000200)=0x7, 0x8000, 0x0) accept(r2, 0x0, &(0x7f0000000080)) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) 14:22:19 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, 0x0, 0x801, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000080) r2 = syz_io_uring_complete(0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r5 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r5, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) poll(&(0x7f00000000c0)=[{r5}, {r6, 0x1}, {}], 0x3, 0x80000006) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r2, &(0x7f0000000500)) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="a4000000", @ANYRES16=0x0, @ANYBLOB="040029bd7000fedbdf250200000008000100000000000c000800ba0f0000000000002c00078008000100", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB, @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="0c00020006000000000000000c00040009000000000000000c00050006010000000000000c00040000000000000000000c00040003000000000000000c00050000010000000000000800010000000000"], 0xa4}, 0x1, 0x0, 0x0, 0x40010}, 0x0) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, 0x0, 0x8, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r2}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x48}, 0x1, 0x0, 0x0, 0x84}, 0x4000) r7 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r7, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:19 executing program 3: syz_read_part_table(0x90, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:19 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) [ 540.455820][T12282] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 540.488638][ T1232] loop4: p1 p2 p3 p4 [ 540.493021][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 540.499511][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated 14:22:19 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf8008000a0000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 540.512001][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 540.518259][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 540.526475][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 540.534531][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 540.545410][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 540.553440][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:19 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r2, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) dup3(r1, r3, 0x80000) r4 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r4, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r3) 14:22:19 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f00000004c0)=[{&(0x7f0000000080)=""/100, 0x64}, {&(0x7f0000000140)=""/42, 0x2a}, {&(0x7f0000000200)=""/51, 0x33}, {&(0x7f0000000280)=""/150, 0x96}, {&(0x7f0000000540)=""/190, 0xbe}, {&(0x7f0000000400)=""/172, 0xac}], 0x6, 0xd9f, 0xffffffff) r2 = epoll_create(0x7) ioctl$INCFS_IOC_FILL_BLOCKS(r2, 0x80106720, &(0x7f0000000a40)={0x6, &(0x7f0000000980)=[{0x3, 0x13, &(0x7f0000000680)="51b075a680c4ca18491d403637b5c2600dc414", 0x1, 0x1}, {0x1, 0x28, &(0x7f00000006c0)="6fe3bf09a7c1283e456280e2a69769c83cea5f654eed3ebd6770c669138d0328dc937df2a877cc73", 0x1}, {0x0, 0x6e, &(0x7f0000000700)="3cbdf4f5fe031414320e7db9e597f862fb8acf29d1d7220315e010acdc70a1392b02079feb2f868f77c182d8b108db2919b2edf4439babf45295eb64eab376617849b72378cdd1548ec8ef564a6d0f63968af385a8d61fbe8cfe2beff6d9eb16764b196cc2333307d6bd273a9f8d", 0x0, 0x1}, {0x3, 0x40, &(0x7f0000000780)="f504ce0f0982f515c8d4eb85977786db540e44822e6265b4795027e908332969664f704fc44f7a52bd80b87d956dca26e4d9a394b6735ecacd762f335797e8e6", 0x1, 0x1}, {0x5, 0xf3, &(0x7f00000007c0)="94ad9d099906d4557b7b82f2fd630b10ea2e26d957bf2821851c0be3825471527d6c5842b0d48e44f830dc4530d610896b66f09766fc8e5bf70f45d5e58e6c9a7c56e90013496035b09525bc2c49eb615362c73810c74a65e2a2de06b78e43ec3597f9b64e87332ed2439c3ff08e5b326287dd39a5c6264e52cc79d791dc2237a4f35f654e903380c0222a51817c7a7853018c9db47a353c4ebc52e9509fdf5f7d45a0ab186de9cb6b2648c86ff84ce4f4f502f0bfdbbd15df13b5dd614f7ff246cf5539ac29e5e6f68781fa96a0a69e681d6930681f7bca46ed9ae81155a86d530df918f7b342380d69ae6bf486ff1633f356", 0x0, 0x1}, {0x0, 0xa5, &(0x7f00000008c0)="fa55bb3d13f84685fc6d9987ed66691c751912eeeb52ab11d80ce63d0ec4a222e7dd920a78186870ab4bc32f28b864ed3fae8dc4263fba9fb0a10f48202ecaa29da55ac70a536f4fb38c692b84a02e260c6ac739faeb86d904087c36f0ad8a92a829b9f26de2ceabdec9661cdd312bf2fe6a7cb89bc032fa2030bde236d3ffd611a387ab382f678dda4094e1fb129b36629c2343853183d4365c60ff365f104c63872883a4", 0x1}]}) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) ioctl$BTRFS_IOC_SCRUB_CANCEL(r3, 0x941c, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r5, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000640)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000600)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c100000", @ANYRES16=0x0, @ANYBLOB="000425bd7000fddbdf255c00000008006b00f000000008006b005a00000008006b006801000008006b00e001000008006b001400000008006b001c02000008006b001400000008006b000000000008006b00e0010000"], 0x5c}, 0x1, 0x0, 0x0, 0x40011}, 0x10080) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) [ 540.577764][T12313] loop3: detected capacity change from 0 to 1 [ 540.583330][T12316] loop1: detected capacity change from 0 to 1 [ 540.604350][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 540.612376][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:19 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f00000000c0)="530000dffbff86ff770407000000000000000007000000000000000000003beb00000000", 0x24}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000200)=""/181, 0xb5}], 0x1, 0xd9f, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) r4 = syz_open_dev$vcsn(&(0x7f00000004c0), 0x1, 0x20001) sendmsg$nl_xfrm(r4, &(0x7f0000000600)={&(0x7f0000000500), 0xc, &(0x7f00000005c0)={&(0x7f0000000540)=@newspdinfo={0x5c, 0x24, 0x400, 0x70bd2d, 0x25dfdbfe, 0x3, [@XFRMA_SPD_IPV6_HTHRESH={0x6}, @XFRMA_SPD_IPV6_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV6_HTHRESH={0x6}, @XFRMA_SPD_IPV6_HTHRESH={0x6}]}, 0x5c}}, 0x44000) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="014c5219f223054d5671e1495f80"], 0x14}}, 0x0) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r1) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0x6, &(0x7f0000000400)={&(0x7f00000002c0)={0x30, r5, 0x400, 0x70bd2c, 0x25dfdbfb, {{}, {}, {0x14, 0x19, {0x5763b20, 0x2, 0x4, 0x3}}}, ["", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x884}, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/cgroups\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r6, &(0x7f00000003c0)={0x70000008}) [ 540.627959][ T1232] loop1: p1 p2 p3 p4 [ 540.632356][ T1232] loop1: p1 start 115140 is beyond EOD, truncated [ 540.638887][ T1232] loop1: p2 start 10 is beyond EOD, truncated [ 540.638905][ T1232] loop1: p3 start 225 is beyond EOD, truncated [ 540.638918][ T1232] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 540.663571][T12316] loop1: p1 p2 p3 p4 14:22:19 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf8008270a0000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 540.663625][T12316] loop1: p1 start 115140 is beyond EOD, truncated [ 540.663640][T12316] loop1: p2 start 10 is beyond EOD, truncated [ 540.663710][T12316] loop1: p3 start 225 is beyond EOD, [ 540.663714][T12313] loop3: p1 p2 p3 p4 [ 540.663719][T12316] truncated [ 540.663722][T12316] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 540.663761][T12313] loop3: p1 start 115140 is beyond EOD, truncated [ 540.663772][T12313] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 540.664308][T12313] loop3: p3 start 225 is beyond EOD, truncated [ 540.664322][T12313] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 540.666081][T12334] loop4: detected capacity change from 0 to 1 [ 540.678656][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 540.678668][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 540.692177][T12334] loop4: p1 p2 p3 p4 [ 540.692270][T12334] loop4: p1 start 115140 is beyond EOD, truncated [ 540.692284][T12334] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 540.692572][T12334] loop4: p3 start 225 is beyond EOD, truncated [ 540.692585][T12334] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 540.747096][T12313] loop3: detected capacity change from 0 to 1 [ 540.749793][T12334] loop4: detected capacity change from 0 to 1 [ 540.791856][T12334] loop4: p1 p2 p3 p4 [ 540.798583][T12363] loop1: detected capacity change from 0 to 1 14:22:19 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) pidfd_getfd(0xffffffffffffffff, r0, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000200), 0x6002c2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, &(0x7f0000000140)=0x1) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)="0f955daf44393f64fdb03cc33d93606c322cfcabc53c64880881891874e1fd90966379081f9b371f804d66272e1300ea0534c5655fb588a551bbee4f4ff1e5476601885e47bbe02f725102de5b96f1c11652e6c1c62892b24a48a5124633acb2eb5f0d338fb44cfe10685e2f99578e6e62f72de3134ca1f0c537f8f3de0d21d801cf9efd95fb8288cddb69c6c5db6960d721548bbef3ed0e9f8cc5de2d53ecd562818af03eb2496c31e301843a48cba1e64f0aaecec87d0eadd396f13c59da5dd410f916d7fa716aa041e2fbe13c76287bf6c7edc8c598a6be5853f72b9f1874754611cfe63fcc347f3b892eac54f3721484090a1416c5f03c2b0efad753", 0xfe}, {&(0x7f0000000400)="b195dba1165e1d5ba140ea626b4e12d615625be422253083fe22e6ab77e2a8f1ecee3bc72de04f06a5db86d7c5bc9776672f5e317f18dba106c40796e7080b980d561981ce12e3ef15e1a0ef40bc264f8fea6939c42bff6d5415f48b23adbb9a3abf8ee96aeaa01f745f85c5335c8570ce8cfb15dd8f7f519ac88e156129afb2a9cac916f87fccb7d51cb9a31af9dcda520e6a71caf9959fbed3398539ce4db6115f095dbb3b0d1f129dfaf183209f7cc2486adf189b55076789e27d7f91a7d21372682fe163402d42b6f82f44fa09e47e", 0xd1}, {&(0x7f0000000500)="6a0565e2c6b7eeb2c8ff44612290d797c7b662f1de705c11e6cb642a38c6e875dc1876c8f548a06b08639728aeb11d5c3aacc4ecb01194c3cdfaa099e33cdc202aac337800465c3434f34b4e78184de80b941b3b4124d2451db8e206da0d4314258bd31ec137a140cc48e462ee0953cd73694294b959bc13feece7092847e3065685bd1f9f8a3e75b83fccbcad3f2ea2782928afaa175287eb8fdfe796e684ca4df3f222a98dd467c2c4f2e8ead7ac964dfd10cdb8c2f6a1164b2ee4780e2a7e9f9ed088a6246cab896260dd63b0562552f96be6a29d2fcf76fae59f9cd32632ef6e8656c524e32e9e350cfe89f6d71f", 0xf0}], 0x3) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 540.805373][ T1232] loop3: p1 p2 p3 p4 [ 540.821678][T12334] loop4: p1 start 115140 is beyond EOD, [ 540.828614][ T1232] loop3: p1 start 115140 is beyond EOD, [ 540.831798][T12334] truncated [ 540.831804][T12334] loop4: p2 size 1073872896 extends beyond EOD, [ 540.837409][ T1232] truncated [ 540.837415][ T1232] loop3: p2 size 1073872896 extends beyond EOD, [ 540.843071][T12334] truncated [ 540.845855][T12334] loop4: p3 start 225 is beyond EOD, [ 540.847393][ T1232] truncated 14:22:19 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) [ 540.858430][ T1232] loop3: p3 start 225 is beyond EOD, [ 540.863215][T12334] truncated [ 540.866304][ T1232] truncated [ 540.866309][ T1232] loop3: p4 size 3657465856 extends beyond EOD, [ 540.871674][T12334] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 540.888509][T12363] loop1: p1 p2 p3 p4 [ 540.892910][ T1232] truncated [ 540.921809][T12363] loop1: p1 start 115140 is beyond EOD, truncated 14:22:19 executing program 4: syz_read_part_table(0xc0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:19 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x24}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x50009401, &(0x7f0000000200)={{r1}, "5d41d65eb969b387b7c6e66c50087a8c71536f67e861a43f976b87a342d38f1687ac54bae75441c5ccaae92087001bcb96748419cb455425fe8914b2bd99e3620c438d611be3523244bbc1766399428f50cb6de1baa3d92866e17f5975f74134182391c2242e461de86311122c329c8b7ebefde20a307fc9795a1e7eba5e16e385567567d19485be7e32f156d4d6b68a3c5501498fc368f98379a30f45e3ba39d5d285bb4afe2df415c260a17cc12141054369dac5dc5936383f4ed96e6170017ebb98159648451c18f83e32572b4d5bb9138a555a46fb3dd1878f564f8ab965415ec28ef4ae59e14e93839fa5430838d177e50f1e3657545d352aee2541af01efbcef1a82208242f647270916431d42c28957a0d0da86c6bbab7dfa13b0f257d9d7c8f204dec4986ae2f9a212765acaf1a5f80f55fc7a416a38bdb85b498df42a4e40422bd083eb75e284857112acf6697a4c8b8e1f76d6c8c7c091b1ad411c28c02691a0168d7f7259bebb6295ab22c6cc0209afddf019ab44b3ccca5a0b5c6eca01b46dacedc6dbe0dcaa5a79065586ab100f3b4e2b5ed0c0dea8b86ec5a9ad42c3cefcb5351c57680179d32ef0d6f2c1a663af1e26cc2a045f567ae22791bd2d53ce14a20d3515d752675684e2f94e3f58205af8ad53fea3419148470aaacd1bde073646a2e64535d60233fabac0159bbbfcb76dd9ae81fcd43ed7665cc97902d4cc34602a903a2e4df0eae5a64dce9b77f95bff3e21fd4de3e53d100ad2bbee13a06489130cbc30f4bb67dbcf4c57687cca4299da3e29e681f054da668850818ff623c17c0997ca6ed4b5e4c0dfd6befddb6f5484c3c6d7fe3fad91c90a3740d806f442a62d9dae33119a2b3ab27098270ff2455524eafafc008ef2ab32ce1b87e95ef0a2bcc394643bcde525a1d0f2e3cdf9c1d1ec4ff0939a443ddc1399140d2bf38d81701992364241fafe16741b247e71d6de9bfdd6c27670146208f98483cb91f63b0e2f3c168c89166da64fba0f5eff936b869033560dc56c67674fc4a729b5e0b62c86eff91668ffd14600cf646dcb9f3f2560e9451be6ed338f929b5606fbe562ee70e29d50fff8a8610ce2dc99a88d9662d08908bb515be7250867b00e41a01b57193c7f3b108a6cc3e646446de65fc7e4934b874446214110ab19f771799b7b28d1ac8526335d1238ff3690ad2c7b15d93ec1b8931565e5b09cc6d980fcf1967b0aeee11582cbd38b938fe1a8e07a0962d91ba846c28c83138a388b2beeb7ddbf06e49c0f76e9bc9dd8c62bdde6d9320df5814dc0855ada50f010350f9d7dad47ced47504acf034468ee59f9c4a69644937da24e7ef831627d79bacc494ff5550f5bc92240b1c3729d5fc8d33a98210e652e309e1e79472dc70516e7c0bec5a47676cdeb187ccc2ee1360d3e278e13e87ec6498b2852ea87f89c39d612200bb978e61631949d6c3265139fe062421b18cf3d03818322689658e60b1f03cb5c3ac3a22f05f403355356461870b06eff419fa5bcdc8821b3539dfc44e7bb389460c1a6a4eba3e00e157ab6716afde5249fc25a5eb5d8c8f268c3ad403c50d560b50088cb2a379bbb2b34b14bf347f3b1294c8edd31f258d9d8f7aa72f4532f387c592cdd7102291d9da7c0603cdc5c8f506a688d4f1e9dc710d1e67bd4e9e62e2cad7645502a4463ab10eedeca4632240741ecd14239576fb6c8766eb94def19602f76aebbe13293586c0feaa9f0aea233f4af2bc2116b74e05445de6ec244c3fd37bb71fd6c60c3643cf531e683eddd9aa37fb0622ee63e05b02208bc670f951581a22a7daac84451d9aae420e37019cb96d50d7d42dacdebdaad50490fc5f30e1c90a5cc12f9fccd81f9ebeb084a83c53e09130b5cba89ba4f90c8b3cebbd1b7a09f47235c7536135084431191af3aea6f6608534a7729074f2016d11944141b9dfc2f5ea5634f1326f176dab52a4b9dcd9114803ff60e0bb1bfc2200d49b922cd04829e3a9915083d5be1416a5f9d81a101a121d3163a184f474787c6840f0c6b32cae074ffc157144af14e9c9b33c218c90f86b688af6d677e76ee896f99d4b6200e296ee69018efb680fcc0fe7536f1da0b1ae4b973dbfbf4b2a9856e7a92a23e702330ad35426cc6f3accc556593455c877a431a15d26540462bce6ec24a77eadffb31323aa6e41a2bcd62fd54388323e0a965dc2ab1cb84772d60d8d5192750074e2f064d5b4b93808ad120c4683c5d2eb4356a27c3d2a8e1aca9ddeefa3c0be42b7818e96af05ccef031e294408dfa1a6f7646fd3ebf8a5a5541ad68a3d085a79cf0b6b99e2adf008913346ce348917db2811e09a7f922007aa611550f4ffc97088375495451ca30728f0c8b48c889e10abfedecb2f482439c79feb06f3845ed4501d13bb4cec0a2457cfb13d156c9f893b977588504547742240d50444ad3e3471271a3e42eb361ced23a88d6639351f08238bf97b352bae41c096ace63df4b0d43f2472bac5c318ef604bee50b2f7d9eb107ce1738e89bed82ea7213099abcb1cea6b526b1441a9c5de2660437593d0952a0e8f31d42d379ac8c6d83af31efd1dc092496b1a62e77dc031cc9c8432218b9a3f6a1a119f242cf951e0c23ae4a9b2508ce54b9048f659a77689279ec7e0311b62ea99cf91925ffd6f815e2a867b527ba98d6e9a3ab4dd55b68ff88ddf2ea77bea2844b7b28104f16328973ee6d90ac7deb9b91d51d18c529e6930862f7e3b30d3f98f51a7e0f2e50c42bd80fad4d7ff6014d473793d54bb4e92fd530a937cc3ae87ad4e591cb898106b1cd86289df7088a7f767b2f3c7c7fab1dd56f54233d107d5593e0d37f088b5d55eae6219c999740fce3a4a41533b99b0bd004f11e238e1a9662e3e3f80305112a27c61ff28e825ed2622a273878c6bc8adc1911633a6e042c95382293fbf7b72c2435729beff2b9d8b9ae3fa46811c36f5dba4cc48b5fe5109b744fa3d646a5cf08486652b5fee66368a4b6bea835386368bb188da53adb33a50f304dc45cb1e07d49e7bf355c5d02b3c8c68c23540f7b49d341cd91527c545b50d11c26ba74805f801c21e0b519ee17cbf60941138e7ed6a2a2930ac441be347381b6e6a414229efc8e600cac782fe5b40abfe1c2a14215f27f23847d24c0c7a19cd572a458b9a57ccd99fe75c90359e56ea4fff6644f434b48a9bc00a083a186f5d55dd17eeb0a6c67e7a87674df2fc463527b93d425dfdbe0e18a865a357f27412e13f428c351cd5a02ff5f32e957052950e316d677e41059d969d7075326d97c5b35c90b076ecf5033d4ee4222d0070704de84de2abf8635f4d49f8a7d3b64825badc2e0273ea8b780c6d27b817cccf345b8953ba0fe85d7275a84062f4c048249a91a4831fe156ce7345a619c87bf9b9e203a60e939aa434a502e4f6a459732630890d7bebd29a52dd6b5f93dfa79d8ad2f33743cd38198d5c5e766baf81a1ec5ae5f1fa21d114dc7abd918fac2b3e91c2e5f369e1f1d0fa0262b461528feea0a86d9e893ea7db7a6ee1d441e6472ef7230eb93e187a8674558910a047e71f5bdcb327fd82da0ebe527a79c4258ce9fbaff3464874e02502ae4d80f69e99dc381b33fcfbc358d1960d79bc3917d030c8cd2fd13fe03faf5164de7da17cee8c0b2d1e9d8a40e0cbe50d1f4568dce5615e8cae0d6d066c2f28d445243e613a3761f803bdac900e112cf9c259c7e11df89c61538deb03c3fc6db1ed168de6550c4f64ac9bf53670e7865a9b9566849733cfb0055a5245b1f78a745387706d4aa539785e756852ebc46233d19f70918853baa84cbf0356909fe307dbbd684a24a2daee3c5028c8549e45ec4bc4adf6fbed8b6fad6c2785d35aee302870ccdf9f301ad78e03fb3d7f6cc44fc732e09ddef8b1d5e965522673c4b48f95a619f7f359f062ca56bf361a3da47fa628f11d0747b36c149a1468ac043e6a96965c0c5ea75766f13670383dc725cc76d07f52df44da5545471e5aea4a09dde0c5c9b3309e88f213bb6c97ad194f38c16eb23fd3d9dc0a946391bef46b67a5182780804c42b73ca49cbe14cceaaab03c92163aa7705f1a35451aa94f1c2ad45f66b0ba562fd9dba3e0c307d8642c63a41cacfe39eb1b81d1131a373c0e7e24cb10c7d41c5ce72b41b6d13f3ab435d95976b570ddbaf221c6402161b54a12ac2b787227d9ad0d97d74f33ede209ac502f93d4351958fd6442f75f1026c613ee2dadb96d3f1f881d14318c09dca1cd34d6413847d858121e7d9c9796e1b311c634bed7391105283ae3655025c1c6a120ef2986c1947d2be49a0e23f750a89903f612d773bef3a2995e0fbce67c897ffbfc2542884af06a3d5a5a17610837c98881d7220f4080ed48f3ce86c53564b9ebb221ac11e228c196ac51d4e61d216ed84961b69a5f2fb5903292e66ccdb2bde11edd4d0c6947f1ab82ed119f39ce99f7313231b017e08b93173009737ae52aa391987d81ea1efc09ade3c002b729c80ae045999b8b44183a1e5b53fb02211c9d6a34edad367ae99539afbc3d6e63897afd98d8efa83eb3f6de72d12f72e144d505f35a8f20750e6124c252f6e950ba9a67bc7a2a4169bca9ff372ed0f7ac21af83943250a10fcf8e7766763d01671621bc46af83ec11d17193e6ef835b44e7e365a54f5f8ccbae74f9e6bce0c5a4ce7cdd5873aa646f6c6834c2d677969694e5c8a309d2604a634f0586958f416bb9a76cc805e2b865c7f841569797cecc8791bb61740107f256d7ad45f5f98aeaf44e91cc18a06ad38a8cec6c87ef23c2a115003a7fbee2139bca2b47fa93710b1d54787be9abb4c1aee2e1f3254e665f9a0fc8b08411f5f235d1db358bf3bd84c30a695a4cae2072110fc5197b6e1c06628a7993856c75684fac9db01a486669c734c5eab539efedb78d32f8c388271913c50d14d37f600759e93bf91b204c9db6a33bb6adb0bef951b242e8ca2a5b16b35eb613bbb3155ceb8ebd1a6f6ade76d1edbf4b694ead883a104449a6b0f23640709871b78c3ede3297b2b547a4ce6ef0135bd8cc290d9a6285c32cd39ee971f4fd10b28d8d0261d3ae6093d2fc3ea984c292811048f1e8677780918f71300ea090e9a410dd3bcb834595d8ed794be092bc4f929b85062f2c393cfe6bb6c02c0ae378178eac1e95b7249a1064d897bdc59727d8ae3db184adfad9e72e771cf1071a79ba03339c1fff083df8552d8630e81ce6eabfc591e33a289f61fbc1577670762c166b2ed7e109be609a00988f8adfabeb2f2de49b2af8823e831de8fa244be51112f71e81e198397a4397fd57c01044f83ec4ea60ec9a701a446c96067640473cb93798cfbb03fe9603eb8154242094a44fae46f82e960aea1115718cfa143b21adf89fc9961e74bf008615147bb13e0870615fcbf1d4110a83e5ba861243f606b667ec9f1cfc87481623bdeea30b5cba8addcff7bf0bd3e68e64caa960590756c5d2b157c176dfdef6cf90d946305cd79827fcef0c3c172b845c48be32c3f8619ff22751b5a4261ff9df305a8ea9e83cebc2f21b8bfeece67188fa6e2ca28d3a30ab0f8815d3b3806e766fe3d69873e37e9dbb986418405ed58f23fa0dc1a37d5becc7b8e7bae86e955b85ab4cc5024244b6d501616ef52be889245b30a0e0e66bed10f837f523c939178ff31878c361fabeace030c4792d9f91fe5cf1d0d9f47d50badc95bd75a6a5382a1bca81a9a28868570be1cac91811710788b6ae992729bb23ae48db34bb05597b"}) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) 14:22:19 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0xf8, 0x81, 0x81, 0x9c63, 0x5}) [ 540.928320][T12363] loop1: p2 start 10 is beyond EOD, truncated [ 540.934475][T12363] loop1: p3 start 225 is beyond EOD, truncated [ 540.940729][T12363] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 540.951696][T12313] loop3: p1 p2 p3 p4 [ 540.955860][T12313] loop3: p1 start 115140 is beyond EOD, truncated [ 540.962340][T12313] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 540.971536][T12386] blktrace: Concurrent blktraces are not allowed on sg0 [ 540.971963][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 540.986606][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 540.995338][T12313] loop3: p3 start 225 is beyond EOD, truncated [ 541.001532][T12313] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 541.011316][T12392] loop4: detected capacity change from 0 to 1 14:22:19 executing program 3: syz_read_part_table(0xc0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:19 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r2, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r4, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000040)={0x86, 0x532d, 0x7, "d57c0fb71774fea516aae393da796097152758cc86f0e7f9adb83f0abe0df1df1b928520cf9bd5e162c6eac9615ee9e2c3ee304d0d66cf54838bb06b60adff4968375fddb2166cc028654e836ba896793fa3f199504597b869c636c155295fdb14b34ec466f9c4e0aed8888cedebe83b0f4747141a06c5ace0c4edeab4f0229e7554a1b35f1b"}) ioctl$F2FS_IOC_SET_PIN_FILE(r3, 0x4004f50d, &(0x7f0000000000)=0x20) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:19 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x6, 0x240041) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) 14:22:19 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf8008000b0000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 541.069601][ T1232] loop4: p1 p2 p3 p4 [ 541.073837][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 541.080464][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 541.095401][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 541.101689][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 541.110319][T12405] loop1: detected capacity change from 0 to 1 14:22:19 executing program 0: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r0, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NL80211_ATTR_WIPHY_ANTENNA_TX={0x8, 0x69, 0x14e}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1685}, @NL80211_ATTR_WIPHY_RETRY_LONG={0x5}, @NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x4091}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0xd1f44e722c8175fa) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="010000000000000000001a000000973e21de9d8310ffdeaa944ee96db806a06228d33084a857f07223d04bcc1b54b9ad014844872592b7fdf31b9d3b0b279ce78af36bff340c10b19924b96d8c6a41cf366b1bd38cb03a3d7b33b0bceaff9e0a6c9ecad345e72563491b64fcc61393c34e96718ed91b142c16cb2534be8eb10b3de002e03e4b284430b845d7fd09c99359a4fd4582dae09e3c4d7a3b0479d5ffd32930fa42f81300cd0210c4aeea928f9e95eeb812d48cd5cf801876f1ba5e9b05cf9fb87d48da2d"], 0x14}}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000700)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000006c0)={&(0x7f0000000400)={0x294, r4, 0x4, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_TX_RATES={0x228, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x1c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_5GHZ={0x44, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x7, 0x2, [{0x0, 0x7}, {0x3, 0x5}, {0x4, 0x3}]}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x9, 0x3, 0x1, 0x36, 0x12, 0xb, 0x3, 0xc, 0x60, 0x16, 0x1b, 0x18, 0x24, 0x1, 0x2, 0xb, 0xc, 0x9, 0x18, 0x4, 0x48, 0x1, 0x3, 0x10, 0x48, 0x63, 0x6c, 0x4, 0x30]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfffc, 0xfff8, 0x392, 0x1000, 0x2, 0x6, 0x8001, 0x4]}}]}, @NL80211_BAND_60GHZ={0x110, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x26, 0x2, [{0x7, 0x1}, {0x1, 0x9}, {}, {0x4, 0x8}, {0x3, 0x9}, {0x0, 0x2}, {0x5, 0x5}, {0x4, 0x2}, {0x1, 0x5}, {0x7}, {0x4, 0xa}, {0x6, 0x4}, {0x5}, {0x0, 0x3}, {0x4, 0x2}, {0x0, 0x2}, {0x0, 0x2}, {0x3, 0x4}, {0x0, 0x7}, {0x7}, {0x3, 0x1}, {0x5}, {0x4, 0x7}, {0x6}, {0x1}, {0x1, 0x1}, {0x2, 0x9}, {0x1, 0x6}, {0x7, 0x9}, {0x0, 0x7}, {0x1, 0x7}, {0x5, 0x3}, {0x5, 0xa}, {0x4, 0x6}]}, @NL80211_TXRATE_HT={0x12, 0x2, [{0x5, 0x6}, {0x4, 0x8}, {0x6, 0x4}, {0x5, 0x1}, {0x0, 0x9}, {0x5, 0x8}, {0x4, 0x4}, {0x0, 0xa}, {0x7, 0x5}, {0x3, 0x7}, {0x1, 0x5}, {0x0, 0x7}, {0x5, 0xa}, {0x0, 0x4}]}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x12, 0x12, 0xc, 0xc, 0x12, 0x6, 0x36, 0x2, 0xea57ef6cbc9222ac, 0x6, 0x12, 0x16, 0x36, 0x3, 0xb, 0x30, 0x60, 0x12, 0x6c, 0x9, 0x36, 0x2, 0xc, 0x5, 0x48, 0x9, 0x4, 0x24]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x400, 0xfff9, 0x7f, 0x3ea4, 0x4a7, 0x40, 0x6, 0x7c]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x1, 0xcec, 0x8, 0x7f, 0x8001, 0x392f]}}, @NL80211_TXRATE_HT={0x41, 0x2, [{0x6, 0x1}, {0x6, 0x1}, {0x5, 0xa}, {0x1, 0x2}, {0x1, 0x7}, {0x0, 0xa}, {0x3, 0x5}, {0x6, 0x9}, {0x0, 0x7}, {0x7, 0x3}, {0x1}, {0x4, 0x5}, {0x6, 0x2}, {0x7, 0x2}, {0x1, 0x9}, {0x2, 0x1}, {0x0, 0x3}, {0x5, 0x8}, {0x0, 0x7}, {0x1}, {0x1, 0x4}, {0x0, 0x3}, {0x0, 0x8}, {0x7, 0x8}, {0x7, 0x1}, {0x5, 0x3}, {0x6, 0x2}, {0x7, 0x2}, {0x5, 0x5}, {0x3}, {0x6, 0x9}, {0x3, 0x6}, {0x3}, {0x6, 0x8}, {0x4, 0x7}, {0x6, 0x2}, {0x6, 0x7}, {0x4, 0x3}, {0x7, 0x7}, {0x4, 0xa}, {0x5, 0x9}, {0x7, 0x3}, {0x7}, {0x6, 0x4}, {0x6, 0x9}, {0x3, 0x8}, {0x3, 0x6}, {0x4, 0x7}, {}, {0x4, 0x4}, {0x1, 0x6}, {0x7, 0x9}, {0x2, 0x7}, {0x2, 0x7}, {0x3, 0x8}, {0x2, 0x8}, {0x5, 0x9}, {0x1, 0x6}, {0x4, 0x9}, {0x7, 0x3}, {0x1, 0x1}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6469, 0x9b, 0x7fff, 0x9, 0x2000, 0x6f, 0x21, 0x3]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xbb, 0x2, 0x8, 0x6, 0x6, 0x2, 0x36, 0xfe]}}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0xc, 0x9, 0x6, 0x24, 0x30, 0x1b, 0x36, 0x1, 0x56, 0x1b, 0x60, 0x6, 0x36, 0x2, 0x72, 0x6c, 0x6, 0xc, 0x16, 0xd, 0xe5eb1473926390be, 0x5, 0x36]}]}, @NL80211_BAND_5GHZ={0xb4, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4f, 0x2, [{0x2, 0x7}, {0x6, 0x9}, {0x5, 0x6}, {0x1, 0x9}, {0x5, 0x3}, {0x5, 0x4}, {0x3, 0x2}, {0x5, 0x4}, {0x5, 0x8}, {0x4, 0x6}, {0x4, 0x2}, {0x7, 0x2}, {0x1, 0x9}, {0x3, 0x3}, {0x2, 0x4}, {0x4, 0x5}, {0x2, 0x4}, {0x0, 0xa}, {0x4, 0x8}, {0x4, 0x2}, {0x0, 0xa}, {0x1, 0x3}, {0x6, 0x8}, {0x6, 0x8}, {0x1, 0x4}, {0x3, 0x5}, {0x1, 0x3}, {0x7, 0x9}, {0x5, 0x3}, {0x0, 0x1}, {0x5, 0x8}, {0x1, 0x8}, {0x7, 0x1}, {0x2, 0x3}, {0x6, 0x7}, {0x4, 0x8}, {0x0, 0x1}, {0x7, 0x2}, {0x0, 0x6}, {0x1, 0x6}, {0x2, 0x9}, {0x4}, {0x4, 0x9}, {0x3, 0x3}, {0x7, 0x8}, {0x7, 0x6}, {0x5}, {0x0, 0x5}, {0x1, 0x4}, {0x0, 0x2}, {0x0, 0x3}, {0x2, 0x6}, {0x1, 0x3}, {0x4, 0x8}, {0x0, 0x8}, {0x3, 0x7}, {0x1, 0x5}, {0x2, 0xa}, {0x6, 0x7}, {0x1, 0x5}, {0x5, 0x5}, {0x5, 0x8}, {0x3, 0x8}, {0x3, 0x1}, {0x6, 0x8}, {0x2, 0x9}, {0x3, 0xa}, {0x0, 0x9}, {0x7, 0x5}, {0x2, 0x8}, {0x2, 0x5}, {0x6, 0x4}, {0x1, 0x2}, {0x0, 0x6}, {0x2, 0x8}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0xb, 0x6c, 0x3, 0x18, 0x2, 0x30, 0x18, 0x6c, 0x1, 0x4, 0x36, 0x16, 0x9]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x800, 0x8000, 0x40, 0x8000, 0x0, 0x2, 0x0, 0x6]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xeddd, 0x7f, 0xeb, 0x4, 0xb2, 0xac, 0x54, 0x6]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2b, 0x5b0, 0x101, 0x4, 0x5, 0x20, 0x9, 0x6]}}]}]}, @NL80211_ATTR_TWT_RESPONDER={0x4}, @NL80211_ATTR_HIDDEN_SSID={0x8}, @NL80211_ATTR_HE_OBSS_PD={0x14, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET={0x5, 0x1, 0x11}, @NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET={0x5, 0x2, 0xb}]}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x7}, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @crypto_settings=[@NL80211_ATTR_SAE_PASSWORD={0x1f, 0x115, "0fbec1053fc590dff9ac4f20a3477a0b95b129e8207936e666e1f7"}]]}, 0x294}, 0x1, 0x0, 0x0, 0x54}, 0x804) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$SG_GET_NUM_WAITING(r1, 0x227d, &(0x7f00000001c0)) ioctl$SG_GET_SG_TABLESIZE(r1, 0x227f, &(0x7f0000000000)) [ 541.116755][T12392] loop4: p1 p2 p3 p4 [ 541.121832][T12392] loop4: p1 start 115140 is beyond EOD, truncated [ 541.128381][T12392] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 541.136583][T12392] loop4: p3 start 225 is beyond EOD, truncated [ 541.138960][T12405] loop1: p1 p2 p3 p4 [ 541.142897][T12392] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 541.146878][T12405] loop1: p1 start 115140 is beyond EOD, truncated [ 541.160597][T12405] loop1: p2 start 11 is beyond EOD, truncated 14:22:19 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xaa, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r3, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) fsetxattr$trusted_overlay_origin(r2, &(0x7f0000000080), &(0x7f00000000c0), 0x2, 0x1) 14:22:19 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) r1 = syz_open_dev$vcsu(&(0x7f0000000000), 0x2, 0x301) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000100)={0x53, 0xffffffffffffffff, 0x7, 0xba, @buffer={0x0, 0x13, &(0x7f0000000040)=""/19}, &(0x7f0000000080)="92bd928847b680", &(0x7f0000000400)=""/4096, 0x7, 0x10017, 0x2, &(0x7f00000000c0)}) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:19 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x5a702, 0x18) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) [ 541.164454][T12422] loop3: detected capacity change from 0 to 1 [ 541.166697][T12405] loop1: p3 start 225 is beyond EOD, truncated [ 541.166713][T12405] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 541.187506][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 541.195615][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 541.220859][T12422] loop3: p1 p2 p3 p4 [ 541.231721][T12392] loop4: detected capacity change from 0 to 1 [ 541.239538][T12422] loop3: p1 start 115140 is beyond EOD, truncated [ 541.246201][T12422] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 541.250776][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 541.253966][T12422] loop3: p3 start 225 is beyond EOD, truncated [ 541.261333][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 541.267480][T12422] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 541.279209][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 541.290225][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 541.307949][T12392] loop4: p1 p2 p3 p4 [ 541.312441][T12392] loop4: p1 start 115140 is beyond EOD, truncated [ 541.318894][T12392] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 541.326503][T12392] loop4: p3 start 225 is beyond EOD, truncated [ 541.332723][T12392] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 541.346399][T12422] loop3: detected capacity change from 0 to 1 [ 541.403141][ T1232] loop4: p1 p2 p3 p4 [ 541.405309][T12422] loop3: p1 p2 p3 p4 [ 541.409710][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 541.411627][T12422] loop3: p1 start 115140 is beyond EOD, truncated [ 541.417564][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 541.419114][ T1232] loop4: p3 start 225 is beyond EOD, [ 541.424040][T12422] loop3: p2 size 1073872896 extends beyond EOD, [ 541.431152][ T1232] truncated [ 541.436579][T12422] truncated [ 541.437863][T12422] loop3: p3 start 225 is beyond EOD, [ 541.442942][ T1232] loop4: p4 size 3657465856 extends beyond EOD, [ 541.446023][T12422] truncated [ 541.446028][T12422] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 541.449145][ T1232] truncated 14:22:20 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) 14:22:20 executing program 0: ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x2, 0x1, 0x0}) r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r1, 0x1}, {}], 0x3, 0x80000006) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000400)={0x0, 0xfffffffffffffffb, 0x0, 0x52, @buffer={0x0, 0x87, &(0x7f0000000000)=""/135}, &(0x7f00000000c0), &(0x7f0000000100)=""/250, 0xa000, 0x2, 0x0, &(0x7f0000000200)}) 14:22:20 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf8008000c0000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:20 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/exe\x00', 0x0, 0x0) r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x501400, 0x0) write$binfmt_elf64(r2, &(0x7f0000000200)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x5, 0x40, 0x20, 0x6, 0x2, 0x3e, 0x80, 0x3e6, 0x40, 0x24, 0x2, 0x3, 0x38, 0x2, 0x6, 0x2, 0x7}, [{0xc4f1c2945921cd03, 0x10001, 0x9, 0x0, 0x7, 0xb070, 0x1f, 0x1}, {0x70000000, 0x9030, 0xdc, 0x20, 0xa, 0x4, 0xffffffffffffffc1, 0x7fffffff}], "d7f38ab0aa425c425797e9bd79d935089cfd08eb40ab71350b9cdfe55377b8d3da4614ae0e32ae91807e2caeae0bb9ef71bb5261f1803455344ec667d62712de44176cd681fb80d09680ce4f1489259adcc81d0537a70573", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x808) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) 14:22:20 executing program 4: syz_read_part_table(0x102, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:20 executing program 3: syz_read_part_table(0x14e, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 541.599923][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 541.607978][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 541.615678][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 541.623783][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 541.631527][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 541.639534][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:20 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x440, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4000000, 0x2010, r1, 0xdeabf000) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:20 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r2, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) splice(r0, &(0x7f0000000140)=0xfffffffffffffffb, r1, &(0x7f0000000200)=0xf72, 0x7, 0x0) r3 = signalfd4(r0, &(0x7f0000000080)={[0x5]}, 0x8, 0x80000) r4 = openat(r3, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x800008, 0x100010, r4, 0x0) r5 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x50000, 0x0) ioctl$RTC_EPOCH_SET(r5, 0x4008700e, 0x2) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) [ 541.654117][T12491] loop4: detected capacity change from 0 to 1 [ 541.656778][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 541.667007][T12494] loop1: detected capacity change from 0 to 1 [ 541.668431][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:20 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r2, 0x1}, {}], 0x3, 0x80000006) ioctl$SG_IO(r1, 0x2285, &(0x7f0000002580)={0x53, 0xfffffffffffffffc, 0x76, 0x3f, @scatter={0x6, 0x0, &(0x7f0000000200)=[{&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000000000)=""/3, 0x3}, {&(0x7f0000000040)=""/225, 0xe1}, {&(0x7f0000000140)=""/61, 0x3d}, {&(0x7f00000001c0)=""/45, 0x2d}, {&(0x7f0000001400)=""/175, 0xaf}]}, &(0x7f00000014c0)="68f461fdbfa3fb90c844931ee619a19290ebb023b70febe3ca3c151a3ac47e1f547859527e0c8f4f3920818036236f7acc04e5b770170af1149788e978465194d5ade29a3cfa149ea1f0ae18ad3904cdf1344cb01f349f7db0218f006cda8705e5bcf3275bba7df2e9c3e262eb032fdaca9ab3d4e4bc", &(0x7f0000001540)=""/4096, 0x0, 0x10026, 0x0, &(0x7f0000002540)}) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 541.703229][T12491] loop4: p1 p2 p3 p4 [ 541.709001][T12491] loop4: p1 start 115140 is beyond EOD, truncated [ 541.715676][T12491] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 541.723774][T12491] loop4: p3 start 225 is beyond EOD, truncated [ 541.729988][T12491] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 541.732507][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 541.743172][T12494] loop1: p1 p2 p3 p4 [ 541.745111][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 541.749625][T12494] loop1: p1 start 115140 is beyond EOD, truncated [ 541.763481][T12494] loop1: p2 start 12 is beyond EOD, truncated [ 541.770032][T12494] loop1: p3 start 225 is beyond EOD, truncated [ 541.775585][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 541.776333][T12494] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 541.784342][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:20 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x8, 0x100010, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) [ 541.788743][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 541.795431][T12505] loop3: detected capacity change from 0 to 1 [ 541.798977][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:20 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) openat(r1, &(0x7f0000000080)='./file0\x00', 0x10000, 0x60) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmsg$inet6(r1, &(0x7f0000000840)={&(0x7f00000000c0)={0xa, 0x4e23, 0x80000001, @private0={0xfc, 0x0, '\x00', 0x1}, 0x902f}, 0x1c, &(0x7f0000000740)=[{&(0x7f0000000200)="169a5dd70259e9d44e2423c2aeff91ffb523046927f0b9b62decc2caca333d864e27b2e55de6c646160ad7af076a1f539fbfc32bce677f94e91b0f3a2be0cc3281046bbdcce4b8c48e5795d94e319dce2a21f9bb8f4959462ede2279ceacfcc42458efd72a6873cb", 0x68}, {&(0x7f0000000280)="89e8d66a37e123d4f1a57a4b5ce592e5b29847b4a4ef4da43a1ea05813c582f0fad4aae4f4db963b655404fc03e9701c61e240d90837171f5738bb687c6e1f57fb937acb139ce7a7d24269a64c06e62764f893368f8020962bf92d34b47a19c5aee084c6fb570a9acc83883e8aef19ffc4bb161d2708d29c986c4c97772f876737a072c2acb86acc70d9b40ad8ae05ee1de192d9dfa0a601a516c5c88ec7ffa43fdf50db576cf9fd6da8507049678b3279dbb940a40576e5c1e39a75af18e796060b62df2cc5cc20d0eac2c7a286c9e34e4d0d4d0b41cbccbbf8fb40102528d18ec31a0eb46f4c", 0xe7}, {&(0x7f0000000380)="5ce1e8b3bbb1c3469623201485d4559bd38ac49d0874ebf4b937ef1c7a20eeb71be2a8d7efaaa175ac4324ce6f39cda5017afc144fa22f81e7724cc350a329ed969baaee2bc01a26cd3abc7b505c796c0a65e33217f4b89b8351ea458ac4a691d0c9618215d8713c576480047df2335d70fcb6ea57fd355e7809c0df9ac031adcb0d7a1680463bd3d3cf062832f1d0c7fff9d087de22625c29524998cca84c070ee35be859", 0xa5}, {&(0x7f0000000440)="507fe22c6ac27e13e4164e70d133a668ede30d7ac1e20a1ff6e5f6c3efb40250aeaf69a268b94c6e37b9e6706e2db76e9cd76161942017a197cc15d34177e4c3734af82618448092f4858fccd6f7970842dabda6d104e6fbcb655bb7f53869610282254ecc2343028e30300dd77e60c2d895d84319eefc45558ab7b160d23e1e31408617ce607ed47d61f8b3af9eb20c95ffe2e4929b0834249664172389ce104d1af3512f0e6f0da55b290183050f4cc39c65dd740cecc2c65193c254", 0xbd}, {&(0x7f0000000500)="974776433561ee0e059b2b23699fc148a68f46a3d86e97ada9cde148d009957d121df90e84d5dfd205ded2fc077b1ae5b7c7aa9d639745d5c302e240a43f04a336328961b724e007708b527a405468b488631ccad33c05e8ba311c3498352c399e7d632d11", 0x65}, {&(0x7f0000000140)="54aa5f0f899d948717a906743d343dd5adc1a9ff7033e9ce8bc4df34fd2c8d63380efb9c3b791756861f0363f3881d359dcc3394bbf3d8", 0x37}, {&(0x7f0000000580)="7a63a8761bacc35a2d5b5c3417b93d59ee1e4c3acc9473d898bb40505a1a037d9b4f", 0x22}, {&(0x7f00000005c0)="96bb04a39f4867dea1fe5e0552379f4b409b20e8c297fdecbf59a141adb04d94037435bb8ce9b24de81f01894093d9b4cbef8e0ee5b3474ca66fe4b1eab2caa7c04c8bee9c373f857c9c8763f064231809f1ad731acd0b146d8ccb5db6dca6149928a6e130ebff8b7df05fe04ab1adc2756dafccfebd21a1e8207443fbfadd034f3aa734f9355ddb88f4217713255eb5b0d0d10d6753b291c019086799bc069a76e4701c7431ce93a5435f5dfeed429aa745cec1e056c57067561ed238650dfc3dce7e498722d3901220d55cabdc49339c47", 0xd2}, {&(0x7f00000006c0)="71753667d5684b6d26729c024beb3d05c8625bc60def9c3c46b2961191b91e1c0f5e85c668a7fc56d898a9034e594906e8f7bef6f164de2f70407c6962d0d7e4162c2a52ebf6851d96b8323fc52bedbeb92e062e9a", 0x55}], 0x9, &(0x7f0000000800)=[@pktinfo={{0x24, 0x29, 0x32, {@private1}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x5}}], 0x40}, 0x20000040) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) 14:22:20 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf8008000d0000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 541.846703][T12491] loop4: detected capacity change from 0 to 1 [ 541.852965][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 541.861077][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 541.886576][T12491] loop4: p1 p2 p3 p4 [ 541.889830][T12505] loop3: p1 p2 p3 p4 [ 541.890949][T12491] loop4: p1 start 115140 is beyond EOD, truncated [ 541.895228][T12505] loop3: p1 start 115140 is beyond EOD, [ 541.901173][T12491] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 541.907234][T12505] truncated [ 541.907239][T12505] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 541.923053][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 541.925766][T12491] loop4: p3 start 225 is beyond EOD, [ 541.933294][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:20 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f0000000280)={0x0, r1+10000000}, 0x0) [ 541.933298][T12491] truncated [ 541.933687][T12505] loop3: p3 start 225 is beyond EOD, [ 541.938712][T12491] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 541.948769][ T1232] loop4: p1 p2 p3 p4 [ 541.949314][T12505] truncated [ 541.949320][T12505] loop3: p4 size 3657465856 extends beyond EOD, [ 541.954738][ T1232] loop4: p1 start 115140 is beyond EOD, [ 541.961793][T12505] truncated [ 541.984054][ T1232] truncated [ 541.987159][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated 14:22:20 executing program 4: syz_read_part_table(0x14e, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 541.987723][T12539] loop1: detected capacity change from 0 to 1 [ 541.995772][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 542.006975][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 542.026369][T12505] loop3: detected capacity change from 0 to 1 [ 542.058261][T12539] loop1: p1 p2 p3 p4 [ 542.062483][T12539] loop1: p1 start 115140 is beyond EOD, truncated [ 542.068983][T12539] loop1: p2 start 13 is beyond EOD, truncated [ 542.075213][T12539] loop1: p3 start 225 is beyond EOD, truncated [ 542.081495][T12539] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 542.088745][T12505] loop3: p1 p2 p3 p4 [ 542.093149][T12505] loop3: p1 start 115140 is beyond EOD, truncated [ 542.099658][T12505] loop3: p2 size 1073872896 extends beyond EOD, truncated 14:22:20 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf8008000e0000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 542.123016][T12505] loop3: p3 start 225 is beyond EOD, truncated [ 542.129478][T12505] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 542.151354][T12567] loop4: detected capacity change from 0 to 1 14:22:20 executing program 3: syz_read_part_table(0x1cd, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 542.198413][ T1232] loop3: p1 p2 p3 p4 [ 542.202550][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 542.208012][T12567] loop4: p1 p2 p3 p4 [ 542.209221][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 542.213188][T12567] loop4: p1 start 115140 is beyond EOD, truncated [ 542.226825][T12567] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 542.231286][T12578] loop1: detected capacity change from 0 to 1 [ 542.240528][T12567] loop4: p3 start 225 is beyond EOD, truncated [ 542.246812][T12567] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 542.263906][ T1232] loop3: p3 start 225 is beyond EOD, truncated [ 542.270336][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 542.288444][T12578] loop1: p1 p2 p3 p4 [ 542.292739][T12578] loop1: p1 start 115140 is beyond EOD, truncated [ 542.299213][T12578] loop1: p2 start 14 is beyond EOD, truncated [ 542.305293][T12578] loop1: p3 start 225 is beyond EOD, truncated [ 542.311576][T12578] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 542.382241][T12567] loop4: detected capacity change from 0 to 1 [ 542.410246][T12599] loop3: detected capacity change from 0 to 1 14:22:21 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf8008000f0000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 542.445557][T12567] loop4: p1 p2 p3 p4 [ 542.449829][T12567] loop4: p1 start 115140 is beyond EOD, truncated [ 542.456316][T12567] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 542.477650][T12567] loop4: p3 start 225 is beyond EOD, truncated [ 542.480304][T12607] loop1: detected capacity change from 0 to 1 [ 542.483990][T12567] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 542.498116][T12599] loop3: p1 p2 p3 p4 [ 542.502557][T12599] loop3: p1 start 115140 is beyond EOD, truncated [ 542.509033][T12599] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 542.516941][T12599] loop3: p3 start 225 is beyond EOD, truncated [ 542.523151][T12599] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 542.535656][ T1232] loop4: p1 p2 p3 p4 [ 542.540302][T12607] loop1: p1 p2 p3 p4 [ 542.544434][T12607] loop1: p1 start 115140 is beyond EOD, truncated [ 542.548019][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 542.550982][T12607] loop1: p2 start 15 is beyond EOD, [ 542.557468][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 542.569988][T12607] truncated [ 542.573193][T12607] loop1: p3 start 225 is beyond EOD, truncated [ 542.578366][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 542.579486][T12607] loop1: p4 size 3657465856 extends beyond EOD, 14:22:21 executing program 4: syz_read_part_table(0x1cd, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:21 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000500)={0x0, 0xffffffffffffffff, 0x3f, 0xff, @scatter={0x2, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/159, 0x9f}, {&(0x7f0000000140)=""/55, 0x37}]}, &(0x7f0000000200)="b73a5394146d57c2b6d89a9ccabca38cf8c6b5fd78c9194afbd4c87fe8639e5f7cb8294eb36e687d9f29b89461b8a65fb49365feaef8f2f600e2fea7de5f51", &(0x7f0000000400)=""/204, 0x2, 0x10000, 0x2, &(0x7f0000000240)}) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xf7, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d10dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000040)=0x1) ioctl$SCSI_IOCTL_STOP_UNIT(r0, 0x6) ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000000)) r1 = inotify_init1(0x800) dup3(r1, r0, 0x0) [ 542.585696][ T1232] loop4: p4 size 3657465856 extends beyond EOD, [ 542.592036][T12607] truncated [ 542.601492][ T1232] truncated [ 542.611793][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 542.619853][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 542.637961][T12599] loop3: detected capacity change from 0 to 1 [ 542.646710][ C0] sd 0:0:1:0: [sg0] tag#8027 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 542.657208][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB: Play audio msf [ 542.663667][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 542.673243][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 542.682819][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb 14:22:21 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) [ 542.692492][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 542.702162][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 542.711754][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 542.721335][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 542.731041][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 542.740717][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 542.750460][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 542.760045][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 10 df [ 542.769618][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB[b0]: f1 8d 90 f8 d6 b7 2d 87 04 f7 f1 51 43 4d 12 88 [ 542.779200][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB[c0]: 97 7c 89 fd 60 fe ed a6 9b 92 b1 d7 de 5d 7f 57 [ 542.789509][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB[d0]: ee d4 0f be 3b 18 5c 30 57 a6 4d 9b 5c cf 4b b9 [ 542.799119][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB[e0]: ed 74 5b 60 d7 e6 9d 1f 2e 55 83 3a 64 f3 71 e4 [ 542.808782][ C0] sd 0:0:1:0: [sg0] tag#8027 CDB[f0]: c4 62 f7 3e f5 24 ab [ 542.817217][ C1] sd 0:0:1:0: [sg0] tag#8028 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 542.825140][T12599] loop3: p1 p2 p3 p4 [ 542.827589][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB: Play audio msf [ 542.831621][T12599] loop3: p1 start 115140 is beyond EOD, truncated [ 542.838491][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB[00]: 47 49 34 17 12 1f 19 2f c9 13 02 77 c1 42 a9 9f [ 542.844882][T12599] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 542.854452][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB[10]: 3e b2 9d 15 d8 8c fa 2a 35 cb 80 ac 5b 20 fb ef [ 542.861902][T12599] loop3: p3 start 225 is beyond EOD, truncated [ 542.871155][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB[20]: fc 01 da 11 d9 e5 84 bf 7e 2e fa a7 92 b8 e9 cb [ 542.877444][T12599] loop3: p4 size 3657465856 extends beyond EOD, [ 542.886981][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB[30]: d0 35 d0 6d 94 4b 20 36 e8 9b a3 18 f2 71 c4 43 [ 542.886997][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB[40]: 93 52 a5 ed bb ca d4 05 60 f4 7c 83 ce 40 02 30 [ 542.893321][T12599] truncated [ 542.915815][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB[50]: b2 51 65 1a 5d 71 86 e8 fa ca 0e 34 2c 7e ac 19 [ 542.925390][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB[60]: 0e 63 87 a2 66 fa 80 33 6b e7 47 1d bf 4c b0 d2 [ 542.935062][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB[70]: 56 96 2a b0 af f8 6c fc f9 d4 12 8d 1d 8b 70 91 [ 542.944825][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB[80]: ba 36 d8 8f 88 a7 4e 22 fc f3 7e 48 cb d1 1b c3 [ 542.954428][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB[90]: c0 68 31 4f 63 bc e3 73 f7 88 46 98 bd 3d f9 d5 [ 542.964168][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB[a0]: 5d 7f 95 15 f5 9b 4b 9b 93 10 2f 55 44 0d 10 df [ 542.973936][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB[b0]: f1 8d 90 f8 d6 b7 2d 87 04 f7 f1 51 43 4d 12 88 [ 542.983536][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB[c0]: 97 7c 89 fd 60 fe ed a6 9b 92 b1 d7 de 5d 7f 57 14:22:21 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800800110000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:21 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) r2 = open_tree(r1, &(0x7f0000000100)='./file0\x00', 0x88201) preadv(r1, &(0x7f0000000240)=[{&(0x7f00000001c0)=""/93, 0x5d}, {&(0x7f0000000400)=""/157, 0x9d}, {&(0x7f00000004c0)=""/199, 0xc7}], 0x3, 0x4, 0x9) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000140)={0xc, 0x2, 0x7, "ef403ab1254c9d65f365fcc2"}) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000000)={0xd7, 0x0, 0x10001, "b077d7d9250aa309341aa7f0a4acf9232131fe68a3ebeadb50b49b4b5af0f517ac0d75f80323f1ba5cdf069cfe4eb8fe9432583e8722714704bbaa804a69865a0f8e812eefc37f7496769bbe0b9d6b776d6b6bcf6ded236b84147b9bbd47ea24168d739c33d38e6dfe37e09aada05031adb58f37b0e3f561ca99818765459d016c5577bde28fd43a4b3ac0eb28e8dcabc87c9477797e17f9b876fdf4dfb3d0e399d38a3f9d59eccb7ffba0c8b1ba15fd29b13266a6f7d57c5e1fd91f8474a190c7e717ef970f4b33a1a1a97b28d841c58ced31ab7d120d"}) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 542.993119][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB[d0]: ee d4 0f be 3b 18 5c 30 57 a6 4d 9b 5c cf 4b b9 [ 543.002810][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB[e0]: ed 74 5b 60 d7 e6 9d 1f 2e 55 83 3a 64 f3 71 e4 [ 543.012485][ C1] sd 0:0:1:0: [sg0] tag#8028 CDB[f0]: c4 62 f7 3e f5 24 ab 14:22:21 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x10000) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @buffer={0x0, 0x1000, &(0x7f0000000400)=""/4096}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:21 executing program 3: syz_read_part_table(0x1ee, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:21 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_percpu\x00', 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000440)={&(0x7f0000000380), 0xc, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="0c002dfddbdf2501000000000000000141000000200017305f766972745f776966690000000000000000000000000000000000f2886d4c69eee4ad18c43c87a7d9dea6422f37489ef456185accca2660f9ebb970c93b90834dab12ba2ca268645cdd19c5ec594f470065c0561444bd970f2e448226534b59794596383497453253752dea7743c17668095281720e7d878180fe65e4a18385969f2b1197bbfa75d1a86f75bd945e6f1b883793e90563884f05177e9e6b"], 0x3c}}, 0x4024884) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r3, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) preadv(r2, &(0x7f00000003c0)=[{&(0x7f00000002c0)=""/14, 0xe}, {&(0x7f0000000300)=""/110, 0x6e}, {&(0x7f0000000580)=""/141, 0x8d}, {&(0x7f0000000640)=""/192, 0xc0}], 0x4, 0x3, 0x8000) sendmsg$TIPC_CMD_GET_LINKS(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x24, r1, 0x8, 0x70bd2d, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0x99e3}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x80) r4 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r4, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x300000c, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r4, 0x227d, &(0x7f00000001c0)) 14:22:21 executing program 0: ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) syz_io_uring_setup(0x66eb, &(0x7f0000000040)={0x0, 0x768a, 0x2, 0x2, 0x34f}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000100)) r1 = syz_io_uring_setup(0x76fb, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000400)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x7, &(0x7f00000001c0)={0x0, 0x3938700}, 0x1, 0x0, 0x0, {0x0, r4}}, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r0, r3, &(0x7f0000000140)=@IORING_OP_FSYNC={0x3, 0x5, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x0) ioctl$SG_SET_TIMEOUT(0xffffffffffffffff, 0x2201, &(0x7f0000000000)=0x4) [ 543.085168][T12651] loop4: detected capacity change from 0 to 1 [ 543.091690][T12652] loop1: detected capacity change from 0 to 1 [ 543.098310][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 543.106534][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 543.116184][ T1232] loop3: p1 p2 p3 p4 [ 543.120712][T12651] loop4: p1 p2 p3 p4 [ 543.124899][T12651] loop4: p1 start 115140 is beyond EOD, truncated [ 543.128114][ T1232] loop3: p1 start 115140 is beyond EOD, truncated [ 543.131359][T12651] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 543.137820][ T1232] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 543.145490][T12651] loop4: p3 start 225 is beyond EOD, truncated [ 543.158497][T12651] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 543.165818][T12652] loop1: p1 p2 p3 p4 [ 543.170969][T12652] loop1: p1 start 115140 is beyond EOD, truncated [ 543.172513][ T1232] loop3: p3 start 225 is beyond EOD, truncated 14:22:21 executing program 5: r0 = accept$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000000c0)=0x14) dup2(0xffffffffffffffff, r0) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r1, 0x227d, &(0x7f00000001c0)) [ 543.177417][T12652] loop1: p2 start 17 is beyond EOD, truncated [ 543.183658][ T1232] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 543.189723][T12652] loop1: p3 start 225 is beyond EOD, truncated [ 543.203090][T12652] loop1: p4 size 3657465856 extends beyond EOD, truncated 14:22:21 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) write$P9_RLOCK(0xffffffffffffffff, &(0x7f0000000080)={0x8, 0x35, 0x1, 0x3}, 0x8) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r3, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r2, 0x8982, &(0x7f00000000c0)={0x0, 'veth1_to_team\x00', {0x2}, 0x8}) 14:22:21 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_io_uring_setup(0x58ac, &(0x7f0000000000)={0x0, 0x38c8, 0x20, 0x2, 0x283}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) dup3(r0, r1, 0x80000) [ 543.227816][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 543.235855][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 543.258982][T12651] loop4: detected capacity change from 0 to 1 [ 543.266229][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 543.274282][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 543.282341][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 543.290594][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 543.302380][T12680] loop3: detected capacity change from 0 to 1 [ 543.308365][T12651] loop4: p1 p2 p3 p4 [ 543.313029][T12651] loop4: p1 start 115140 is beyond EOD, truncated [ 543.319580][T12651] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 543.330069][T12651] loop4: p3 start 225 is beyond EOD, truncated [ 543.336590][T12651] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 543.345529][ T1232] loop4: p1 p2 p3 p4 [ 543.350035][T12680] loop3: p1 p2 p3 p4 [ 543.354247][T12680] loop3: p1 start 115140 is beyond EOD, truncated [ 543.358129][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 543.360850][T12680] loop3: p2 size 1073872896 extends beyond EOD, truncated 14:22:22 executing program 4: syz_read_part_table(0x1ee, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:22 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, 0x0, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) write$binfmt_script(r2, &(0x7f0000001400)={'#! ', './file0', [{0x20, 'ethtool\x00'}, {0x20, '/dev/sg#\x00'}, {0x20, '/dev/sg#\x00'}, {0x20, 'ethtool\x00'}, {0x20, '$+\xc7,-'}, {}, {0x20, '\\\x7f$/-'}, {}], 0xa, "73a014307797580813224e0b89bf39485dc8789224e2b412989da3d83d89b4e452111c332219952cc7a08c05d2efec073c98d26f923abd3a44e9c50c12d1e50482c57f6f0b2703172ed71fa31b95fbe39cb86d732a8935ff7a1806aa900da714b94c709558747fbe6f22f15e479768e920257e9a5803cc526eff904abe567a410888b65347b724681a"}, 0xc8) r3 = fcntl$dupfd(r0, 0x406, r0) openat(r1, &(0x7f0000000140)='./file0\x00', 0x11b000, 0x22) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000001200)=ANY=[@ANYBLOB="40000000ff00000006000000a2d7ca5bd7d770b4b0fecb9535cb5886747fe6c8a6683583edc8ef8ca0d00e322ed5c554eb7b9ce090e586120ba1b593817857556d4f3a06186012042156d357014db6d791465bbad440c58453a896638bc4b2e20fe56d87325f75d253e959c20a52376aa188f72bf63f32956ac91f17c4fb69a954e9df90bbdb7c69aa046104887d64581c00b7bd9d349e2d506f709afdf3c77b36964d9dc01256e01a145e8273e6a47b2ed62fdd3eff413d0513a8e4830180fbd6c912610c2f97e4d0776ead95ab52d9de1249ead7ad2b4907e526f082a265260c04d5c40f57ff0b846ee94dde5ec4cb10aded8e5e939f6c0d5390f4a12149aeb55d08420d446be965f2b3e3739d32817fecae1c44dde4229be535cee99a7f731ebb80b5fba00e70601a0f7576849529b29aa6c1d6cb86613d60a64c7f8620649f5b6b33959d8ff17a852cbaa993471dc0ee6bf95f8a93da88ab961984fa3fb58e89a695ae45e02a0611eaded6b541cfdc0a81b78f2a9d2438e69a2c8601bd6147066a19360411ded5329c421262ac5b5f3015e39d610065f424e20eeed84646dbe0446f6a1c54ffd779eba5888fa6035b93eeca1cedba8c7741a6464718126049e5d5eaaaa792d2839ca6cd1a4dce8ab96fc6fc547962629705727db432"]) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r6, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r3, &(0x7f0000001580)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f0000001500)={0x4c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5}}]}, 0x4c}}, 0x4000040) mmap(&(0x7f00001ac000/0x4000)=nil, 0x4000, 0x1, 0x13, r5, 0x59b7b000) ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x50009401, &(0x7f0000000200)={{r4}, "9bc009c48b8c33010bfdac044bb9f0bded398bda43ec3deeadb0ad89719ab86b792b5e309481af95f8c1ffb0e12d185a2f633b85ba2a86d3683a0f5bb32e1ac9b76b46e6844c030cfa5ae9021f6674ea7b5940e3c0cda1d17a68149241440af0884ee49b4733f99750ad88943af937285adbd881bf0abb0bcd546b216ad9b2835497521915714ec4e24125bcdf2ec680c4ebd0e622c9fa46572fb2600cb50e8830d7e4f3913635d8453e59c212ee61e6eb89976ba26a754831e69c51f92a8339915e2ae870477ede6034e400ad8f93ed79c135d417b6320be3cda72400fa42574aca07cbc7bd92c3921a2da79599ee1c7595e917bb763743cac4a114134ff1084c86ee4eb809869ad4b96e224d1ae126889f7c0fa0d24f6c6dab09a18eb8079bc0e4e79300ff343a878ff6348a9b493317275ebc45889af21ee3eaa09a01b39a899ee76dfce57b0fac31e2f9a8aabf2ac894514b5cab72463ae6a2765fab0680165081f092f90a23507f52ae5d58b88fb570954cdcd4b77135398bb085fb644fb12552b26b52dd3fa1e79a81d6c9fd929b24e36fe3cf4e71e77af50a3a5c345c2adcae938857181076e70b87d319ef3b32e306eaa0969fb093dfcf4ec532fa3dd9fc54a5bdac5745d209a7cf9d2b77b3358ca89460a20958cb3edc52d8351039cc6701d7ace21109e253825722cb907723a3517c4aae86382bc89e1a6f85268fec84c717ec80ca23bf67a432fa9962fca9011970c60f5ef4e90ebf86825f1e027c5bf61779cf210a5f8aedbf5df91720147ea42158ecf299d155845c807cabb005b4ba8053304161a8009211a48b9a5f62cfc9fce5e53b05b45f21a389a9055bead259ddd88fad7d43e6ebed305068f4b9a22bc4dcd0e7b7d4fe08c44915c331ba13a12acd8c69af3335e96cde9d5694b3edaa0cddf126467ab1434daff092b4fee10a67bbe6dc49cbd07c1471af46afb66bbf6e602a2893788b794cccde0a7789167e4e1d9a2def5e1b730948fd5a5418b17d13af78b7259a3d2b12a84fafcc4a88a5bd05ae66ec9af1fbbb819eb5d4259c4d23a1a628693994b48f0d3053c04e0896e2b38086cb77858bb109d16c111884ef6a8162c8fc095bb99e5d7dd2f35bd4ea8ab745eebe29ce0e6c16164d98c4b2300ecdabda04d806aeedba9f5161eb1c496bdeeab084b4fefd1af66e982146eecc75f78b740c254a15a5619593e7e5511d82066c7f0fbe22826ebd6ad08dfa66e2faaf27fb1b294d877aa637eb29d8a0362bc4100a6f47cb32925f9248da5919cfe6b2687e88931dd6846d9138e0339a5aa7f25801d2775caaebf76f1b5b494f2d66132e2d16306d47dcc0782f5dff375b52676b4e7912ca39d6a4846dbfe81f625b22d40b6329e9ccf805ac4c0c7a6a64e8668db7590c34bf01dba6e24af02ef7888d53204e668ffc3617b5fbdfb1d330d67bbab79f50441c88a8fc6b85a355f23678523119ab46d450e3040f450e6d2aad17d9a89a05b12a56c9d531088003684b2cc19ebafd0521e7a2264f19ffc58addf0dfb5bd585a5ed1b94a1774043c9994196522dc4c53196d9f1dfd85a50e06b8f5c2ae3373ca7c0f3fc3923de8ffc2e4916461691e7ea905cddc6d4de8f07d5bc9d1325ba5160ce574bd5800a77dc28e18b6aadcc5cc27b30f0b434d8f139a2317f3c92788252f7b0f08f19baffc97408c2e5db53198003495fcca052da32c05f6c0ab71fd1c5b772c296ce9002afb38224f2322771b8f82ec68b628d2894930e78c833f981356aa965b4100f9247741da8cd3310a50816ff26e5ae02bfb95b36f6a9deb1fe3a46de65e64b14b70429000a34d2f2aca91e866b274f59c22a40fd0a6428f351f501c4d3d5928f78c81d925cefe42d830c4d3a678a17c9026c06dfa93ad38acf9c1a28657fb74b64de92b841948ef510de96c020d0b667c9b1e4c14a0309a61d704233f0b2e160a9578871bbebeb88f2c68d98d11b7ed11d389792980238a372debbf1b1b7431ff19fe4b07a4d60a625404c785c51f441cf0e9a178c93a5fdbc2e61e21a72d893c5b8891af8bffef729ecb9011a3efd6edcc7e9dac0c3e1cd8b407bd9f6589c56c0f9ddc2cf2dbd5be859602af1752458a3656c0492dbe6aedaaaeef1534420f42a270fb986615175c6f97c33cce3c749a53cb6a99dc5e4b8eb53b79df0dc9a42f5962a9e19d81cd5966bf64e516bb64e9a6c3aafc4f1d60f964a1366cd4725d14fe7dc6e4dc0a6b79011755c99a49d3935b75e767dd280b769832a07988c292aa88af4ec11ae113c7a830d9578237ac48e62464e63bb999336d9591686e92aebc6fd1979f45b9dce03628e7274e513d8434428f61c359c46ab98332afbe1a37f07a1eb63ac73a219059148de56b3473f789f6ef2abc612e65c125be119d3a2480b58402069ba587b2f42f853b1f2dd29742147d535ebf73baeead0a53a3e1d7d5afb110010d755c9a81b9d5990cb272b5e96b67ad5f4d81eccb6a0abf0717f9c24cc46e76f3098437155dbdfa5882d122dcc687ef628d9e3c8beaa6cb2d69eb7132945898f79290e48ee9d076aa12f7475c5e59698d0e7ee9b5deeb8e52ffbc8fe5dee5f91f71947c89e68d9e22fd44e65e2e6553681ba37ed0acadb10a9a43f80a9c4f733b0f325bf708240ed469ee8e403b1eb85e0600f66c151637bc33821d8a772508336ae363c556fc44dd632fd1607fa23ee1d5eefb30527624807649c9050e685e600532f42f8d2aab503bab5eb0e71849e800e61a52fb9be4e0e0ebc1e0b57a0973acb33c4e2d27cb1d04b7bf9f0199a33735065fb6176f916a36376710ca2f3b11174ea022c83a1c0a90f2ab5f28db902598ad898540d5f00e3eb18cb435720c8369b0d5f092f0d0df4c33eaabed3d38b153e4461d347f6527e2bf2dab6d7612ef52ff3c071cfb4aba0456b8f0cf4064d6146a44eb4c8836006f7e07e5388b4b4562cc0380b78d02e0978af2e5a52713b88a5f3f2a78fbc2e0323fe7565ac7cb687f78121693e87ced7e3597c474362cd2869ee79771e831d8789947f0e91dbb392b6067b6d0fb2cf3201d29e03473742594644704fbc3d1b63a782d4e27637f494d4ff013851c116e5409a43eed7546866b7bca26cf06b26de3e5330dfea9332bfbc78e4a2b531d1c8d28d1e5449bb5c20cdf21d2e096955eccc0269137a1df5c13163d889d3fbde3a7ba6caaa02bf394d58108245577f93642806dca1563a3cb4629069e1326402482353b82a3602f6eb2ce71fbaea38e0a04cde96faef3d8dd3805d976a3709f92fa7a014128c0d4d2630ceee9116f9f2b92d9056900d14eda32aeebfec0e695e8722568724ce5ea98c64f976e8a77951ada5ad7b7541c1b1c3cc1759ce8725445b2551caedd492a5806bb04fcbc5f16e5d8f0682b1d0d2ebe626b2dd168e79244d0bff5a64a52aac9b7151645a15f4e2cafb00208c62e93e6ba10ed2e9299e6cffb20d65cb47bcb9aeccc1f9cc03726acb24d14418e61b156b9c773d34bdeda1c5c71256f2bb707392cf233a4606210519faab3490a4dcf1fa570a578ce2573f98d9d21a5347682b54b0e468ffec2c0342c71c07a12ff8cf8c7cab0964e00c834e2a03154e25f4ba3b2617b023af80721104316f0fdacd3db22ee1d9e237ac092c1c46ceb09522a0ee498bcf1e535dad5ca618acc7164d2eb20042fb7242d7a2f1d3e392e4491f6e788bc342cd3b0f4d39affd99de5586853499b40295f5b57e14ec506c4f48ccd6e0183deaa1c4d9a3604df008924f0397c5842c320f8071a1a3c91e0376c81e34229a6567a5a9ee702c2d7a42d3195970d96bb95cdd2a440e6b6a195a82fd9e61d45f93b652a5479180ee37730247fe34b13fee2b3853d24a5e249118978ba3337f4a15ee4bb7cb653b5a4620f8ce7f0339993a904a08d55316ec88ae7bd7e726383ed75a03ba0dbad71bbec4909b3bfd0043b21ccac0f30153ed1afadf05886f77491f1809c016eab1a16ad30fe158a476b41aba65557149449e1295b8cb26ee0bb43c0fd35b9d88c53e855a48ce8af3e2421205931a3188290360c2bf864f9a86d2928842f1e64bdb08b084e92e85d3d108f5b475214d57609d6817cfd14c71b22ba97efcded655bae3834b5b8cd690674dbfa821abbe094b00620294af9c29c89472cd5909732adf441fbe008ba5c16f115a51760f0875a272b4af1131b2e5e5c2e2a204568bf1a408d58eac44bf623debb9623d87e9a2b6d2b9155794ed8ea0717fb9f139b22fc954a752e96a77895a32272c6cb4ec08713aa4aac6237b1a849afd94a63eeb904e171d0501650652c74701c0739216fd7ce4717a0c4d44eab9c24d8e203d2bbe26253123d0ea1ae3fbfe8643c5e771dcb1d4085d9e8054fb63a9fe50c0866a9b33ffc2b33a85bd2145060bc8f22a8b2652a758e8a1b0f9dfa4c6bb01e1cf1d845f350b11e2a845dc0721ebf7685f753465de2dfebadde8b0f9e8b91953f5935e5ba1fc67f29d1f0e9093f59ba698e80271f1b233e07e3db4d9e30cde0b7f590abf63bd2928d1de5e3a0b9ff51030ac750ec2d6f4072ffa1e4d2264178c855c4225900c92f4a7c6f77f99c57897b9d490de047524c7691b9f8a7bc65b27172b49e0b6eb5b646b2cb312dca37f4a62eb65e8e7681e1b07aeaa23cfa9ccc65b350835fb8d87c41fa444763df7dacefa3d46fa67719002afc6dab25afd6465cb33a7eba46783c1fa82061aa7ed75d1f27789d2c74dc8bf741d9a3e01ecd20b815cbd26f7f5012c0d839e94ae3a386995d97177ccae4e8b21abf5502c601f72ffe56232016be973ddadfa2366e385c2e4c071616a3fea177b17cd252639e5c77f3a36e5d0b13de013825f6504a31e7ed54ee7fc7e37a533198b1ab2cca3d8e73411bd30f75bfaf26b621006ebe8afe83d07821e20267cbf787c5530cc93e2e6f67c877dbf47c0128cf3db1742e6e948d9dcbcdf8db7dc64411979231918b2577e1f8f84515fd0a1ae0972ed3a13f806d520765a52c97ffb0084f54785a9fc78bd8dcaba089568a9c0c90dbb7e111fcbcec0d78afa9a9eb987058a1758effc314aebe15fdfe61dd4b20204b66bbd2aec4f6dfa8a94c9cf18af8932778a61eebf942240ee8a1a3733270d77cc553e4996e799cde7dba2cb24971808299242e0774536278894d1bfa38174633c61fce3a199fd6256b38b6836c8c867bc60f513c2fea2f696929e00d4326f03bbbb79ffdd495bec1aee2e4fbe350ef60953657394d96082d7cf21722ae03ad020ce95a603726a645489effdabfc3b16e6c1fdda6f05b156b719321914f54483771cc3fc326c3ae2559bbdf2adfb3dfdc3d05c3aeedc38386edbf5aa79834faa1d18b4bf4b3f7081813695304eef62e355ea181f675fefdfea178be241c95ecf00e77aba2d25328c8d90fc9c98a3df16302f85ad951810e677978d9f46708e7523ecd177b605ebb9e5c4f4bd86e0518c708cc6e44217995ea165e03e2a45629c0f1af9ac419b0a1b384698353ed1c12137661204a4cbffdfb9656376eac8eb9e46117d01dab48c208efa24e45f7a6c36ce29d652aee531d916be374d62c8ced31fa9e6c7164a8885cdd46b5d84e1cc9d15988d758129f682e41fef5a5d31d3a394439bcf197e4ae85f760dbca3d6d59b0c80de08a5e8d4ac75c07353db59e65e7dda57c0bf3f7722c0f70359842cb279a9b1028b7b6ca310b316c99e06205aa2f276eedb002db424b6a67128c3f49e0276b0e19bf36cfca188dd31879bb0ff79df4e8"}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) [ 543.367326][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 543.375599][T12680] loop3: p3 start 225 is beyond EOD, truncated [ 543.384975][ T1232] loop4: p3 start 225 is beyond EOD, [ 543.388612][T12680] loop3: p4 size 3657465856 extends beyond EOD, [ 543.393975][ T1232] truncated [ 543.393976][T12680] truncated [ 543.393983][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 543.416766][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 543.424905][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 543.472367][T12680] loop3: detected capacity change from 0 to 1 [ 543.518187][T12680] loop3: p1 p2 p3 p4 [ 543.522377][T12680] loop3: p1 start 115140 is beyond EOD, truncated [ 543.524415][T12734] loop4: detected capacity change from 0 to 1 [ 543.528866][T12680] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 543.542800][T12680] loop3: p3 start 225 is beyond EOD, truncated [ 543.549347][T12680] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 543.556751][ T1232] loop4: p1 p2 p3 p4 [ 543.560875][ T1232] loop4: p1 start 115140 is beyond EOD, truncated [ 543.567630][ T1232] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 543.575426][ T1232] loop4: p3 start 225 is beyond EOD, truncated [ 543.581830][ T1232] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 543.590451][T12734] loop4: p1 p2 p3 p4 [ 543.594676][T12734] loop4: p1 start 115140 is beyond EOD, truncated [ 543.601201][T12734] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 543.608719][T12734] loop4: p3 start 225 is beyond EOD, truncated [ 543.614906][T12734] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 543.675426][T12734] loop4: detected capacity change from 0 to 1 [ 543.738206][T12734] loop4: p1 p2 p3 p4 [ 543.742432][T12734] loop4: p1 start 115140 is beyond EOD, truncated [ 543.748999][T12734] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 543.757269][T12734] loop4: p3 start 225 is beyond EOD, truncated [ 543.763452][T12734] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 544.022365][ T1232] ================================================================== [ 544.030729][ T1232] BUG: KCSAN: data-race in vfs_readlink / vfs_unlink [ 544.037474][ T1232] [ 544.039777][ T1232] write to 0xffff888150af23c0 of 4 bytes by task 11743 on cpu 0: [ 544.047474][ T1232] vfs_unlink+0x289/0x400 [ 544.052247][ T1232] do_unlinkat+0x238/0x4f0 [ 544.056775][ T1232] __x64_sys_unlink+0x2c/0x30 [ 544.061647][ T1232] do_syscall_64+0x4a/0x90 [ 544.066241][ T1232] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 544.072222][ T1232] [ 544.074525][ T1232] read to 0xffff888150af23c0 of 4 bytes by task 1232 on cpu 1: [ 544.082056][ T1232] vfs_readlink+0x1c5/0x280 [ 544.086543][ T1232] do_readlinkat+0x170/0x200 [ 544.091292][ T1232] __x64_sys_readlink+0x43/0x50 [ 544.096123][ T1232] do_syscall_64+0x4a/0x90 [ 544.100560][ T1232] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 544.106485][ T1232] [ 544.108788][ T1232] value changed: 0x00600008 -> 0x00600108 [ 544.114763][ T1232] [ 544.117149][ T1232] Reported by Kernel Concurrency Sanitizer on: [ 544.123369][ T1232] CPU: 1 PID: 1232 Comm: systemd-udevd Not tainted 5.13.0-rc4-syzkaller #0 [ 544.131930][ T1232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 544.142048][ T1232] ================================================================== 14:22:24 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:24 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000000)={0x71, 0x61ce, 0xc42d, "86231fb0c68fa4f1abe896130e2afff3a32d19baf65550d784bbbc4e959df665fab53ed4b0823f93e3acbcd38cbb741d994b87dc761be7839a45b0f39571aca8fd8a09ad9d50ed7474f7cfc2f8811950fce3f9f4bfbfd40e9c9a58d7220673c0b532350e140ff1151c45baab9f2a3837cb"}) 14:22:24 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800800120000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:24 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r1, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) write$binfmt_misc(r0, &(0x7f0000000200)={'syz0', "b99fd3f4d4c999191d4885b998d903005dc54904ea4276104e1a5a80a35182348cf522c2dc82cb0fc0b11397aa0f8f4f311e1a9372c795960819d490b33d95ae22f799a6b496f2c4540df0fa96d0e39829fd389073251e38daf68ce9a76333e09c9e64a204b2ae71a34a488e142188be2a9d0a89d1f39e35a1c59c9f060e0ed900074ae81bd6d57f2939d55db1734a33c981fdf921be8fbc89cc1785181dec6a432d0a74ecfdc1964335f77d89399db7c05196141e3dd917ff92255e156189554b0160fcbc2e2dc0080a83ce836c3f2bc0123b"}, 0xd7) r2 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = openat(r3, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r2, 0x227d, &(0x7f00000001c0)) 14:22:24 executing program 3: syz_read_part_table(0x204, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:24 executing program 4: syz_read_part_table(0x201, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:24 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000000)) r1 = dup(r0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffd, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000040)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 545.744383][T12776] loop1: detected capacity change from 0 to 1 [ 545.750234][T12782] loop4: detected capacity change from 0 to 1 [ 545.750609][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 545.764420][T12779] loop3: detected capacity change from 0 to 1 [ 545.764648][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 545.782536][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 14:22:24 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0xffffffc1, 0x10, 0x0, 0x0}) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r2, 0x1}, {}], 0x3, 0x80000006) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000001c0)={0x97, 0x3, 0x9, "572bf3272a09da8ac04741d0413f1436bb9c3f802ecbe934123e34eac9b733a8031b991841416177cf3647f31fbcf7d78b274484a790fa73df9b5219706e5b4429d70a4eb6365fe5577e4b893e4e3578985716b81c56124ad4715b1b6e3d4fe13b4c105b7675622787982b8f3817ce55a5198107856d6877557fa3fdc291fbbcf526f74796e0ca4205ae988b9544f9b77569e00086473c"}) io_uring_enter(r2, 0x4c16, 0x5091, 0x0, &(0x7f0000000000)={[0xad5]}, 0x8) [ 545.790588][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 545.808490][T12782] loop4: p1 p2 p3 p4 [ 545.812552][T12782] loop4: p1 start 115140 is beyond EOD, truncated [ 545.815278][T12776] loop1: p1 p2 p3 p4 [ 545.819006][T12782] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 545.830911][T12776] loop1: p1 start 115140 is beyond EOD, truncated [ 545.832575][T12782] loop4: p3 start 225 is beyond EOD, truncated 14:22:24 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) fallocate(r0, 0x28, 0xff, 0x9) preadv(r1, &(0x7f0000001380)=[{&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/166, 0xa6}, {&(0x7f0000000080)=""/11, 0xb}, {&(0x7f00000012c0)=""/153, 0x99}, {&(0x7f0000000140)=""/34, 0x22}], 0x5, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) [ 545.837371][T12776] loop1: p2 start 18 is beyond EOD, truncated [ 545.843514][T12782] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 545.849594][T12776] loop1: p3 start 225 is beyond EOD, truncated [ 545.861814][T12779] loop3: p1 p2 p3 p4 [ 545.863033][T12776] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 545.868197][T12779] loop3: p1 start 115140 is beyond EOD, truncated [ 545.881283][T12779] loop3: p2 size 1073872896 extends beyond EOD, truncated 14:22:24 executing program 0: readlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/82, 0x52) r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000000)={0x33, 0x2, 0x8, "ff8ccbee75c8d238ad8de69db7cdeedbbd59d0f88f6b7b7caa396e8c38c080c97ab225e7f2884e81166b8c1759fc4fa594f130"}) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 545.889673][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 545.898362][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 545.901803][T12779] loop3: p3 start 225 is beyond EOD, truncated [ 545.913081][T12779] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 545.935578][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 14:22:24 executing program 4: syz_read_part_table(0x204, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:24 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0xffffffffffffffff, 0xc0241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000005848dacf7c16d368f2e43e0e3e8aca25908a2177afe03e1c65b8e4b85791d84cb165ada3ded999d9424af527a9bf6f2b3c76f73bd80e1ad2025a9438c50cc9d6300d95eafa619943ac4c680a3ec91039abb44c2430c0eb7008c636fa093d460a371900d398c28f9b73332b831fde56798edb09700e4a0284f55ad815a2c974245d4735aeacf71aaee69cb42a26f566fb315296c965a5ec13b78094b71b2bd0", @ANYRES16=r2, @ANYBLOB="010000000000000000001a000000"], 0x14}}, 0x0) bind$netlink(r1, &(0x7f0000000340)={0x10, 0x0, 0x25dfdbfd, 0x400000}, 0xc) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r3, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$P9_RLOPEN(r4, &(0x7f0000000300)={0x18, 0xd, 0x2, {{0x8, 0x1, 0x3}, 0x9}}, 0x18) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r5 = accept4$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, &(0x7f00000000c0)=0x10, 0x0) syncfs(r5) sendmsg$NL80211_CMD_DEL_PMK(r4, &(0x7f0000000540)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000400)={&(0x7f0000000640)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00012abd7000fbdbdf257c00000008000300", @ANYRES32=0x0, @ANYBLOB="0a000600ffffffffffff00000a00060008021100000100000a00060008021100000100000a00060008021100000100000a000600ffffffffffff00000a00b01df0f3e053f63cc8aa105fdd448b0600ffffffffffff0000"], 0x64}, 0x1, 0x0, 0x0, 0x800}, 0x4000) close(r0) r6 = syz_open_dev$ttys(0xc, 0x2, 0x0) vmsplice(r6, &(0x7f00000002c0)=[{&(0x7f0000000200)="e60f6d3551ec6180455b596518fcd5ad5124c89446e8e0458e24bc27c49048cce0c26760260724e91582cad6539bddd9163027fa9bef611bfa0c7cf7a386fc85a695ff1768be155d21691964734adcbac77f53325c7aff55031f3ee628aa5d3b2c3d0ccb7069b8aac285e79d74f0c37685f3b2d3bdfa8dd040346576c2efc6e40761a1ea3a557887418924773769508ed40132245fbbd485a404713a11e0e730fffa3c673567eccc4fd5b00577e2144c0b", 0x41}, {&(0x7f00000003c0)="a2b1b4319269f3eeb6534a5e50f296b0e796bd3fe4441ac9", 0x18}], 0x2, 0xf) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) [ 545.943616][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 545.995218][T12779] loop3: detected capacity change from 0 to 1 [ 546.043279][T12827] loop4: detected capacity change from 0 to 1 [ 546.043306][T12779] loop3: p1 p2 p3 p4 [ 546.053902][T12779] loop3: p1 start 115140 is beyond EOD, truncated [ 546.060418][T12779] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 546.068111][T12779] loop3: p3 start 225 is beyond EOD, truncated [ 546.074459][T12779] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 546.100531][T12827] loop4: p1 p2 p3 p4 [ 546.104570][T12827] loop4: p1 start 115140 is beyond EOD, truncated [ 546.111195][T12827] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 546.118724][T12827] loop4: p3 start 225 is beyond EOD, truncated [ 546.124940][T12827] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 546.170596][T12827] loop4: detected capacity change from 0 to 1 [ 546.212647][T12827] loop4: p1 p2 p3 p4 [ 546.216754][T12827] loop4: p1 start 115140 is beyond EOD, truncated [ 546.223233][T12827] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 546.236537][T12827] loop4: p3 start 225 is beyond EOD, truncated [ 546.242874][T12827] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:22:27 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:27 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r2, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) writev(r1, &(0x7f0000000140)=[{&(0x7f00000000c0)="6f872fd5c985adf5f36c949de5ad9a6f528d33839499c772c9f27ff25d8b6146874900ea176503cb991c61c3e3b868d30764fc447a375ec497036b33e0d42fb7ace36e4f75aaaa375cf8f09bb2e0934b92e2a97df69f00e95c83568d44fe435f32a97217028c7d70264f5b8497b6f0", 0x6f}, {&(0x7f0000000380)="50be3d35a1cc62ebfb6d7cedd35b2cd3d8bb314fae89a349af74155760621358d46b0ba7cf51388fef1df13a03bb543e095ad2345e5a56316a3fcc0bc25c45f975afcc4ed26acd4b1813c3bc1cd6d52d74e31af938428d332ffc6a0679fc8994eca6f9d9dc112ba0b80e8d5de8e75040cd75a67117d935040b998eb4f9c643cd3ebe08ade98ac9e8ed8ed441741ad785b91f66fa77e5fc1a5c6479eaa3bf8682d5d470d5f57a1503987dce0b43354f68f5ef4d54b9e46015a726f73e3e93b82942ad041e72e07d197200d9bb43f879b308d4e437641bb4d7c5940189fd29868c9969df83b886b156222d0dd031f9b64bf887eed62874ff96aca849308f62ab9cde5267dfb1926bc899355c528e8c027e6322cc7c1a0236b4582d351c339bba7fe028ed0b58c9b5f1f59f785187ff7a06238c48681f71733cb759200a99fea3580b154a7abb4b6fe0dcbd4c9600c17fa04008602745b581e2192b2dbd25ac8fb04d89e7123387c3ff6243f46f92dae8fb4cb1da4258fd1c697563559f15ea9d616b7f86df56552fddf2d5c92e161474c9f4a8330cea50abb3774ee79eaf735097665c6d77ad7d94fe62ffc224b100fb45b9577b81f4775921c46badc80523933e3aa64178af71ed673a9c72ef868b263f5d7582ae607033273f2cee1c2b1e3917de414083dd90629207307527f86cb0b56163ef8d78acf245f308daa8408487eacf8d21b549f2667e890933aa7716abac86f5b76aab4aafcc8c7ceec42596f0fec2dd5a2b40b105a1e7390264d3df7e28cf55d39742b5c1a68da7800b9d19e123841a2c48517bf4cacafb586369cca816700ea1c7ebe29bcb6473733d277d18cf5f7d3e02f4a8a17c4f96180118517f686c7fd8969cd7d17374779b54d2a632bc665859a993918d0b86679e595b6928a7bc3db3e539ac869a1cbee18c8b5b0ee978c1f60677b79cc3c73a0b037484a0c47b8156a6ba3ab1c3fbcd053c203a95e7ecb23157931f17122f52c996af566461b3e0185851e476f901c8516cb6c95865fe66236c39295820b6136d633702a4f336453bb868d9aabef6811a19e77eef8589d238e4078db08bc3c2131dde8fec7cd91de1da99a9080ea48148713d2f40ee598a13294b286421cd653832bd9e49f9d3a614be46f589cb36e8c2ff8e5a6b1892aed88c1ef40be4d39a78b1055465daab72f055bc5112a172132ce8c515688768d7ee535956ab3400c0c502c92afb7cf22bf958042a5cfaaa84b24c9cd3d15f91598a315f52c8c613ecc922534cad5548afc1791b07ce4465a6713758ffc234bc06b86f30a98d62586954e14d0afc4ef2d9e83bbbf899b5eef5f730af0435ee4d6294892d7e3a1307ef3c97160936e299c6f48a55af898c7685f2de804db8cfe03ac06fae81c268cecaf667812a934c0d32730dbce4ddd06f9db21dd6879a0a50a3bce936fdd70dbdb9a5cb1ae2c4a8dd05542c5c61af75f6708b194171ce27231a95904c871043aa1770cefc646f9e64db3974997f4fa34ebc826350f7b6283a1429f24ea88790fbac10bb6c3e0fcd7b813b5138103afeedad42b8368c3e3567cc27394722cf9caba5bda3ff71c1ef7c1f42999d082337b1ef85eb98ba28be594c573a0909cc4433ace9862b1afca0b464f1cde621f8556e93f7673c3570326f75f713f510d1983fbe0ada03011532435dcda352cc74f2d6cca67b5f66da5bcc30dbdce45d75e94c07f610822f6ca26e26f83061fef2ae8ba2430e3e48c59d3bf270881be2bb10f314de4d48a9f4740d941ff91c341bdf26af5682c38f130c0d0338eac558a7a40b7ba127a1764b158ca6497723e7c0d2dac3f5c606afcab15b0e5de84c7373dec7bf063b70a5d382073b73e775c380110bfb83279855c96e048748729df2a005b6bc1fb966f5ebec6d76cc92cbf8677e1216c6f83a5bc499a0b46643dfe99bfdc100cb20482309185249a7c1e25031741df317fbd33f5f1a7990498dc1022af09dea21428ae1b3fc646e0a9d2f92d4032df6ac77e097338e4f8df010c1f105cbf0e645fdbba20f1ba45fcab36408b144ac6ba6cff06c887d0a32b027fafd0075b29cce70a65be2cd87c588df0741571f6efe5392e3538efefcf957588229c4059a55c5975beb9e0e4cfc6c8b8fea2621b7644c374c0bdeb17ac50450a3a99773487b91a48cbfde05e6f63ff3e35f0e969a03ab512bd7659978203076f55efbc7c1175b0bcf3c9263775099b297d500e963b99e87892875b3bcc8ab2169382b4edc026304522ca1d7a0779404577bc30fa369d9f54101ff3b90295f028fa2062538b8e2e0dbfe04a29ff4e1c2a48e5e926d4c1a0d92164a2c32e8daf448f393db8c8ec2145f43dec3f6b304e30d10a579ad204e723a4009ee108e605945b723d0b03eb118b6f065ae108bde2920fbf0f279339f7c89fad776e8cc9912d634a45dea6a0ea540b15b059d4ccb4e301d35b2643887672bce193c19deff92e9d3858bcc57847fade0f44363edc63e797a7f329992bd02cccb1e0e83430f619b618365dfc13f5038623e220f4768561c179c6d40eef7f00a671bab36c2d2235158485a9d90142e809879d3bf71519175e70d876a0525995495d9cd56e7d8b49453e5f3fe4207e7317e9c8248dbc2c755851752fe338426946638afdbd8625a5dff20cf8a45907b6c8d178ce2d9a183ea4f74e1e82d7ee890a5b060b1fcdc2d36186c265274888bb265985268a6d050b7c9059fd70fb65b6929b1e24b3e26a2d5ad165c35ccdab467252d7764dd202b52ad3635e67636eb747a8a056276cebe12bcf8b2f34554e79f92122abf908e7b6207a9c2510165e1e59fccd595e6da8d505a0ed29c867b1149decb7eaa247c2f24bed7b38178cf6516e06e43d154fd88307f467019df8f78a4dbe7c26e4df7736a4da530d0859030bcc1df4854c06f63531d8d4e0a0e5e9d4ced34a270bea2d965a978b658f123f8820f9675cc17c9d4bb3aeda7dc309c8085f3a426c9c373689fba749c584a7953f20f2f17484c2c6571edf960cd90d811e6736c1fa51acc45b96b95bad23696bb52d2268fad135096e1e61736f843394e25220927b04aae74033602d0dff0fb11b42819541a13c73988e317e2a13b1408870b00525adf437d1e99bcbac50ec11bb66761bda1c3e0b0ce58d26eeec95711ea791c29fa4339734c714f66ff0e52e7fde9be45139984d76ff5e335511316c524c363c3889ac9e79ef6d3bbf3eaf9b55253cddb0c0b7ec2e6488f87f1329185557c8f7ecfb07d1e832072bfa3b85b19737c52cf8f075fcea80eaa8f9adf2bd0e117c77d95200f9f8089cff2879175896c66294e8170508badea34440edd70d1d87652f9639355424e3b6c863a9932684ca301276ad8240ec9231f535d989bb2b631323e5fb1a2487d0d5a394ec480e279011ea2e1783e1e9e01c5334be6651754cca5e600fea5c67eee6d823b1edd8ee3ffef5f0f89ff42c8e92a0012e7d82c8f51aa6130dcdb1dbea03616152661a96fc0bbdb2abc3aa07c3e6847ff55892ea8cdf444974246cb00433aba9c6cb2e8b79ad9ce25d7716f8bb997a1da8799054d963b27ebe3e93ca07594ba45086f7feed6a5ae02ae3d9f94b5520988cd9f60db7fca31b92c37d06f1c7e75fe281e0600df82f2f59e6e90db7cd36504f7a0faab85a711601d83c2d651d1fb91ffc11070aeed5d636fad60f98f5b6b7802a3bf6837e4d473fd9f754a849eb5bddd4287b246ba234d611b85c195ab8666ca12d74433666f75614c8e5b6f53f0d9eec85774957987fece14f6650a5c6547ad61cdd0aea48f608351a4c716b81e256edee726ea4172fdcad260006b9649b2d89e62818725b92283f19efc3c86834b8c3bca3cbe68f3ae5c414c0ab70004a6ed38481cdbdf60f6f702f30b12f83b7e9610dc00cf5da157e8d928b1177932fed6bbd70ac0c28918d34c74a68d897692d6994d2d66eb553ab21d7220b85736f65910f68bef28008e452c5b38516f17174ae856c83d3c6bf499dd0529418b6c3f563a087f1c087c362e11ba012ae2d27456de9de36acabaabe4f4f2b8b986230ea8c5e6d3d37175f72c564c56cd4b4e5671b8f5123513f0dff1bf86bdd90c90e84f62970341c589d3cb809fa633544e3fc1e385549603f676d52ff49d05ffedd004beaa6f3b120ea80d6d957f35fde4f6bd36cd33f9fc25ffb10fff8efb5bc6fc953fb65d79e4a506520c219c6df2d1e3e541eb0683af90924792bbc21c8fe41ce63ff1fb6ffdc7a451a5bf5a65f04ec927d0b1493b7dc1d93515a1f4d1464321e3ae64a8a6b55e9ffcae57161e99b551db649ed7fa20d2131716145ed18e9c5e6a03289ed8c81b3215d0db1256ce6c5d580380b746cb53bcc8e6a999a1996f6ca1789123bc81d3ad3b64dd4864fc27d8f13ef2a358eb2d54a79e9d7398cbbd5a0e5c2b341f91b69e952094684d74cb2b7e27b3bc7982732435cceb01a8d6d31cf6d29474dc66cc1d17c22ea33b4f0bb8065562778534ba27425c5b1b79995946dfbc8f0bfba86314fa9805466f0191ed91142e585c98767d566d6725dba175e69a7c9f0517cd70229f2659842db019a43e1df2fd179c320621d8ceb647f3589bf6bc851e6df225f1ded6ee2b150d68d2e43eb48775f6fc96b9470bcab6ca38fc2af5a05fedcade442bd9dcb7adf06bb200cad44fea19b328725daec3ad684b8df03de626fdb4435605b61250e454da29993540e707cb76777462da93135a755a95a0205b97a7c24bbfbbf1bb92dc18067c7d7960815dd8bc876315f4c296fafd94c949b266e20301a01c442bfd0f5d94f35c89921f74cc68bb08414dbf836a253c74b3a2e57910b95190043d70bfee1e054c9ad1b1485b66fa1dec702ea78e61f30ed47f7f026ae939fc5d85fe4c0db0257da0fad6b6544808ed50bfcc921039b277e702cad290a3d4a2c335702af7e79f8f8ed51808ad62e226e43390bd986806d62034c2a170fe86c17e010a96321a7f7c111c226369fb21d374f42a03dd6c908faef09a849e09044fc740c79bc1f632f8289a5c13ca90542a68d81373ec01f2b7284d348f1f063493f91bb57e4c31cedb4469d58d468ae8c1792fe0c870c1698a31afe4cf70c81d33bc408461239d2b46ea5cd95880f76060b0c302d6fefbb4e1261f16dffdd56ade79348e77e7d56132a044d338f61b17b57a16ba996dc8981cfb625b3aa6e238971a971b2ce0c229bc2cf96e3935d99ffa2aa6d7e02b8f96966f575285f696cad765506c55807fa0e5b22d6bad561287d670f651bca71c0c51b1bf8c8c54ea699d559d3398be8e60663460843ef7c66fc0a36c0c4447edb933046b3ce525c52510c920829b769fbe694ea6687cc9b25ae2dcf89b64dd11d60f870dc5857763932719e3f5bcf06e81bfe70b891002f5776b74a3e13d815b72d2fe4068cc366ab7adae96882c172b1ee4b440ea679641de0349410f0e1a42ee54fab15cfb7f2561d6ec8e3c499b55ff1d11a6a6e0652a0f28fe730bbc5d4e92cba6d826b89cabd13d185db36d88fec689311138c9086f3219a1279dda05d71348589ef8168efbd22a055f6a94c207fdd803022ed2b21b44132b2df2918676624917c3a03084f49491b6bd82efe7a80d10f7f1b52a417df9e0cc28e766521448e99818106eaff72ecc026d06af519b7896e3d03458f50ff2aaea14219ebefa03140919d994f7485673fe142bfa624c395405b6b3974b20e21180f7c811fd69ae92e9cea9d26502afb867db45a914028f76095ec31acd", 0x1000}], 0x2) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffffffffffd, 0x8d, 0x0, @buffer={0x0, 0xff22, &(0x7f0000000000)=""/25}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x3, 0x0}) 14:22:27 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800800130000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:27 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x40003, 0x0) vmsplice(r2, &(0x7f0000000500)=[{&(0x7f0000000200)="41b637e99b0e00e159471663365ce341613d420d632df590e1d16d31a483da7a8d16340141de491b3952de997c25adf3c343e1055b779d3e43275fabe8e8b32f1a55a11c96e92b085373acdfb32df44954da8083c8450041dbb1b37425e1803fd13824e911a35c8862fcb8c8612f19b0fe436e6d5fe035517a201c", 0x7b}, {&(0x7f0000000280)="1fcd8de5abf4023acf906ed5077611fecf6f862c83bd768b11fdf0f5d3b512d62ce6a9ee28136220cf975fbd79886bb6c7c5572aef2186577f760aced45e5a8eb75647d48e33ae41d02916b2cf42738994f48994a79b430b073228b29b574eda6c1b38c0e049b7caaba6b2a539f85ff4e0bba553a220bf56388c378ecc862ebb068ddd0871def4190e8c4163c775319cb8cb591a50112be504288a19b642a0ac531e197057140fbec22d55ee9a4361b119c574eeb077ad8d47545a826217453071d224842f510c22ae9748816d5c236e82ad5bd48f3c8fc915ae2832c9256d8f3664579fdd0478231d15e3a525", 0xed}, {&(0x7f00000000c0)="162eecc853d2cfae5886ae5762b3f9b4c5e216a3308125e075ec6ca6f048032eb797877721d38c2da890c2ee", 0x2c}, {&(0x7f0000000380)="7a4ea831d5caafcfa340340f47d059e0176e1d95bfbaa655a8f54a33d1db41dda1dc13495c87bd2f86181bcbb6eb729db26ed9efe1c8d682d315d2566d01fef3917988d5dc8be464ee1c660f6c3ea9b2be05727854cd3ee5c9ac3a63a035cd5fe021ef3d783179e6804c5d034a9e4a79ae670309f3db", 0x76}, {&(0x7f0000000400)="571ccbcc2eec055fe5360ac9aba652ea1c96db72d61704c50dc64503f852efb9a1f25a2636c9112c3426fdcb42bb6bc01c7cd806e193fd5b5e9905e513907be00c80867101a4684be9c36493bd2a4b90ab6ef53f95008150d098a29aad40326eb3ffe751d6c95baca6a34520c995b119ca91d88cf0ded8a7a88826f7a98bf9c21fb814cc51d831b75dd2ec2993b7bcb736fc046ecdc76f6ac4a383b25892f4cfe41ce5c3bcf53b60564056b9a8cc4ab2305747eb993c71f752da56b7cae79e64d8933be7378b60bc80fcbf9bd6ca11526383a75de313fcc200", 0xd9}], 0x5, 0x0) ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000140)) 14:22:27 executing program 3: syz_read_part_table(0x240, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:27 executing program 4: syz_read_part_table(0x278, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:27 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$SG_SET_DEBUG(r0, 0x227e, &(0x7f0000000000)=0x1) 14:22:27 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) keyctl$link(0x8, 0x0, 0xfffffffffffffffe) add_key$keyring(&(0x7f00000003c0), 0x0, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) 14:22:27 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.log\x00', 0x130000, 0x49) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000001680), 0x10300, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) pwritev2(r3, &(0x7f0000001840)=[{&(0x7f0000001740)="28e4554554b89380ea9b8a342f0ed1b200ab5b73155aa0cf3cb447e92e6b50068a", 0x21}, {&(0x7f0000001780)="e2bc077477e9b773f83e0bdb3b2ea70d4106400260e7b62f0d77520f6d97428119d5f5578af9e3a9ac573ba92d16f84762ed4c48909e4f60c0547bffe4edd920afb998ecc52053403696ea1704371ea6811b7f3493560a1ac945f0d4df22973aa7ad2915c6de55f06de3fb6edb542859bc63dbcac1538850e581f4aa0ec1ffdf559fb8b55400a9460c36a28c2989c812b9bfd3828837ebccb997bc2d3a62d5ed7a49029028256345fb", 0xa9}], 0x2, 0x7, 0x1, 0xf340fdcaf1f2ad5b) ioctl$SNDRV_TIMER_IOCTL_STATUS64(r2, 0x80605414, &(0x7f00000016c0)) readv(r1, &(0x7f0000001600)=[{&(0x7f0000000040)=""/102, 0x66}, {&(0x7f0000000400)=""/241, 0xf1}, {&(0x7f0000000500)=""/214, 0xd6}, {&(0x7f00000000c0)=""/43, 0x2b}, {&(0x7f0000000100)=""/110, 0x6e}, {&(0x7f0000000600)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/161, 0xa1}], 0x7) [ 548.759579][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 548.764120][T12870] loop1: detected capacity change from 0 to 1 [ 548.767621][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 548.781466][T12868] loop3: detected capacity change from 0 to 1 [ 548.785248][T12871] loop4: detected capacity change from 0 to 1 14:22:27 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x100, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xffffffffffffffff, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x2, 0x0, 0x0}) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_open_dev$vcsn(&(0x7f0000000040), 0xec, 0x240) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r2, 0x1}, {}], 0x3, 0x80000006) ioctl$SCSI_IOCTL_STOP_UNIT(r2, 0x6) [ 548.825674][T12871] loop4: p1 p2 p3 p4 [ 548.830124][T12868] loop3: p1 p2 p3 p4 [ 548.830126][T12871] loop4: p1 start 115140 is beyond EOD, truncated [ 548.830142][T12871] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 548.830503][T12871] loop4: p3 start 225 is beyond EOD, [ 548.835289][T12868] loop3: p1 start 115140 is beyond EOD, [ 548.840728][T12871] truncated [ 548.840735][T12871] loop4: p4 size 3657465856 extends beyond EOD, [ 548.847866][T12868] truncated [ 548.847873][T12868] loop3: p2 size 1073872896 extends beyond EOD, [ 548.853254][T12871] truncated [ 548.881275][T12868] truncated [ 548.889793][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 548.890654][T12870] loop1: p1 p2 p3 p4 [ 548.897829][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 548.903039][T12868] loop3: p3 start 225 is beyond EOD, truncated 14:22:27 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=ANY=[@ANYBLOB="98000000", @ANYRES16=r1, @ANYBLOB="010000000000000000001a000000"], 0x14}}, 0x0) r2 = syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x3c, r2, 0x8, 0x70bd2d, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x10000}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x80000001}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x6}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x4}, @SEG6_ATTR_HMACKEYID={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040}, 0x4000000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x14, r4, 0x1, 0x0, 0x0, {0x1a}}, 0x14}}, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(r3, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)={0x358, 0x0, 0x800, 0x70bd27, 0x25dfdbfd, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x44}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x16}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x10}, @NL80211_ATTR_REG_RULES={0x30, 0x22, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x2}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x7}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x9}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8}]}]}, @NL80211_ATTR_REG_RULES={0x138, 0x22, 0x0, 0x1, [{0x44, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x1}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x6}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x3}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x1}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x5}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x7f}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x4}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x7}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xfffff4bf}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x5}, @NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x6}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x3ff}]}, {0x44, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x7}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x19}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x5}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x81}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x1}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0xc19}]}, {0x44, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x39455a74}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x4}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x1}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x6}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x2}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x101}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x6}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x200}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x9}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x7}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x1}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x800}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x3}]}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_REG_RULES={0xc0, 0x22, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x1}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x8}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0xbba}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x7}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x7fffffff}, @NL80211_ATTR_FREQ_RANGE_END={0x8}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x79d}, @NL80211_ATTR_REG_RULE_FLAGS={0x8}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x1000000}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x6}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x10000}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x401}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x80000000}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x10000}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x800}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x8}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xff}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xb1}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x10000}]}]}, @NL80211_ATTR_REG_RULES={0xf4, 0x22, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x3ff}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x2}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xffffffff}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xb9}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xd6}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x101}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x1}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x4}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x3}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x9}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x3ff}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x900000}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x8000}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x6}, @NL80211_ATTR_DFS_CAC_TIME={0x8}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x2}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x8000}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x8}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x7fffffff}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x1}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x200}, @NL80211_ATTR_FREQ_RANGE_END={0x8}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x10000}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x69b}]}]}]}, 0x358}, 0x1, 0x0, 0x0, 0x40000}, 0xc4) r5 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r5, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r6, 0x0) preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r5, 0x227d, &(0x7f00000001c0)) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r6, 0x89fb, &(0x7f0000000840)={'syztnl2\x00', &(0x7f00000003c0)={'ip6_vti0\x00', 0x0, 0x2f, 0x4, 0xff, 0x7, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0xd1, 0x10, 0x6, 0x5}}) sendmsg$ETHTOOL_MSG_PAUSE_SET(r6, &(0x7f0000000980)={&(0x7f0000000380), 0xc, &(0x7f0000000940)={&(0x7f0000000880)={0x94, r4, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@ETHTOOL_A_PAUSE_AUTONEG={0x5}, @ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_AUTONEG={0x5}, @ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}]}, @ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}, @ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_AUTONEG={0x5}, @ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x1}, @ETHTOOL_A_PAUSE_AUTONEG={0x5}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000001}, 0x48000) [ 548.909500][T12868] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 548.928084][T12871] loop4: detected capacity change from 0 to 1 [ 548.935637][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 548.935654][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 548.935698][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 548.935733][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 548.936739][T12870] loop1: p1 start 115140 is beyond EOD, truncated 14:22:27 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0xae183) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 548.967197][T12870] loop1: p2 start 19 is beyond EOD, truncated [ 548.967211][T12870] loop1: p3 start 225 is beyond EOD, truncated [ 548.967221][T12870] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 548.991177][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 549.007135][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 549.023270][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 549.031405][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:30 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)=0x0) timer_settime(r1, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_nanosleep(0x0, 0x0, &(0x7f0000000280)={0x0, r2+10000000}, 0x0) 14:22:30 executing program 4: syz_read_part_table(0x28c, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:30 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000080)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x24}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001ab74c75cb9cb7d6ce58321308a3e2bc343098cc5408de4ad1e207a08f21b9b4c851a5011c4375061dee5066d330fa804ce05338c9c1115d1e11c0d32e7b30c38e7c363dbee9db55e03ebec27882d780923b4a4e1be34dca26bfbe2d51b21e0bc823787cceb0b3842baeb42ab996bd7bff781bd148f1157ee4077e73a54d8d2143597babed1eb8865b2fec523ab6fdd3b50e724ebd8e79af8442f6c8c8f5208dfe24d68403ca9d5f4b25394dab3cf324c90be538c0151274bb1229ad7013e41c86c0b0", @ANYRES16=r3, @ANYBLOB="010000000000000000001a000000"], 0x14}}, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x80000001, 0x3, 0x0, 0x200}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) 14:22:30 executing program 3: syz_read_part_table(0x278, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffa9800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:30 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800892150000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) 14:22:30 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f00000001c0)) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000140), 0x200100, 0x0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0x101, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="47493417121f192f1194c9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f171434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2a55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x1, 0x0}) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000d, 0x11, r1, 0x48262000) 14:22:30 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x200400, 0x106) poll(&(0x7f0000000140)=[{r1}, {r2, 0x1}, {0xffffffffffffffff, 0x1096}], 0x3, 0x80000008) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000000)={0x69, 0x0, 0x2a, "d0ef782b47ecdd7bdcc46d3e42e8fe119c473940310de675268e525c6b99a9ca350564c9fa0006b9f159f184c0a823bebb0a1f54cca3ea423a4585d999553e70169f3535331938423c8207125bfeaddde44c0d3a1fbf34b9866583595961e8ef20ba24d13053bf676d"}) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000080)=0xb6) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0xff, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="47493417121f192fc9130277c142a99f3eb29d15d88cfa2a35cb80ac5b20fbeffc01da11d9e584bf7e2efaa792b8e9cbd035d06d944b2036e89ba318f271c4439352a5edbbcad40560f47c83ce400230b251651a5d7186e8faca0e342c7eac190e6387a266fa80336be7471dbf4cb0d256962ab0aff86cfcf9d4128d1d8b7091ba36d88f88a74e22fcf37e48cbd11bc3c068314f63bce373f7884698bd3df9d55d7f9515f59b4b9b93102f55440d3406ddcfb7e4112010dff18d90f8d6b72d8704f7f151434d1288977c89fd60feeda69b92b1d7de5d7f57eed40fbe3b185c3057a64d9b5ccf4bb9ed745b60d7e69d1f2e55833a64f371e4c462f73ef524ab", 0x0, 0x0, 0x0, 0x0, 0x0}) 14:22:30 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0xfffffffffffffd4f}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) [ 551.778242][T12937] loop4: detected capacity change from 0 to 1 [ 551.792934][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 551.801087][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 551.808025][T12943] loop3: detected capacity change from 0 to 1 [ 551.810907][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 551.819828][T12942] loop1: detected capacity change from 0 to 1 [ 551.822660][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 551.841446][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 551.849457][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 551.875822][T12942] loop1: p1 p2 p3 p4 [ 551.876851][T12943] loop3: p1 p2 p3 p4 [ 551.880023][T12942] loop1: p1 start 115140 is beyond EOD, truncated [ 551.884087][T12937] loop4: p1 p2 p3 p4 [ 551.890326][T12942] loop1: p2 start 21 is beyond EOD, truncated [ 551.890348][T12942] loop1: p3 start 225 is beyond EOD, truncated [ 551.890362][T12942] loop1: p4 size 3657465856 extends beyond EOD, [ 551.898795][T12943] loop3: p1 start 115140 is beyond EOD, [ 551.900510][T12942] truncated [ 551.906668][T12943] truncated 14:22:30 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="9600000000020000ff0f0000cba4e5fa6e413b615c832f18580e82b785dcf73dc449fbdc0f67a3f0490bd275cdaf5f83637257a4b02ef8e432a50323aadc4c6e9b9cd6d771640c07e928cfdc1594a040e156f998b4a0ceff22a3381fbb46978aa91ffa1eeff767790a08b1c3c65a20962f97fb3bc8d597d80595e515a30db26adbb5dbfc0384f031ca79f3d64fca423db7eeae218a8aeb1756d696ed66f67516"]) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r1, 0x3) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) [ 551.924991][T12937] loop4: p1 start 115140 is beyond EOD, [ 551.925038][T12943] loop3: p2 size 1073872896 extends beyond EOD, [ 551.925037][T12937] truncated [ 551.930669][T12943] truncated [ 551.943234][T12937] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 551.953177][T12943] loop3: p3 start 225 is beyond EOD, truncated [ 551.957342][T12937] loop4: p3 start 225 is beyond EOD, truncated [ 551.959508][T12943] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 551.965650][T12937] loop4: p4 size 3657465856 extends beyond EOD, truncated 14:22:30 executing program 1: set_mempolicy(0x2, &(0x7f0000000000)=0x81000001, 0x4e) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac0480ffffffbf800893150000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 552.020797][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 552.028835][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 552.039183][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 552.047731][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb 14:22:30 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x40241) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcff86ff770403000000030000000020000000000000400000000000080000bf", 0x200000bf}], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$BTRFS_IOC_SCRUB_CANCEL(r1, 0x941c, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0)) [ 552.071964][T12943] loop3: detected capacity change from 0 to 1 [ 552.109852][T12937] loop4: detected capacity change from 0 to 1 [ 552.114508][T12943] loop3: p1 p2 p3 p4 [ 552.120448][T12943] loop3: p1 start 115140 is beyond EOD, truncated [ 552.126899][T12943] loop3: p2 size 1073872896 extends beyond EOD, truncated [ 552.133071][T12987] loop1: detected capacity change from 0 to 1 [ 552.140500][T12943] loop3: p3 start 225 is beyond EOD, truncated [ 552.146787][T12943] loop3: p4 size 3657465856 extends beyond EOD, truncated [ 552.160518][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] 14:22:30 executing program 4: syz_read_part_table(0x2d8, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0201bfffffffc4c10100ff45ac048000000063800800000000000000024000ffffff81000000e10000008877007200300700a5ffffff00000000008000da55aa", 0x40, 0x1c0}]) [ 552.169066][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb [ 552.187925][T12987] loop1: p1 p2 p3 p4 [ 552.193234][T12987] loop1: p1 start 115140 is beyond EOD, truncated [ 552.199768][T12987] loop1: p2 start 21 is beyond EOD, truncated [ 552.205828][T12987] loop1: p3 start 225 is beyond EOD, truncated [ 552.212020][T12987] loop1: p4 size 3657465856 extends beyond EOD, truncated [ 552.329808][T13010] loop4: detected capacity change from 0 to 1 [ 552.367932][T13010] loop4: p1 p2 p3 p4 [ 552.372087][T13010] loop4: p1 start 115140 is beyond EOD, truncated [ 552.379122][T13010] loop4: p2 size 1073872896 extends beyond EOD, truncated [ 552.387056][T13010] loop4: p3 start 225 is beyond EOD, truncated [ 552.393456][T13010] loop4: p4 size 3657465856 extends beyond EOD, truncated [ 552.675081][ C1] sd 0:0:1:0: [sg_rq_end_io] Sense Key : Illegal Request [current] [ 552.683213][ C1] sd 0:0:1:0: [sg_rq_end_io] Add. Sense: Invalid field in cdb