/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x0) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:31:26 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0x0) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:31:26 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:31:26 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 7) [ 1777.313058] FAULT_INJECTION: forcing a failure. [ 1777.313058] name failslab, interval 1, probability 0, space 0, times 0 [ 1777.315603] CPU: 1 PID: 9815 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1777.317175] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1777.319066] Call Trace: [ 1777.319676] dump_stack+0x107/0x167 [ 1777.320521] should_fail.cold+0x5/0xa [ 1777.321425] ? xas_alloc+0x336/0x440 [ 1777.322280] should_failslab+0x5/0x20 [ 1777.323165] kmem_cache_alloc+0x5b/0x310 [ 1777.324097] ? trace_hardirqs_on+0x5b/0x180 [ 1777.325113] xas_alloc+0x336/0x440 [ 1777.325944] xas_create+0x34a/0x10d0 [ 1777.326799] ? lock_acquire+0x197/0x470 [ 1777.327742] xas_create_range+0x189/0x620 [ 1777.328737] shmem_add_to_page_cache+0x760/0x1130 [ 1777.329855] ? shmem_getattr+0x180/0x180 [ 1777.330804] shmem_getpage_gfp.constprop.0+0x64a/0x1920 [ 1777.332041] ? shmem_unuse_inode+0xf60/0xf60 [ 1777.333087] ? avc_has_perm+0xc5/0x1b0 [ 1777.333981] shmem_file_read_iter+0x2a6/0xbb0 [ 1777.335021] ? do_syscall_64+0x33/0x40 [ 1777.335929] ? shmem_get_link+0x440/0x440 [ 1777.336925] ? inode_has_perm+0x171/0x1d0 [ 1777.336949] ? iov_iter_pipe+0xf1/0x2a0 [ 1777.336977] generic_file_splice_read+0x455/0x6d0 [ 1777.336999] ? pipe_to_user+0x170/0x170 10:31:26 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 1777.337029] ? fsnotify_perm.part.0+0x22d/0x620 [ 1777.337052] ? security_file_permission+0xb1/0xe0 [ 1777.337074] ? pipe_to_user+0x170/0x170 [ 1777.337095] do_splice_to+0x10e/0x160 [ 1777.337118] splice_direct_to_actor+0x2fe/0x980 [ 1777.337143] ? pipe_to_sendpage+0x380/0x380 [ 1777.337167] ? do_splice_to+0x160/0x160 [ 1777.337185] ? security_file_permission+0xb1/0xe0 [ 1777.337213] do_splice_direct+0x1c4/0x290 [ 1777.337233] ? splice_direct_to_actor+0x980/0x980 [ 1777.337259] ? security_file_permission+0xb1/0xe0 [ 1777.337288] vfs_copy_file_range+0x4f8/0x13c0 [ 1777.337314] ? generic_file_rw_checks+0x240/0x240 [ 1777.337359] __do_sys_copy_file_range+0x193/0x420 [ 1777.337380] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1777.337398] ? ksys_write+0x1a9/0x260 [ 1777.337418] ? __ia32_sys_read+0xb0/0xb0 [ 1777.337442] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1777.337462] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1777.337485] do_syscall_64+0x33/0x40 [ 1777.337504] entry_SYSCALL_64_after_hwframe+0x67/0xd1 10:31:26 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, 0x0, 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1777.337517] RIP: 0033:0x7f134c613b19 [ 1777.337534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 10:31:27 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r4}}, 0x10000) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(0xffffffffffffffff, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1777.337544] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1777.337565] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 10:31:27 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1777.337575] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1777.337586] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1777.337596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1777.337607] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 1777.458417] FAULT_INJECTION: forcing a failure. [ 1777.458417] name fail_page_alloc, interval 1, probability 0, space 0, times 0 10:31:27 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 9) [ 1777.458445] CPU: 0 PID: 9830 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1777.458454] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1777.458460] Call Trace: [ 1777.458485] dump_stack+0x107/0x167 [ 1777.458505] should_fail.cold+0x5/0xa [ 1777.458529] __alloc_pages_nodemask+0x182/0x600 [ 1777.458551] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1777.458569] ? lock_downgrade+0x6d0/0x6d0 [ 1777.458586] ? lock_acquire+0x197/0x470 [ 1777.458619] alloc_pages_vma+0xbb/0x410 [ 1777.458643] shmem_alloc_page+0x10f/0x1e0 [ 1777.458662] ? shmem_init_inode+0x20/0x20 [ 1777.458703] ? percpu_counter_add_batch+0x8b/0x140 [ 1777.458724] ? __vm_enough_memory+0x184/0x360 [ 1777.458748] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1777.458783] ? shmem_unuse_inode+0xf60/0xf60 [ 1777.458806] ? avc_has_perm+0xc5/0x1b0 [ 1777.458830] shmem_file_read_iter+0x2a6/0xbb0 [ 1777.458850] ? do_syscall_64+0x33/0x40 [ 1777.458878] ? shmem_get_link+0x440/0x440 [ 1777.458893] ? inode_has_perm+0x171/0x1d0 [ 1777.458913] ? iov_iter_pipe+0xf1/0x2a0 [ 1777.458936] generic_file_splice_read+0x455/0x6d0 [ 1777.458955] ? pipe_to_user+0x170/0x170 [ 1777.458982] ? fsnotify_perm.part.0+0x22d/0x620 [ 1777.459003] ? security_file_permission+0xb1/0xe0 [ 1777.459022] ? pipe_to_user+0x170/0x170 [ 1777.459041] do_splice_to+0x10e/0x160 [ 1777.459062] splice_direct_to_actor+0x2fe/0x980 [ 1777.459085] ? pipe_to_sendpage+0x380/0x380 [ 1777.459107] ? do_splice_to+0x160/0x160 [ 1777.459123] ? security_file_permission+0xb1/0xe0 [ 1777.459149] do_splice_direct+0x1c4/0x290 [ 1777.459167] ? splice_direct_to_actor+0x980/0x980 [ 1777.459190] ? security_file_permission+0xb1/0xe0 [ 1777.459216] vfs_copy_file_range+0x4f8/0x13c0 [ 1777.459240] ? generic_file_rw_checks+0x240/0x240 [ 1777.459279] __do_sys_copy_file_range+0x193/0x420 [ 1777.459299] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1777.459315] ? ksys_write+0x1a9/0x260 [ 1777.459334] ? __ia32_sys_read+0xb0/0xb0 [ 1777.459356] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1777.459374] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1777.459395] do_syscall_64+0x33/0x40 [ 1777.459413] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1777.459425] RIP: 0033:0x7ff72d878b19 [ 1777.459441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1777.459450] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1777.459470] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1777.459479] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1777.459489] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1777.459498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1777.459508] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 1777.605867] FAULT_INJECTION: forcing a failure. [ 1777.605867] name failslab, interval 1, probability 0, space 0, times 0 [ 1777.605887] CPU: 0 PID: 9839 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1777.605896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1777.605902] Call Trace: [ 1777.605926] dump_stack+0x107/0x167 [ 1777.605947] should_fail.cold+0x5/0xa [ 1777.605963] ? __memcg_kmem_charge+0x68/0x140 [ 1777.605981] ? create_object.isra.0+0x3a/0xa30 [ 1777.605998] should_failslab+0x5/0x20 [ 1777.606017] kmem_cache_alloc+0x5b/0x310 [ 1777.606040] create_object.isra.0+0x3a/0xa30 [ 1777.606055] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1777.606079] kmem_cache_alloc+0x159/0x310 [ 1777.606094] ? trace_hardirqs_on+0x5b/0x180 [ 1777.606118] xas_alloc+0x336/0x440 [ 1777.606138] xas_create+0x34a/0x10d0 [ 1777.606155] ? lock_acquire+0x197/0x470 [ 1777.606188] xas_create_range+0x189/0x620 [ 1777.606223] shmem_add_to_page_cache+0x760/0x1130 [ 1777.606253] ? shmem_getattr+0x180/0x180 [ 1777.606294] shmem_getpage_gfp.constprop.0+0x64a/0x1920 [ 1777.606331] ? shmem_unuse_inode+0xf60/0xf60 [ 1777.606354] ? avc_has_perm+0xc5/0x1b0 [ 1777.606378] shmem_file_read_iter+0x2a6/0xbb0 [ 1777.606399] ? do_syscall_64+0x33/0x40 [ 1777.606427] ? shmem_get_link+0x440/0x440 [ 1777.606443] ? inode_has_perm+0x171/0x1d0 [ 1777.606464] ? iov_iter_pipe+0xf1/0x2a0 [ 1777.606487] generic_file_splice_read+0x455/0x6d0 [ 1777.606507] ? pipe_to_user+0x170/0x170 [ 1777.606534] ? fsnotify_perm.part.0+0x22d/0x620 [ 1777.606556] ? security_file_permission+0xb1/0xe0 [ 1777.606576] ? pipe_to_user+0x170/0x170 [ 1777.606595] do_splice_to+0x10e/0x160 [ 1777.606616] splice_direct_to_actor+0x2fe/0x980 [ 1777.606640] ? pipe_to_sendpage+0x380/0x380 [ 1777.606662] ? do_splice_to+0x160/0x160 [ 1777.606678] ? security_file_permission+0xb1/0xe0 [ 1777.606705] do_splice_direct+0x1c4/0x290 [ 1777.606723] ? splice_direct_to_actor+0x980/0x980 [ 1777.606748] ? security_file_permission+0xb1/0xe0 [ 1777.606773] vfs_copy_file_range+0x4f8/0x13c0 [ 1777.606798] ? generic_file_rw_checks+0x240/0x240 [ 1777.606839] __do_sys_copy_file_range+0x193/0x420 [ 1777.606859] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1777.606875] ? ksys_write+0x1a9/0x260 [ 1777.606894] ? __ia32_sys_read+0xb0/0xb0 [ 1777.606916] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1777.606935] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1777.606956] do_syscall_64+0x33/0x40 [ 1777.606974] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1777.606986] RIP: 0033:0x7f134c613b19 [ 1777.607002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1777.607012] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1777.607031] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1777.607040] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1777.607050] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1777.607060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1777.607070] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 10:31:40 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:31:40 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:31:40 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(0xffffffffffffffff, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:31:40 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 8) 10:31:40 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, 0x0, 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:31:40 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r4}}, 0x10000) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(0xffffffffffffffff, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:31:40 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 10) 10:31:40 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1791.124279] FAULT_INJECTION: forcing a failure. [ 1791.124279] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1791.127040] CPU: 1 PID: 9854 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1791.128548] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1791.129515] FAULT_INJECTION: forcing a failure. [ 1791.129515] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1791.130361] Call Trace: [ 1791.130389] dump_stack+0x107/0x167 [ 1791.130410] should_fail.cold+0x5/0xa [ 1791.130435] __alloc_pages_nodemask+0x182/0x600 [ 1791.130458] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1791.130476] ? lock_downgrade+0x6d0/0x6d0 [ 1791.130493] ? lock_acquire+0x197/0x470 [ 1791.130528] alloc_pages_vma+0xbb/0x410 [ 1791.140385] shmem_alloc_page+0x10f/0x1e0 [ 1791.141297] ? shmem_init_inode+0x20/0x20 [ 1791.142229] ? percpu_counter_add_batch+0x8b/0x140 [ 1791.143299] ? __vm_enough_memory+0x184/0x360 [ 1791.144292] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1791.145479] ? shmem_unuse_inode+0xf60/0xf60 [ 1791.146448] shmem_file_read_iter+0x2a6/0xbb0 [ 1791.147447] ? shmem_get_link+0x440/0x440 [ 1791.148357] ? inode_has_perm+0x171/0x1d0 [ 1791.149283] ? iov_iter_pipe+0xf1/0x2a0 [ 1791.150167] generic_file_splice_read+0x455/0x6d0 [ 1791.151220] ? pipe_to_user+0x170/0x170 [ 1791.152099] ? fsnotify_perm.part.0+0x22d/0x620 [ 1791.153125] ? security_file_permission+0xb1/0xe0 [ 1791.154181] ? pipe_to_user+0x170/0x170 [ 1791.155046] do_splice_to+0x10e/0x160 [ 1791.155877] splice_direct_to_actor+0x2fe/0x980 [ 1791.156903] ? pipe_to_sendpage+0x380/0x380 [ 1791.157848] ? do_splice_to+0x160/0x160 [ 1791.158718] ? security_file_permission+0xb1/0xe0 [ 1791.159775] do_splice_direct+0x1c4/0x290 [ 1791.160681] ? splice_direct_to_actor+0x980/0x980 [ 1791.161751] ? security_file_permission+0xb1/0xe0 [ 1791.162812] vfs_copy_file_range+0x4f8/0x13c0 [ 1791.163792] ? generic_file_rw_checks+0x240/0x240 [ 1791.164901] __do_sys_copy_file_range+0x193/0x420 [ 1791.165972] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1791.167006] ? ksys_write+0x1a9/0x260 [ 1791.167835] ? __ia32_sys_read+0xb0/0xb0 [ 1791.168724] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1791.169884] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1791.171012] do_syscall_64+0x33/0x40 [ 1791.171824] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1791.172951] RIP: 0033:0x7ff72d878b19 [ 1791.173761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1791.177797] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1791.179460] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1791.181034] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1791.182589] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1791.184159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1791.185728] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 1791.187332] CPU: 0 PID: 9858 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1791.189024] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1791.191003] Call Trace: [ 1791.191640] dump_stack+0x107/0x167 [ 1791.192508] should_fail.cold+0x5/0xa [ 1791.193435] __alloc_pages_nodemask+0x182/0x600 [ 1791.194543] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1791.195969] ? lock_downgrade+0x6d0/0x6d0 [ 1791.196957] ? lock_acquire+0x197/0x470 [ 1791.197914] alloc_pages_vma+0xbb/0x410 [ 1791.198861] shmem_alloc_page+0x10f/0x1e0 [ 1791.199841] ? shmem_init_inode+0x20/0x20 [ 1791.200859] ? percpu_counter_add_batch+0x8b/0x140 [ 1791.201994] ? __vm_enough_memory+0x184/0x360 [ 1791.203025] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1791.204271] ? shmem_unuse_inode+0xf60/0xf60 [ 1791.205312] shmem_file_read_iter+0x2a6/0xbb0 [ 1791.206358] ? shmem_get_link+0x440/0x440 [ 1791.207304] ? inode_has_perm+0x171/0x1d0 [ 1791.208267] ? iov_iter_pipe+0xf1/0x2a0 [ 1791.209197] generic_file_splice_read+0x455/0x6d0 [ 1791.210323] ? pipe_to_user+0x170/0x170 [ 1791.211251] ? fsnotify_perm.part.0+0x22d/0x620 [ 1791.212333] ? security_file_permission+0xb1/0xe0 [ 1791.213457] ? pipe_to_user+0x170/0x170 [ 1791.214380] do_splice_to+0x10e/0x160 [ 1791.215261] splice_direct_to_actor+0x2fe/0x980 [ 1791.216339] ? pipe_to_sendpage+0x380/0x380 [ 1791.217332] ? do_splice_to+0x160/0x160 [ 1791.218238] ? security_file_permission+0xb1/0xe0 [ 1791.219350] do_splice_direct+0x1c4/0x290 [ 1791.220307] ? splice_direct_to_actor+0x980/0x980 [ 1791.221430] ? security_file_permission+0xb1/0xe0 [ 1791.222538] vfs_copy_file_range+0x4f8/0x13c0 [ 1791.223580] ? generic_file_rw_checks+0x240/0x240 [ 1791.224710] __do_sys_copy_file_range+0x193/0x420 [ 1791.225828] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1791.226918] ? ksys_write+0x1a9/0x260 [ 1791.227796] ? __ia32_sys_read+0xb0/0xb0 [ 1791.228731] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1791.229954] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1791.231138] do_syscall_64+0x33/0x40 [ 1791.231994] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1791.233179] RIP: 0033:0x7f134c613b19 [ 1791.234031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1791.238327] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1791.240115] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1791.241800] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1791.243484] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1791.245177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1791.246862] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 10:31:40 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:31:40 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:31:40 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, 0x0, 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:31:40 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 9) 10:31:40 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r0 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r4}}, 0x10000) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r0, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(0xffffffffffffffff, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:31:40 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(0xffffffffffffffff, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:31:40 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 1791.487261] FAULT_INJECTION: forcing a failure. [ 1791.487261] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1791.490397] CPU: 0 PID: 9875 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1791.492047] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1791.494058] Call Trace: [ 1791.494691] dump_stack+0x107/0x167 [ 1791.495582] should_fail.cold+0x5/0xa [ 1791.496497] __alloc_pages_nodemask+0x182/0x600 [ 1791.497626] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1791.499063] ? lock_downgrade+0x6d0/0x6d0 [ 1791.500053] ? lock_acquire+0x197/0x470 [ 1791.501033] alloc_pages_vma+0xbb/0x410 [ 1791.502011] shmem_alloc_page+0x10f/0x1e0 [ 1791.502994] ? shmem_init_inode+0x20/0x20 [ 1791.504000] ? percpu_counter_add_batch+0x8b/0x140 [ 1791.505163] ? __vm_enough_memory+0x184/0x360 [ 1791.506229] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1791.507522] ? shmem_unuse_inode+0xf60/0xf60 [ 1791.508573] shmem_file_read_iter+0x2a6/0xbb0 [ 1791.509657] ? shmem_get_link+0x440/0x440 [ 1791.510643] ? inode_has_perm+0x171/0x1d0 [ 1791.511634] ? iov_iter_pipe+0xf1/0x2a0 [ 1791.512579] generic_file_splice_read+0x455/0x6d0 [ 1791.513736] ? pipe_to_user+0x170/0x170 [ 1791.514689] ? fsnotify_perm.part.0+0x22d/0x620 [ 1791.515818] ? security_file_permission+0xb1/0xe0 [ 1791.516962] ? pipe_to_user+0x170/0x170 [ 1791.517918] do_splice_to+0x10e/0x160 [ 1791.518822] splice_direct_to_actor+0x2fe/0x980 [ 1791.519922] ? pipe_to_sendpage+0x380/0x380 [ 1791.520946] ? do_splice_to+0x160/0x160 [ 1791.521879] ? security_file_permission+0xb1/0xe0 [ 1791.523039] do_splice_direct+0x1c4/0x290 [ 1791.524031] ? splice_direct_to_actor+0x980/0x980 [ 1791.525172] ? security_file_permission+0xb1/0xe0 [ 1791.526313] vfs_copy_file_range+0x4f8/0x13c0 [ 1791.527375] ? generic_file_rw_checks+0x240/0x240 [ 1791.528523] __do_sys_copy_file_range+0x193/0x420 [ 1791.529671] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1791.530778] ? ksys_write+0x1a9/0x260 [ 1791.531701] ? __ia32_sys_read+0xb0/0xb0 [ 1791.531727] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 10:31:41 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 11) 10:31:41 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x0) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1791.531750] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1791.531773] do_syscall_64+0x33/0x40 [ 1791.531794] entry_SYSCALL_64_after_hwframe+0x67/0xd1 10:31:41 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 1791.531808] RIP: 0033:0x7ff72d878b19 [ 1791.531827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 10:31:41 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1791.531837] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1791.531859] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1791.531869] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1791.531880] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1791.531890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1791.531901] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 1791.608240] FAULT_INJECTION: forcing a failure. [ 1791.608240] name fail_page_alloc, interval 1, probability 0, space 0, times 0 10:31:41 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) [ 1791.608261] CPU: 1 PID: 9885 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1791.608270] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1791.608276] Call Trace: [ 1791.608299] dump_stack+0x107/0x167 [ 1791.608320] should_fail.cold+0x5/0xa 10:31:41 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 12) [ 1791.608350] __alloc_pages_nodemask+0x182/0x600 [ 1791.608373] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1791.608390] ? lock_downgrade+0x6d0/0x6d0 [ 1791.608407] ? lock_acquire+0x197/0x470 [ 1791.608441] alloc_pages_vma+0xbb/0x410 [ 1791.608465] shmem_alloc_page+0x10f/0x1e0 [ 1791.608483] ? shmem_init_inode+0x20/0x20 [ 1791.608524] ? percpu_counter_add_batch+0x8b/0x140 10:31:41 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1791.608546] ? __vm_enough_memory+0x184/0x360 10:31:41 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x0) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1791.608570] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1791.608605] ? shmem_unuse_inode+0xf60/0xf60 [ 1791.608637] shmem_file_read_iter+0x2a6/0xbb0 10:31:41 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 1791.608670] ? shmem_get_link+0x440/0x440 [ 1791.608687] ? inode_has_perm+0x171/0x1d0 [ 1791.608707] ? iov_iter_pipe+0xf1/0x2a0 [ 1791.608735] generic_file_splice_read+0x455/0x6d0 [ 1791.608754] ? pipe_to_user+0x170/0x170 [ 1791.608781] ? fsnotify_perm.part.0+0x22d/0x620 [ 1791.608812] ? security_file_permission+0xb1/0xe0 [ 1791.608832] ? pipe_to_user+0x170/0x170 [ 1791.608850] do_splice_to+0x10e/0x160 [ 1791.608872] splice_direct_to_actor+0x2fe/0x980 [ 1791.608895] ? pipe_to_sendpage+0x380/0x380 [ 1791.608916] ? do_splice_to+0x160/0x160 [ 1791.608933] ? security_file_permission+0xb1/0xe0 [ 1791.608959] do_splice_direct+0x1c4/0x290 [ 1791.608977] ? splice_direct_to_actor+0x980/0x980 [ 1791.609000] ? security_file_permission+0xb1/0xe0 [ 1791.609027] vfs_copy_file_range+0x4f8/0x13c0 [ 1791.609050] ? generic_file_rw_checks+0x240/0x240 [ 1791.609090] __do_sys_copy_file_range+0x193/0x420 [ 1791.609110] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1791.609126] ? ksys_write+0x1a9/0x260 [ 1791.609145] ? __ia32_sys_read+0xb0/0xb0 [ 1791.609167] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1791.609187] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1791.609208] do_syscall_64+0x33/0x40 [ 1791.609226] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1791.609238] RIP: 0033:0x7f134c613b19 [ 1791.609254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1791.609263] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1791.609282] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1791.609292] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1791.609301] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1791.609311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1791.609320] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 1791.871436] FAULT_INJECTION: forcing a failure. [ 1791.871436] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1791.871464] CPU: 0 PID: 9900 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1791.871476] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1791.871483] Call Trace: [ 1791.871509] dump_stack+0x107/0x167 [ 1791.871530] should_fail.cold+0x5/0xa [ 1791.871554] __alloc_pages_nodemask+0x182/0x600 [ 1791.871577] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1791.871603] ? lock_downgrade+0x6d0/0x6d0 [ 1791.904503] ? lock_acquire+0x197/0x470 [ 1791.904540] alloc_pages_vma+0xbb/0x410 [ 1791.904566] shmem_alloc_page+0x10f/0x1e0 [ 1791.904586] ? shmem_init_inode+0x20/0x20 [ 1791.904628] ? percpu_counter_add_batch+0x8b/0x140 [ 1791.904651] ? __vm_enough_memory+0x184/0x360 [ 1791.904677] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1791.904714] ? shmem_unuse_inode+0xf60/0xf60 [ 1791.904747] shmem_file_read_iter+0x2a6/0xbb0 [ 1791.904782] ? shmem_get_link+0x440/0x440 [ 1791.904812] ? inode_has_perm+0x171/0x1d0 [ 1791.904832] ? iov_iter_pipe+0xf1/0x2a0 [ 1791.904856] generic_file_splice_read+0x455/0x6d0 [ 1791.904876] ? pipe_to_user+0x170/0x170 [ 1791.904904] ? fsnotify_perm.part.0+0x22d/0x620 [ 1791.904925] ? security_file_permission+0xb1/0xe0 [ 1791.904945] ? pipe_to_user+0x170/0x170 [ 1791.904964] do_splice_to+0x10e/0x160 [ 1791.904986] splice_direct_to_actor+0x2fe/0x980 [ 1791.905009] ? pipe_to_sendpage+0x380/0x380 [ 1791.905031] ? do_splice_to+0x160/0x160 [ 1791.905048] ? security_file_permission+0xb1/0xe0 [ 1791.905074] do_splice_direct+0x1c4/0x290 [ 1791.905093] ? splice_direct_to_actor+0x980/0x980 [ 1791.905117] ? security_file_permission+0xb1/0xe0 [ 1791.905143] vfs_copy_file_range+0x4f8/0x13c0 [ 1791.905167] ? generic_file_rw_checks+0x240/0x240 [ 1791.905207] __do_sys_copy_file_range+0x193/0x420 [ 1791.905227] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1791.905243] ? ksys_write+0x1a9/0x260 [ 1791.905262] ? __ia32_sys_read+0xb0/0xb0 [ 1791.905285] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1791.905305] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1791.905326] do_syscall_64+0x33/0x40 [ 1791.905345] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1791.905358] RIP: 0033:0x7f134c613b19 [ 1791.905376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1791.905386] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1791.905406] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1791.905415] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1791.905425] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1791.905435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1791.905445] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 10:31:53 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 10) 10:31:53 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 1803.931526] FAULT_INJECTION: forcing a failure. [ 1803.931526] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1803.932943] CPU: 0 PID: 9913 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1803.933728] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1803.934678] Call Trace: [ 1803.934983] dump_stack+0x107/0x167 [ 1803.935398] should_fail.cold+0x5/0xa [ 1803.935842] __alloc_pages_nodemask+0x182/0x600 [ 1803.936376] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1803.937066] ? lock_downgrade+0x6d0/0x6d0 [ 1803.937545] ? lock_acquire+0x197/0x470 [ 1803.938007] alloc_pages_vma+0xbb/0x410 [ 1803.938467] shmem_alloc_page+0x10f/0x1e0 [ 1803.938940] ? shmem_init_inode+0x20/0x20 [ 1803.939424] ? percpu_counter_add_batch+0x8b/0x140 [ 1803.939983] ? __vm_enough_memory+0x184/0x360 [ 1803.940501] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1803.941127] ? shmem_unuse_inode+0xf60/0xf60 [ 1803.941630] shmem_file_read_iter+0x2a6/0xbb0 [ 1803.942147] ? shmem_get_link+0x440/0x440 [ 1803.942613] ? inode_has_perm+0x171/0x1d0 [ 1803.943089] ? iov_iter_pipe+0xf1/0x2a0 [ 1803.943543] generic_file_splice_read+0x455/0x6d0 [ 1803.944088] ? pipe_to_user+0x170/0x170 [ 1803.944541] ? fsnotify_perm.part.0+0x22d/0x620 [ 1803.945075] ? security_file_permission+0xb1/0xe0 [ 1803.945631] ? pipe_to_user+0x170/0x170 [ 1803.946082] do_splice_to+0x10e/0x160 [ 1803.946515] splice_direct_to_actor+0x2fe/0x980 [ 1803.947045] ? pipe_to_sendpage+0x380/0x380 [ 1803.947540] ? do_splice_to+0x160/0x160 [ 1803.947989] ? security_file_permission+0xb1/0xe0 [ 1803.948545] do_splice_direct+0x1c4/0x290 [ 1803.949026] ? splice_direct_to_actor+0x980/0x980 [ 1803.949571] ? security_file_permission+0xb1/0xe0 [ 1803.950128] vfs_copy_file_range+0x4f8/0x13c0 [ 1803.950637] ? generic_file_rw_checks+0x240/0x240 [ 1803.951195] __do_sys_copy_file_range+0x193/0x420 [ 1803.951745] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1803.952275] ? ksys_write+0x1a9/0x260 [ 1803.952706] ? __ia32_sys_read+0xb0/0xb0 [ 1803.953179] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1803.953772] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1803.954357] do_syscall_64+0x33/0x40 [ 1803.954781] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1803.955359] RIP: 0033:0x7ff72d878b19 [ 1803.955779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1803.957886] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1803.958752] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1803.959560] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1803.960364] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1803.961174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1803.961975] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:31:53 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 13) 10:31:53 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(0xffffffffffffffff, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:31:53 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x0) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:31:53 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:31:53 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:31:53 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) [ 1804.003492] FAULT_INJECTION: forcing a failure. [ 1804.003492] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1804.006157] CPU: 1 PID: 9919 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1804.007624] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1804.009383] Call Trace: [ 1804.009943] dump_stack+0x107/0x167 [ 1804.010729] should_fail.cold+0x5/0xa [ 1804.011547] __alloc_pages_nodemask+0x182/0x600 [ 1804.012536] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1804.013818] ? lock_downgrade+0x6d0/0x6d0 [ 1804.014702] ? lock_acquire+0x197/0x470 [ 1804.015558] alloc_pages_vma+0xbb/0x410 [ 1804.016519] shmem_alloc_page+0x10f/0x1e0 [ 1804.017409] ? shmem_init_inode+0x20/0x20 [ 1804.018383] ? percpu_counter_add_batch+0x8b/0x140 [ 1804.019432] ? __vm_enough_memory+0x184/0x360 [ 1804.020390] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1804.021546] ? shmem_unuse_inode+0xf60/0xf60 [ 1804.022488] shmem_file_read_iter+0x2a6/0xbb0 [ 1804.023463] ? shmem_get_link+0x440/0x440 [ 1804.024345] ? inode_has_perm+0x171/0x1d0 [ 1804.025206] ? iov_iter_pipe+0xf1/0x2a0 [ 1804.026046] generic_file_splice_read+0x455/0x6d0 [ 1804.027068] ? pipe_to_user+0x170/0x170 [ 1804.027908] ? fsnotify_perm.part.0+0x22d/0x620 [ 1804.028884] ? security_file_permission+0xb1/0xe0 [ 1804.029917] ? pipe_to_user+0x170/0x170 [ 1804.030759] do_splice_to+0x10e/0x160 [ 1804.031564] splice_direct_to_actor+0x2fe/0x980 [ 1804.032548] ? pipe_to_sendpage+0x380/0x380 [ 1804.033446] ? do_splice_to+0x160/0x160 [ 1804.034282] ? security_file_permission+0xb1/0xe0 [ 1804.035277] do_splice_direct+0x1c4/0x290 [ 1804.036162] ? splice_direct_to_actor+0x980/0x980 [ 1804.037174] ? security_file_permission+0xb1/0xe0 [ 1804.038193] vfs_copy_file_range+0x4f8/0x13c0 [ 1804.039151] ? generic_file_rw_checks+0x240/0x240 [ 1804.040166] __do_sys_copy_file_range+0x193/0x420 [ 1804.041158] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1804.042130] ? ksys_write+0x1a9/0x260 [ 1804.042905] ? __ia32_sys_read+0xb0/0xb0 [ 1804.043745] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1804.044815] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1804.045883] do_syscall_64+0x33/0x40 [ 1804.046667] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1804.047711] RIP: 0033:0x7f134c613b19 [ 1804.048495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1804.052289] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1804.053896] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1804.055402] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1804.056909] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1804.058443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1804.059955] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 10:31:53 executing program 1: syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r0, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, 0x0, 0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r3}}, 0x101) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(0xffffffffffffffff, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r4, &(0x7f0000000200)='./file0\x00', 0x86) 10:31:53 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 11) 10:31:53 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1804.141136] FAULT_INJECTION: forcing a failure. [ 1804.141136] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1804.142718] CPU: 0 PID: 9937 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1804.143505] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1804.144452] Call Trace: [ 1804.144752] dump_stack+0x107/0x167 [ 1804.145177] should_fail.cold+0x5/0xa [ 1804.145612] __alloc_pages_nodemask+0x182/0x600 [ 1804.146139] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1804.146810] ? lock_downgrade+0x6d0/0x6d0 [ 1804.147274] ? lock_acquire+0x197/0x470 [ 1804.147737] alloc_pages_vma+0xbb/0x410 [ 1804.148192] shmem_alloc_page+0x10f/0x1e0 [ 1804.148664] ? shmem_init_inode+0x20/0x20 [ 1804.149150] ? percpu_counter_add_batch+0x8b/0x140 [ 1804.149709] ? __vm_enough_memory+0x184/0x360 [ 1804.150226] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1804.150847] ? shmem_unuse_inode+0xf60/0xf60 [ 1804.151350] shmem_file_read_iter+0x2a6/0xbb0 [ 1804.151871] ? shmem_get_link+0x440/0x440 [ 1804.152335] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1804.152931] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1804.153551] ? trace_hardirqs_on+0x5b/0x180 [ 1804.154038] ? iov_iter_pipe+0xf1/0x2a0 [ 1804.154486] generic_file_splice_read+0x455/0x6d0 [ 1804.155035] ? pipe_to_user+0x170/0x170 [ 1804.155497] ? fsnotify_perm.part.0+0x22d/0x620 [ 1804.156021] ? security_file_permission+0xb1/0xe0 [ 1804.156573] ? pipe_to_user+0x170/0x170 [ 1804.157024] do_splice_to+0x10e/0x160 [ 1804.157456] splice_direct_to_actor+0x2fe/0x980 [ 1804.157980] ? pipe_to_sendpage+0x380/0x380 [ 1804.158470] ? do_splice_to+0x160/0x160 [ 1804.158915] ? security_file_permission+0xb1/0xe0 [ 1804.159465] do_splice_direct+0x1c4/0x290 [ 1804.159940] ? splice_direct_to_actor+0x980/0x980 [ 1804.160489] ? security_file_permission+0xb1/0xe0 [ 1804.161043] vfs_copy_file_range+0x4f8/0x13c0 [ 1804.161551] ? generic_file_rw_checks+0x240/0x240 [ 1804.162108] __do_sys_copy_file_range+0x193/0x420 [ 1804.162661] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1804.163195] ? ksys_write+0x1a9/0x260 [ 1804.163628] ? __ia32_sys_read+0xb0/0xb0 [ 1804.164091] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1804.164681] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1804.165277] do_syscall_64+0x33/0x40 [ 1804.165699] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1804.166281] RIP: 0033:0x7ff72d878b19 [ 1804.166701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1804.168776] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1804.169644] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1804.170448] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1804.171255] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1804.172062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1804.172868] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:32:05 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 14) 10:32:05 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 12) 10:32:05 executing program 1: syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r0, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, 0x0, 0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r3}}, 0x101) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(0xffffffffffffffff, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r4, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:05 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:05 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:05 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:05 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, 0x0, 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:05 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1816.346523] FAULT_INJECTION: forcing a failure. [ 1816.346523] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1816.348156] CPU: 0 PID: 9957 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1816.348963] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1816.349949] Call Trace: [ 1816.350267] dump_stack+0x107/0x167 [ 1816.350706] should_fail.cold+0x5/0xa [ 1816.351160] __alloc_pages_nodemask+0x182/0x600 [ 1816.351710] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1816.352420] ? lock_downgrade+0x6d0/0x6d0 [ 1816.352909] ? lock_acquire+0x197/0x470 [ 1816.353402] alloc_pages_vma+0xbb/0x410 [ 1816.353880] shmem_alloc_page+0x10f/0x1e0 [ 1816.353890] ? shmem_init_inode+0x20/0x20 [ 1816.353914] ? percpu_counter_add_batch+0x8b/0x140 [ 1816.353925] ? __vm_enough_memory+0x184/0x360 [ 1816.353938] shmem_getpage_gfp.constprop.0+0x512/0x1920 10:32:05 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1816.353958] ? shmem_unuse_inode+0xf60/0xf60 [ 1816.353975] shmem_file_read_iter+0x2a6/0xbb0 10:32:05 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, 0x0, 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 1816.353993] ? shmem_get_link+0x440/0x440 [ 1816.354003] ? inode_has_perm+0x171/0x1d0 [ 1816.354014] ? iov_iter_pipe+0xf1/0x2a0 [ 1816.354027] generic_file_splice_read+0x455/0x6d0 [ 1816.354037] ? pipe_to_user+0x170/0x170 [ 1816.354052] ? fsnotify_perm.part.0+0x22d/0x620 [ 1816.354063] ? security_file_permission+0xb1/0xe0 [ 1816.354074] ? pipe_to_user+0x170/0x170 [ 1816.354084] do_splice_to+0x10e/0x160 10:32:05 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) [ 1816.354096] splice_direct_to_actor+0x2fe/0x980 10:32:05 executing program 1: syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r0, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, 0x0, 0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r3}}, 0x101) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(0xffffffffffffffff, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r4, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:05 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 15) [ 1816.354108] ? pipe_to_sendpage+0x380/0x380 [ 1816.354120] ? do_splice_to+0x160/0x160 [ 1816.354129] ? security_file_permission+0xb1/0xe0 [ 1816.354143] do_splice_direct+0x1c4/0x290 [ 1816.354153] ? splice_direct_to_actor+0x980/0x980 [ 1816.354166] ? security_file_permission+0xb1/0xe0 [ 1816.354180] vfs_copy_file_range+0x4f8/0x13c0 [ 1816.354193] ? generic_file_rw_checks+0x240/0x240 [ 1816.354214] __do_sys_copy_file_range+0x193/0x420 [ 1816.354225] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1816.354234] ? ksys_write+0x1a9/0x260 [ 1816.354244] ? __ia32_sys_read+0xb0/0xb0 [ 1816.354256] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1816.354268] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1816.354279] do_syscall_64+0x33/0x40 [ 1816.354290] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1816.354296] RIP: 0033:0x7f134c613b19 [ 1816.354305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1816.354310] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1816.354321] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1816.354326] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1816.354332] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1816.354337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1816.354342] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 1816.367390] FAULT_INJECTION: forcing a failure. [ 1816.367390] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1816.367411] CPU: 1 PID: 9944 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1816.367421] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1816.367427] Call Trace: [ 1816.367451] dump_stack+0x107/0x167 [ 1816.367473] should_fail.cold+0x5/0xa [ 1816.367498] __alloc_pages_nodemask+0x182/0x600 [ 1816.367522] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1816.367541] ? lock_downgrade+0x6d0/0x6d0 [ 1816.367559] ? lock_acquire+0x197/0x470 [ 1816.367595] alloc_pages_vma+0xbb/0x410 [ 1816.367621] shmem_alloc_page+0x10f/0x1e0 [ 1816.367640] ? shmem_init_inode+0x20/0x20 [ 1816.367684] ? percpu_counter_add_batch+0x8b/0x140 [ 1816.367708] ? __vm_enough_memory+0x184/0x360 [ 1816.367734] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1816.367772] ? shmem_unuse_inode+0xf60/0xf60 [ 1816.367805] shmem_file_read_iter+0x2a6/0xbb0 [ 1816.367841] ? shmem_get_link+0x440/0x440 [ 1816.367868] ? inode_has_perm+0x171/0x1d0 [ 1816.367889] ? iov_iter_pipe+0xf1/0x2a0 [ 1816.367914] generic_file_splice_read+0x455/0x6d0 [ 1816.367934] ? pipe_to_user+0x170/0x170 [ 1816.367964] ? fsnotify_perm.part.0+0x22d/0x620 [ 1816.367987] ? security_file_permission+0xb1/0xe0 [ 1816.368008] ? pipe_to_user+0x170/0x170 [ 1816.368028] do_splice_to+0x10e/0x160 [ 1816.368051] splice_direct_to_actor+0x2fe/0x980 [ 1816.368076] ? pipe_to_sendpage+0x380/0x380 [ 1816.368099] ? do_splice_to+0x160/0x160 [ 1816.368116] ? security_file_permission+0xb1/0xe0 [ 1816.368144] do_splice_direct+0x1c4/0x290 [ 1816.368164] ? splice_direct_to_actor+0x980/0x980 [ 1816.368189] ? security_file_permission+0xb1/0xe0 [ 1816.368217] vfs_copy_file_range+0x4f8/0x13c0 [ 1816.368243] ? generic_file_rw_checks+0x240/0x240 [ 1816.368286] __do_sys_copy_file_range+0x193/0x420 [ 1816.368307] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1816.368325] ? ksys_write+0x1a9/0x260 [ 1816.368344] ? __ia32_sys_read+0xb0/0xb0 [ 1816.368368] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1816.368389] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1816.368412] do_syscall_64+0x33/0x40 [ 1816.368431] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1816.368444] RIP: 0033:0x7ff72d878b19 [ 1816.368460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1816.368471] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1816.368491] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1816.368502] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1816.368513] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1816.368524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1816.368535] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 1816.547702] FAULT_INJECTION: forcing a failure. [ 1816.547702] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1816.547715] CPU: 0 PID: 9972 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1816.547720] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1816.547724] Call Trace: [ 1816.547740] dump_stack+0x107/0x167 [ 1816.547752] should_fail.cold+0x5/0xa [ 1816.547766] __alloc_pages_nodemask+0x182/0x600 [ 1816.547783] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1816.547794] ? lock_downgrade+0x6d0/0x6d0 [ 1816.547803] ? lock_acquire+0x197/0x470 [ 1816.547822] alloc_pages_vma+0xbb/0x410 [ 1816.547836] shmem_alloc_page+0x10f/0x1e0 [ 1816.547846] ? shmem_init_inode+0x20/0x20 [ 1816.547868] ? percpu_counter_add_batch+0x8b/0x140 [ 1816.547880] ? __vm_enough_memory+0x184/0x360 [ 1816.547893] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1816.547912] ? shmem_unuse_inode+0xf60/0xf60 [ 1816.547928] shmem_file_read_iter+0x2a6/0xbb0 [ 1816.547946] ? shmem_get_link+0x440/0x440 [ 1816.547956] ? inode_has_perm+0x171/0x1d0 [ 1816.547967] ? iov_iter_pipe+0xf1/0x2a0 [ 1816.547980] generic_file_splice_read+0x455/0x6d0 [ 1816.547990] ? pipe_to_user+0x170/0x170 [ 1816.548005] ? fsnotify_perm.part.0+0x22d/0x620 [ 1816.548016] ? security_file_permission+0xb1/0xe0 [ 1816.548026] ? pipe_to_user+0x170/0x170 [ 1816.548036] do_splice_to+0x10e/0x160 [ 1816.548048] splice_direct_to_actor+0x2fe/0x980 [ 1816.548060] ? pipe_to_sendpage+0x380/0x380 [ 1816.548072] ? do_splice_to+0x160/0x160 [ 1816.548080] ? security_file_permission+0xb1/0xe0 [ 1816.548094] do_splice_direct+0x1c4/0x290 [ 1816.548104] ? splice_direct_to_actor+0x980/0x980 [ 1816.548117] ? security_file_permission+0xb1/0xe0 [ 1816.548131] vfs_copy_file_range+0x4f8/0x13c0 [ 1816.548144] ? generic_file_rw_checks+0x240/0x240 [ 1816.548165] __do_sys_copy_file_range+0x193/0x420 [ 1816.548175] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1816.548184] ? ksys_write+0x1a9/0x260 [ 1816.548194] ? __ia32_sys_read+0xb0/0xb0 [ 1816.548206] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1816.548217] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1816.548228] do_syscall_64+0x33/0x40 [ 1816.548239] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1816.548245] RIP: 0033:0x7f134c613b19 [ 1816.548254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1816.548259] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1816.548270] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1816.548275] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1816.548280] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1816.548286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1816.548291] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 10:32:19 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:19 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:19 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, 0x0, 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:19 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 16) 10:32:19 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 13) 10:32:19 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:19 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:19 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) [ 1829.845502] FAULT_INJECTION: forcing a failure. [ 1829.845502] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1829.848175] CPU: 1 PID: 9984 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1829.849688] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1829.851515] Call Trace: [ 1829.852106] dump_stack+0x107/0x167 [ 1829.852908] should_fail.cold+0x5/0xa [ 1829.853783] __alloc_pages_nodemask+0x182/0x600 [ 1829.854806] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1829.856116] ? lock_downgrade+0x6d0/0x6d0 [ 1829.857015] ? lock_acquire+0x197/0x470 [ 1829.857902] alloc_pages_vma+0xbb/0x410 [ 1829.858772] shmem_alloc_page+0x10f/0x1e0 [ 1829.859682] ? shmem_init_inode+0x20/0x20 [ 1829.860605] ? percpu_counter_add_batch+0x8b/0x140 [ 1829.861697] ? __vm_enough_memory+0x184/0x360 [ 1829.862674] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1829.863842] ? shmem_unuse_inode+0xf60/0xf60 [ 1829.864806] shmem_file_read_iter+0x2a6/0xbb0 [ 1829.865803] ? shmem_get_link+0x440/0x440 [ 1829.866706] ? inode_has_perm+0x171/0x1d0 [ 1829.867602] ? iov_iter_pipe+0xf1/0x2a0 [ 1829.868467] generic_file_splice_read+0x455/0x6d0 [ 1829.869522] ? pipe_to_user+0x170/0x170 [ 1829.870391] ? fsnotify_perm.part.0+0x22d/0x620 [ 1829.871403] ? security_file_permission+0xb1/0xe0 [ 1829.872442] ? pipe_to_user+0x170/0x170 [ 1829.873317] do_splice_to+0x10e/0x160 [ 1829.874141] splice_direct_to_actor+0x2fe/0x980 [ 1829.875138] ? pipe_to_sendpage+0x380/0x380 [ 1829.876060] ? do_splice_to+0x160/0x160 [ 1829.876906] ? security_file_permission+0xb1/0xe0 [ 1829.877962] do_splice_direct+0x1c4/0x290 [ 1829.878895] ? splice_direct_to_actor+0x980/0x980 [ 1829.879927] ? security_file_permission+0xb1/0xe0 [ 1829.880972] vfs_copy_file_range+0x4f8/0x13c0 [ 1829.881943] ? generic_file_rw_checks+0x240/0x240 [ 1829.882999] __do_sys_copy_file_range+0x193/0x420 [ 1829.884043] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1829.884061] ? ksys_write+0x1a9/0x260 [ 1829.884080] ? __ia32_sys_read+0xb0/0xb0 [ 1829.884104] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1829.884125] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1829.884146] do_syscall_64+0x33/0x40 [ 1829.884166] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1829.884179] RIP: 0033:0x7f134c613b19 [ 1829.884196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1829.884206] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1829.897217] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1829.898733] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1829.900278] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1829.901802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1829.903316] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 1829.941120] FAULT_INJECTION: forcing a failure. [ 1829.941120] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1829.944315] CPU: 1 PID: 9997 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1829.946048] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1829.948116] Call Trace: [ 1829.948774] dump_stack+0x107/0x167 [ 1829.949704] should_fail.cold+0x5/0xa [ 1829.950670] __alloc_pages_nodemask+0x182/0x600 [ 1829.951832] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1829.953345] ? lock_downgrade+0x6d0/0x6d0 [ 1829.954356] ? lock_acquire+0x1b9/0x470 [ 1829.955362] alloc_pages_vma+0xbb/0x410 [ 1829.956353] shmem_alloc_page+0x10f/0x1e0 [ 1829.957388] ? shmem_init_inode+0x20/0x20 [ 1829.958442] ? percpu_counter_add_batch+0x8b/0x140 [ 1829.959674] ? __vm_enough_memory+0x184/0x360 [ 1829.960802] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1829.962166] ? shmem_unuse_inode+0xf60/0xf60 [ 1829.963259] ? shmem_file_read_iter+0x565/0xbb0 [ 1829.964414] shmem_file_read_iter+0x2a6/0xbb0 [ 1829.965549] ? shmem_get_link+0x440/0x440 [ 1829.966579] ? inode_has_perm+0x171/0x1d0 [ 1829.967605] ? iov_iter_pipe+0xf1/0x2a0 [ 1829.968583] generic_file_splice_read+0x455/0x6d0 [ 1829.969768] ? pipe_to_user+0x170/0x170 [ 1829.970754] ? fsnotify_perm.part.0+0x22d/0x620 [ 1829.971884] ? security_file_permission+0xb1/0xe0 [ 1829.973058] ? pipe_to_user+0x170/0x170 [ 1829.974032] do_splice_to+0x10e/0x160 [ 1829.974951] splice_direct_to_actor+0x2fe/0x980 [ 1829.976083] ? pipe_to_sendpage+0x380/0x380 [ 1829.977130] ? do_splice_to+0x160/0x160 [ 1829.978100] ? security_file_permission+0xb1/0xe0 [ 1829.979270] do_splice_direct+0x1c4/0x290 [ 1829.980268] ? splice_direct_to_actor+0x980/0x980 [ 1829.981453] ? security_file_permission+0xb1/0xe0 [ 1829.982625] vfs_copy_file_range+0x4f8/0x13c0 [ 1829.983713] ? generic_file_rw_checks+0x240/0x240 [ 1829.984896] __do_sys_copy_file_range+0x193/0x420 [ 1829.986070] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1829.987201] ? ksys_write+0x1a9/0x260 [ 1829.988111] ? __ia32_sys_read+0xb0/0xb0 [ 1829.989091] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1829.990354] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1829.991590] do_syscall_64+0x33/0x40 [ 1829.992482] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1829.993728] RIP: 0033:0x7ff72d878b19 [ 1829.994618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1829.999036] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1830.000839] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1830.002541] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1830.004231] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1830.005955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1830.007653] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:32:19 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:19 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:19 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(0x0, 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:19 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x0) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:19 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:19 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:19 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:19 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(0x0, 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:19 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 17) 10:32:19 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:19 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 14) [ 1830.340041] FAULT_INJECTION: forcing a failure. [ 1830.340041] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1830.342633] CPU: 1 PID: 10017 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1830.344109] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1830.345871] Call Trace: [ 1830.346430] dump_stack+0x107/0x167 [ 1830.347202] should_fail.cold+0x5/0xa [ 1830.348010] __alloc_pages_nodemask+0x182/0x600 [ 1830.348993] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1830.350262] ? lock_downgrade+0x6d0/0x6d0 [ 1830.351135] ? lock_acquire+0x197/0x470 [ 1830.351986] alloc_pages_vma+0xbb/0x410 [ 1830.352829] shmem_alloc_page+0x10f/0x1e0 [ 1830.353709] ? shmem_init_inode+0x20/0x20 [ 1830.354609] ? percpu_counter_add_batch+0x8b/0x140 [ 1830.355641] ? __vm_enough_memory+0x184/0x360 [ 1830.356588] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1830.357735] ? shmem_unuse_inode+0xf60/0xf60 [ 1830.358670] shmem_file_read_iter+0x2a6/0xbb0 [ 1830.359629] ? shmem_get_link+0x440/0x440 [ 1830.360505] ? inode_has_perm+0x171/0x1d0 [ 1830.361392] ? iov_iter_pipe+0xf1/0x2a0 [ 1830.362238] generic_file_splice_read+0x455/0x6d0 [ 1830.363256] ? pipe_to_user+0x170/0x170 [ 1830.364107] ? fsnotify_perm.part.0+0x22d/0x620 [ 1830.365089] ? security_file_permission+0xb1/0xe0 [ 1830.366118] ? pipe_to_user+0x170/0x170 [ 1830.366937] do_splice_to+0x10e/0x160 [ 1830.367719] splice_direct_to_actor+0x2fe/0x980 [ 1830.368703] ? pipe_to_sendpage+0x380/0x380 [ 1830.369633] ? do_splice_to+0x160/0x160 [ 1830.370465] ? security_file_permission+0xb1/0xe0 [ 1830.371483] do_splice_direct+0x1c4/0x290 [ 1830.372361] ? splice_direct_to_actor+0x980/0x980 [ 1830.373363] ? security_file_permission+0xb1/0xe0 [ 1830.374384] vfs_copy_file_range+0x4f8/0x13c0 [ 1830.375335] ? generic_file_rw_checks+0x240/0x240 [ 1830.376362] __do_sys_copy_file_range+0x193/0x420 [ 1830.377360] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1830.378352] ? ksys_write+0x1a9/0x260 [ 1830.379153] ? __ia32_sys_read+0xb0/0xb0 [ 1830.380009] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1830.381113] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1830.382210] do_syscall_64+0x33/0x40 [ 1830.382991] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1830.384069] RIP: 0033:0x7f134c613b19 [ 1830.384843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1830.388695] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1830.390297] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1830.391785] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1830.393275] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1830.394765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1830.396268] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 1830.423374] FAULT_INJECTION: forcing a failure. [ 1830.423374] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1830.426040] CPU: 0 PID: 10023 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1830.427455] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1830.429130] Call Trace: [ 1830.429680] dump_stack+0x107/0x167 [ 1830.430420] should_fail.cold+0x5/0xa [ 1830.431195] __alloc_pages_nodemask+0x182/0x600 [ 1830.432141] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1830.433350] ? lock_downgrade+0x6d0/0x6d0 [ 1830.434187] ? lock_acquire+0x197/0x470 [ 1830.434999] alloc_pages_vma+0xbb/0x410 [ 1830.435805] shmem_alloc_page+0x10f/0x1e0 [ 1830.436641] ? shmem_init_inode+0x20/0x20 [ 1830.437520] ? percpu_counter_add_batch+0x8b/0x140 [ 1830.438515] ? __vm_enough_memory+0x184/0x360 [ 1830.439425] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1830.440530] ? shmem_unuse_inode+0xf60/0xf60 [ 1830.441445] shmem_file_read_iter+0x2a6/0xbb0 [ 1830.442372] ? shmem_get_link+0x440/0x440 [ 1830.443423] ? inode_has_perm+0x171/0x1d0 [ 1830.444270] ? iov_iter_pipe+0xf1/0x2a0 [ 1830.445075] generic_file_splice_read+0x455/0x6d0 [ 1830.446055] ? pipe_to_user+0x170/0x170 [ 1830.446868] ? fsnotify_perm.part.0+0x22d/0x620 [ 1830.447807] ? security_file_permission+0xb1/0xe0 [ 1830.448785] ? pipe_to_user+0x170/0x170 [ 1830.449596] do_splice_to+0x10e/0x160 [ 1830.450366] splice_direct_to_actor+0x2fe/0x980 [ 1830.451307] ? pipe_to_sendpage+0x380/0x380 [ 1830.452187] ? do_splice_to+0x160/0x160 [ 1830.452982] ? security_file_permission+0xb1/0xe0 [ 1830.453977] do_splice_direct+0x1c4/0x290 [ 1830.454812] ? splice_direct_to_actor+0x980/0x980 [ 1830.455787] ? security_file_permission+0xb1/0xe0 [ 1830.456776] vfs_copy_file_range+0x4f8/0x13c0 [ 1830.457698] ? generic_file_rw_checks+0x240/0x240 [ 1830.458681] __do_sys_copy_file_range+0x193/0x420 [ 1830.459659] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1830.460607] ? ksys_write+0x1a9/0x260 [ 1830.461406] ? __ia32_sys_read+0xb0/0xb0 [ 1830.462221] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1830.463279] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1830.464309] do_syscall_64+0x33/0x40 [ 1830.465053] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1830.466082] RIP: 0033:0x7ff72d878b19 [ 1830.466820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1830.470391] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1830.471849] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1830.473232] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1830.474622] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1830.476002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1830.477392] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:32:35 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 15) 10:32:35 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x0) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:35 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:35 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:35 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:35 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:35 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 18) 10:32:35 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(0x0, 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1845.857650] FAULT_INJECTION: forcing a failure. [ 1845.857650] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1845.859098] CPU: 0 PID: 10038 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1845.859877] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1845.860820] Call Trace: [ 1845.861125] dump_stack+0x107/0x167 [ 1845.861544] should_fail.cold+0x5/0xa [ 1845.861977] __alloc_pages_nodemask+0x182/0x600 [ 1845.862506] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1845.863186] ? lock_downgrade+0x6d0/0x6d0 [ 1845.863653] ? lock_acquire+0x197/0x470 [ 1845.864116] alloc_pages_vma+0xbb/0x410 [ 1845.864574] shmem_alloc_page+0x10f/0x1e0 [ 1845.865048] ? shmem_init_inode+0x20/0x20 [ 1845.865537] ? percpu_counter_add_batch+0x8b/0x140 [ 1845.866092] ? __vm_enough_memory+0x184/0x360 [ 1845.866610] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1845.867219] ? shmem_unuse_inode+0xf60/0xf60 [ 1845.867729] shmem_file_read_iter+0x2a6/0xbb0 [ 1845.868241] ? shmem_get_link+0x440/0x440 [ 1845.868710] ? inode_has_perm+0x171/0x1d0 [ 1845.869183] ? iov_iter_pipe+0xf1/0x2a0 [ 1845.869646] generic_file_splice_read+0x455/0x6d0 [ 1845.870200] ? pipe_to_user+0x170/0x170 [ 1845.870654] ? fsnotify_perm.part.0+0x22d/0x620 [ 1845.871182] ? security_file_permission+0xb1/0xe0 [ 1845.871728] ? pipe_to_user+0x170/0x170 [ 1845.872178] do_splice_to+0x10e/0x160 [ 1845.872619] splice_direct_to_actor+0x2fe/0x980 [ 1845.873149] ? pipe_to_sendpage+0x380/0x380 [ 1845.873650] ? do_splice_to+0x160/0x160 [ 1845.874099] ? security_file_permission+0xb1/0xe0 [ 1845.874647] do_splice_direct+0x1c4/0x290 [ 1845.875122] ? splice_direct_to_actor+0x980/0x980 [ 1845.875667] ? security_file_permission+0xb1/0xe0 [ 1845.876223] vfs_copy_file_range+0x4f8/0x13c0 [ 1845.876730] ? generic_file_rw_checks+0x240/0x240 [ 1845.877292] __do_sys_copy_file_range+0x193/0x420 [ 1845.877842] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1845.878376] ? ksys_write+0x1a9/0x260 [ 1845.878803] ? __ia32_sys_read+0xb0/0xb0 [ 1845.879266] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1845.879858] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1845.880443] do_syscall_64+0x33/0x40 [ 1845.880865] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1845.881446] RIP: 0033:0x7ff72d878b19 [ 1845.881873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1845.883944] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1845.884812] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1845.885618] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1845.886428] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1845.887232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1845.888033] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:32:35 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1845.918573] FAULT_INJECTION: forcing a failure. [ 1845.918573] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1845.921164] CPU: 1 PID: 10046 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1845.922625] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1845.924362] Call Trace: [ 1845.924923] dump_stack+0x107/0x167 [ 1845.925695] should_fail.cold+0x5/0xa [ 1845.926503] __alloc_pages_nodemask+0x182/0x600 [ 1845.927490] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1845.928751] ? lock_downgrade+0x6d0/0x6d0 [ 1845.929643] ? lock_acquire+0x197/0x470 [ 1845.930499] alloc_pages_vma+0xbb/0x410 [ 1845.931343] shmem_alloc_page+0x10f/0x1e0 [ 1845.932217] ? shmem_init_inode+0x20/0x20 [ 1845.933117] ? percpu_counter_add_batch+0x8b/0x140 [ 1845.934160] ? __vm_enough_memory+0x184/0x360 [ 1845.935109] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1845.936240] ? shmem_unuse_inode+0xf60/0xf60 [ 1845.937177] shmem_file_read_iter+0x2a6/0xbb0 [ 1845.938146] ? shmem_get_link+0x440/0x440 [ 1845.939029] ? inode_has_perm+0x171/0x1d0 [ 1845.939900] ? iov_iter_pipe+0xf1/0x2a0 [ 1845.940750] generic_file_splice_read+0x455/0x6d0 [ 1845.941771] ? pipe_to_user+0x170/0x170 [ 1845.942621] ? fsnotify_perm.part.0+0x22d/0x620 [ 1845.943608] ? security_file_permission+0xb1/0xe0 [ 1845.944626] ? pipe_to_user+0x170/0x170 [ 1845.945465] do_splice_to+0x10e/0x160 [ 1845.946279] splice_direct_to_actor+0x2fe/0x980 [ 1845.947265] ? pipe_to_sendpage+0x380/0x380 [ 1845.948182] ? do_splice_to+0x160/0x160 [ 1845.949020] ? security_file_permission+0xb1/0xe0 [ 1845.950079] do_splice_direct+0x1c4/0x290 [ 1845.950952] ? splice_direct_to_actor+0x980/0x980 [ 1845.951977] ? security_file_permission+0xb1/0xe0 [ 1845.953001] vfs_copy_file_range+0x4f8/0x13c0 [ 1845.953958] ? generic_file_rw_checks+0x240/0x240 [ 1845.954993] __do_sys_copy_file_range+0x193/0x420 [ 1845.956020] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1845.957023] ? ksys_write+0x1a9/0x260 [ 1845.957832] ? __ia32_sys_read+0xb0/0xb0 [ 1845.958690] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1845.959792] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1845.960892] do_syscall_64+0x33/0x40 [ 1845.961686] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1845.962784] RIP: 0033:0x7f134c613b19 [ 1845.963564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1845.967468] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1845.969090] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1845.970614] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1845.972132] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1845.973648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1845.975155] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 10:32:35 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:48 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 19) 10:32:48 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x0) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:48 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:48 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:48 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 16) 10:32:48 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:48 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:48 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 1859.017735] FAULT_INJECTION: forcing a failure. [ 1859.017735] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1859.019322] CPU: 1 PID: 10070 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1859.020169] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1859.021185] Call Trace: [ 1859.021512] dump_stack+0x107/0x167 [ 1859.021975] should_fail.cold+0x5/0xa [ 1859.022454] __alloc_pages_nodemask+0x182/0x600 [ 1859.023036] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1859.023776] ? lock_downgrade+0x6d0/0x6d0 [ 1859.024291] ? lock_acquire+0x197/0x470 [ 1859.024796] alloc_pages_vma+0xbb/0x410 [ 1859.025295] shmem_alloc_page+0x10f/0x1e0 [ 1859.025815] ? shmem_init_inode+0x20/0x20 [ 1859.026334] ? percpu_counter_add_batch+0x8b/0x140 [ 1859.026932] ? __vm_enough_memory+0x184/0x360 [ 1859.027494] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1859.028156] ? shmem_unuse_inode+0xf60/0xf60 [ 1859.028699] shmem_file_read_iter+0x2a6/0xbb0 [ 1859.029266] ? shmem_get_link+0x440/0x440 [ 1859.029780] ? inode_has_perm+0x171/0x1d0 [ 1859.030294] ? iov_iter_pipe+0xf1/0x2a0 [ 1859.030780] generic_file_splice_read+0x455/0x6d0 [ 1859.031373] ? pipe_to_user+0x170/0x170 [ 1859.031863] ? fsnotify_perm.part.0+0x22d/0x620 [ 1859.032430] ? security_file_permission+0xb1/0xe0 [ 1859.033016] ? pipe_to_user+0x170/0x170 [ 1859.033501] do_splice_to+0x10e/0x160 [ 1859.033972] splice_direct_to_actor+0x2fe/0x980 [ 1859.034549] ? pipe_to_sendpage+0x380/0x380 [ 1859.035080] ? do_splice_to+0x160/0x160 [ 1859.035563] ? security_file_permission+0xb1/0xe0 [ 1859.036156] do_splice_direct+0x1c4/0x290 [ 1859.036659] ? splice_direct_to_actor+0x980/0x980 [ 1859.037260] ? security_file_permission+0xb1/0xe0 [ 1859.037855] vfs_copy_file_range+0x4f8/0x13c0 [ 1859.038402] ? generic_file_rw_checks+0x240/0x240 [ 1859.038998] __do_sys_copy_file_range+0x193/0x420 [ 1859.039579] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1859.040155] ? ksys_write+0x1a9/0x260 [ 1859.040181] FAULT_INJECTION: forcing a failure. [ 1859.040181] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1859.040616] ? __ia32_sys_read+0xb0/0xb0 [ 1859.040638] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1859.044192] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1859.044815] do_syscall_64+0x33/0x40 [ 1859.045269] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1859.045897] RIP: 0033:0x7f134c613b19 [ 1859.046352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1859.048582] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1859.049501] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1859.050379] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1859.051246] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1859.052118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1859.052982] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 1859.054106] CPU: 0 PID: 10065 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1859.055576] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1859.057326] Call Trace: [ 1859.057893] dump_stack+0x107/0x167 [ 1859.058673] should_fail.cold+0x5/0xa [ 1859.059480] __alloc_pages_nodemask+0x182/0x600 [ 1859.060460] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1859.061724] ? lock_downgrade+0x6d0/0x6d0 [ 1859.062594] ? lock_acquire+0x197/0x470 [ 1859.063446] alloc_pages_vma+0xbb/0x410 [ 1859.064293] shmem_alloc_page+0x10f/0x1e0 [ 1859.065167] ? shmem_init_inode+0x20/0x20 [ 1859.066064] ? percpu_counter_add_batch+0x8b/0x140 [ 1859.067099] ? __vm_enough_memory+0x184/0x360 [ 1859.068048] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1859.069183] ? shmem_unuse_inode+0xf60/0xf60 [ 1859.070115] shmem_file_read_iter+0x2a6/0xbb0 [ 1859.071074] ? shmem_get_link+0x440/0x440 [ 1859.071919] ? inode_has_perm+0x171/0x1d0 [ 1859.072789] ? iov_iter_pipe+0xf1/0x2a0 [ 1859.073612] generic_file_splice_read+0x455/0x6d0 [ 1859.074641] ? pipe_to_user+0x170/0x170 [ 1859.075470] ? fsnotify_perm.part.0+0x22d/0x620 [ 1859.076443] ? security_file_permission+0xb1/0xe0 [ 1859.077425] ? pipe_to_user+0x170/0x170 [ 1859.078263] do_splice_to+0x10e/0x160 [ 1859.079052] splice_direct_to_actor+0x2fe/0x980 [ 1859.080037] ? pipe_to_sendpage+0x380/0x380 [ 1859.080929] ? do_splice_to+0x160/0x160 [ 1859.081768] ? security_file_permission+0xb1/0xe0 [ 1859.082940] do_splice_direct+0x1c4/0x290 [ 1859.083867] ? splice_direct_to_actor+0x980/0x980 [ 1859.084868] ? security_file_permission+0xb1/0xe0 [ 1859.085902] vfs_copy_file_range+0x4f8/0x13c0 [ 1859.086838] ? generic_file_rw_checks+0x240/0x240 [ 1859.087875] __do_sys_copy_file_range+0x193/0x420 [ 1859.088879] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1859.089883] ? ksys_write+0x1a9/0x260 [ 1859.090673] ? __ia32_sys_read+0xb0/0xb0 [ 1859.091533] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1859.092616] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1859.093721] do_syscall_64+0x33/0x40 [ 1859.094491] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1859.095573] RIP: 0033:0x7ff72d878b19 [ 1859.096338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1859.100211] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1859.101799] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1859.103293] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1859.104783] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1859.106292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1859.107790] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:32:48 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(0x0, 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:48 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:48 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 20) 10:32:48 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:48 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:48 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:48 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(0x0, 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:48 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) [ 1859.276653] FAULT_INJECTION: forcing a failure. [ 1859.276653] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1859.279391] CPU: 0 PID: 10087 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1859.280824] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1859.282534] Call Trace: [ 1859.283084] dump_stack+0x107/0x167 [ 1859.283843] should_fail.cold+0x5/0xa [ 1859.284626] __alloc_pages_nodemask+0x182/0x600 [ 1859.285569] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1859.286834] ? lock_downgrade+0x6d0/0x6d0 [ 1859.287690] ? lock_acquire+0x197/0x470 [ 1859.288558] alloc_pages_vma+0xbb/0x410 [ 1859.289405] shmem_alloc_page+0x10f/0x1e0 [ 1859.290291] ? shmem_init_inode+0x20/0x20 [ 1859.291161] ? percpu_counter_add_batch+0x8b/0x140 [ 1859.292176] ? __vm_enough_memory+0x184/0x360 [ 1859.293121] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1859.294262] ? shmem_unuse_inode+0xf60/0xf60 [ 1859.295189] shmem_file_read_iter+0x2a6/0xbb0 [ 1859.296161] ? shmem_get_link+0x440/0x440 [ 1859.297042] ? inode_has_perm+0x171/0x1d0 [ 1859.297912] ? iov_iter_pipe+0xf1/0x2a0 [ 1859.298741] generic_file_splice_read+0x455/0x6d0 [ 1859.299751] ? pipe_to_user+0x170/0x170 [ 1859.300575] ? fsnotify_perm.part.0+0x22d/0x620 [ 1859.301540] ? security_file_permission+0xb1/0xe0 [ 1859.302544] ? pipe_to_user+0x170/0x170 [ 1859.303368] do_splice_to+0x10e/0x160 [ 1859.304158] splice_direct_to_actor+0x2fe/0x980 [ 1859.305148] ? pipe_to_sendpage+0x380/0x380 [ 1859.306054] ? do_splice_to+0x160/0x160 [ 1859.306884] ? security_file_permission+0xb1/0xe0 [ 1859.307888] do_splice_direct+0x1c4/0x290 [ 1859.308736] ? splice_direct_to_actor+0x980/0x980 [ 1859.309748] ? security_file_permission+0xb1/0xe0 [ 1859.310747] vfs_copy_file_range+0x4f8/0x13c0 [ 1859.311670] ? generic_file_rw_checks+0x240/0x240 [ 1859.312682] __do_sys_copy_file_range+0x193/0x420 [ 1859.313690] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1859.314650] ? ksys_write+0x1a9/0x260 [ 1859.315430] ? __ia32_sys_read+0xb0/0xb0 [ 1859.316262] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1859.317341] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1859.318401] do_syscall_64+0x33/0x40 [ 1859.319169] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1859.320220] RIP: 0033:0x7f134c613b19 [ 1859.320998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1859.324771] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1859.326332] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1859.327783] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1859.329247] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1859.330713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1859.330723] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 10:32:48 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:32:48 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:32:48 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:01 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:01 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(0x0, 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:01 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 21) 10:33:01 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:01 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:01 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:01 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:01 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 17) [ 1872.307260] FAULT_INJECTION: forcing a failure. [ 1872.307260] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1872.309032] CPU: 0 PID: 10126 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1872.309898] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1872.310925] Call Trace: [ 1872.311255] dump_stack+0x107/0x167 [ 1872.311705] should_fail.cold+0x5/0xa [ 1872.312192] __alloc_pages_nodemask+0x182/0x600 [ 1872.312770] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1872.313512] ? lock_downgrade+0x6d0/0x6d0 [ 1872.314031] ? lock_acquire+0x197/0x470 [ 1872.314536] alloc_pages_vma+0xbb/0x410 [ 1872.315030] shmem_alloc_page+0x10f/0x1e0 [ 1872.315539] ? shmem_init_inode+0x20/0x20 [ 1872.316066] ? percpu_counter_add_batch+0x8b/0x140 [ 1872.316673] ? __vm_enough_memory+0x184/0x360 [ 1872.317231] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1872.317922] ? shmem_unuse_inode+0xf60/0xf60 [ 1872.318472] shmem_file_read_iter+0x2a6/0xbb0 [ 1872.319036] ? shmem_get_link+0x440/0x440 [ 1872.319551] ? inode_has_perm+0x171/0x1d0 [ 1872.320065] ? iov_iter_pipe+0xf1/0x2a0 [ 1872.320560] generic_file_splice_read+0x455/0x6d0 [ 1872.321155] ? pipe_to_user+0x170/0x170 [ 1872.321653] ? fsnotify_perm.part.0+0x22d/0x620 [ 1872.322236] ? security_file_permission+0xb1/0xe0 [ 1872.322830] ? pipe_to_user+0x170/0x170 [ 1872.323328] do_splice_to+0x10e/0x160 [ 1872.323802] splice_direct_to_actor+0x2fe/0x980 [ 1872.324394] ? pipe_to_sendpage+0x380/0x380 [ 1872.324931] ? do_splice_to+0x160/0x160 [ 1872.325432] ? security_file_permission+0xb1/0xe0 [ 1872.326045] do_splice_direct+0x1c4/0x290 [ 1872.326557] ? splice_direct_to_actor+0x980/0x980 [ 1872.327163] ? security_file_permission+0xb1/0xe0 [ 1872.327762] vfs_copy_file_range+0x4f8/0x13c0 [ 1872.328334] ? generic_file_rw_checks+0x240/0x240 [ 1872.328940] __do_sys_copy_file_range+0x193/0x420 [ 1872.329531] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1872.330121] ? ksys_write+0x1a9/0x260 [ 1872.330588] ? __ia32_sys_read+0xb0/0xb0 [ 1872.331093] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1872.331737] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1872.332389] do_syscall_64+0x33/0x40 [ 1872.332848] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1872.333476] RIP: 0033:0x7ff72d878b19 [ 1872.333976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1872.336226] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1872.337159] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1872.338034] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1872.338905] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1872.339773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1872.340650] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:33:01 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) [ 1872.379386] FAULT_INJECTION: forcing a failure. [ 1872.379386] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1872.381951] CPU: 1 PID: 10127 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1872.383413] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1872.385171] Call Trace: [ 1872.385733] dump_stack+0x107/0x167 [ 1872.386521] should_fail.cold+0x5/0xa [ 1872.387334] __alloc_pages_nodemask+0x182/0x600 [ 1872.388317] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1872.389584] ? lock_downgrade+0x6d0/0x6d0 [ 1872.390462] ? lock_acquire+0x197/0x470 [ 1872.391313] alloc_pages_vma+0xbb/0x410 [ 1872.392155] shmem_alloc_page+0x10f/0x1e0 [ 1872.393038] ? shmem_init_inode+0x20/0x20 [ 1872.393939] ? percpu_counter_add_batch+0x8b/0x140 [ 1872.394971] ? __vm_enough_memory+0x184/0x360 [ 1872.395921] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1872.397061] ? shmem_unuse_inode+0xf60/0xf60 [ 1872.398000] shmem_file_read_iter+0x2a6/0xbb0 [ 1872.398952] ? shmem_get_link+0x440/0x440 [ 1872.399827] ? inode_has_perm+0x171/0x1d0 [ 1872.400703] ? iov_iter_pipe+0xf1/0x2a0 [ 1872.401548] generic_file_splice_read+0x455/0x6d0 [ 1872.402575] ? pipe_to_user+0x170/0x170 [ 1872.403416] ? fsnotify_perm.part.0+0x22d/0x620 [ 1872.404401] ? security_file_permission+0xb1/0xe0 [ 1872.405413] ? pipe_to_user+0x170/0x170 [ 1872.406258] do_splice_to+0x10e/0x160 [ 1872.407060] splice_direct_to_actor+0x2fe/0x980 10:33:01 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) [ 1872.408041] ? pipe_to_sendpage+0x380/0x380 [ 1872.409181] ? do_splice_to+0x160/0x160 [ 1872.410037] ? security_file_permission+0xb1/0xe0 [ 1872.411069] do_splice_direct+0x1c4/0x290 [ 1872.411943] ? splice_direct_to_actor+0x980/0x980 [ 1872.412969] ? security_file_permission+0xb1/0xe0 [ 1872.413996] vfs_copy_file_range+0x4f8/0x13c0 [ 1872.414946] ? generic_file_rw_checks+0x240/0x240 [ 1872.415978] __do_sys_copy_file_range+0x193/0x420 [ 1872.416991] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1872.418007] ? ksys_write+0x1a9/0x260 [ 1872.418809] ? __ia32_sys_read+0xb0/0xb0 [ 1872.419673] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1872.420784] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1872.421886] do_syscall_64+0x33/0x40 [ 1872.422674] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1872.423746] RIP: 0033:0x7f134c613b19 [ 1872.424528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1872.428411] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1872.430040] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1872.431548] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1872.433042] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1872.434564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1872.436063] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 10:33:01 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:01 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:01 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 18) 10:33:02 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:02 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:02 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x0, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 1872.583586] FAULT_INJECTION: forcing a failure. [ 1872.583586] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1872.586467] CPU: 1 PID: 10147 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1872.587946] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1872.589689] Call Trace: [ 1872.590266] dump_stack+0x107/0x167 [ 1872.591035] should_fail.cold+0x5/0xa [ 1872.591840] __alloc_pages_nodemask+0x182/0x600 [ 1872.592828] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1872.594095] ? lock_downgrade+0x6d0/0x6d0 [ 1872.594964] ? lock_acquire+0x197/0x470 [ 1872.595809] alloc_pages_vma+0xbb/0x410 [ 1872.596647] shmem_alloc_page+0x10f/0x1e0 [ 1872.597520] ? shmem_init_inode+0x20/0x20 [ 1872.598424] ? percpu_counter_add_batch+0x8b/0x140 [ 1872.599463] ? __vm_enough_memory+0x184/0x360 [ 1872.600414] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1872.601549] ? shmem_unuse_inode+0xf60/0xf60 [ 1872.602495] shmem_file_read_iter+0x2a6/0xbb0 [ 1872.603458] ? shmem_get_link+0x440/0x440 [ 1872.604328] ? inode_has_perm+0x171/0x1d0 [ 1872.605203] ? iov_iter_pipe+0xf1/0x2a0 [ 1872.606054] generic_file_splice_read+0x455/0x6d0 [ 1872.607083] ? pipe_to_user+0x170/0x170 [ 1872.607933] ? fsnotify_perm.part.0+0x22d/0x620 [ 1872.608912] ? security_file_permission+0xb1/0xe0 [ 1872.609929] ? pipe_to_user+0x170/0x170 [ 1872.610767] do_splice_to+0x10e/0x160 [ 1872.611564] splice_direct_to_actor+0x2fe/0x980 [ 1872.612546] ? pipe_to_sendpage+0x380/0x380 [ 1872.613459] ? do_splice_to+0x160/0x160 [ 1872.614300] ? security_file_permission+0xb1/0xe0 [ 1872.615328] do_splice_direct+0x1c4/0x290 [ 1872.616197] ? splice_direct_to_actor+0x980/0x980 [ 1872.617220] ? security_file_permission+0xb1/0xe0 [ 1872.618248] vfs_copy_file_range+0x4f8/0x13c0 [ 1872.619198] ? generic_file_rw_checks+0x240/0x240 [ 1872.620246] __do_sys_copy_file_range+0x193/0x420 [ 1872.621256] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1872.622254] ? ksys_write+0x1a9/0x260 [ 1872.623056] ? __ia32_sys_read+0xb0/0xb0 [ 1872.623907] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1872.625010] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1872.626114] do_syscall_64+0x33/0x40 [ 1872.626988] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1872.628060] RIP: 0033:0x7ff72d878b19 [ 1872.628839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1872.632725] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1872.634343] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1872.635836] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1872.637350] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1872.638857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1872.640369] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:33:02 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x0, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:02 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:16 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:16 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 19) 10:33:16 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:16 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:16 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:16 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(0xffffffffffffffff, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:16 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 22) 10:33:16 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x0, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:16 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, 0x0, 0x86) [ 1886.820481] FAULT_INJECTION: forcing a failure. [ 1886.820481] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1886.822489] CPU: 0 PID: 10168 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1886.823504] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1886.824659] Call Trace: [ 1886.824680] dump_stack+0x107/0x167 [ 1886.824694] should_fail.cold+0x5/0xa [ 1886.824711] __alloc_pages_nodemask+0x182/0x600 [ 1886.824726] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1886.824739] ? lock_downgrade+0x6d0/0x6d0 [ 1886.824750] ? lock_acquire+0x197/0x470 [ 1886.824775] alloc_pages_vma+0xbb/0x410 10:33:16 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(0xffffffffffffffff, 0x0, r0, 0x0, 0x300000000, 0x0) [ 1886.824792] shmem_alloc_page+0x10f/0x1e0 [ 1886.824804] ? shmem_init_inode+0x20/0x20 [ 1886.824832] ? percpu_counter_add_batch+0x8b/0x140 [ 1886.824847] ? __vm_enough_memory+0x184/0x360 [ 1886.824863] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1886.824887] ? shmem_unuse_inode+0xf60/0xf60 [ 1886.824908] shmem_file_read_iter+0x2a6/0xbb0 [ 1886.824931] ? shmem_get_link+0x440/0x440 [ 1886.824942] ? inode_has_perm+0x171/0x1d0 10:33:16 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:16 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 20) [ 1886.824956] ? iov_iter_pipe+0xf1/0x2a0 [ 1886.824975] generic_file_splice_read+0x455/0x6d0 10:33:16 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:16 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) [ 1886.824988] ? pipe_to_user+0x170/0x170 [ 1886.825007] ? fsnotify_perm.part.0+0x22d/0x620 [ 1886.825021] ? security_file_permission+0xb1/0xe0 [ 1886.825034] ? pipe_to_user+0x170/0x170 [ 1886.825047] do_splice_to+0x10e/0x160 [ 1886.825061] splice_direct_to_actor+0x2fe/0x980 [ 1886.825076] ? pipe_to_sendpage+0x380/0x380 [ 1886.825091] ? do_splice_to+0x160/0x160 [ 1886.825102] ? security_file_permission+0xb1/0xe0 [ 1886.825119] do_splice_direct+0x1c4/0x290 [ 1886.825131] ? splice_direct_to_actor+0x980/0x980 [ 1886.825147] ? security_file_permission+0xb1/0xe0 [ 1886.825166] vfs_copy_file_range+0x4f8/0x13c0 [ 1886.825182] ? generic_file_rw_checks+0x240/0x240 [ 1886.825209] __do_sys_copy_file_range+0x193/0x420 [ 1886.825222] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1886.825233] ? ksys_write+0x1a9/0x260 [ 1886.825246] ? __ia32_sys_read+0xb0/0xb0 [ 1886.825261] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1886.825274] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1886.825288] do_syscall_64+0x33/0x40 [ 1886.825301] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1886.825309] RIP: 0033:0x7ff72d878b19 [ 1886.825320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1886.825326] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1886.825340] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1886.825346] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1886.825353] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1886.825359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1886.825366] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 1886.847341] FAULT_INJECTION: forcing a failure. [ 1886.847341] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1886.847394] CPU: 1 PID: 10170 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1886.847403] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1886.847409] Call Trace: [ 1886.847434] dump_stack+0x107/0x167 [ 1886.847454] should_fail.cold+0x5/0xa [ 1886.847479] __alloc_pages_nodemask+0x182/0x600 [ 1886.847502] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1886.847519] ? lock_downgrade+0x6d0/0x6d0 [ 1886.847536] ? lock_acquire+0x197/0x470 [ 1886.847571] alloc_pages_vma+0xbb/0x410 [ 1886.847596] shmem_alloc_page+0x10f/0x1e0 [ 1886.847614] ? shmem_init_inode+0x20/0x20 [ 1886.847656] ? percpu_counter_add_batch+0x8b/0x140 [ 1886.847678] ? __vm_enough_memory+0x184/0x360 [ 1886.847702] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1886.847738] ? shmem_unuse_inode+0xf60/0xf60 [ 1886.847769] shmem_file_read_iter+0x2a6/0xbb0 [ 1886.847802] ? shmem_get_link+0x440/0x440 [ 1886.847820] ? inode_has_perm+0x171/0x1d0 [ 1886.847846] ? iov_iter_pipe+0xf1/0x2a0 [ 1886.847870] generic_file_splice_read+0x455/0x6d0 [ 1886.847889] ? pipe_to_user+0x170/0x170 [ 1886.847917] ? fsnotify_perm.part.0+0x22d/0x620 [ 1886.847938] ? security_file_permission+0xb1/0xe0 [ 1886.847958] ? pipe_to_user+0x170/0x170 [ 1886.847977] do_splice_to+0x10e/0x160 [ 1886.847998] splice_direct_to_actor+0x2fe/0x980 [ 1886.848021] ? pipe_to_sendpage+0x380/0x380 [ 1886.848042] ? do_splice_to+0x160/0x160 [ 1886.848058] ? security_file_permission+0xb1/0xe0 [ 1886.848084] do_splice_direct+0x1c4/0x290 [ 1886.848102] ? splice_direct_to_actor+0x980/0x980 [ 1886.848126] ? security_file_permission+0xb1/0xe0 [ 1886.848152] vfs_copy_file_range+0x4f8/0x13c0 [ 1886.848176] ? generic_file_rw_checks+0x240/0x240 [ 1886.848215] __do_sys_copy_file_range+0x193/0x420 [ 1886.848235] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1886.848252] ? ksys_write+0x1a9/0x260 [ 1886.848270] ? __ia32_sys_read+0xb0/0xb0 [ 1886.848292] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1886.848312] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1886.848333] do_syscall_64+0x33/0x40 [ 1886.848352] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1886.848364] RIP: 0033:0x7f134c613b19 [ 1886.848380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1886.848389] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1886.848409] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1886.848419] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1886.848428] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1886.848438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1886.848448] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 1887.026215] FAULT_INJECTION: forcing a failure. [ 1887.026215] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1887.026230] CPU: 0 PID: 10185 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1887.026236] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1887.026240] Call Trace: [ 1887.026260] dump_stack+0x107/0x167 [ 1887.026273] should_fail.cold+0x5/0xa [ 1887.026290] __alloc_pages_nodemask+0x182/0x600 [ 1887.026305] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1887.026316] ? lock_downgrade+0x6d0/0x6d0 [ 1887.026327] ? lock_acquire+0x197/0x470 [ 1887.026349] alloc_pages_vma+0xbb/0x410 [ 1887.026366] shmem_alloc_page+0x10f/0x1e0 [ 1887.026378] ? shmem_init_inode+0x20/0x20 [ 1887.026404] ? percpu_counter_add_batch+0x8b/0x140 [ 1887.026418] ? __vm_enough_memory+0x184/0x360 [ 1887.026433] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1887.026460] ? shmem_unuse_inode+0xf60/0xf60 [ 1887.026479] shmem_file_read_iter+0x2a6/0xbb0 [ 1887.026500] ? shmem_get_link+0x440/0x440 [ 1887.026511] ? inode_has_perm+0x171/0x1d0 [ 1887.026524] ? iov_iter_pipe+0xf1/0x2a0 [ 1887.026542] generic_file_splice_read+0x455/0x6d0 [ 1887.026554] ? pipe_to_user+0x170/0x170 [ 1887.026572] ? fsnotify_perm.part.0+0x22d/0x620 [ 1887.026585] ? security_file_permission+0xb1/0xe0 [ 1887.026597] ? pipe_to_user+0x170/0x170 [ 1887.026609] do_splice_to+0x10e/0x160 [ 1887.026622] splice_direct_to_actor+0x2fe/0x980 [ 1887.026636] ? pipe_to_sendpage+0x380/0x380 [ 1887.026650] ? do_splice_to+0x160/0x160 [ 1887.026660] ? security_file_permission+0xb1/0xe0 [ 1887.026676] do_splice_direct+0x1c4/0x290 [ 1887.026687] ? splice_direct_to_actor+0x980/0x980 [ 1887.026702] ? security_file_permission+0xb1/0xe0 [ 1887.026722] vfs_copy_file_range+0x4f8/0x13c0 [ 1887.026736] ? generic_file_rw_checks+0x240/0x240 [ 1887.026761] __do_sys_copy_file_range+0x193/0x420 [ 1887.026773] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1887.026784] ? ksys_write+0x1a9/0x260 [ 1887.026795] ? __ia32_sys_read+0xb0/0xb0 [ 1887.026809] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1887.026822] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1887.026835] do_syscall_64+0x33/0x40 [ 1887.026847] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1887.026854] RIP: 0033:0x7ff72d878b19 [ 1887.026865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1887.026871] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1887.026884] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1887.026890] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1887.026896] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1887.026902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1887.026908] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:33:33 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, 0x0, 0x86) 10:33:33 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(0xffffffffffffffff, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:33 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:33 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:33 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:33 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 21) 10:33:33 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:33 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 23) [ 1904.036767] FAULT_INJECTION: forcing a failure. [ 1904.036767] name failslab, interval 1, probability 0, space 0, times 0 [ 1904.039003] CPU: 1 PID: 10211 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1904.040316] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1904.041880] Call Trace: [ 1904.042393] dump_stack+0x107/0x167 [ 1904.043085] should_fail.cold+0x5/0xa [ 1904.043808] ? iter_file_splice_write+0x165/0xc90 [ 1904.044717] should_failslab+0x5/0x20 [ 1904.045425] __kmalloc+0x72/0x390 [ 1904.045626] FAULT_INJECTION: forcing a failure. [ 1904.045626] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1904.046079] iter_file_splice_write+0x165/0xc90 [ 1904.046095] ? shmem_get_link+0x440/0x440 [ 1904.046123] ? generic_splice_sendpage+0x140/0x140 [ 1904.046138] ? pipe_to_user+0x170/0x170 [ 1904.046168] ? security_file_permission+0xb1/0xe0 [ 1904.046191] ? generic_splice_sendpage+0x140/0x140 [ 1904.053954] direct_splice_actor+0x10f/0x170 [ 1904.054796] splice_direct_to_actor+0x387/0x980 [ 1904.055672] ? pipe_to_sendpage+0x380/0x380 [ 1904.056478] ? do_splice_to+0x160/0x160 [ 1904.057223] ? security_file_permission+0xb1/0xe0 [ 1904.058146] do_splice_direct+0x1c4/0x290 [ 1904.058934] ? splice_direct_to_actor+0x980/0x980 [ 1904.059840] ? security_file_permission+0xb1/0xe0 [ 1904.060750] vfs_copy_file_range+0x4f8/0x13c0 [ 1904.061601] ? generic_file_rw_checks+0x240/0x240 [ 1904.062531] __do_sys_copy_file_range+0x193/0x420 [ 1904.063436] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1904.064343] ? ksys_write+0x1a9/0x260 [ 1904.065054] ? __ia32_sys_read+0xb0/0xb0 [ 1904.065812] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1904.066800] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1904.067765] do_syscall_64+0x33/0x40 [ 1904.068466] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1904.069418] RIP: 0033:0x7f134c613b19 [ 1904.070109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1904.073520] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1904.074926] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1904.076233] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1904.077552] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1904.078865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1904.080176] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 1904.081522] CPU: 0 PID: 10213 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1904.083139] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1904.085045] Call Trace: [ 1904.085650] dump_stack+0x107/0x167 [ 1904.086491] should_fail.cold+0x5/0xa [ 1904.087357] __alloc_pages_nodemask+0x182/0x600 [ 1904.088413] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1904.089942] ? lock_downgrade+0x6d0/0x6d0 [ 1904.090882] ? lock_acquire+0x197/0x470 [ 1904.091799] alloc_pages_vma+0xbb/0x410 [ 1904.092717] shmem_alloc_page+0x10f/0x1e0 [ 1904.093652] ? shmem_init_inode+0x20/0x20 [ 1904.094617] ? percpu_counter_add_batch+0x8b/0x140 [ 1904.095728] ? __vm_enough_memory+0x184/0x360 [ 1904.096745] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1904.097964] ? shmem_unuse_inode+0xf60/0xf60 [ 1904.098986] shmem_file_read_iter+0x2a6/0xbb0 [ 1904.100019] ? shmem_get_link+0x440/0x440 [ 1904.100959] ? inode_has_perm+0x171/0x1d0 [ 1904.101903] ? iov_iter_pipe+0xf1/0x2a0 [ 1904.102819] generic_file_splice_read+0x455/0x6d0 [ 1904.103914] ? pipe_to_user+0x170/0x170 [ 1904.104830] ? fsnotify_perm.part.0+0x22d/0x620 [ 1904.105887] ? security_file_permission+0xb1/0xe0 [ 1904.106984] ? pipe_to_user+0x170/0x170 [ 1904.107873] do_splice_to+0x10e/0x160 [ 1904.108724] splice_direct_to_actor+0x2fe/0x980 [ 1904.109763] ? pipe_to_sendpage+0x380/0x380 [ 1904.110735] ? do_splice_to+0x160/0x160 [ 1904.111616] ? security_file_permission+0xb1/0xe0 [ 1904.112691] do_splice_direct+0x1c4/0x290 [ 1904.113615] ? splice_direct_to_actor+0x980/0x980 [ 1904.114717] ? security_file_permission+0xb1/0xe0 [ 1904.115796] vfs_copy_file_range+0x4f8/0x13c0 [ 1904.116798] ? generic_file_rw_checks+0x240/0x240 [ 1904.117895] __do_sys_copy_file_range+0x193/0x420 [ 1904.118982] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1904.120046] ? ksys_write+0x1a9/0x260 [ 1904.120893] ? __ia32_sys_read+0xb0/0xb0 [ 1904.121803] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1904.122982] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1904.124141] do_syscall_64+0x33/0x40 [ 1904.124975] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1904.126112] RIP: 0033:0x7ff72d878b19 [ 1904.126942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1904.131010] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1904.132682] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1904.134264] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1904.135833] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1904.137401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1904.138993] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:33:33 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, 0x0, 0x86) 10:33:33 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:33 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, 0xffffffffffffffff, 0x0, 0x300000000, 0x0) 10:33:33 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 24) 10:33:33 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:33 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:33 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:33 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:33 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x0) [ 1904.307163] FAULT_INJECTION: forcing a failure. [ 1904.307163] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1904.309047] CPU: 1 PID: 10225 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1904.310142] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1904.311436] Call Trace: [ 1904.311845] dump_stack+0x107/0x167 [ 1904.312423] should_fail.cold+0x5/0xa [ 1904.313015] __alloc_pages_nodemask+0x182/0x600 [ 1904.313734] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1904.314676] ? lock_downgrade+0x6d0/0x6d0 [ 1904.315325] ? lock_acquire+0x197/0x470 [ 1904.315973] alloc_pages_vma+0xbb/0x410 [ 1904.316607] shmem_alloc_page+0x10f/0x1e0 [ 1904.317265] ? shmem_init_inode+0x20/0x20 [ 1904.317931] ? percpu_counter_add_batch+0x8b/0x140 [ 1904.318709] ? __vm_enough_memory+0x184/0x360 [ 1904.319397] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1904.320235] ? shmem_unuse_inode+0xf60/0xf60 [ 1904.320926] shmem_file_read_iter+0x2a6/0xbb0 [ 1904.321636] ? shmem_get_link+0x440/0x440 [ 1904.322279] ? inode_has_perm+0x171/0x1d0 [ 1904.322919] ? iov_iter_pipe+0xf1/0x2a0 [ 1904.323544] generic_file_splice_read+0x455/0x6d0 [ 1904.324296] ? pipe_to_user+0x170/0x170 [ 1904.324908] ? fsnotify_perm.part.0+0x22d/0x620 [ 1904.325637] ? security_file_permission+0xb1/0xe0 [ 1904.326381] ? pipe_to_user+0x170/0x170 [ 1904.326987] do_splice_to+0x10e/0x160 [ 1904.327572] splice_direct_to_actor+0x2fe/0x980 [ 1904.328293] ? pipe_to_sendpage+0x380/0x380 [ 1904.328961] ? do_splice_to+0x160/0x160 [ 1904.329570] ? security_file_permission+0xb1/0xe0 [ 1904.330335] do_splice_direct+0x1c4/0x290 [ 1904.330977] ? splice_direct_to_actor+0x980/0x980 [ 1904.331728] ? security_file_permission+0xb1/0xe0 [ 1904.332476] vfs_copy_file_range+0x4f8/0x13c0 [ 1904.333180] ? generic_file_rw_checks+0x240/0x240 [ 1904.333932] __do_sys_copy_file_range+0x193/0x420 [ 1904.334672] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1904.335385] ? ksys_write+0x1a9/0x260 [ 1904.335961] ? __ia32_sys_read+0xb0/0xb0 [ 1904.336584] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1904.337378] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1904.338167] do_syscall_64+0x33/0x40 [ 1904.338769] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1904.339549] RIP: 0033:0x7f134c613b19 [ 1904.340108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1904.342903] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1904.344057] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1904.345131] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1904.346214] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1904.347288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1904.348367] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 10:33:33 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, 0xffffffffffffffff, 0x0, 0x300000000, 0x0) 10:33:33 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:33 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:33 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 22) [ 1904.512605] FAULT_INJECTION: forcing a failure. [ 1904.512605] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1904.514508] CPU: 1 PID: 10244 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1904.515438] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1904.516538] Call Trace: [ 1904.516896] dump_stack+0x107/0x167 [ 1904.517384] should_fail.cold+0x5/0xa [ 1904.517907] __alloc_pages_nodemask+0x182/0x600 [ 1904.518546] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1904.519346] ? lock_downgrade+0x6d0/0x6d0 [ 1904.519901] ? lock_acquire+0x197/0x470 [ 1904.520441] alloc_pages_vma+0xbb/0x410 [ 1904.520975] shmem_alloc_page+0x10f/0x1e0 [ 1904.521527] ? shmem_init_inode+0x20/0x20 [ 1904.522101] ? percpu_counter_add_batch+0x8b/0x140 [ 1904.522772] ? __vm_enough_memory+0x184/0x360 [ 1904.523381] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1904.524115] ? shmem_unuse_inode+0xf60/0xf60 [ 1904.524719] shmem_file_read_iter+0x2a6/0xbb0 [ 1904.525327] ? shmem_get_link+0x440/0x440 [ 1904.525886] ? inode_has_perm+0x171/0x1d0 [ 1904.526446] ? iov_iter_pipe+0xf1/0x2a0 [ 1904.526987] generic_file_splice_read+0x455/0x6d0 [ 1904.527625] ? pipe_to_user+0x170/0x170 [ 1904.528168] ? fsnotify_perm.part.0+0x22d/0x620 [ 1904.528795] ? security_file_permission+0xb1/0xe0 [ 1904.529430] ? pipe_to_user+0x170/0x170 [ 1904.529963] do_splice_to+0x10e/0x160 [ 1904.530488] splice_direct_to_actor+0x2fe/0x980 [ 1904.531117] ? pipe_to_sendpage+0x380/0x380 [ 1904.531701] ? do_splice_to+0x160/0x160 [ 1904.532241] ? security_file_permission+0xb1/0xe0 [ 1904.532890] do_splice_direct+0x1c4/0x290 [ 1904.533436] ? splice_direct_to_actor+0x980/0x980 [ 1904.534094] ? security_file_permission+0xb1/0xe0 [ 1904.534745] vfs_copy_file_range+0x4f8/0x13c0 [ 1904.535341] ? generic_file_rw_checks+0x240/0x240 [ 1904.535999] __do_sys_copy_file_range+0x193/0x420 [ 1904.536645] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1904.537279] ? ksys_write+0x1a9/0x260 [ 1904.537786] ? __ia32_sys_read+0xb0/0xb0 [ 1904.538329] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1904.539012] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1904.539686] do_syscall_64+0x33/0x40 [ 1904.540177] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1904.540852] RIP: 0033:0x7ff72d878b19 [ 1904.541361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1904.543816] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1904.544816] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1904.545756] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1904.546702] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1904.547639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1904.548571] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:33:34 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:34 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:34 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, 0xffffffffffffffff, 0x0, 0x300000000, 0x0) 10:33:34 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x0) 10:33:34 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:45 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 25) 10:33:45 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:45 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 23) 10:33:45 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:45 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x0) 10:33:45 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:45 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:45 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x0) [ 1916.283747] FAULT_INJECTION: forcing a failure. [ 1916.283747] name failslab, interval 1, probability 0, space 0, times 0 [ 1916.286499] CPU: 0 PID: 10266 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1916.288001] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1916.289802] Call Trace: [ 1916.290377] dump_stack+0x107/0x167 [ 1916.291182] should_fail.cold+0x5/0xa [ 1916.292014] ? iter_file_splice_write+0x165/0xc90 [ 1916.293057] should_failslab+0x5/0x20 [ 1916.293880] __kmalloc+0x72/0x390 [ 1916.294649] iter_file_splice_write+0x165/0xc90 [ 1916.295659] ? shmem_get_link+0x440/0x440 [ 1916.296568] ? generic_splice_sendpage+0x140/0x140 [ 1916.297628] ? pipe_to_user+0x170/0x170 [ 1916.298514] ? security_file_permission+0xb1/0xe0 [ 1916.299557] ? generic_splice_sendpage+0x140/0x140 [ 1916.300619] direct_splice_actor+0x10f/0x170 [ 1916.301577] splice_direct_to_actor+0x387/0x980 [ 1916.302594] ? pipe_to_sendpage+0x380/0x380 [ 1916.303534] ? do_splice_to+0x160/0x160 [ 1916.304390] ? security_file_permission+0xb1/0xe0 [ 1916.305448] do_splice_direct+0x1c4/0x290 [ 1916.306345] ? splice_direct_to_actor+0x980/0x980 [ 1916.307401] ? security_file_permission+0xb1/0xe0 [ 1916.308454] vfs_copy_file_range+0x4f8/0x13c0 [ 1916.309432] ? generic_file_rw_checks+0x240/0x240 [ 1916.310508] __do_sys_copy_file_range+0x193/0x420 [ 1916.311558] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1916.312584] ? ksys_write+0x1a9/0x260 [ 1916.313409] ? __ia32_sys_read+0xb0/0xb0 [ 1916.314292] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1916.315429] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1916.316544] do_syscall_64+0x33/0x40 [ 1916.317347] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1916.318467] RIP: 0033:0x7ff72d878b19 [ 1916.319269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1916.323217] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1916.324819] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1916.326323] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1916.327820] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1916.329308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1916.330811] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:33:45 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x0) [ 1916.346182] FAULT_INJECTION: forcing a failure. [ 1916.346182] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1916.348684] CPU: 0 PID: 10275 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1916.350138] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1916.351884] Call Trace: [ 1916.352445] dump_stack+0x107/0x167 [ 1916.353212] should_fail.cold+0x5/0xa [ 1916.354016] __alloc_pages_nodemask+0x182/0x600 [ 1916.355013] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1916.356269] ? lock_downgrade+0x6d0/0x6d0 [ 1916.357136] ? lock_acquire+0x197/0x470 [ 1916.357985] alloc_pages_vma+0xbb/0x410 [ 1916.358843] shmem_alloc_page+0x10f/0x1e0 [ 1916.359708] ? shmem_init_inode+0x20/0x20 [ 1916.360604] ? percpu_counter_add_batch+0x8b/0x140 [ 1916.361638] ? __vm_enough_memory+0x184/0x360 [ 1916.362597] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1916.363727] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1916.364833] ? shmem_unuse_inode+0xf60/0xf60 [ 1916.365765] ? avc_has_perm+0xc5/0x1b0 [ 1916.366598] shmem_file_read_iter+0x2a6/0xbb0 [ 1916.367537] ? kfree+0xd7/0x340 [ 1916.368239] ? shmem_get_link+0x440/0x440 [ 1916.369107] ? inode_has_perm+0x171/0x1d0 [ 1916.369986] ? iov_iter_pipe+0xf1/0x2a0 [ 1916.370832] generic_file_splice_read+0x455/0x6d0 [ 1916.371851] ? pipe_to_user+0x170/0x170 [ 1916.372702] ? fsnotify_perm.part.0+0x22d/0x620 [ 1916.373681] ? security_file_permission+0xb1/0xe0 [ 1916.374704] ? pipe_to_user+0x170/0x170 [ 1916.375541] do_splice_to+0x10e/0x160 [ 1916.376347] splice_direct_to_actor+0x2fe/0x980 [ 1916.377335] ? pipe_to_sendpage+0x380/0x380 [ 1916.378247] ? do_splice_to+0x160/0x160 [ 1916.379090] ? security_file_permission+0xb1/0xe0 [ 1916.380126] do_splice_direct+0x1c4/0x290 [ 1916.380994] ? splice_direct_to_actor+0x980/0x980 [ 1916.382017] ? security_file_permission+0xb1/0xe0 [ 1916.383096] vfs_copy_file_range+0x4f8/0x13c0 [ 1916.384047] ? generic_file_rw_checks+0x240/0x240 [ 1916.385091] __do_sys_copy_file_range+0x193/0x420 [ 1916.386116] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1916.387125] ? ksys_write+0x1a9/0x260 [ 1916.387926] ? __ia32_sys_read+0xb0/0xb0 [ 1916.388781] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1916.389878] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1916.390972] do_syscall_64+0x33/0x40 [ 1916.391756] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1916.392828] RIP: 0033:0x7f134c613b19 [ 1916.393614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1916.397494] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1916.399096] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1916.400601] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1916.402104] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1916.403608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1916.405108] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 10:33:45 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:58 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:58 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:58 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:58 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:58 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 24) 10:33:58 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 26) 10:33:58 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:58 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x0) [ 1929.287346] FAULT_INJECTION: forcing a failure. [ 1929.287346] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1929.290121] CPU: 1 PID: 10298 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1929.291589] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1929.293339] Call Trace: [ 1929.293896] dump_stack+0x107/0x167 [ 1929.294675] should_fail.cold+0x5/0xa [ 1929.295480] __alloc_pages_nodemask+0x182/0x600 [ 1929.296459] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1929.297715] ? lock_downgrade+0x6d0/0x6d0 [ 1929.298600] ? lock_acquire+0x197/0x470 [ 1929.299453] alloc_pages_vma+0xbb/0x410 [ 1929.300297] shmem_alloc_page+0x10f/0x1e0 [ 1929.301168] ? shmem_init_inode+0x20/0x20 [ 1929.302064] ? percpu_counter_add_batch+0x8b/0x140 [ 1929.303117] ? __vm_enough_memory+0x184/0x360 [ 1929.304073] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1929.305209] ? shmem_unuse_inode+0xf60/0xf60 [ 1929.306149] shmem_file_read_iter+0x2a6/0xbb0 [ 1929.307121] ? shmem_get_link+0x440/0x440 [ 1929.307989] ? inode_has_perm+0x171/0x1d0 [ 1929.308862] ? iov_iter_pipe+0xf1/0x2a0 [ 1929.309714] generic_file_splice_read+0x455/0x6d0 [ 1929.310744] ? pipe_to_user+0x170/0x170 [ 1929.311586] ? fsnotify_perm.part.0+0x22d/0x620 [ 1929.312568] ? security_file_permission+0xb1/0xe0 [ 1929.312634] FAULT_INJECTION: forcing a failure. [ 1929.312634] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1929.313582] ? pipe_to_user+0x170/0x170 [ 1929.313601] do_splice_to+0x10e/0x160 [ 1929.313622] splice_direct_to_actor+0x2fe/0x980 [ 1929.313646] ? pipe_to_sendpage+0x380/0x380 [ 1929.313668] ? do_splice_to+0x160/0x160 [ 1929.313684] ? security_file_permission+0xb1/0xe0 [ 1929.313710] do_splice_direct+0x1c4/0x290 [ 1929.313729] ? splice_direct_to_actor+0x980/0x980 [ 1929.313752] ? security_file_permission+0xb1/0xe0 [ 1929.324302] vfs_copy_file_range+0x4f8/0x13c0 [ 1929.325247] ? generic_file_rw_checks+0x240/0x240 [ 1929.326279] __do_sys_copy_file_range+0x193/0x420 [ 1929.327304] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1929.328304] ? ksys_write+0x1a9/0x260 [ 1929.329103] ? __ia32_sys_read+0xb0/0xb0 [ 1929.329961] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1929.331072] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1929.332156] do_syscall_64+0x33/0x40 [ 1929.332948] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1929.334023] RIP: 0033:0x7ff72d878b19 [ 1929.334811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1929.338684] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1929.340290] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1929.341790] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1929.343297] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1929.344793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1929.346300] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 1929.347849] CPU: 0 PID: 10307 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1929.349313] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1929.351068] Call Trace: [ 1929.351631] dump_stack+0x107/0x167 [ 1929.352396] should_fail.cold+0x5/0xa [ 1929.353201] __alloc_pages_nodemask+0x182/0x600 [ 1929.354181] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1929.355453] ? lock_downgrade+0x6d0/0x6d0 [ 1929.356325] ? lock_acquire+0x197/0x470 [ 1929.357178] alloc_pages_vma+0xbb/0x410 [ 1929.358019] shmem_alloc_page+0x10f/0x1e0 [ 1929.358899] ? shmem_init_inode+0x20/0x20 [ 1929.359786] ? percpu_counter_add_batch+0x8b/0x140 [ 1929.360812] ? __vm_enough_memory+0x184/0x360 [ 1929.361758] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1929.362900] ? shmem_unuse_inode+0xf60/0xf60 [ 1929.363833] shmem_file_read_iter+0x2a6/0xbb0 [ 1929.364790] ? shmem_get_link+0x440/0x440 [ 1929.365653] ? inode_has_perm+0x171/0x1d0 [ 1929.366527] ? iov_iter_pipe+0xf1/0x2a0 [ 1929.367369] generic_file_splice_read+0x455/0x6d0 [ 1929.368382] ? pipe_to_user+0x170/0x170 [ 1929.369222] ? fsnotify_perm.part.0+0x22d/0x620 [ 1929.370204] ? security_file_permission+0xb1/0xe0 [ 1929.371223] ? pipe_to_user+0x170/0x170 [ 1929.372066] do_splice_to+0x10e/0x160 [ 1929.372865] splice_direct_to_actor+0x2fe/0x980 [ 1929.373844] ? pipe_to_sendpage+0x380/0x380 [ 1929.374766] ? do_splice_to+0x160/0x160 [ 1929.375601] ? security_file_permission+0xb1/0xe0 [ 1929.376619] do_splice_direct+0x1c4/0x290 [ 1929.377486] ? splice_direct_to_actor+0x980/0x980 [ 1929.378502] ? security_file_permission+0xb1/0xe0 [ 1929.379527] vfs_copy_file_range+0x4f8/0x13c0 [ 1929.380475] ? generic_file_rw_checks+0x240/0x240 [ 1929.381503] __do_sys_copy_file_range+0x193/0x420 [ 1929.382517] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1929.383524] ? ksys_write+0x1a9/0x260 [ 1929.384324] ? __ia32_sys_read+0xb0/0xb0 [ 1929.385178] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1929.386283] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1929.387390] do_syscall_64+0x33/0x40 [ 1929.388169] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1929.389241] RIP: 0033:0x7f134c613b19 [ 1929.390017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1929.393857] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1929.395464] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1929.396971] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1929.398472] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1929.399975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1929.401471] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 10:33:58 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:58 executing program 6: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:58 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:33:58 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:33:59 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:34:17 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:34:17 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:34:17 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:34:17 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 25) 10:34:17 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 27) 10:34:17 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:34:17 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:34:17 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1948.156459] FAULT_INJECTION: forcing a failure. [ 1948.156459] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1948.159104] CPU: 0 PID: 10344 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1948.160510] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1948.162189] Call Trace: [ 1948.162722] dump_stack+0x107/0x167 [ 1948.163476] should_fail.cold+0x5/0xa [ 1948.164250] __alloc_pages_nodemask+0x182/0x600 [ 1948.165211] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1948.166401] ? lock_downgrade+0x6d0/0x6d0 [ 1948.167237] ? lock_acquire+0x197/0x470 [ 1948.168056] alloc_pages_vma+0xbb/0x410 [ 1948.168860] shmem_alloc_page+0x10f/0x1e0 [ 1948.169698] ? shmem_init_inode+0x20/0x20 [ 1948.170552] ? percpu_counter_add_batch+0x8b/0x140 [ 1948.171545] ? __vm_enough_memory+0x184/0x360 [ 1948.172451] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1948.173531] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1948.174583] ? shmem_unuse_inode+0xf60/0xf60 [ 1948.175480] ? avc_has_perm+0xc5/0x1b0 [ 1948.176264] shmem_file_read_iter+0x2a6/0xbb0 [ 1948.177161] ? kfree+0xd7/0x340 [ 1948.177828] ? shmem_get_link+0x440/0x440 [ 1948.178659] ? inode_has_perm+0x171/0x1d0 [ 1948.179496] ? iov_iter_pipe+0xf1/0x2a0 [ 1948.180318] generic_file_splice_read+0x455/0x6d0 [ 1948.181281] ? pipe_to_user+0x170/0x170 [ 1948.182088] ? fsnotify_perm.part.0+0x22d/0x620 [ 1948.183034] ? security_file_permission+0xb1/0xe0 [ 1948.184008] ? pipe_to_user+0x170/0x170 [ 1948.184810] do_splice_to+0x10e/0x160 [ 1948.185588] splice_direct_to_actor+0x2fe/0x980 [ 1948.186563] ? pipe_to_sendpage+0x380/0x380 [ 1948.187441] ? do_splice_to+0x160/0x160 [ 1948.188236] ? security_file_permission+0xb1/0xe0 [ 1948.189199] do_splice_direct+0x1c4/0x290 [ 1948.190027] ? splice_direct_to_actor+0x980/0x980 [ 1948.191000] ? security_file_permission+0xb1/0xe0 [ 1948.191974] vfs_copy_file_range+0x4f8/0x13c0 [ 1948.192872] ? generic_file_rw_checks+0x240/0x240 [ 1948.193861] __do_sys_copy_file_range+0x193/0x420 [ 1948.194838] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1948.195779] ? ksys_write+0x1a9/0x260 [ 1948.196544] ? __ia32_sys_read+0xb0/0xb0 [ 1948.197358] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1948.198404] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1948.199440] do_syscall_64+0x33/0x40 [ 1948.200189] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1948.201209] RIP: 0033:0x7f134c613b19 [ 1948.201950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1948.205809] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1948.207750] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1948.209491] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1948.210966] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1948.212417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1948.213852] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 1948.224367] FAULT_INJECTION: forcing a failure. [ 1948.224367] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1948.227076] CPU: 0 PID: 10347 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1948.228506] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1948.230207] Call Trace: [ 1948.230747] dump_stack+0x107/0x167 [ 1948.231548] should_fail.cold+0x5/0xa [ 1948.232343] __alloc_pages_nodemask+0x182/0x600 [ 1948.233288] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1948.234503] ? lock_downgrade+0x6d0/0x6d0 [ 1948.235370] ? lock_acquire+0x197/0x470 [ 1948.236226] alloc_pages_vma+0xbb/0x410 [ 1948.237053] shmem_alloc_page+0x10f/0x1e0 [ 1948.237897] ? shmem_init_inode+0x20/0x20 [ 1948.238750] ? percpu_counter_add_batch+0x8b/0x140 [ 1948.239736] ? __vm_enough_memory+0x184/0x360 [ 1948.240636] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1948.241715] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1948.242755] ? shmem_unuse_inode+0xf60/0xf60 [ 1948.243635] ? avc_has_perm+0xc5/0x1b0 [ 1948.244417] shmem_file_read_iter+0x2a6/0xbb0 [ 1948.245317] ? kfree+0xd7/0x340 [ 1948.245986] ? shmem_get_link+0x440/0x440 [ 1948.246806] ? inode_has_perm+0x171/0x1d0 [ 1948.247669] ? iov_iter_pipe+0xf1/0x2a0 [ 1948.248459] generic_file_splice_read+0x455/0x6d0 [ 1948.249420] ? pipe_to_user+0x170/0x170 [ 1948.250221] ? fsnotify_perm.part.0+0x22d/0x620 [ 1948.251163] ? security_file_permission+0xb1/0xe0 [ 1948.252122] ? pipe_to_user+0x170/0x170 [ 1948.252910] do_splice_to+0x10e/0x160 [ 1948.253677] splice_direct_to_actor+0x2fe/0x980 [ 1948.254616] ? pipe_to_sendpage+0x380/0x380 [ 1948.255486] ? do_splice_to+0x160/0x160 [ 1948.256272] ? security_file_permission+0xb1/0xe0 [ 1948.257252] do_splice_direct+0x1c4/0x290 [ 1948.258081] ? splice_direct_to_actor+0x980/0x980 [ 1948.259046] ? security_file_permission+0xb1/0xe0 [ 1948.260024] vfs_copy_file_range+0x4f8/0x13c0 [ 1948.260927] ? generic_file_rw_checks+0x240/0x240 [ 1948.261903] __do_sys_copy_file_range+0x193/0x420 [ 1948.262868] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1948.263812] ? ksys_write+0x1a9/0x260 [ 1948.264575] ? __ia32_sys_read+0xb0/0xb0 [ 1948.265386] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1948.266436] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1948.267476] do_syscall_64+0x33/0x40 [ 1948.268218] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1948.269235] RIP: 0033:0x7ff72d878b19 [ 1948.269971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1948.273655] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1948.275188] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1948.276604] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1948.278032] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1948.279451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1948.280884] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:34:17 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:34:17 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:34:17 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:34:17 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(0x0, 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:34:17 executing program 0: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:34:17 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 28) 10:34:17 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffff"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 1948.465624] FAULT_INJECTION: forcing a failure. [ 1948.465624] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1948.468360] CPU: 1 PID: 10368 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1948.469816] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1948.471581] Call Trace: [ 1948.472149] dump_stack+0x107/0x167 [ 1948.472913] should_fail.cold+0x5/0xa [ 1948.473721] __alloc_pages_nodemask+0x182/0x600 [ 1948.474703] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1948.475961] ? lock_downgrade+0x6d0/0x6d0 [ 1948.476836] ? lock_acquire+0x197/0x470 [ 1948.477690] alloc_pages_vma+0xbb/0x410 [ 1948.478534] shmem_alloc_page+0x10f/0x1e0 [ 1948.479423] ? shmem_init_inode+0x20/0x20 [ 1948.480321] ? percpu_counter_add_batch+0x8b/0x140 [ 1948.481352] ? __vm_enough_memory+0x184/0x360 10:34:17 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(0x0, 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) [ 1948.482295] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1948.483719] ? shmem_unuse_inode+0xf60/0xf60 [ 1948.484664] shmem_file_read_iter+0x2a6/0xbb0 [ 1948.485634] ? shmem_get_link+0x440/0x440 [ 1948.486510] ? inode_has_perm+0x171/0x1d0 [ 1948.487396] ? iov_iter_pipe+0xf1/0x2a0 [ 1948.488246] generic_file_splice_read+0x455/0x6d0 [ 1948.489266] ? pipe_to_user+0x170/0x170 [ 1948.490112] ? fsnotify_perm.part.0+0x22d/0x620 [ 1948.491099] ? security_file_permission+0xb1/0xe0 [ 1948.492116] ? pipe_to_user+0x170/0x170 [ 1948.492952] do_splice_to+0x10e/0x160 [ 1948.493752] splice_direct_to_actor+0x2fe/0x980 [ 1948.494736] ? pipe_to_sendpage+0x380/0x380 [ 1948.495652] ? do_splice_to+0x160/0x160 [ 1948.496500] ? security_file_permission+0xb1/0xe0 [ 1948.497518] do_splice_direct+0x1c4/0x290 [ 1948.498398] ? splice_direct_to_actor+0x980/0x980 [ 1948.499422] ? security_file_permission+0xb1/0xe0 [ 1948.500444] vfs_copy_file_range+0x4f8/0x13c0 [ 1948.501398] ? generic_file_rw_checks+0x240/0x240 [ 1948.502433] __do_sys_copy_file_range+0x193/0x420 [ 1948.503458] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1948.504454] ? ksys_write+0x1a9/0x260 [ 1948.505254] ? __ia32_sys_read+0xb0/0xb0 [ 1948.506110] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1948.507221] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1948.508308] do_syscall_64+0x33/0x40 [ 1948.509088] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1948.510164] RIP: 0033:0x7f134c613b19 [ 1948.510981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1948.514858] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1948.516456] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1948.517946] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1948.519454] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1948.520958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1948.522459] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 10:34:18 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:34:33 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:34:33 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 29) 10:34:33 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:34:33 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(0x0, 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:34:33 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:34:33 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffff"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:34:33 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 26) 10:34:33 executing program 0: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1964.039425] FAULT_INJECTION: forcing a failure. [ 1964.039425] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1964.042046] CPU: 1 PID: 10398 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1964.043526] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1964.044460] FAULT_INJECTION: forcing a failure. [ 1964.044460] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1964.045289] Call Trace: [ 1964.045313] dump_stack+0x107/0x167 [ 1964.045334] should_fail.cold+0x5/0xa [ 1964.045357] __alloc_pages_nodemask+0x182/0x600 [ 1964.045380] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1964.045397] ? lock_downgrade+0x6d0/0x6d0 [ 1964.045414] ? lock_acquire+0x197/0x470 [ 1964.045448] alloc_pages_vma+0xbb/0x410 [ 1964.054760] shmem_alloc_page+0x10f/0x1e0 [ 1964.055666] ? shmem_init_inode+0x20/0x20 [ 1964.056585] ? percpu_counter_add_batch+0x8b/0x140 [ 1964.057633] ? __vm_enough_memory+0x184/0x360 [ 1964.058599] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1964.059771] ? shmem_unuse_inode+0xf60/0xf60 [ 1964.060723] shmem_file_read_iter+0x2a6/0xbb0 [ 1964.061685] ? shmem_get_link+0x440/0x440 [ 1964.062567] ? inode_has_perm+0x171/0x1d0 [ 1964.063464] ? iov_iter_pipe+0xf1/0x2a0 [ 1964.064330] generic_file_splice_read+0x455/0x6d0 [ 1964.065369] ? pipe_to_user+0x170/0x170 [ 1964.066232] ? fsnotify_perm.part.0+0x22d/0x620 [ 1964.067249] ? security_file_permission+0xb1/0xe0 [ 1964.068276] ? pipe_to_user+0x170/0x170 [ 1964.069124] do_splice_to+0x10e/0x160 [ 1964.069941] splice_direct_to_actor+0x2fe/0x980 [ 1964.070940] ? pipe_to_sendpage+0x380/0x380 [ 1964.071884] ? do_splice_to+0x160/0x160 [ 1964.072743] ? security_file_permission+0xb1/0xe0 [ 1964.073789] do_splice_direct+0x1c4/0x290 [ 1964.074673] ? splice_direct_to_actor+0x980/0x980 [ 1964.075722] ? security_file_permission+0xb1/0xe0 [ 1964.076758] vfs_copy_file_range+0x4f8/0x13c0 [ 1964.077711] ? generic_file_rw_checks+0x240/0x240 [ 1964.078758] __do_sys_copy_file_range+0x193/0x420 [ 1964.079789] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1964.080800] ? ksys_write+0x1a9/0x260 [ 1964.081614] ? __ia32_sys_read+0xb0/0xb0 [ 1964.082483] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1964.083622] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1964.084720] do_syscall_64+0x33/0x40 [ 1964.085519] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1964.086613] RIP: 0033:0x7f134c613b19 [ 1964.087413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1964.091333] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1964.092958] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1964.094474] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1964.096003] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1964.097517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1964.099064] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 1964.100616] CPU: 0 PID: 10393 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1964.102102] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1964.103878] Call Trace: [ 1964.104434] dump_stack+0x107/0x167 [ 1964.105217] should_fail.cold+0x5/0xa [ 1964.106027] __alloc_pages_nodemask+0x182/0x600 [ 1964.107012] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1964.108291] ? lock_downgrade+0x6d0/0x6d0 [ 1964.109170] ? lock_acquire+0x197/0x470 [ 1964.110024] alloc_pages_vma+0xbb/0x410 [ 1964.110881] shmem_alloc_page+0x10f/0x1e0 [ 1964.111769] ? shmem_init_inode+0x20/0x20 [ 1964.112666] ? percpu_counter_add_batch+0x8b/0x140 [ 1964.113701] ? __vm_enough_memory+0x184/0x360 [ 1964.114658] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1964.115815] ? shmem_unuse_inode+0xf60/0xf60 [ 1964.116759] shmem_file_read_iter+0x2a6/0xbb0 [ 1964.117725] ? shmem_get_link+0x440/0x440 [ 1964.118611] ? inode_has_perm+0x171/0x1d0 [ 1964.119503] ? iov_iter_pipe+0xf1/0x2a0 [ 1964.120351] generic_file_splice_read+0x455/0x6d0 [ 1964.121378] ? pipe_to_user+0x170/0x170 [ 1964.122241] ? fsnotify_perm.part.0+0x22d/0x620 [ 1964.123246] ? security_file_permission+0xb1/0xe0 [ 1964.124284] ? pipe_to_user+0x170/0x170 [ 1964.125125] do_splice_to+0x10e/0x160 [ 1964.125933] splice_direct_to_actor+0x2fe/0x980 [ 1964.126923] ? pipe_to_sendpage+0x380/0x380 [ 1964.127851] ? do_splice_to+0x160/0x160 [ 1964.128688] ? security_file_permission+0xb1/0xe0 [ 1964.129716] do_splice_direct+0x1c4/0x290 [ 1964.130600] ? splice_direct_to_actor+0x980/0x980 [ 1964.131633] ? security_file_permission+0xb1/0xe0 [ 1964.132659] vfs_copy_file_range+0x4f8/0x13c0 [ 1964.133624] ? generic_file_rw_checks+0x240/0x240 [ 1964.134666] __do_sys_copy_file_range+0x193/0x420 [ 1964.135701] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1964.136710] ? ksys_write+0x1a9/0x260 [ 1964.137518] ? __ia32_sys_read+0xb0/0xb0 [ 1964.138387] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1964.139498] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1964.140589] do_syscall_64+0x33/0x40 [ 1964.141377] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1964.142459] RIP: 0033:0x7ff72d878b19 [ 1964.143266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1964.147182] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1964.148804] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1964.150308] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1964.151827] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1964.153354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1964.154859] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:34:33 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:34:33 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:34:33 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:34:33 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffff"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:34:33 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 1) 10:34:33 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 1) [ 1964.355586] FAULT_INJECTION: forcing a failure. [ 1964.355586] name failslab, interval 1, probability 0, space 0, times 0 [ 1964.359752] FAULT_INJECTION: forcing a failure. [ 1964.359752] name failslab, interval 1, probability 0, space 0, times 0 [ 1964.359774] CPU: 0 PID: 10415 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 1964.359783] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1964.359789] Call Trace: [ 1964.359815] dump_stack+0x107/0x167 [ 1964.359842] should_fail.cold+0x5/0xa [ 1964.359862] ? getname_flags.part.0+0x50/0x4f0 [ 1964.359879] should_failslab+0x5/0x20 [ 1964.359897] kmem_cache_alloc+0x5b/0x310 [ 1964.359920] getname_flags.part.0+0x50/0x4f0 [ 1964.359941] getname_flags+0x9a/0xe0 [ 1964.359959] do_mkdirat+0x8f/0x2b0 [ 1964.359978] ? user_path_create+0xf0/0xf0 [ 1964.360002] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1964.360021] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1964.360041] do_syscall_64+0x33/0x40 [ 1964.360059] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1964.360071] RIP: 0033:0x7f374cab7b19 [ 1964.360087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1964.360096] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 1964.360115] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 1964.360125] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 1964.360135] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 10:34:33 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1964.360144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1964.360154] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 [ 1964.393652] CPU: 1 PID: 10418 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 1964.395138] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1964.396907] Call Trace: [ 1964.397480] dump_stack+0x107/0x167 [ 1964.398269] should_fail.cold+0x5/0xa [ 1964.399102] ? alloc_pipe_info+0x10a/0x590 [ 1964.400011] should_failslab+0x5/0x20 [ 1964.400821] kmem_cache_alloc_trace+0x55/0x320 [ 1964.401805] alloc_pipe_info+0x10a/0x590 [ 1964.402684] splice_direct_to_actor+0x774/0x980 [ 1964.403690] ? pipe_to_sendpage+0x380/0x380 [ 1964.404605] ? selinux_file_permission+0x92/0x520 [ 1964.405633] ? do_splice_to+0x160/0x160 [ 1964.406471] ? security_file_permission+0xb1/0xe0 [ 1964.407548] do_splice_direct+0x1c4/0x290 [ 1964.408435] ? splice_direct_to_actor+0x980/0x980 10:34:33 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) [ 1964.409484] ? security_file_permission+0xb1/0xe0 [ 1964.410677] vfs_copy_file_range+0x4f8/0x13c0 [ 1964.411652] ? generic_file_rw_checks+0x240/0x240 [ 1964.412707] __do_sys_copy_file_range+0x193/0x420 [ 1964.413728] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1964.414748] ? ksys_write+0x1a9/0x260 [ 1964.415573] ? __ia32_sys_read+0xb0/0xb0 [ 1964.416457] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1964.417578] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1964.418670] do_syscall_64+0x33/0x40 [ 1964.419477] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1964.420580] RIP: 0033:0x7fce96a5bb19 [ 1964.421384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1964.425311] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 10:34:33 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 2) [ 1964.426934] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 1964.428637] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1964.430156] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 1964.431681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1964.433210] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 10:34:33 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 30) [ 1964.794858] FAULT_INJECTION: forcing a failure. [ 1964.794858] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1964.797604] CPU: 1 PID: 10426 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1964.799083] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1964.800855] Call Trace: [ 1964.801435] dump_stack+0x107/0x167 [ 1964.802219] should_fail.cold+0x5/0xa [ 1964.803048] __alloc_pages_nodemask+0x182/0x600 [ 1964.804052] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1964.805328] ? lock_downgrade+0x6d0/0x6d0 [ 1964.806212] ? lock_acquire+0x197/0x470 [ 1964.806829] FAULT_INJECTION: forcing a failure. [ 1964.806829] name failslab, interval 1, probability 0, space 0, times 0 [ 1964.807086] alloc_pages_vma+0xbb/0x410 [ 1964.807112] shmem_alloc_page+0x10f/0x1e0 [ 1964.807137] ? shmem_init_inode+0x20/0x20 [ 1964.812133] ? percpu_counter_add_batch+0x8b/0x140 [ 1964.813184] ? __vm_enough_memory+0x184/0x360 [ 1964.814150] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1964.815313] ? shmem_unuse_inode+0xf60/0xf60 [ 1964.816270] shmem_file_read_iter+0x2a6/0xbb0 [ 1964.817243] ? shmem_get_link+0x440/0x440 [ 1964.818127] ? inode_has_perm+0x171/0x1d0 [ 1964.819008] ? iov_iter_pipe+0xf1/0x2a0 [ 1964.819879] generic_file_splice_read+0x455/0x6d0 [ 1964.820911] ? pipe_to_user+0x170/0x170 [ 1964.821769] ? fsnotify_perm.part.0+0x22d/0x620 [ 1964.822766] ? security_file_permission+0xb1/0xe0 [ 1964.823814] ? pipe_to_user+0x170/0x170 [ 1964.824664] do_splice_to+0x10e/0x160 [ 1964.825486] splice_direct_to_actor+0x2fe/0x980 [ 1964.826481] ? pipe_to_sendpage+0x380/0x380 [ 1964.827438] ? do_splice_to+0x160/0x160 [ 1964.828292] ? security_file_permission+0xb1/0xe0 [ 1964.829392] do_splice_direct+0x1c4/0x290 [ 1964.830326] ? splice_direct_to_actor+0x980/0x980 [ 1964.831408] ? security_file_permission+0xb1/0xe0 [ 1964.832461] vfs_copy_file_range+0x4f8/0x13c0 [ 1964.833443] ? generic_file_rw_checks+0x240/0x240 [ 1964.834515] __do_sys_copy_file_range+0x193/0x420 [ 1964.835564] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1964.836587] ? ksys_write+0x1a9/0x260 [ 1964.837422] ? __ia32_sys_read+0xb0/0xb0 [ 1964.838310] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1964.839448] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1964.840560] do_syscall_64+0x33/0x40 [ 1964.841356] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1964.842446] RIP: 0033:0x7f134c613b19 [ 1964.843251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1964.847205] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1964.848834] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1964.850350] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1964.851886] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1964.853405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1964.854924] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 1964.856512] CPU: 0 PID: 10429 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 1964.858000] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1964.859773] Call Trace: [ 1964.860339] dump_stack+0x107/0x167 [ 1964.861112] should_fail.cold+0x5/0xa [ 1964.861926] ? create_object.isra.0+0x3a/0xa30 [ 1964.862894] should_failslab+0x5/0x20 [ 1964.863711] kmem_cache_alloc+0x5b/0x310 [ 1964.864574] ? ksys_write+0x21a/0x260 [ 1964.865398] create_object.isra.0+0x3a/0xa30 [ 1964.866338] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1964.867431] kmem_cache_alloc+0x159/0x310 [ 1964.868328] getname_flags.part.0+0x50/0x4f0 [ 1964.869270] getname_flags+0x9a/0xe0 [ 1964.870069] do_mkdirat+0x8f/0x2b0 [ 1964.870828] ? user_path_create+0xf0/0xf0 [ 1964.871713] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1964.872833] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1964.873940] do_syscall_64+0x33/0x40 [ 1964.874734] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1964.875821] RIP: 0033:0x7f374cab7b19 [ 1964.876608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1964.880517] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 1964.882136] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 1964.883660] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 1964.885177] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1964.886695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1964.888203] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 10:34:46 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 31) 10:34:46 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 3) 10:34:46 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:34:46 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:34:46 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 2) 10:34:46 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 27) 10:34:46 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:34:46 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) 10:34:46 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x86) [ 1976.571513] FAULT_INJECTION: forcing a failure. [ 1976.571513] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1976.573094] CPU: 0 PID: 10450 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1976.573892] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1976.574847] Call Trace: [ 1976.575157] dump_stack+0x107/0x167 [ 1976.575580] should_fail.cold+0x5/0xa [ 1976.576023] __alloc_pages_nodemask+0x182/0x600 [ 1976.576562] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1976.577252] ? lock_downgrade+0x6d0/0x6d0 [ 1976.577728] ? lock_acquire+0x197/0x470 [ 1976.578198] alloc_pages_vma+0xbb/0x410 [ 1976.578655] shmem_alloc_page+0x10f/0x1e0 [ 1976.579131] ? shmem_init_inode+0x20/0x20 [ 1976.579637] ? percpu_counter_add_batch+0x8b/0x140 [ 1976.579650] ? __vm_enough_memory+0x184/0x360 [ 1976.579663] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1976.579683] ? shmem_unuse_inode+0xf60/0xf60 [ 1976.579699] shmem_file_read_iter+0x2a6/0xbb0 [ 1976.579718] ? shmem_get_link+0x440/0x440 [ 1976.579728] ? inode_has_perm+0x171/0x1d0 [ 1976.579740] ? iov_iter_pipe+0xf1/0x2a0 [ 1976.579753] generic_file_splice_read+0x455/0x6d0 10:34:46 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 1976.579764] ? pipe_to_user+0x170/0x170 [ 1976.579779] ? fsnotify_perm.part.0+0x22d/0x620 [ 1976.579791] ? security_file_permission+0xb1/0xe0 [ 1976.579802] ? pipe_to_user+0x170/0x170 [ 1976.579812] do_splice_to+0x10e/0x160 [ 1976.579824] splice_direct_to_actor+0x2fe/0x980 10:34:46 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x86) [ 1976.579837] ? pipe_to_sendpage+0x380/0x380 [ 1976.579850] ? do_splice_to+0x160/0x160 [ 1976.579859] ? security_file_permission+0xb1/0xe0 10:34:46 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 4) 10:34:46 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(0x0, 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1976.579875] do_splice_direct+0x1c4/0x290 [ 1976.579887] ? splice_direct_to_actor+0x980/0x980 [ 1976.579902] ? security_file_permission+0xb1/0xe0 [ 1976.579917] vfs_copy_file_range+0x4f8/0x13c0 10:34:46 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 28) [ 1976.579932] ? generic_file_rw_checks+0x240/0x240 [ 1976.579955] __do_sys_copy_file_range+0x193/0x420 [ 1976.579966] ? vfs_copy_file_range+0x13c0/0x13c0 10:34:46 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x86) 10:34:46 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 32) 10:34:46 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 3) [ 1976.579975] ? ksys_write+0x1a9/0x260 [ 1976.579986] ? __ia32_sys_read+0xb0/0xb0 [ 1976.579999] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1976.580010] ? syscall_enter_from_user_mode+0x1d/0x50 10:34:46 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 5) [ 1976.580023] do_syscall_64+0x33/0x40 [ 1976.580034] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1976.580041] RIP: 0033:0x7f134c613b19 [ 1976.580051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 10:34:46 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(0x0, 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) [ 1976.580056] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1976.580068] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1976.580074] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 10:34:46 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 4) 10:34:46 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 6) [ 1976.580081] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1976.580087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1976.580092] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 1976.599632] FAULT_INJECTION: forcing a failure. [ 1976.599632] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1976.599661] CPU: 1 PID: 10445 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1976.599675] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1976.599683] Call Trace: [ 1976.599712] dump_stack+0x107/0x167 [ 1976.599739] should_fail.cold+0x5/0xa [ 1976.599773] __alloc_pages_nodemask+0x182/0x600 [ 1976.599805] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1976.599829] ? lock_downgrade+0x6d0/0x6d0 [ 1976.599866] ? lock_acquire+0x197/0x470 [ 1976.599916] alloc_pages_vma+0xbb/0x410 [ 1976.599951] shmem_alloc_page+0x10f/0x1e0 [ 1976.599975] ? shmem_init_inode+0x20/0x20 [ 1976.600055] ? percpu_counter_add_batch+0x8b/0x140 [ 1976.600087] ? __vm_enough_memory+0x184/0x360 [ 1976.600121] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1976.600172] ? shmem_unuse_inode+0xf60/0xf60 [ 1976.600218] shmem_file_read_iter+0x2a6/0xbb0 [ 1976.600268] ? shmem_get_link+0x440/0x440 [ 1976.600293] ? inode_has_perm+0x171/0x1d0 [ 1976.600323] ? iov_iter_pipe+0xf1/0x2a0 [ 1976.600356] generic_file_splice_read+0x455/0x6d0 [ 1976.600384] ? pipe_to_user+0x170/0x170 [ 1976.600424] ? fsnotify_perm.part.0+0x22d/0x620 [ 1976.600455] ? security_file_permission+0xb1/0xe0 [ 1976.600484] ? pipe_to_user+0x170/0x170 [ 1976.600511] do_splice_to+0x10e/0x160 [ 1976.600541] splice_direct_to_actor+0x2fe/0x980 [ 1976.600575] ? pipe_to_sendpage+0x380/0x380 [ 1976.600607] ? do_splice_to+0x160/0x160 [ 1976.600631] ? security_file_permission+0xb1/0xe0 [ 1976.600665] do_splice_direct+0x1c4/0x290 [ 1976.600688] ? splice_direct_to_actor+0x980/0x980 [ 1976.600722] ? security_file_permission+0xb1/0xe0 [ 1976.600754] vfs_copy_file_range+0x4f8/0x13c0 [ 1976.600787] ? generic_file_rw_checks+0x240/0x240 [ 1976.600846] __do_sys_copy_file_range+0x193/0x420 [ 1976.600874] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1976.600896] ? ksys_write+0x1a9/0x260 10:34:46 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, 0x0, 0x86) [ 1976.600923] ? __ia32_sys_read+0xb0/0xb0 [ 1976.600954] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1976.600982] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1976.601028] do_syscall_64+0x33/0x40 [ 1976.601070] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1976.601095] RIP: 0033:0x7ff72d878b19 [ 1976.601121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1976.601134] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1976.601160] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1976.601175] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1976.601189] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1976.601204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1976.601220] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 1976.602158] FAULT_INJECTION: forcing a failure. [ 1976.602158] name fail_usercopy, interval 1, probability 0, space 0, times 1 10:34:46 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 33) [ 1976.602178] CPU: 1 PID: 10448 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 1976.602187] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1976.602194] Call Trace: [ 1976.602213] dump_stack+0x107/0x167 [ 1976.602234] should_fail.cold+0x5/0xa [ 1976.602259] strncpy_from_user+0x34/0x470 [ 1976.602284] getname_flags.part.0+0x95/0x4f0 [ 1976.602307] getname_flags+0x9a/0xe0 [ 1976.602326] do_mkdirat+0x8f/0x2b0 [ 1976.602347] ? user_path_create+0xf0/0xf0 [ 1976.602370] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1976.602390] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1976.602411] do_syscall_64+0x33/0x40 [ 1976.602430] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1976.602441] RIP: 0033:0x7f374cab7b19 [ 1976.602457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1976.602467] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 1976.602486] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 1976.602496] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 1976.602507] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1976.602517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1976.602527] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 [ 1976.605819] FAULT_INJECTION: forcing a failure. [ 1976.605819] name failslab, interval 1, probability 0, space 0, times 0 [ 1976.605847] CPU: 1 PID: 10452 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 1976.605856] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1976.605862] Call Trace: [ 1976.605881] dump_stack+0x107/0x167 [ 1976.605903] should_fail.cold+0x5/0xa [ 1976.605922] ? create_object.isra.0+0x3a/0xa30 [ 1976.605940] should_failslab+0x5/0x20 [ 1976.605959] kmem_cache_alloc+0x5b/0x310 [ 1976.605984] create_object.isra.0+0x3a/0xa30 [ 1976.606004] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1976.606041] kmem_cache_alloc_trace+0x151/0x320 [ 1976.606076] alloc_pipe_info+0x10a/0x590 [ 1976.606101] splice_direct_to_actor+0x774/0x980 [ 1976.606126] ? pipe_to_sendpage+0x380/0x380 [ 1976.606146] ? selinux_file_permission+0x92/0x520 [ 1976.606165] ? do_splice_to+0x160/0x160 [ 1976.606183] ? security_file_permission+0xb1/0xe0 [ 1976.606211] do_splice_direct+0x1c4/0x290 [ 1976.606230] ? splice_direct_to_actor+0x980/0x980 [ 1976.606256] ? security_file_permission+0xb1/0xe0 [ 1976.606283] vfs_copy_file_range+0x4f8/0x13c0 [ 1976.606309] ? generic_file_rw_checks+0x240/0x240 [ 1976.606352] __do_sys_copy_file_range+0x193/0x420 [ 1976.606373] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1976.606391] ? ksys_write+0x1a9/0x260 [ 1976.606410] ? __ia32_sys_read+0xb0/0xb0 [ 1976.606434] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1976.606454] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1976.606476] do_syscall_64+0x33/0x40 [ 1976.606495] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1976.606507] RIP: 0033:0x7fce96a5bb19 [ 1976.606523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1976.606533] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1976.606552] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 1976.606562] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1976.606573] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 1976.606583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1976.606593] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 [ 1976.776167] FAULT_INJECTION: forcing a failure. [ 1976.776167] name failslab, interval 1, probability 0, space 0, times 0 [ 1976.776210] CPU: 0 PID: 10468 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 1976.776215] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1976.776219] Call Trace: [ 1976.776235] dump_stack+0x107/0x167 [ 1976.776246] should_fail.cold+0x5/0xa [ 1976.776259] ? __d_alloc+0x2a/0x990 [ 1976.776269] should_failslab+0x5/0x20 [ 1976.776279] kmem_cache_alloc+0x5b/0x310 [ 1976.776292] __d_alloc+0x2a/0x990 [ 1976.776299] ? dput+0x1ae/0xcd0 [ 1976.776311] d_alloc+0x46/0x1c0 [ 1976.776322] __lookup_hash+0xcc/0x190 [ 1976.776332] filename_create+0x186/0x4a0 [ 1976.776342] ? filename_parentat+0x570/0x570 [ 1976.776352] ? getname_flags.part.0+0x1dd/0x4f0 [ 1976.776367] do_mkdirat+0xa2/0x2b0 [ 1976.776378] ? user_path_create+0xf0/0xf0 [ 1976.776392] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1976.776403] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1976.776415] do_syscall_64+0x33/0x40 [ 1976.776425] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1976.776432] RIP: 0033:0x7f374cab7b19 [ 1976.776441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1976.776446] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 1976.776459] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 1976.776464] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 1976.776469] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1976.776474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1976.776479] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 [ 1976.837747] FAULT_INJECTION: forcing a failure. [ 1976.837747] name failslab, interval 1, probability 0, space 0, times 0 [ 1976.837761] CPU: 0 PID: 10476 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 1976.837766] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1976.837769] Call Trace: [ 1976.837785] dump_stack+0x107/0x167 [ 1976.837801] should_fail.cold+0x5/0xa [ 1976.837813] ? memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1976.837823] should_failslab+0x5/0x20 [ 1976.837833] __kmalloc_node+0x76/0x420 [ 1976.837846] memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1976.837857] memcg_slab_post_alloc_hook+0x1f0/0x430 [ 1976.837868] ? trace_hardirqs_on+0x5b/0x180 [ 1976.837880] kmem_cache_alloc_trace+0x169/0x320 [ 1976.837892] alloc_pipe_info+0x10a/0x590 [ 1976.837905] splice_direct_to_actor+0x774/0x980 [ 1976.837918] ? pipe_to_sendpage+0x380/0x380 [ 1976.837929] ? selinux_file_permission+0x92/0x520 [ 1976.837938] ? do_splice_to+0x160/0x160 [ 1976.837948] ? security_file_permission+0xb1/0xe0 [ 1976.837961] do_splice_direct+0x1c4/0x290 [ 1976.837971] ? splice_direct_to_actor+0x980/0x980 [ 1976.837984] ? security_file_permission+0xb1/0xe0 [ 1976.837998] vfs_copy_file_range+0x4f8/0x13c0 [ 1976.838010] ? generic_file_rw_checks+0x240/0x240 [ 1976.838032] __do_sys_copy_file_range+0x193/0x420 [ 1976.838042] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1976.838051] ? ksys_write+0x1a9/0x260 [ 1976.838061] ? __ia32_sys_read+0xb0/0xb0 [ 1976.838074] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1976.838085] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1976.838097] do_syscall_64+0x33/0x40 [ 1976.838107] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1976.838114] RIP: 0033:0x7fce96a5bb19 [ 1976.838122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1976.838127] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1976.838139] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 1976.838144] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1976.838149] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 1976.838154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1976.838160] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 [ 1976.861412] FAULT_INJECTION: forcing a failure. [ 1976.861412] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1976.861434] CPU: 1 PID: 10473 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1976.861444] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1976.861450] Call Trace: [ 1976.861475] dump_stack+0x107/0x167 [ 1976.861497] should_fail.cold+0x5/0xa [ 1976.861523] __alloc_pages_nodemask+0x182/0x600 [ 1976.861547] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1976.861566] ? lock_downgrade+0x6d0/0x6d0 [ 1976.861584] ? lock_acquire+0x197/0x470 [ 1976.861620] alloc_pages_vma+0xbb/0x410 [ 1976.861646] shmem_alloc_page+0x10f/0x1e0 [ 1976.861666] ? shmem_init_inode+0x20/0x20 [ 1976.861711] ? percpu_counter_add_batch+0x8b/0x140 [ 1976.861734] ? __vm_enough_memory+0x184/0x360 [ 1976.861760] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1976.861799] ? shmem_unuse_inode+0xf60/0xf60 [ 1976.861832] shmem_file_read_iter+0x2a6/0xbb0 [ 1976.861877] ? shmem_get_link+0x440/0x440 [ 1976.861895] ? inode_has_perm+0x171/0x1d0 [ 1976.861917] ? iov_iter_pipe+0xf1/0x2a0 [ 1976.861946] generic_file_splice_read+0x455/0x6d0 [ 1976.861966] ? pipe_to_user+0x170/0x170 [ 1976.861995] ? fsnotify_perm.part.0+0x22d/0x620 [ 1976.862018] ? security_file_permission+0xb1/0xe0 [ 1976.862041] ? pipe_to_user+0x170/0x170 [ 1976.862062] do_splice_to+0x10e/0x160 [ 1976.862085] splice_direct_to_actor+0x2fe/0x980 [ 1976.862110] ? pipe_to_sendpage+0x380/0x380 [ 1976.862133] ? do_splice_to+0x160/0x160 [ 1976.862150] ? security_file_permission+0xb1/0xe0 [ 1976.862178] do_splice_direct+0x1c4/0x290 [ 1976.862198] ? splice_direct_to_actor+0x980/0x980 [ 1976.862223] ? security_file_permission+0xb1/0xe0 [ 1976.862251] vfs_copy_file_range+0x4f8/0x13c0 [ 1976.862277] ? generic_file_rw_checks+0x240/0x240 [ 1976.862320] __do_sys_copy_file_range+0x193/0x420 [ 1976.862341] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1976.862359] ? ksys_write+0x1a9/0x260 [ 1976.862379] ? __ia32_sys_read+0xb0/0xb0 [ 1976.862402] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1976.862423] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1976.862446] do_syscall_64+0x33/0x40 [ 1976.862465] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1976.862478] RIP: 0033:0x7ff72d878b19 [ 1976.862495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1976.862505] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1976.862525] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 1976.862536] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1976.862546] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1976.862556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1976.862567] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 1976.865467] FAULT_INJECTION: forcing a failure. [ 1976.865467] name failslab, interval 1, probability 0, space 0, times 0 [ 1976.865481] CPU: 0 PID: 10480 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 1976.865487] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1976.865490] Call Trace: [ 1976.865511] dump_stack+0x107/0x167 [ 1976.865523] should_fail.cold+0x5/0xa [ 1976.865536] ? __d_alloc+0x2a/0x990 [ 1976.865546] should_failslab+0x5/0x20 [ 1976.865557] kmem_cache_alloc+0x5b/0x310 [ 1976.865570] __d_alloc+0x2a/0x990 [ 1976.865577] ? dput+0x1ae/0xcd0 [ 1976.865589] d_alloc+0x46/0x1c0 [ 1976.865600] __lookup_hash+0xcc/0x190 [ 1976.865611] filename_create+0x186/0x4a0 [ 1976.865621] ? filename_parentat+0x570/0x570 [ 1976.865632] ? getname_flags.part.0+0x1dd/0x4f0 [ 1976.865646] do_mkdirat+0xa2/0x2b0 [ 1976.865657] ? user_path_create+0xf0/0xf0 [ 1976.865671] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1976.865683] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1976.865695] do_syscall_64+0x33/0x40 [ 1976.865705] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1976.865712] RIP: 0033:0x7f374cab7b19 [ 1976.865721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1976.865726] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 1976.865738] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 1976.865743] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 1976.865748] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1976.865753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1976.865758] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 [ 1976.871955] FAULT_INJECTION: forcing a failure. [ 1976.871955] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1976.871983] CPU: 1 PID: 10478 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1976.871993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1976.871999] Call Trace: [ 1976.872023] dump_stack+0x107/0x167 [ 1976.872044] should_fail.cold+0x5/0xa [ 1976.872070] __alloc_pages_nodemask+0x182/0x600 [ 1976.872094] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1976.872114] ? lock_downgrade+0x6d0/0x6d0 [ 1976.872133] ? lock_acquire+0x197/0x470 [ 1976.872170] alloc_pages_vma+0xbb/0x410 [ 1976.872195] shmem_alloc_page+0x10f/0x1e0 [ 1976.872215] ? shmem_init_inode+0x20/0x20 [ 1976.872259] ? percpu_counter_add_batch+0x8b/0x140 [ 1976.872282] ? __vm_enough_memory+0x184/0x360 [ 1976.872308] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1976.872346] ? shmem_unuse_inode+0xf60/0xf60 [ 1976.872380] shmem_file_read_iter+0x2a6/0xbb0 [ 1976.872416] ? shmem_get_link+0x440/0x440 [ 1976.872434] ? inode_has_perm+0x171/0x1d0 [ 1976.872455] ? iov_iter_pipe+0xf1/0x2a0 [ 1976.872480] generic_file_splice_read+0x455/0x6d0 [ 1976.872500] ? pipe_to_user+0x170/0x170 [ 1976.872529] ? fsnotify_perm.part.0+0x22d/0x620 [ 1976.872552] ? security_file_permission+0xb1/0xe0 [ 1976.872573] ? pipe_to_user+0x170/0x170 [ 1976.872593] do_splice_to+0x10e/0x160 [ 1976.872616] splice_direct_to_actor+0x2fe/0x980 [ 1976.872640] ? pipe_to_sendpage+0x380/0x380 [ 1976.872664] ? do_splice_to+0x160/0x160 [ 1976.872681] ? security_file_permission+0xb1/0xe0 [ 1976.872709] do_splice_direct+0x1c4/0x290 [ 1976.872728] ? splice_direct_to_actor+0x980/0x980 [ 1976.872754] ? security_file_permission+0xb1/0xe0 [ 1976.872782] vfs_copy_file_range+0x4f8/0x13c0 [ 1976.872807] ? generic_file_rw_checks+0x240/0x240 [ 1976.872850] __do_sys_copy_file_range+0x193/0x420 [ 1976.872871] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1976.872889] ? ksys_write+0x1a9/0x260 [ 1976.872909] ? __ia32_sys_read+0xb0/0xb0 [ 1976.872932] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1976.872953] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1976.872975] do_syscall_64+0x33/0x40 [ 1976.872994] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1976.873007] RIP: 0033:0x7f134c613b19 [ 1976.873023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1976.873033] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1976.873054] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1976.873064] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1976.873074] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1976.873084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1976.873094] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 1976.953642] FAULT_INJECTION: forcing a failure. [ 1976.953642] name failslab, interval 1, probability 0, space 0, times 0 [ 1977.075214] FAULT_INJECTION: forcing a failure. [ 1977.075214] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1977.075967] CPU: 0 PID: 10486 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 1977.075973] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1977.075977] Call Trace: [ 1977.075993] dump_stack+0x107/0x167 [ 1977.076012] should_fail.cold+0x5/0xa [ 1977.160071] ? create_object.isra.0+0x3a/0xa30 [ 1977.160082] should_failslab+0x5/0x20 [ 1977.160092] kmem_cache_alloc+0x5b/0x310 [ 1977.160105] create_object.isra.0+0x3a/0xa30 [ 1977.160113] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1977.160125] __kmalloc+0x16e/0x390 [ 1977.160137] alloc_pipe_info+0x1e5/0x590 [ 1977.160150] splice_direct_to_actor+0x774/0x980 [ 1977.160162] ? pipe_to_sendpage+0x380/0x380 [ 1977.160174] ? selinux_file_permission+0x92/0x520 [ 1977.160184] ? do_splice_to+0x160/0x160 [ 1977.160193] ? security_file_permission+0xb1/0xe0 [ 1977.160207] do_splice_direct+0x1c4/0x290 [ 1977.160217] ? splice_direct_to_actor+0x980/0x980 [ 1977.160229] ? security_file_permission+0xb1/0xe0 [ 1977.160244] vfs_copy_file_range+0x4f8/0x13c0 [ 1977.160257] ? generic_file_rw_checks+0x240/0x240 [ 1977.160278] __do_sys_copy_file_range+0x193/0x420 [ 1977.160289] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1977.160298] ? ksys_write+0x1a9/0x260 [ 1977.160308] ? __ia32_sys_read+0xb0/0xb0 [ 1977.160321] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1977.160333] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1977.160344] do_syscall_64+0x33/0x40 [ 1977.160354] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1977.160361] RIP: 0033:0x7fce96a5bb19 [ 1977.160371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1977.160376] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1977.160387] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 1977.160392] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1977.160397] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 1977.160402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1977.160408] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 [ 1977.160450] CPU: 1 PID: 10490 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1977.160465] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1977.160471] Call Trace: [ 1977.160500] dump_stack+0x107/0x167 [ 1977.160522] should_fail.cold+0x5/0xa [ 1977.160548] __alloc_pages_nodemask+0x182/0x600 [ 1977.160572] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1977.160591] ? lock_downgrade+0x6d0/0x6d0 [ 1977.160609] ? lock_acquire+0x197/0x470 [ 1977.160647] alloc_pages_vma+0xbb/0x410 [ 1977.160673] shmem_alloc_page+0x10f/0x1e0 [ 1977.160692] ? shmem_init_inode+0x20/0x20 [ 1977.160737] ? percpu_counter_add_batch+0x8b/0x140 [ 1977.160761] ? __vm_enough_memory+0x184/0x360 [ 1977.160786] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1977.160825] ? shmem_unuse_inode+0xf60/0xf60 [ 1977.160870] shmem_file_read_iter+0x2a6/0xbb0 [ 1977.160907] ? shmem_get_link+0x440/0x440 [ 1977.160925] ? inode_has_perm+0x171/0x1d0 [ 1977.160947] ? iov_iter_pipe+0xf1/0x2a0 [ 1977.160972] generic_file_splice_read+0x455/0x6d0 [ 1977.160993] ? pipe_to_user+0x170/0x170 [ 1977.161023] ? fsnotify_perm.part.0+0x22d/0x620 [ 1977.161054] ? security_file_permission+0xb1/0xe0 [ 1977.161084] ? pipe_to_user+0x170/0x170 [ 1977.227785] do_splice_to+0x10e/0x160 [ 1977.228696] splice_direct_to_actor+0x2fe/0x980 [ 1977.229813] ? pipe_to_sendpage+0x380/0x380 [ 1977.230812] ? do_splice_to+0x160/0x160 [ 1977.231727] ? security_file_permission+0xb1/0xe0 [ 1977.232855] do_splice_direct+0x1c4/0x290 [ 1977.233815] ? splice_direct_to_actor+0x980/0x980 [ 1977.234927] ? security_file_permission+0xb1/0xe0 [ 1977.236038] vfs_copy_file_range+0x4f8/0x13c0 [ 1977.237071] ? generic_file_rw_checks+0x240/0x240 [ 1977.238203] __do_sys_copy_file_range+0x193/0x420 [ 1977.239318] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1977.240422] ? ksys_write+0x1a9/0x260 [ 1977.241285] ? __ia32_sys_read+0xb0/0xb0 [ 1977.242203] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1977.243382] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1977.244538] do_syscall_64+0x33/0x40 [ 1977.245388] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1977.246571] RIP: 0033:0x7f134c613b19 [ 1977.247434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1977.251666] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1977.253402] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1977.255055] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1977.256714] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1977.258388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1977.260050] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 1977.265373] FAULT_INJECTION: forcing a failure. [ 1977.265373] name failslab, interval 1, probability 0, space 0, times 0 [ 1977.267002] CPU: 0 PID: 10493 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 1977.267811] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1977.268754] Call Trace: [ 1977.269061] dump_stack+0x107/0x167 [ 1977.269482] should_fail.cold+0x5/0xa [ 1977.269924] ? create_object.isra.0+0x3a/0xa30 [ 1977.270450] should_failslab+0x5/0x20 [ 1977.270887] kmem_cache_alloc+0x5b/0x310 [ 1977.271364] create_object.isra.0+0x3a/0xa30 [ 1977.271865] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1977.272451] kmem_cache_alloc+0x159/0x310 [ 1977.272931] __d_alloc+0x2a/0x990 [ 1977.273322] ? dput+0x1ae/0xcd0 [ 1977.273705] d_alloc+0x46/0x1c0 [ 1977.274083] __lookup_hash+0xcc/0x190 [ 1977.274516] filename_create+0x186/0x4a0 [ 1977.274979] ? filename_parentat+0x570/0x570 [ 1977.275488] ? getname_flags.part.0+0x1dd/0x4f0 [ 1977.276024] do_mkdirat+0xa2/0x2b0 [ 1977.276431] ? user_path_create+0xf0/0xf0 [ 1977.276914] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1977.277510] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1977.278105] do_syscall_64+0x33/0x40 [ 1977.278537] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1977.279122] RIP: 0033:0x7f374cab7b19 [ 1977.279556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1977.281642] RSP: 002b:00007f3749feb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 1977.282508] RAX: ffffffffffffffda RBX: 00007f374cbcb0e0 RCX: 00007f374cab7b19 [ 1977.283327] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 1977.284146] RBP: 00007f3749feb1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1977.284957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1977.285772] R13: 00007ffedc9f917f R14: 00007f3749feb300 R15: 0000000000022000 10:35:00 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 34) 10:35:00 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:35:00 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 29) 10:35:00 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:35:00 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(0x0, 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:35:00 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, 0x0, 0x86) 10:35:00 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 7) 10:35:00 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 5) [ 1991.473466] FAULT_INJECTION: forcing a failure. [ 1991.473466] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1991.476256] CPU: 1 PID: 10516 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 1991.477719] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1991.478288] FAULT_INJECTION: forcing a failure. [ 1991.478288] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1991.479474] Call Trace: [ 1991.479497] dump_stack+0x107/0x167 [ 1991.479518] should_fail.cold+0x5/0xa [ 1991.479543] __alloc_pages_nodemask+0x182/0x600 [ 1991.479565] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1991.479584] ? lock_downgrade+0x6d0/0x6d0 [ 1991.479601] ? lock_acquire+0x197/0x470 [ 1991.479635] alloc_pages_vma+0xbb/0x410 [ 1991.489367] shmem_alloc_page+0x10f/0x1e0 [ 1991.490258] ? shmem_init_inode+0x20/0x20 [ 1991.491164] ? percpu_counter_add_batch+0x8b/0x140 [ 1991.492215] ? __vm_enough_memory+0x184/0x360 [ 1991.493164] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1991.494295] ? shmem_unuse_inode+0xf60/0xf60 [ 1991.495222] ? avc_has_perm+0xc5/0x1b0 [ 1991.496049] shmem_file_read_iter+0x2a6/0xbb0 [ 1991.496990] ? do_syscall_64+0x33/0x40 [ 1991.497825] ? shmem_get_link+0x440/0x440 [ 1991.498690] ? inode_has_perm+0x171/0x1d0 [ 1991.499569] ? iov_iter_pipe+0xf1/0x2a0 [ 1991.500406] generic_file_splice_read+0x455/0x6d0 [ 1991.501423] ? pipe_to_user+0x170/0x170 [ 1991.502263] ? fsnotify_perm.part.0+0x22d/0x620 [ 1991.503243] ? security_file_permission+0xb1/0xe0 [ 1991.504269] ? pipe_to_user+0x170/0x170 [ 1991.505103] do_splice_to+0x10e/0x160 [ 1991.505907] splice_direct_to_actor+0x2fe/0x980 [ 1991.506907] ? pipe_to_sendpage+0x380/0x380 [ 1991.507845] ? do_splice_to+0x160/0x160 [ 1991.508678] ? security_file_permission+0xb1/0xe0 [ 1991.509706] do_splice_direct+0x1c4/0x290 [ 1991.510574] ? splice_direct_to_actor+0x980/0x980 [ 1991.511645] ? security_file_permission+0xb1/0xe0 [ 1991.512721] vfs_copy_file_range+0x4f8/0x13c0 [ 1991.513707] ? generic_file_rw_checks+0x240/0x240 [ 1991.514742] __do_sys_copy_file_range+0x193/0x420 [ 1991.515771] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1991.516773] ? ksys_write+0x1a9/0x260 [ 1991.517625] ? __ia32_sys_read+0xb0/0xb0 [ 1991.518539] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1991.519674] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1991.520781] do_syscall_64+0x33/0x40 [ 1991.521563] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1991.522694] RIP: 0033:0x7fce96a5bb19 [ 1991.523510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1991.527432] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1991.529037] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 1991.530537] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1991.532048] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 1991.533550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1991.535057] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 [ 1991.536596] CPU: 0 PID: 10511 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 1991.538080] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1991.539841] Call Trace: [ 1991.540397] dump_stack+0x107/0x167 [ 1991.541177] should_fail.cold+0x5/0xa [ 1991.541994] __alloc_pages_nodemask+0x182/0x600 [ 1991.542987] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1991.544259] ? lock_downgrade+0x6d0/0x6d0 [ 1991.545131] ? lock_acquire+0x197/0x470 [ 1991.545982] alloc_pages_vma+0xbb/0x410 [ 1991.546833] shmem_alloc_page+0x10f/0x1e0 [ 1991.547718] ? shmem_init_inode+0x20/0x20 [ 1991.548623] ? percpu_counter_add_batch+0x8b/0x140 [ 1991.549666] ? __vm_enough_memory+0x184/0x360 [ 1991.550622] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1991.551779] ? shmem_unuse_inode+0xf60/0xf60 [ 1991.552730] shmem_file_read_iter+0x2a6/0xbb0 [ 1991.553691] ? shmem_get_link+0x440/0x440 [ 1991.554567] ? inode_has_perm+0x171/0x1d0 [ 1991.555458] ? iov_iter_pipe+0xf1/0x2a0 [ 1991.556300] generic_file_splice_read+0x455/0x6d0 [ 1991.557319] ? pipe_to_user+0x170/0x170 [ 1991.558181] ? fsnotify_perm.part.0+0x22d/0x620 [ 1991.559162] ? security_file_permission+0xb1/0xe0 [ 1991.560187] ? pipe_to_user+0x170/0x170 [ 1991.561032] do_splice_to+0x10e/0x160 [ 1991.561844] splice_direct_to_actor+0x2fe/0x980 [ 1991.562827] ? pipe_to_sendpage+0x380/0x380 [ 1991.563757] ? do_splice_to+0x160/0x160 [ 1991.564594] ? security_file_permission+0xb1/0xe0 [ 1991.565624] do_splice_direct+0x1c4/0x290 [ 1991.566501] ? splice_direct_to_actor+0x980/0x980 [ 1991.567529] ? security_file_permission+0xb1/0xe0 [ 1991.568555] vfs_copy_file_range+0x4f8/0x13c0 [ 1991.569501] ? generic_file_rw_checks+0x240/0x240 [ 1991.570543] __do_sys_copy_file_range+0x193/0x420 [ 1991.571569] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1991.572579] ? ksys_write+0x1a9/0x260 [ 1991.573388] ? __ia32_sys_read+0xb0/0xb0 [ 1991.574256] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1991.575361] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1991.576463] do_syscall_64+0x33/0x40 [ 1991.577252] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1991.578336] RIP: 0033:0x7f134c613b19 [ 1991.579126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1991.583010] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1991.584628] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 1991.586135] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1991.587649] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 1991.589150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1991.590656] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 1991.609720] FAULT_INJECTION: forcing a failure. [ 1991.609720] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1991.612428] CPU: 1 PID: 10520 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 1991.613889] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1991.615661] Call Trace: [ 1991.616226] dump_stack+0x107/0x167 [ 1991.616995] should_fail.cold+0x5/0xa [ 1991.617811] __alloc_pages_nodemask+0x182/0x600 [ 1991.618814] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1991.620094] ? lock_downgrade+0x6d0/0x6d0 [ 1991.620983] ? lock_acquire+0x197/0x470 [ 1991.621836] alloc_pages_vma+0xbb/0x410 [ 1991.622685] shmem_alloc_page+0x10f/0x1e0 [ 1991.623565] ? shmem_init_inode+0x20/0x20 [ 1991.624473] ? percpu_counter_add_batch+0x8b/0x140 [ 1991.624492] FAULT_INJECTION: forcing a failure. [ 1991.624492] name failslab, interval 1, probability 0, space 0, times 0 [ 1991.625531] ? __vm_enough_memory+0x184/0x360 [ 1991.625556] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 1991.625592] ? shmem_unuse_inode+0xf60/0xf60 [ 1991.625624] shmem_file_read_iter+0x2a6/0xbb0 [ 1991.625658] ? shmem_get_link+0x440/0x440 [ 1991.625675] ? inode_has_perm+0x171/0x1d0 [ 1991.633828] ? iov_iter_pipe+0xf1/0x2a0 [ 1991.634679] generic_file_splice_read+0x455/0x6d0 [ 1991.635713] ? pipe_to_user+0x170/0x170 [ 1991.636562] ? fsnotify_perm.part.0+0x22d/0x620 [ 1991.637558] ? security_file_permission+0xb1/0xe0 [ 1991.638577] ? pipe_to_user+0x170/0x170 [ 1991.639430] do_splice_to+0x10e/0x160 [ 1991.640238] splice_direct_to_actor+0x2fe/0x980 [ 1991.641244] ? pipe_to_sendpage+0x380/0x380 [ 1991.642161] ? do_splice_to+0x160/0x160 [ 1991.643001] ? security_file_permission+0xb1/0xe0 [ 1991.644321] do_splice_direct+0x1c4/0x290 [ 1991.645379] ? splice_direct_to_actor+0x980/0x980 [ 1991.646596] ? security_file_permission+0xb1/0xe0 [ 1991.647838] vfs_copy_file_range+0x4f8/0x13c0 [ 1991.648799] ? generic_file_rw_checks+0x240/0x240 [ 1991.649832] __do_sys_copy_file_range+0x193/0x420 [ 1991.650853] ? vfs_copy_file_range+0x13c0/0x13c0 [ 1991.651858] ? ksys_write+0x1a9/0x260 [ 1991.652659] ? __ia32_sys_read+0xb0/0xb0 [ 1991.653521] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1991.654626] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1991.655728] do_syscall_64+0x33/0x40 [ 1991.656515] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1991.657592] RIP: 0033:0x7ff72d878b19 [ 1991.658382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1991.662286] RSP: 002b:00007ff72adac188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 1991.663902] RAX: ffffffffffffffda RBX: 00007ff72d98c0e0 RCX: 00007ff72d878b19 [ 1991.665404] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1991.666908] RBP: 00007ff72adac1d0 R08: 0000000300000000 R09: 0000000000000000 [ 1991.668419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1991.669926] R13: 00007ffcc261567f R14: 00007ff72adac300 R15: 0000000000022000 [ 1991.671476] CPU: 0 PID: 10518 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 1991.672977] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1991.674739] Call Trace: [ 1991.675304] dump_stack+0x107/0x167 [ 1991.676098] should_fail.cold+0x5/0xa [ 1991.676906] ? create_object.isra.0+0x3a/0xa30 [ 1991.677879] should_failslab+0x5/0x20 [ 1991.678690] kmem_cache_alloc+0x5b/0x310 [ 1991.679563] ? selinux_determine_inode_label+0x1ab/0x340 [ 1991.680711] create_object.isra.0+0x3a/0xa30 [ 1991.681650] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1991.682724] __kmalloc+0x16e/0x390 [ 1991.683490] cgroup_mkdir+0x251/0xf50 [ 1991.684306] ? cgroup_destroy_locked+0x710/0x710 [ 1991.685317] kernfs_iop_mkdir+0x14d/0x1e0 [ 1991.686198] vfs_mkdir+0x493/0x750 [ 1991.686963] do_mkdirat+0x150/0x2b0 [ 1991.687745] ? user_path_create+0xf0/0xf0 [ 1991.688636] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1991.689750] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1991.690842] do_syscall_64+0x33/0x40 [ 1991.691637] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1991.692735] RIP: 0033:0x7f374cab7b19 [ 1991.693523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1991.697408] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 1991.699029] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 1991.700549] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 1991.702051] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1991.703562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1991.705077] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 10:35:01 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:35:01 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:35:13 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 35) 10:35:13 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 30) 10:35:13 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:35:13 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 8) 10:35:13 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b40000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:35:13 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 6) 10:35:13 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:35:13 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, 0x0, 0x86) 10:35:13 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x0) [ 2003.758329] FAULT_INJECTION: forcing a failure. [ 2003.758329] name failslab, interval 1, probability 0, space 0, times 0 [ 2003.760081] CPU: 0 PID: 10535 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2003.760994] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2003.762083] Call Trace: [ 2003.762453] dump_stack+0x107/0x167 [ 2003.762956] should_fail.cold+0x5/0xa [ 2003.763482] ? create_object.isra.0+0x3a/0xa30 [ 2003.764117] should_failslab+0x5/0x20 [ 2003.764636] kmem_cache_alloc+0x5b/0x310 [ 2003.765198] create_object.isra.0+0x3a/0xa30 [ 2003.765796] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2003.766487] __kmalloc+0x16e/0x390 [ 2003.766975] alloc_pipe_info+0x1e5/0x590 [ 2003.767532] splice_direct_to_actor+0x774/0x980 [ 2003.768177] ? pipe_to_sendpage+0x380/0x380 [ 2003.768762] ? selinux_file_permission+0x92/0x520 [ 2003.769407] ? do_splice_to+0x160/0x160 [ 2003.769944] ? security_file_permission+0xb1/0xe0 [ 2003.770604] do_splice_direct+0x1c4/0x290 [ 2003.770626] ? splice_direct_to_actor+0x980/0x980 [ 2003.770651] ? security_file_permission+0xb1/0xe0 [ 2003.770681] vfs_copy_file_range+0x4f8/0x13c0 [ 2003.770708] ? generic_file_rw_checks+0x240/0x240 [ 2003.770746] __do_sys_copy_file_range+0x193/0x420 [ 2003.770770] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2003.770787] ? ksys_write+0x1a9/0x260 [ 2003.770807] ? __ia32_sys_read+0xb0/0xb0 [ 2003.770836] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2003.770859] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2003.770882] do_syscall_64+0x33/0x40 [ 2003.770904] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2003.770917] RIP: 0033:0x7fce96a5bb19 [ 2003.770938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2003.770949] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2003.770970] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 2003.770983] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2003.770994] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 2003.771004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2003.771015] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 [ 2003.785551] FAULT_INJECTION: forcing a failure. [ 2003.785551] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2003.804031] CPU: 0 PID: 10542 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 2003.804039] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2003.804058] Call Trace: [ 2003.807172] dump_stack+0x107/0x167 [ 2003.807671] should_fail.cold+0x5/0xa [ 2003.808176] __alloc_pages_nodemask+0x182/0x600 [ 2003.808793] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2003.809583] ? lock_downgrade+0x6d0/0x6d0 [ 2003.810137] ? lock_acquire+0x197/0x470 [ 2003.810674] alloc_pages_vma+0xbb/0x410 [ 2003.811209] shmem_alloc_page+0x10f/0x1e0 [ 2003.811767] ? shmem_init_inode+0x20/0x20 [ 2003.812336] ? percpu_counter_add_batch+0x8b/0x140 [ 2003.812989] ? __vm_enough_memory+0x184/0x360 [ 2003.813586] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2003.814297] ? shmem_unuse_inode+0xf60/0xf60 [ 2003.814882] shmem_file_read_iter+0x2a6/0xbb0 [ 2003.815484] ? shmem_get_link+0x440/0x440 [ 2003.816054] ? inode_has_perm+0x171/0x1d0 [ 2003.816592] ? iov_iter_pipe+0xf1/0x2a0 [ 2003.817116] generic_file_splice_read+0x455/0x6d0 [ 2003.817759] ? pipe_to_user+0x170/0x170 [ 2003.818287] ? fsnotify_perm.part.0+0x22d/0x620 [ 2003.818905] ? security_file_permission+0xb1/0xe0 [ 2003.819558] ? pipe_to_user+0x170/0x170 [ 2003.820087] do_splice_to+0x10e/0x160 [ 2003.820590] splice_direct_to_actor+0x2fe/0x980 [ 2003.821198] ? pipe_to_sendpage+0x380/0x380 [ 2003.821773] ? do_splice_to+0x160/0x160 [ 2003.822302] ? security_file_permission+0xb1/0xe0 [ 2003.822945] do_splice_direct+0x1c4/0x290 [ 2003.823491] ? splice_direct_to_actor+0x980/0x980 [ 2003.824128] ? security_file_permission+0xb1/0xe0 [ 2003.824771] vfs_copy_file_range+0x4f8/0x13c0 [ 2003.825366] ? generic_file_rw_checks+0x240/0x240 [ 2003.826023] __do_sys_copy_file_range+0x193/0x420 [ 2003.826668] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2003.827295] ? ksys_write+0x1a9/0x260 [ 2003.827808] ? __ia32_sys_read+0xb0/0xb0 [ 2003.828349] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2003.829037] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2003.829712] do_syscall_64+0x33/0x40 [ 2003.830216] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2003.830444] FAULT_INJECTION: forcing a failure. [ 2003.830444] name failslab, interval 1, probability 0, space 0, times 0 [ 2003.830891] RIP: 0033:0x7ff72d878b19 [ 2003.830903] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2003.830909] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2003.830922] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 2003.830928] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2003.830935] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 2003.830941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2003.830947] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 2003.833792] FAULT_INJECTION: forcing a failure. [ 2003.833792] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2003.833805] CPU: 0 PID: 10544 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2003.833811] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2003.833814] Call Trace: [ 2003.833827] dump_stack+0x107/0x167 [ 2003.833846] should_fail.cold+0x5/0xa [ 2003.833863] __alloc_pages_nodemask+0x182/0x600 [ 2003.833881] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2003.833900] ? lock_downgrade+0x6d0/0x6d0 [ 2003.849431] ? lock_acquire+0x197/0x470 [ 2003.849962] alloc_pages_vma+0xbb/0x410 [ 2003.850481] shmem_alloc_page+0x10f/0x1e0 [ 2003.851020] ? shmem_init_inode+0x20/0x20 [ 2003.851577] ? percpu_counter_add_batch+0x8b/0x140 [ 2003.852233] ? __vm_enough_memory+0x184/0x360 [ 2003.852824] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2003.853530] ? shmem_unuse_inode+0xf60/0xf60 [ 2003.854125] shmem_file_read_iter+0x2a6/0xbb0 [ 2003.854713] ? shmem_get_link+0x440/0x440 [ 2003.855244] ? inode_has_perm+0x171/0x1d0 [ 2003.855798] ? iov_iter_pipe+0xf1/0x2a0 [ 2003.856317] generic_file_splice_read+0x455/0x6d0 [ 2003.856939] ? pipe_to_user+0x170/0x170 [ 2003.857454] ? fsnotify_perm.part.0+0x22d/0x620 [ 2003.858070] ? security_file_permission+0xb1/0xe0 [ 2003.858688] ? pipe_to_user+0x170/0x170 [ 2003.859205] do_splice_to+0x10e/0x160 [ 2003.859708] splice_direct_to_actor+0x2fe/0x980 [ 2003.860314] ? pipe_to_sendpage+0x380/0x380 [ 2003.860865] ? do_splice_to+0x160/0x160 [ 2003.861385] ? security_file_permission+0xb1/0xe0 [ 2003.862011] do_splice_direct+0x1c4/0x290 [ 2003.862539] ? splice_direct_to_actor+0x980/0x980 [ 2003.863169] ? security_file_permission+0xb1/0xe0 [ 2003.863805] vfs_copy_file_range+0x4f8/0x13c0 [ 2003.864388] ? generic_file_rw_checks+0x240/0x240 [ 2003.865024] __do_sys_copy_file_range+0x193/0x420 [ 2003.865643] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2003.866252] ? ksys_write+0x1a9/0x260 [ 2003.866734] ? __ia32_sys_read+0xb0/0xb0 [ 2003.867267] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2003.867945] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2003.868601] do_syscall_64+0x33/0x40 [ 2003.869084] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2003.869742] RIP: 0033:0x7f134c613b19 [ 2003.870222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2003.872604] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2003.873586] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2003.874510] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2003.875422] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2003.876346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2003.877251] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 2003.878192] CPU: 1 PID: 10546 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2003.879736] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2003.881546] Call Trace: [ 2003.882131] dump_stack+0x107/0x167 [ 2003.882935] should_fail.cold+0x5/0xa [ 2003.883838] ? create_object.isra.0+0x3a/0xa30 [ 2003.884871] should_failslab+0x5/0x20 [ 2003.885737] kmem_cache_alloc+0x5b/0x310 [ 2003.886653] create_object.isra.0+0x3a/0xa30 [ 2003.887686] kmemleak_alloc_percpu+0xa0/0x100 [ 2003.888705] pcpu_alloc+0x4e2/0x1240 [ 2003.889562] ? cset_cgroup_from_root+0x220/0x220 [ 2003.890627] percpu_ref_init+0x31/0x3d0 [ 2003.891553] cgroup_mkdir+0x288/0xf50 [ 2003.892451] ? cgroup_destroy_locked+0x710/0x710 [ 2003.893541] kernfs_iop_mkdir+0x14d/0x1e0 [ 2003.894495] vfs_mkdir+0x493/0x750 [ 2003.895318] do_mkdirat+0x150/0x2b0 [ 2003.896185] ? user_path_create+0xf0/0xf0 [ 2003.897143] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2003.898342] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2003.899554] do_syscall_64+0x33/0x40 [ 2003.900438] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2003.901622] RIP: 0033:0x7f374cab7b19 [ 2003.902479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2003.906778] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2003.908575] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2003.910261] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2003.912288] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2003.914396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2003.916136] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 10:35:13 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 7) 10:35:13 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b40000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2003.972366] FAULT_INJECTION: forcing a failure. [ 2003.972366] name failslab, interval 1, probability 0, space 0, times 0 [ 2003.973758] CPU: 0 PID: 10553 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2003.974606] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2003.975624] Call Trace: [ 2003.975954] dump_stack+0x107/0x167 [ 2003.976403] should_fail.cold+0x5/0xa [ 2003.976869] ? create_object.isra.0+0x3a/0xa30 [ 2003.977437] should_failslab+0x5/0x20 [ 2003.977912] kmem_cache_alloc+0x5b/0x310 [ 2003.978414] create_object.isra.0+0x3a/0xa30 [ 2003.978959] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2003.979591] kmem_cache_alloc+0x159/0x310 [ 2003.980095] ? trace_hardirqs_on+0x5b/0x180 [ 2003.980624] xas_alloc+0x336/0x440 [ 2003.981054] xas_create+0x34a/0x10d0 [ 2003.981501] ? lock_acquire+0x197/0x470 [ 2003.982001] xas_create_range+0x189/0x620 [ 2003.982509] shmem_add_to_page_cache+0x760/0x1130 [ 2003.983098] ? shmem_getattr+0x180/0x180 [ 2003.983609] shmem_getpage_gfp.constprop.0+0x64a/0x1920 [ 2003.984277] ? shmem_unuse_inode+0xf60/0xf60 [ 2003.984808] ? avc_has_perm+0xc5/0x1b0 [ 2003.985286] shmem_file_read_iter+0x2a6/0xbb0 [ 2003.985829] ? do_syscall_64+0x33/0x40 [ 2003.986307] ? shmem_get_link+0x440/0x440 [ 2003.986806] ? inode_has_perm+0x171/0x1d0 [ 2003.987308] ? iov_iter_pipe+0xf1/0x2a0 [ 2003.987800] generic_file_splice_read+0x455/0x6d0 [ 2003.988384] ? pipe_to_user+0x170/0x170 [ 2003.988872] ? fsnotify_perm.part.0+0x22d/0x620 [ 2003.989433] ? security_file_permission+0xb1/0xe0 [ 2003.990023] ? pipe_to_user+0x170/0x170 [ 2003.990505] do_splice_to+0x10e/0x160 [ 2003.990975] splice_direct_to_actor+0x2fe/0x980 [ 2003.991547] ? pipe_to_sendpage+0x380/0x380 [ 2003.992074] ? do_splice_to+0x160/0x160 [ 2003.992552] ? security_file_permission+0xb1/0xe0 [ 2003.993138] do_splice_direct+0x1c4/0x290 [ 2003.993638] ? splice_direct_to_actor+0x980/0x980 [ 2003.994227] ? security_file_permission+0xb1/0xe0 [ 2003.994814] vfs_copy_file_range+0x4f8/0x13c0 [ 2003.995362] ? generic_file_rw_checks+0x240/0x240 [ 2003.995972] __do_sys_copy_file_range+0x193/0x420 [ 2003.996553] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2003.997122] ? ksys_write+0x1a9/0x260 [ 2003.997576] ? __ia32_sys_read+0xb0/0xb0 [ 2003.998064] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2003.998686] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2003.999300] do_syscall_64+0x33/0x40 [ 2003.999756] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2004.000381] RIP: 0033:0x7fce96a5bb19 [ 2004.000822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2004.003028] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2004.003945] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 2004.004792] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2004.005634] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 2004.006481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2004.007332] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 10:35:13 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:35:13 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b40000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:35:13 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 36) 10:35:13 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 9) [ 2004.144242] FAULT_INJECTION: forcing a failure. [ 2004.144242] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2004.145983] CPU: 0 PID: 10563 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2004.146781] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2004.147736] Call Trace: [ 2004.148042] dump_stack+0x107/0x167 [ 2004.148461] should_fail.cold+0x5/0xa [ 2004.148904] __alloc_pages_nodemask+0x182/0x600 [ 2004.149434] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2004.150119] ? lock_downgrade+0x6d0/0x6d0 [ 2004.150592] ? lock_acquire+0x197/0x470 [ 2004.151060] alloc_pages_vma+0xbb/0x410 [ 2004.151522] shmem_alloc_page+0x10f/0x1e0 [ 2004.152007] ? shmem_init_inode+0x20/0x20 [ 2004.152494] ? percpu_counter_add_batch+0x8b/0x140 [ 2004.153050] ? __vm_enough_memory+0x184/0x360 [ 2004.153562] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2004.154179] ? shmem_unuse_inode+0xf60/0xf60 [ 2004.154689] shmem_file_read_iter+0x2a6/0xbb0 [ 2004.155207] ? shmem_get_link+0x440/0x440 [ 2004.155690] ? inode_has_perm+0x171/0x1d0 [ 2004.156163] ? iov_iter_pipe+0xf1/0x2a0 [ 2004.156620] generic_file_splice_read+0x455/0x6d0 [ 2004.157171] ? pipe_to_user+0x170/0x170 [ 2004.157630] ? fsnotify_perm.part.0+0x22d/0x620 [ 2004.158164] ? security_file_permission+0xb1/0xe0 [ 2004.158711] ? pipe_to_user+0x170/0x170 [ 2004.159166] do_splice_to+0x10e/0x160 [ 2004.159611] splice_direct_to_actor+0x2fe/0x980 [ 2004.160142] ? pipe_to_sendpage+0x380/0x380 [ 2004.160635] ? do_splice_to+0x160/0x160 [ 2004.161092] ? security_file_permission+0xb1/0xe0 [ 2004.161656] do_splice_direct+0x1c4/0x290 [ 2004.162132] ? splice_direct_to_actor+0x980/0x980 [ 2004.162684] ? security_file_permission+0xb1/0xe0 [ 2004.163176] FAULT_INJECTION: forcing a failure. [ 2004.163176] name failslab, interval 1, probability 0, space 0, times 0 [ 2004.163245] vfs_copy_file_range+0x4f8/0x13c0 [ 2004.166160] ? generic_file_rw_checks+0x240/0x240 [ 2004.166724] __do_sys_copy_file_range+0x193/0x420 [ 2004.167286] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2004.167831] ? ksys_write+0x1a9/0x260 [ 2004.168269] ? __ia32_sys_read+0xb0/0xb0 [ 2004.168734] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2004.169336] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2004.169931] do_syscall_64+0x33/0x40 [ 2004.170356] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2004.170946] RIP: 0033:0x7f134c613b19 [ 2004.171377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2004.173492] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2004.174369] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2004.175184] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2004.176008] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2004.176826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2004.177638] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 2004.178480] CPU: 1 PID: 10565 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2004.179999] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2004.181792] Call Trace: [ 2004.182370] dump_stack+0x107/0x167 [ 2004.183163] should_fail.cold+0x5/0xa [ 2004.183978] ? create_object.isra.0+0x3a/0xa30 [ 2004.184949] should_failslab+0x5/0x20 [ 2004.185764] kmem_cache_alloc+0x5b/0x310 [ 2004.186649] ? mark_held_locks+0x9e/0xe0 [ 2004.187524] create_object.isra.0+0x3a/0xa30 [ 2004.188494] kmemleak_alloc_percpu+0xa0/0x100 [ 2004.189456] pcpu_alloc+0x4e2/0x1240 [ 2004.190285] ? cset_cgroup_from_root+0x220/0x220 [ 2004.191303] percpu_ref_init+0x31/0x3d0 [ 2004.192173] cgroup_mkdir+0x288/0xf50 [ 2004.192981] ? cgroup_destroy_locked+0x710/0x710 [ 2004.194016] kernfs_iop_mkdir+0x14d/0x1e0 [ 2004.194921] vfs_mkdir+0x493/0x750 [ 2004.195702] do_mkdirat+0x150/0x2b0 [ 2004.196482] ? user_path_create+0xf0/0xf0 [ 2004.197374] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2004.198504] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2004.199620] do_syscall_64+0x33/0x40 [ 2004.200417] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2004.201504] RIP: 0033:0x7f374cab7b19 [ 2004.202295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2004.206246] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2004.207877] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2004.209405] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2004.210921] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2004.212467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2004.213984] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 10:35:28 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x0) 10:35:28 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:35:28 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 10) 10:35:28 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:35:28 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 8) 10:35:28 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 37) 10:35:28 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 31) 10:35:28 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b4000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2018.609448] FAULT_INJECTION: forcing a failure. [ 2018.609448] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2018.612226] CPU: 1 PID: 10583 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2018.613673] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2018.615421] Call Trace: [ 2018.615991] dump_stack+0x107/0x167 [ 2018.616718] FAULT_INJECTION: forcing a failure. [ 2018.616718] name failslab, interval 1, probability 0, space 0, times 0 [ 2018.616766] should_fail.cold+0x5/0xa [ 2018.619928] __alloc_pages_nodemask+0x182/0x600 [ 2018.620909] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2018.622164] ? lock_downgrade+0x6d0/0x6d0 [ 2018.623026] ? lock_acquire+0x197/0x470 [ 2018.623878] alloc_pages_vma+0xbb/0x410 [ 2018.624714] shmem_alloc_page+0x10f/0x1e0 [ 2018.625585] ? shmem_init_inode+0x20/0x20 [ 2018.626475] ? percpu_counter_add_batch+0x8b/0x140 [ 2018.627507] ? __vm_enough_memory+0x184/0x360 [ 2018.628457] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2018.629596] ? shmem_unuse_inode+0xf60/0xf60 [ 2018.630539] shmem_file_read_iter+0x2a6/0xbb0 [ 2018.631496] ? shmem_get_link+0x440/0x440 [ 2018.632397] ? inode_has_perm+0x171/0x1d0 [ 2018.633266] ? iov_iter_pipe+0xf1/0x2a0 [ 2018.634110] generic_file_splice_read+0x455/0x6d0 [ 2018.635116] ? pipe_to_user+0x170/0x170 [ 2018.635973] ? fsnotify_perm.part.0+0x22d/0x620 [ 2018.636956] ? security_file_permission+0xb1/0xe0 [ 2018.637967] ? pipe_to_user+0x170/0x170 [ 2018.638796] do_splice_to+0x10e/0x160 [ 2018.639595] splice_direct_to_actor+0x2fe/0x980 [ 2018.640578] ? pipe_to_sendpage+0x380/0x380 [ 2018.641485] ? do_splice_to+0x160/0x160 [ 2018.642314] ? security_file_permission+0xb1/0xe0 [ 2018.643339] do_splice_direct+0x1c4/0x290 [ 2018.644220] ? splice_direct_to_actor+0x980/0x980 [ 2018.645241] ? security_file_permission+0xb1/0xe0 [ 2018.646261] vfs_copy_file_range+0x4f8/0x13c0 [ 2018.647205] ? generic_file_rw_checks+0x240/0x240 [ 2018.648251] __do_sys_copy_file_range+0x193/0x420 [ 2018.649275] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2018.650266] ? ksys_write+0x1a9/0x260 [ 2018.651064] ? __ia32_sys_read+0xb0/0xb0 [ 2018.651922] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2018.653032] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2018.654108] do_syscall_64+0x33/0x40 [ 2018.654889] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2018.655967] RIP: 0033:0x7fce96a5bb19 [ 2018.656743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2018.660690] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2018.662286] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 2018.663787] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2018.665286] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 2018.666773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2018.668272] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 [ 2018.669799] CPU: 0 PID: 10578 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2018.671308] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2018.673053] Call Trace: [ 2018.673617] dump_stack+0x107/0x167 [ 2018.674387] should_fail.cold+0x5/0xa [ 2018.674757] FAULT_INJECTION: forcing a failure. [ 2018.674757] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2018.675191] ? percpu_ref_init+0xd8/0x3d0 [ 2018.675211] should_failslab+0x5/0x20 [ 2018.675239] kmem_cache_alloc_trace+0x55/0x320 [ 2018.680249] ? cset_cgroup_from_root+0x220/0x220 [ 2018.681237] percpu_ref_init+0xd8/0x3d0 [ 2018.682080] cgroup_mkdir+0x288/0xf50 [ 2018.682877] ? cgroup_destroy_locked+0x710/0x710 [ 2018.683878] kernfs_iop_mkdir+0x14d/0x1e0 [ 2018.684742] vfs_mkdir+0x493/0x750 [ 2018.685489] do_mkdirat+0x150/0x2b0 [ 2018.686257] ? user_path_create+0xf0/0xf0 [ 2018.687135] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2018.688254] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2018.689336] do_syscall_64+0x33/0x40 [ 2018.690111] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2018.691174] RIP: 0033:0x7f374cab7b19 [ 2018.691956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2018.695787] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2018.697396] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2018.698891] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2018.700380] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2018.701880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2018.703368] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 [ 2018.704905] CPU: 1 PID: 10584 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2018.706378] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2018.708124] Call Trace: [ 2018.708690] dump_stack+0x107/0x167 [ 2018.709477] should_fail.cold+0x5/0xa [ 2018.710299] __alloc_pages_nodemask+0x182/0x600 [ 2018.711299] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2018.712592] ? lock_downgrade+0x6d0/0x6d0 [ 2018.713748] ? lock_acquire+0x197/0x470 [ 2018.714626] alloc_pages_vma+0xbb/0x410 [ 2018.715231] FAULT_INJECTION: forcing a failure. [ 2018.715231] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2018.715488] shmem_alloc_page+0x10f/0x1e0 [ 2018.718882] ? shmem_init_inode+0x20/0x20 [ 2018.719811] ? percpu_counter_add_batch+0x8b/0x140 [ 2018.720870] ? __vm_enough_memory+0x184/0x360 [ 2018.721841] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2018.722997] ? shmem_unuse_inode+0xf60/0xf60 [ 2018.724003] shmem_file_read_iter+0x2a6/0xbb0 [ 2018.724978] ? shmem_get_link+0x440/0x440 [ 2018.725866] ? inode_has_perm+0x171/0x1d0 [ 2018.726753] ? iov_iter_pipe+0xf1/0x2a0 [ 2018.727610] generic_file_splice_read+0x455/0x6d0 [ 2018.728648] ? pipe_to_user+0x170/0x170 [ 2018.729506] ? fsnotify_perm.part.0+0x22d/0x620 [ 2018.730499] ? security_file_permission+0xb1/0xe0 [ 2018.731528] ? pipe_to_user+0x170/0x170 [ 2018.732391] do_splice_to+0x10e/0x160 [ 2018.733208] splice_direct_to_actor+0x2fe/0x980 [ 2018.734210] ? pipe_to_sendpage+0x380/0x380 [ 2018.735141] ? do_splice_to+0x160/0x160 [ 2018.735998] ? security_file_permission+0xb1/0xe0 [ 2018.737035] do_splice_direct+0x1c4/0x290 [ 2018.737924] ? splice_direct_to_actor+0x980/0x980 [ 2018.738966] ? security_file_permission+0xb1/0xe0 [ 2018.740018] vfs_copy_file_range+0x4f8/0x13c0 [ 2018.740980] ? generic_file_rw_checks+0x240/0x240 [ 2018.742032] __do_sys_copy_file_range+0x193/0x420 [ 2018.743065] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2018.744090] ? ksys_write+0x1a9/0x260 [ 2018.744903] ? __ia32_sys_read+0xb0/0xb0 [ 2018.745777] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2018.746901] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2018.748017] do_syscall_64+0x33/0x40 [ 2018.748814] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2018.749913] RIP: 0033:0x7f134c613b19 [ 2018.750712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2018.754576] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2018.756174] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2018.757663] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2018.759165] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2018.760658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2018.762143] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 2018.763651] CPU: 0 PID: 10582 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 2018.765154] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2018.767233] Call Trace: [ 2018.767992] dump_stack+0x107/0x167 [ 2018.768758] should_fail.cold+0x5/0xa [ 2018.769557] __alloc_pages_nodemask+0x182/0x600 [ 2018.770529] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2018.771787] ? lock_downgrade+0x6d0/0x6d0 [ 2018.772653] ? lock_acquire+0x197/0x470 [ 2018.773500] alloc_pages_vma+0xbb/0x410 [ 2018.774333] shmem_alloc_page+0x10f/0x1e0 [ 2018.775200] ? shmem_init_inode+0x20/0x20 [ 2018.776093] ? percpu_counter_add_batch+0x8b/0x140 [ 2018.777117] ? __vm_enough_memory+0x184/0x360 [ 2018.778051] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2018.779178] ? shmem_unuse_inode+0xf60/0xf60 [ 2018.780121] shmem_file_read_iter+0x2a6/0xbb0 [ 2018.781068] ? shmem_get_link+0x440/0x440 [ 2018.781932] ? inode_has_perm+0x171/0x1d0 [ 2018.782798] ? iov_iter_pipe+0xf1/0x2a0 [ 2018.783633] generic_file_splice_read+0x455/0x6d0 [ 2018.784654] ? pipe_to_user+0x170/0x170 [ 2018.785495] ? fsnotify_perm.part.0+0x22d/0x620 [ 2018.786467] ? security_file_permission+0xb1/0xe0 [ 2018.787477] ? pipe_to_user+0x170/0x170 [ 2018.788315] do_splice_to+0x10e/0x160 [ 2018.789118] splice_direct_to_actor+0x2fe/0x980 [ 2018.790108] ? pipe_to_sendpage+0x380/0x380 [ 2018.791013] ? do_splice_to+0x160/0x160 [ 2018.791858] ? security_file_permission+0xb1/0xe0 [ 2018.792871] do_splice_direct+0x1c4/0x290 [ 2018.793735] ? splice_direct_to_actor+0x980/0x980 [ 2018.794751] ? security_file_permission+0xb1/0xe0 [ 2018.795775] vfs_copy_file_range+0x4f8/0x13c0 [ 2018.796713] ? generic_file_rw_checks+0x240/0x240 [ 2018.797731] __do_sys_copy_file_range+0x193/0x420 [ 2018.798735] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2018.799710] ? ksys_write+0x1a9/0x260 [ 2018.800511] ? __ia32_sys_read+0xb0/0xb0 [ 2018.801359] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2018.802448] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2018.803521] do_syscall_64+0x33/0x40 [ 2018.804298] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2018.805367] RIP: 0033:0x7ff72d878b19 [ 2018.806142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2018.809989] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2018.810009] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 2018.810019] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 10:35:28 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x0) [ 2018.810030] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 2018.810039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2018.810050] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:35:28 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 11) 10:35:28 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x86) 10:35:28 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:35:28 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 38) 10:35:28 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 9) [ 2019.036627] FAULT_INJECTION: forcing a failure. [ 2019.036627] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2019.040860] CPU: 1 PID: 10600 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2019.042347] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2019.044090] Call Trace: [ 2019.044657] dump_stack+0x107/0x167 [ 2019.045428] should_fail.cold+0x5/0xa [ 2019.046234] __alloc_pages_nodemask+0x182/0x600 [ 2019.047223] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2019.048486] ? lock_downgrade+0x6d0/0x6d0 [ 2019.049357] ? lock_acquire+0x197/0x470 [ 2019.050203] alloc_pages_vma+0xbb/0x410 [ 2019.051041] shmem_alloc_page+0x10f/0x1e0 [ 2019.051916] ? shmem_init_inode+0x20/0x20 [ 2019.052799] ? percpu_counter_add_batch+0x8b/0x140 [ 2019.053827] ? __vm_enough_memory+0x184/0x360 [ 2019.054767] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2019.055906] ? shmem_unuse_inode+0xf60/0xf60 [ 2019.056839] shmem_file_read_iter+0x2a6/0xbb0 [ 2019.057784] ? shmem_get_link+0x440/0x440 [ 2019.058654] ? inode_has_perm+0x171/0x1d0 [ 2019.059518] ? iov_iter_pipe+0xf1/0x2a0 [ 2019.060366] generic_file_splice_read+0x455/0x6d0 [ 2019.061359] ? pipe_to_user+0x170/0x170 [ 2019.062193] ? fsnotify_perm.part.0+0x22d/0x620 [ 2019.063161] ? security_file_permission+0xb1/0xe0 [ 2019.064164] ? pipe_to_user+0x170/0x170 [ 2019.064998] do_splice_to+0x10e/0x160 [ 2019.065796] splice_direct_to_actor+0x2fe/0x980 10:35:28 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x0, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2019.066773] ? pipe_to_sendpage+0x380/0x380 [ 2019.068009] ? do_splice_to+0x160/0x160 [ 2019.068832] ? security_file_permission+0xb1/0xe0 [ 2019.069842] do_splice_direct+0x1c4/0x290 [ 2019.070710] ? splice_direct_to_actor+0x980/0x980 [ 2019.071740] ? security_file_permission+0xb1/0xe0 [ 2019.072760] vfs_copy_file_range+0x4f8/0x13c0 [ 2019.073698] ? generic_file_rw_checks+0x240/0x240 [ 2019.074735] __do_sys_copy_file_range+0x193/0x420 [ 2019.075761] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2019.076749] ? ksys_write+0x1a9/0x260 [ 2019.077567] ? __ia32_sys_read+0xb0/0xb0 [ 2019.078422] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2019.079525] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2019.080612] do_syscall_64+0x33/0x40 [ 2019.081413] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2019.082493] RIP: 0033:0x7f134c613b19 [ 2019.083269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2019.087084] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2019.088670] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2019.090166] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2019.091665] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2019.093184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2019.093196] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 2019.102133] FAULT_INJECTION: forcing a failure. [ 2019.102133] name fail_page_alloc, interval 1, probability 0, space 0, times 0 10:35:28 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b4000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2019.102154] CPU: 0 PID: 10603 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2019.102164] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2019.102170] Call Trace: [ 2019.102195] dump_stack+0x107/0x167 [ 2019.102216] should_fail.cold+0x5/0xa [ 2019.102241] __alloc_pages_nodemask+0x182/0x600 [ 2019.102274] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 10:35:28 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x86) [ 2019.102300] ? lock_downgrade+0x6d0/0x6d0 [ 2019.102325] ? lock_acquire+0x197/0x470 [ 2019.102375] alloc_pages_vma+0xbb/0x410 [ 2019.102410] shmem_alloc_page+0x10f/0x1e0 [ 2019.102437] ? shmem_init_inode+0x20/0x20 [ 2019.102497] ? percpu_counter_add_batch+0x8b/0x140 [ 2019.102530] ? __vm_enough_memory+0x184/0x360 [ 2019.102565] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2019.102618] ? shmem_unuse_inode+0xf60/0xf60 [ 2019.102673] shmem_file_read_iter+0x2a6/0xbb0 [ 2019.102724] ? shmem_get_link+0x440/0x440 [ 2019.102749] ? inode_has_perm+0x171/0x1d0 10:35:28 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 12) [ 2019.102779] ? iov_iter_pipe+0xf1/0x2a0 [ 2019.102813] generic_file_splice_read+0x455/0x6d0 [ 2019.102842] ? pipe_to_user+0x170/0x170 [ 2019.102881] ? fsnotify_perm.part.0+0x22d/0x620 [ 2019.102913] ? security_file_permission+0xb1/0xe0 [ 2019.102942] ? pipe_to_user+0x170/0x170 [ 2019.102970] do_splice_to+0x10e/0x160 [ 2019.103003] splice_direct_to_actor+0x2fe/0x980 [ 2019.103036] ? pipe_to_sendpage+0x380/0x380 [ 2019.103069] ? do_splice_to+0x160/0x160 [ 2019.103095] ? security_file_permission+0xb1/0xe0 [ 2019.103133] do_splice_direct+0x1c4/0x290 [ 2019.103161] ? splice_direct_to_actor+0x980/0x980 [ 2019.103197] ? security_file_permission+0xb1/0xe0 [ 2019.103235] vfs_copy_file_range+0x4f8/0x13c0 [ 2019.103271] ? generic_file_rw_checks+0x240/0x240 [ 2019.103330] __do_sys_copy_file_range+0x193/0x420 [ 2019.103360] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2019.103385] ? ksys_write+0x1a9/0x260 [ 2019.103412] ? __ia32_sys_read+0xb0/0xb0 [ 2019.103444] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2019.103473] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2019.103504] do_syscall_64+0x33/0x40 [ 2019.103531] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2019.103548] RIP: 0033:0x7fce96a5bb19 [ 2019.103576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2019.103591] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2019.103618] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 2019.103634] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2019.103650] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 2019.103667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2019.103684] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 [ 2019.104709] FAULT_INJECTION: forcing a failure. [ 2019.104709] name failslab, interval 1, probability 0, space 0, times 0 [ 2019.104727] CPU: 0 PID: 10605 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2019.104736] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2019.104741] Call Trace: [ 2019.104760] dump_stack+0x107/0x167 [ 2019.104780] should_fail.cold+0x5/0xa [ 2019.104800] ? create_object.isra.0+0x3a/0xa30 [ 2019.104817] should_failslab+0x5/0x20 [ 2019.104843] kmem_cache_alloc+0x5b/0x310 [ 2019.104868] create_object.isra.0+0x3a/0xa30 [ 2019.104883] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2019.104908] kmem_cache_alloc_trace+0x151/0x320 [ 2019.104932] ? cset_cgroup_from_root+0x220/0x220 [ 2019.104950] percpu_ref_init+0xd8/0x3d0 [ 2019.104970] cgroup_mkdir+0x288/0xf50 [ 2019.104995] ? cgroup_destroy_locked+0x710/0x710 [ 2019.105015] kernfs_iop_mkdir+0x14d/0x1e0 [ 2019.105036] vfs_mkdir+0x493/0x750 [ 2019.105057] do_mkdirat+0x150/0x2b0 [ 2019.105078] ? user_path_create+0xf0/0xf0 [ 2019.105101] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2019.105120] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2019.105142] do_syscall_64+0x33/0x40 [ 2019.105160] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2019.105171] RIP: 0033:0x7f374cab7b19 [ 2019.105187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2019.105196] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2019.105215] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2019.105225] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2019.105234] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2019.105244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2019.105254] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 [ 2019.314550] FAULT_INJECTION: forcing a failure. [ 2019.314550] name failslab, interval 1, probability 0, space 0, times 0 [ 2019.376627] CPU: 1 PID: 10615 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2019.376637] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2019.376643] Call Trace: [ 2019.376670] dump_stack+0x107/0x167 [ 2019.376692] should_fail.cold+0x5/0xa [ 2019.376713] ? create_object.isra.0+0x3a/0xa30 [ 2019.376731] should_failslab+0x5/0x20 [ 2019.376750] kmem_cache_alloc+0x5b/0x310 [ 2019.376775] create_object.isra.0+0x3a/0xa30 [ 2019.376802] kmemleak_alloc_percpu+0xa0/0x100 [ 2019.376826] pcpu_alloc+0x4e2/0x1240 [ 2019.376862] cgroup_rstat_init+0x14f/0x1f0 [ 2019.376884] cgroup_mkdir+0x706/0xf50 [ 2019.376911] ? cgroup_destroy_locked+0x710/0x710 [ 2019.376931] kernfs_iop_mkdir+0x14d/0x1e0 [ 2019.376952] vfs_mkdir+0x493/0x750 [ 2019.376973] do_mkdirat+0x150/0x2b0 [ 2019.376994] ? user_path_create+0xf0/0xf0 [ 2019.377018] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2019.377038] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2019.377060] do_syscall_64+0x33/0x40 [ 2019.377078] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2019.377090] RIP: 0033:0x7f374cab7b19 [ 2019.377107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2019.377117] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2019.377137] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2019.377147] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2019.377157] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2019.377167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2019.377177] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 10:35:41 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 32) 10:35:41 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 13) 10:35:41 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b4000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:35:41 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x0) 10:35:41 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 39) 10:35:41 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 10) 10:35:41 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x86) 10:35:41 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x0, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2032.177602] FAULT_INJECTION: forcing a failure. [ 2032.177602] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2032.179566] CPU: 0 PID: 10626 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 2032.180603] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2032.181838] Call Trace: [ 2032.182232] dump_stack+0x107/0x167 [ 2032.182782] should_fail.cold+0x5/0xa [ 2032.183353] __alloc_pages_nodemask+0x182/0x600 [ 2032.184057] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2032.184942] ? lock_downgrade+0x6d0/0x6d0 [ 2032.185557] ? lock_acquire+0x197/0x470 [ 2032.186168] alloc_pages_vma+0xbb/0x410 [ 2032.186764] shmem_alloc_page+0x10f/0x1e0 [ 2032.187382] ? shmem_init_inode+0x20/0x20 [ 2032.188029] ? percpu_counter_add_batch+0x8b/0x140 [ 2032.188767] ? __vm_enough_memory+0x184/0x360 [ 2032.189450] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2032.190256] ? shmem_unuse_inode+0xf60/0xf60 [ 2032.190919] shmem_file_read_iter+0x2a6/0xbb0 [ 2032.191592] ? shmem_get_link+0x440/0x440 [ 2032.192216] ? inode_has_perm+0x171/0x1d0 [ 2032.192829] ? iov_iter_pipe+0xf1/0x2a0 [ 2032.193416] generic_file_splice_read+0x455/0x6d0 [ 2032.194133] ? pipe_to_user+0x170/0x170 [ 2032.194726] ? fsnotify_perm.part.0+0x22d/0x620 [ 2032.195372] FAULT_INJECTION: forcing a failure. [ 2032.195372] name failslab, interval 1, probability 0, space 0, times 0 [ 2032.195435] ? security_file_permission+0xb1/0xe0 [ 2032.198536] ? pipe_to_user+0x170/0x170 [ 2032.199126] do_splice_to+0x10e/0x160 [ 2032.199691] splice_direct_to_actor+0x2fe/0x980 [ 2032.200395] ? pipe_to_sendpage+0x380/0x380 [ 2032.201037] ? do_splice_to+0x160/0x160 [ 2032.201624] ? security_file_permission+0xb1/0xe0 [ 2032.202342] do_splice_direct+0x1c4/0x290 [ 2032.202957] ? splice_direct_to_actor+0x980/0x980 [ 2032.203672] ? security_file_permission+0xb1/0xe0 [ 2032.204405] vfs_copy_file_range+0x4f8/0x13c0 [ 2032.205071] ? generic_file_rw_checks+0x240/0x240 [ 2032.205800] __do_sys_copy_file_range+0x193/0x420 [ 2032.206519] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2032.207220] ? ksys_write+0x1a9/0x260 [ 2032.207782] ? __ia32_sys_read+0xb0/0xb0 [ 2032.208373] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2032.209123] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2032.209850] do_syscall_64+0x33/0x40 [ 2032.210381] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2032.211111] RIP: 0033:0x7ff72d878b19 [ 2032.211641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2032.214230] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2032.215301] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 2032.216317] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2032.217314] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 2032.218321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2032.219318] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 2032.220353] CPU: 1 PID: 10627 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2032.221822] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2032.223557] Call Trace: [ 2032.224126] dump_stack+0x107/0x167 [ 2032.224893] should_fail.cold+0x5/0xa [ 2032.225697] ? create_object.isra.0+0x3a/0xa30 [ 2032.226647] should_failslab+0x5/0x20 [ 2032.227443] kmem_cache_alloc+0x5b/0x310 [ 2032.228308] ? mark_held_locks+0x9e/0xe0 [ 2032.229169] create_object.isra.0+0x3a/0xa30 [ 2032.230100] kmemleak_alloc_percpu+0xa0/0x100 [ 2032.231044] pcpu_alloc+0x4e2/0x1240 [ 2032.231840] cgroup_rstat_init+0x14f/0x1f0 [ 2032.232752] cgroup_mkdir+0x706/0xf50 [ 2032.233560] ? cgroup_destroy_locked+0x710/0x710 [ 2032.234549] kernfs_iop_mkdir+0x14d/0x1e0 [ 2032.235422] vfs_mkdir+0x493/0x750 [ 2032.236193] do_mkdirat+0x150/0x2b0 [ 2032.236953] ? user_path_create+0xf0/0xf0 [ 2032.237822] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2032.238918] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2032.240004] do_syscall_64+0x33/0x40 [ 2032.240792] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2032.241865] RIP: 0033:0x7f374cab7b19 [ 2032.242649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2032.246513] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2032.248109] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2032.249601] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2032.251097] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2032.252594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2032.254077] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 10:35:41 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x0, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2032.266340] FAULT_INJECTION: forcing a failure. [ 2032.266340] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2032.268893] CPU: 1 PID: 10630 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2032.270338] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2032.272102] Call Trace: [ 2032.272652] dump_stack+0x107/0x167 [ 2032.273422] should_fail.cold+0x5/0xa [ 2032.274226] __alloc_pages_nodemask+0x182/0x600 [ 2032.275208] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2032.276466] ? lock_downgrade+0x6d0/0x6d0 [ 2032.277331] ? lock_acquire+0x197/0x470 [ 2032.278179] alloc_pages_vma+0xbb/0x410 [ 2032.279015] shmem_alloc_page+0x10f/0x1e0 [ 2032.279884] ? shmem_init_inode+0x20/0x20 [ 2032.280789] ? percpu_counter_add_batch+0x8b/0x140 [ 2032.281828] ? __vm_enough_memory+0x184/0x360 [ 2032.282772] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2032.283913] ? shmem_unuse_inode+0xf60/0xf60 [ 2032.284849] shmem_file_read_iter+0x2a6/0xbb0 [ 2032.285802] ? shmem_get_link+0x440/0x440 [ 2032.286680] ? inode_has_perm+0x171/0x1d0 [ 2032.287556] ? iov_iter_pipe+0xf1/0x2a0 [ 2032.288405] generic_file_splice_read+0x455/0x6d0 [ 2032.289415] ? pipe_to_user+0x170/0x170 [ 2032.290266] ? fsnotify_perm.part.0+0x22d/0x620 [ 2032.291257] ? security_file_permission+0xb1/0xe0 [ 2032.292284] ? pipe_to_user+0x170/0x170 [ 2032.293115] do_splice_to+0x10e/0x160 [ 2032.293917] splice_direct_to_actor+0x2fe/0x980 [ 2032.294902] ? pipe_to_sendpage+0x380/0x380 [ 2032.295804] ? do_splice_to+0x160/0x160 [ 2032.296649] ? security_file_permission+0xb1/0xe0 [ 2032.297672] do_splice_direct+0x1c4/0x290 [ 2032.298548] ? splice_direct_to_actor+0x980/0x980 [ 2032.299563] ? security_file_permission+0xb1/0xe0 [ 2032.300597] vfs_copy_file_range+0x4f8/0x13c0 [ 2032.301540] ? generic_file_rw_checks+0x240/0x240 [ 2032.302573] __do_sys_copy_file_range+0x193/0x420 [ 2032.303585] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2032.304582] ? ksys_write+0x1a9/0x260 [ 2032.305380] ? __ia32_sys_read+0xb0/0xb0 [ 2032.306236] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2032.307337] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2032.308427] do_syscall_64+0x33/0x40 [ 2032.309206] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2032.310281] RIP: 0033:0x7f134c613b19 [ 2032.311058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2032.314919] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2032.316515] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2032.318012] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2032.319509] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2032.321001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2032.322488] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 2032.332583] FAULT_INJECTION: forcing a failure. [ 2032.332583] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2032.334410] CPU: 0 PID: 10642 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2032.335353] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2032.336517] Call Trace: [ 2032.336887] dump_stack+0x107/0x167 [ 2032.337378] should_fail.cold+0x5/0xa [ 2032.337906] __alloc_pages_nodemask+0x182/0x600 [ 2032.338530] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2032.339347] ? lock_downgrade+0x6d0/0x6d0 [ 2032.339910] ? lock_acquire+0x197/0x470 [ 2032.340450] alloc_pages_vma+0xbb/0x410 [ 2032.341001] shmem_alloc_page+0x10f/0x1e0 [ 2032.341573] ? shmem_init_inode+0x20/0x20 [ 2032.342164] ? percpu_counter_add_batch+0x8b/0x140 [ 2032.342825] ? __vm_enough_memory+0x184/0x360 [ 2032.343442] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2032.344209] ? shmem_unuse_inode+0xf60/0xf60 [ 2032.344809] shmem_file_read_iter+0x2a6/0xbb0 [ 2032.345421] ? shmem_get_link+0x440/0x440 [ 2032.345987] ? inode_has_perm+0x171/0x1d0 [ 2032.346543] ? iov_iter_pipe+0xf1/0x2a0 [ 2032.347086] generic_file_splice_read+0x455/0x6d0 [ 2032.347730] ? pipe_to_user+0x170/0x170 [ 2032.348272] ? fsnotify_perm.part.0+0x22d/0x620 [ 2032.348895] ? security_file_permission+0xb1/0xe0 [ 2032.349538] ? pipe_to_user+0x170/0x170 [ 2032.350088] do_splice_to+0x10e/0x160 [ 2032.350599] splice_direct_to_actor+0x2fe/0x980 [ 2032.351226] ? pipe_to_sendpage+0x380/0x380 [ 2032.351801] ? do_splice_to+0x160/0x160 [ 2032.352393] ? security_file_permission+0xb1/0xe0 [ 2032.353044] do_splice_direct+0x1c4/0x290 [ 2032.353612] ? splice_direct_to_actor+0x980/0x980 [ 2032.354263] ? security_file_permission+0xb1/0xe0 [ 2032.354916] vfs_copy_file_range+0x4f8/0x13c0 [ 2032.355527] ? generic_file_rw_checks+0x240/0x240 [ 2032.356198] __do_sys_copy_file_range+0x193/0x420 [ 2032.356851] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2032.357480] ? ksys_write+0x1a9/0x260 [ 2032.357992] ? __ia32_sys_read+0xb0/0xb0 [ 2032.358544] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2032.359238] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2032.359930] do_syscall_64+0x33/0x40 [ 2032.360435] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2032.361119] RIP: 0033:0x7fce96a5bb19 [ 2032.361619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2032.364082] RSP: 002b:00007fce93fb0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2032.365094] RAX: ffffffffffffffda RBX: 00007fce96b6f020 RCX: 00007fce96a5bb19 [ 2032.366048] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2032.366997] RBP: 00007fce93fb01d0 R08: 0000000300000000 R09: 0000000000000000 [ 2032.367968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2032.368908] R13: 00007ffdd8c2850f R14: 00007fce93fb0300 R15: 0000000000022000 10:35:41 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:35:41 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, 0x0, 0x86) 10:35:41 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:35:41 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 1) 10:35:41 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 33) 10:35:41 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, 0x0, 0x86) 10:35:41 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 14) 10:35:42 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2032.537575] FAULT_INJECTION: forcing a failure. [ 2032.537575] name failslab, interval 1, probability 0, space 0, times 0 [ 2032.539083] CPU: 0 PID: 10658 Comm: syz-executor.3 Not tainted 5.10.244 #1 [ 2032.539929] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2032.540927] Call Trace: [ 2032.541265] dump_stack+0x107/0x167 [ 2032.541706] should_fail.cold+0x5/0xa [ 2032.542169] ? getname_flags.part.0+0x50/0x4f0 [ 2032.542722] should_failslab+0x5/0x20 [ 2032.543179] kmem_cache_alloc+0x5b/0x310 [ 2032.543671] getname_flags.part.0+0x50/0x4f0 [ 2032.544218] getname_flags+0x9a/0xe0 [ 2032.544670] do_mkdirat+0x8f/0x2b0 [ 2032.545101] ? user_path_create+0xf0/0xf0 [ 2032.545604] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2032.546238] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2032.546861] do_syscall_64+0x33/0x40 [ 2032.547310] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2032.547936] RIP: 0033:0x7f4ab16a0b19 [ 2032.548388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2032.550614] RSP: 002b:00007f4aaec16188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2032.551538] RAX: ffffffffffffffda RBX: 00007f4ab17b3f60 RCX: 00007f4ab16a0b19 [ 2032.552412] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000007 [ 2032.553268] RBP: 00007f4aaec161d0 R08: 0000000000000000 R09: 0000000000000000 [ 2032.554128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2032.554993] R13: 00007ffcbd46ad9f R14: 00007f4aaec16300 R15: 0000000000022000 [ 2032.573258] FAULT_INJECTION: forcing a failure. [ 2032.573258] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2032.574764] CPU: 0 PID: 10662 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 2032.575585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2032.576590] Call Trace: [ 2032.576905] dump_stack+0x107/0x167 [ 2032.577338] should_fail.cold+0x5/0xa [ 2032.577795] __alloc_pages_nodemask+0x182/0x600 [ 2032.578355] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2032.579067] ? lock_downgrade+0x6d0/0x6d0 [ 2032.579559] ? lock_acquire+0x197/0x470 [ 2032.580051] alloc_pages_vma+0xbb/0x410 [ 2032.580527] shmem_alloc_page+0x10f/0x1e0 [ 2032.581023] ? shmem_init_inode+0x20/0x20 [ 2032.581527] ? percpu_counter_add_batch+0x8b/0x140 [ 2032.582116] ? __vm_enough_memory+0x184/0x360 [ 2032.582651] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2032.583296] ? shmem_unuse_inode+0xf60/0xf60 [ 2032.583823] shmem_file_read_iter+0x2a6/0xbb0 [ 2032.584369] ? shmem_get_link+0x440/0x440 [ 2032.584858] ? inode_has_perm+0x171/0x1d0 [ 2032.585355] ? iov_iter_pipe+0xf1/0x2a0 [ 2032.585826] generic_file_splice_read+0x455/0x6d0 [ 2032.586394] ? pipe_to_user+0x170/0x170 [ 2032.586877] ? fsnotify_perm.part.0+0x22d/0x620 [ 2032.587424] ? security_file_permission+0xb1/0xe0 [ 2032.587997] ? pipe_to_user+0x170/0x170 [ 2032.588463] do_splice_to+0x10e/0x160 [ 2032.588914] splice_direct_to_actor+0x2fe/0x980 [ 2032.589465] ? pipe_to_sendpage+0x380/0x380 [ 2032.589973] ? do_splice_to+0x160/0x160 [ 2032.590437] ? security_file_permission+0xb1/0xe0 [ 2032.591005] do_splice_direct+0x1c4/0x290 [ 2032.591495] ? splice_direct_to_actor+0x980/0x980 [ 2032.592074] ? security_file_permission+0xb1/0xe0 [ 2032.592649] vfs_copy_file_range+0x4f8/0x13c0 [ 2032.593178] ? generic_file_rw_checks+0x240/0x240 [ 2032.593756] __do_sys_copy_file_range+0x193/0x420 [ 2032.594328] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2032.594884] ? ksys_write+0x1a9/0x260 [ 2032.595333] ? __ia32_sys_read+0xb0/0xb0 [ 2032.595811] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2032.596443] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2032.597047] do_syscall_64+0x33/0x40 [ 2032.597481] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2032.598081] RIP: 0033:0x7ff72d878b19 [ 2032.598512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2032.600667] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2032.601561] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 2032.602398] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2032.603232] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 2032.604075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2032.604914] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:35:42 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:35:42 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 40) 10:35:42 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, 0x0, 0x86) 10:35:42 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2032.663587] FAULT_INJECTION: forcing a failure. [ 2032.663587] name failslab, interval 1, probability 0, space 0, times 0 [ 2032.666240] CPU: 1 PID: 10665 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2032.666250] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2032.666256] Call Trace: [ 2032.666280] dump_stack+0x107/0x167 [ 2032.666302] should_fail.cold+0x5/0xa [ 2032.666324] should_failslab+0x5/0x20 [ 2032.666344] __kmalloc_track_caller+0x79/0x370 [ 2032.666358] ? kstrdup_const+0x53/0x80 [ 2032.666374] ? find_held_lock+0x2c/0x110 [ 2032.666395] kstrdup+0x36/0x70 [ 2032.666411] kstrdup_const+0x53/0x80 [ 2032.666428] __kernfs_new_node+0x9d/0x860 [ 2032.666446] ? mark_held_locks+0x9e/0xe0 [ 2032.666465] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2032.666488] ? cpumask_next+0x1f/0x30 [ 2032.666508] ? kmemleak_alloc_percpu+0xaf/0x100 [ 2032.666532] ? pcpu_alloc+0x12a/0x1240 [ 2032.666558] kernfs_new_node+0x18d/0x250 [ 2032.666582] kernfs_create_dir_ns+0x49/0x160 [ 2032.666603] cgroup_mkdir+0x315/0xf50 [ 2032.683612] ? cgroup_destroy_locked+0x710/0x710 [ 2032.684614] kernfs_iop_mkdir+0x14d/0x1e0 [ 2032.685480] vfs_mkdir+0x493/0x750 [ 2032.686225] do_mkdirat+0x150/0x2b0 [ 2032.686983] ? user_path_create+0xf0/0xf0 [ 2032.687849] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2032.688951] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2032.690030] do_syscall_64+0x33/0x40 [ 2032.690806] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2032.691875] RIP: 0033:0x7f374cab7b19 [ 2032.692667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2032.696499] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2032.698077] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2032.699570] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2032.701073] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2032.702563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2032.704067] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 [ 2032.730500] FAULT_INJECTION: forcing a failure. [ 2032.730500] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2032.732107] CPU: 0 PID: 10672 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2032.732923] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2032.733883] Call Trace: [ 2032.734209] dump_stack+0x107/0x167 [ 2032.734647] should_fail.cold+0x5/0xa [ 2032.735109] __alloc_pages_nodemask+0x182/0x600 [ 2032.735673] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2032.736390] ? lock_downgrade+0x6d0/0x6d0 [ 2032.736884] ? lock_acquire+0x197/0x470 [ 2032.737381] alloc_pages_vma+0xbb/0x410 [ 2032.737870] shmem_alloc_page+0x10f/0x1e0 [ 2032.738365] ? shmem_init_inode+0x20/0x20 [ 2032.738884] ? percpu_counter_add_batch+0x8b/0x140 [ 2032.739475] ? __vm_enough_memory+0x184/0x360 [ 2032.740026] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2032.740679] ? shmem_unuse_inode+0xf60/0xf60 [ 2032.741218] shmem_file_read_iter+0x2a6/0xbb0 [ 2032.741780] ? shmem_get_link+0x440/0x440 [ 2032.742275] ? inode_has_perm+0x171/0x1d0 [ 2032.742771] ? iov_iter_pipe+0xf1/0x2a0 [ 2032.743258] generic_file_splice_read+0x455/0x6d0 [ 2032.743835] ? pipe_to_user+0x170/0x170 [ 2032.744336] ? fsnotify_perm.part.0+0x22d/0x620 [ 2032.744888] ? security_file_permission+0xb1/0xe0 [ 2032.745458] ? pipe_to_user+0x170/0x170 [ 2032.745931] do_splice_to+0x10e/0x160 [ 2032.746390] splice_direct_to_actor+0x2fe/0x980 [ 2032.746947] ? pipe_to_sendpage+0x380/0x380 [ 2032.747467] ? do_splice_to+0x160/0x160 [ 2032.747945] ? security_file_permission+0xb1/0xe0 [ 2032.748521] do_splice_direct+0x1c4/0x290 [ 2032.749010] ? splice_direct_to_actor+0x980/0x980 [ 2032.749585] ? security_file_permission+0xb1/0xe0 [ 2032.750162] vfs_copy_file_range+0x4f8/0x13c0 [ 2032.750688] ? generic_file_rw_checks+0x240/0x240 [ 2032.751281] __do_sys_copy_file_range+0x193/0x420 [ 2032.751854] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2032.752419] ? ksys_write+0x1a9/0x260 [ 2032.752867] ? __ia32_sys_read+0xb0/0xb0 [ 2032.753349] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2032.753969] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2032.754581] do_syscall_64+0x33/0x40 [ 2032.755015] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2032.755617] RIP: 0033:0x7f134c613b19 [ 2032.756080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2032.758186] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2032.759050] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2032.759857] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2032.760681] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2032.761489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2032.762307] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 10:35:56 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 41) 10:35:56 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 11) 10:35:56 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:35:56 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 2) 10:35:56 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 34) 10:35:56 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:35:56 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x0) 10:35:56 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 15) [ 2046.776612] FAULT_INJECTION: forcing a failure. [ 2046.776612] name failslab, interval 1, probability 0, space 0, times 0 [ 2046.778068] CPU: 1 PID: 10683 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2046.778847] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2046.779789] Call Trace: [ 2046.780103] dump_stack+0x107/0x167 [ 2046.780514] should_fail.cold+0x5/0xa [ 2046.780947] ? create_object.isra.0+0x3a/0xa30 [ 2046.781464] should_failslab+0x5/0x20 [ 2046.781898] kmem_cache_alloc+0x5b/0x310 [ 2046.782363] create_object.isra.0+0x3a/0xa30 [ 2046.782859] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2046.783438] __kmalloc_track_caller+0x177/0x370 [ 2046.783964] ? kstrdup_const+0x53/0x80 [ 2046.784425] ? find_held_lock+0x2c/0x110 [ 2046.784889] kstrdup+0x36/0x70 [ 2046.785259] kstrdup_const+0x53/0x80 [ 2046.785679] __kernfs_new_node+0x9d/0x860 [ 2046.786152] ? mark_held_locks+0x9e/0xe0 [ 2046.786617] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2046.787161] ? cpumask_next+0x1f/0x30 [ 2046.787598] ? kmemleak_alloc_percpu+0xaf/0x100 [ 2046.788143] ? pcpu_alloc+0x12a/0x1240 [ 2046.788592] kernfs_new_node+0x18d/0x250 [ 2046.789061] kernfs_create_dir_ns+0x49/0x160 [ 2046.789568] cgroup_mkdir+0x315/0xf50 [ 2046.790011] ? cgroup_destroy_locked+0x710/0x710 [ 2046.790552] kernfs_iop_mkdir+0x14d/0x1e0 [ 2046.791027] vfs_mkdir+0x493/0x750 [ 2046.791434] do_mkdirat+0x150/0x2b0 [ 2046.791849] ? user_path_create+0xf0/0xf0 [ 2046.792343] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2046.792939] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2046.793528] do_syscall_64+0x33/0x40 [ 2046.793955] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2046.794537] RIP: 0033:0x7f374cab7b19 [ 2046.794962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2046.797067] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2046.797936] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2046.798751] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2046.799562] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2046.800380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2046.801189] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 10:35:56 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2046.862355] FAULT_INJECTION: forcing a failure. [ 2046.862355] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2046.865259] CPU: 0 PID: 10693 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2046.866355] FAULT_INJECTION: forcing a failure. [ 2046.866355] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2046.866755] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2046.866763] Call Trace: [ 2046.866794] dump_stack+0x107/0x167 [ 2046.871235] should_fail.cold+0x5/0xa [ 2046.872063] __alloc_pages_nodemask+0x182/0x600 [ 2046.873080] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2046.874366] ? lock_downgrade+0x6d0/0x6d0 [ 2046.875257] ? lock_acquire+0x197/0x470 [ 2046.876135] alloc_pages_vma+0xbb/0x410 [ 2046.876993] shmem_alloc_page+0x10f/0x1e0 [ 2046.877876] ? shmem_init_inode+0x20/0x20 [ 2046.878783] ? percpu_counter_add_batch+0x8b/0x140 [ 2046.879841] ? __vm_enough_memory+0x184/0x360 [ 2046.880810] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2046.881970] ? shmem_unuse_inode+0xf60/0xf60 [ 2046.882927] shmem_file_read_iter+0x2a6/0xbb0 [ 2046.883903] ? shmem_get_link+0x440/0x440 [ 2046.884793] ? inode_has_perm+0x171/0x1d0 [ 2046.885682] ? iov_iter_pipe+0xf1/0x2a0 [ 2046.886528] generic_file_splice_read+0x455/0x6d0 [ 2046.887552] ? pipe_to_user+0x170/0x170 [ 2046.888411] ? fsnotify_perm.part.0+0x22d/0x620 [ 2046.889397] ? security_file_permission+0xb1/0xe0 [ 2046.890423] ? pipe_to_user+0x170/0x170 [ 2046.891263] do_splice_to+0x10e/0x160 [ 2046.892075] splice_direct_to_actor+0x2fe/0x980 [ 2046.893073] ? pipe_to_sendpage+0x380/0x380 [ 2046.893990] ? do_splice_to+0x160/0x160 [ 2046.894832] ? security_file_permission+0xb1/0xe0 [ 2046.895861] do_splice_direct+0x1c4/0x290 [ 2046.896746] ? splice_direct_to_actor+0x980/0x980 [ 2046.897774] ? security_file_permission+0xb1/0xe0 [ 2046.898800] vfs_copy_file_range+0x4f8/0x13c0 [ 2046.899748] ? generic_file_rw_checks+0x240/0x240 [ 2046.900797] __do_sys_copy_file_range+0x193/0x420 [ 2046.901820] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2046.902816] ? ksys_write+0x1a9/0x260 [ 2046.903614] ? __ia32_sys_read+0xb0/0xb0 [ 2046.904491] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2046.905597] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2046.906687] do_syscall_64+0x33/0x40 [ 2046.907477] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2046.908556] RIP: 0033:0x7fce96a5bb19 [ 2046.909337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2046.913732] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2046.915581] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 2046.917311] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2046.919056] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 2046.920806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2046.922548] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 [ 2046.924315] CPU: 1 PID: 10694 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 2046.925117] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2046.926056] Call Trace: [ 2046.926400] dump_stack+0x107/0x167 [ 2046.926813] should_fail.cold+0x5/0xa [ 2046.927250] __alloc_pages_nodemask+0x182/0x600 [ 2046.927775] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2046.928461] ? lock_downgrade+0x6d0/0x6d0 [ 2046.928929] ? lock_acquire+0x197/0x470 [ 2046.929387] alloc_pages_vma+0xbb/0x410 [ 2046.929839] shmem_alloc_page+0x10f/0x1e0 [ 2046.930316] ? shmem_init_inode+0x20/0x20 [ 2046.930808] ? percpu_counter_add_batch+0x8b/0x140 [ 2046.931363] ? __vm_enough_memory+0x184/0x360 [ 2046.931872] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2046.932492] ? shmem_unuse_inode+0xf60/0xf60 [ 2046.932997] shmem_file_read_iter+0x2a6/0xbb0 [ 2046.933513] ? shmem_get_link+0x440/0x440 [ 2046.933984] ? inode_has_perm+0x171/0x1d0 [ 2046.934462] ? iov_iter_pipe+0xf1/0x2a0 [ 2046.934916] generic_file_splice_read+0x455/0x6d0 [ 2046.935471] ? pipe_to_user+0x170/0x170 [ 2046.935599] FAULT_INJECTION: forcing a failure. [ 2046.935599] name failslab, interval 1, probability 0, space 0, times 0 [ 2046.935924] ? fsnotify_perm.part.0+0x22d/0x620 [ 2046.935936] ? security_file_permission+0xb1/0xe0 [ 2046.935947] ? pipe_to_user+0x170/0x170 [ 2046.935958] do_splice_to+0x10e/0x160 [ 2046.935970] splice_direct_to_actor+0x2fe/0x980 [ 2046.935983] ? pipe_to_sendpage+0x380/0x380 [ 2046.935995] ? do_splice_to+0x160/0x160 [ 2046.936004] ? security_file_permission+0xb1/0xe0 [ 2046.936019] do_splice_direct+0x1c4/0x290 [ 2046.936029] ? splice_direct_to_actor+0x980/0x980 [ 2046.936042] ? security_file_permission+0xb1/0xe0 [ 2046.936058] vfs_copy_file_range+0x4f8/0x13c0 [ 2046.936071] ? generic_file_rw_checks+0x240/0x240 [ 2046.936099] __do_sys_copy_file_range+0x193/0x420 [ 2046.936110] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2046.936120] ? ksys_write+0x1a9/0x260 [ 2046.936130] ? __ia32_sys_read+0xb0/0xb0 [ 2046.936151] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2046.947661] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2046.948255] do_syscall_64+0x33/0x40 [ 2046.948676] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2046.949261] RIP: 0033:0x7ff72d878b19 [ 2046.949679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2046.951756] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2046.952633] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 2046.953444] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2046.954251] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 2046.955060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2046.955865] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 2046.956723] CPU: 0 PID: 10695 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2046.958027] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2046.959345] Call Trace: [ 2046.959770] dump_stack+0x107/0x167 [ 2046.960364] should_fail.cold+0x5/0xa [ 2046.960973] ? iter_file_splice_write+0x165/0xc90 [ 2046.961731] should_failslab+0x5/0x20 [ 2046.962248] __kmalloc+0x72/0x390 [ 2046.962720] iter_file_splice_write+0x165/0xc90 [ 2046.963352] ? shmem_get_link+0x440/0x440 [ 2046.963932] ? generic_splice_sendpage+0x140/0x140 [ 2046.964591] ? pipe_to_user+0x170/0x170 [ 2046.965142] ? security_file_permission+0xb1/0xe0 [ 2046.965786] ? generic_splice_sendpage+0x140/0x140 [ 2046.966448] direct_splice_actor+0x10f/0x170 [ 2046.967043] splice_direct_to_actor+0x387/0x980 [ 2046.967666] ? pipe_to_sendpage+0x380/0x380 [ 2046.968263] ? do_splice_to+0x160/0x160 [ 2046.968788] ? security_file_permission+0xb1/0xe0 [ 2046.969490] do_splice_direct+0x1c4/0x290 [ 2046.970061] ? splice_direct_to_actor+0x980/0x980 [ 2046.970705] ? security_file_permission+0xb1/0xe0 [ 2046.971351] vfs_copy_file_range+0x4f8/0x13c0 [ 2046.971965] ? generic_file_rw_checks+0x240/0x240 [ 2046.972642] __do_sys_copy_file_range+0x193/0x420 [ 2046.973295] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2046.973930] ? ksys_write+0x1a9/0x260 [ 2046.974443] ? __ia32_sys_read+0xb0/0xb0 [ 2046.974992] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2046.975702] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2046.976403] do_syscall_64+0x33/0x40 10:35:56 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x0) [ 2046.977095] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2046.977784] RIP: 0033:0x7f134c613b19 [ 2046.978307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2046.980796] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2046.981824] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2046.982790] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2046.983757] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2046.984735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2046.985700] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 2047.005836] FAULT_INJECTION: forcing a failure. [ 2047.005836] name failslab, interval 1, probability 0, space 0, times 0 [ 2047.007768] CPU: 0 PID: 10696 Comm: syz-executor.3 Not tainted 5.10.244 #1 [ 2047.008687] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2047.009793] Call Trace: [ 2047.010148] dump_stack+0x107/0x167 [ 2047.010642] should_fail.cold+0x5/0xa [ 2047.011145] ? create_object.isra.0+0x3a/0xa30 [ 2047.011776] should_failslab+0x5/0x20 [ 2047.012365] kmem_cache_alloc+0x5b/0x310 [ 2047.012929] ? ksys_write+0x21a/0x260 [ 2047.013449] create_object.isra.0+0x3a/0xa30 [ 2047.014060] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 10:35:56 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2047.014747] kmem_cache_alloc+0x159/0x310 [ 2047.015468] getname_flags.part.0+0x50/0x4f0 [ 2047.016075] getname_flags+0x9a/0xe0 [ 2047.016595] do_mkdirat+0x8f/0x2b0 [ 2047.017073] ? user_path_create+0xf0/0xf0 [ 2047.017628] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2047.018332] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2047.019028] do_syscall_64+0x33/0x40 [ 2047.019530] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2047.020214] RIP: 0033:0x7f4ab16a0b19 [ 2047.020716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2047.023127] RSP: 002b:00007f4aaec16188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2047.024162] RAX: ffffffffffffffda RBX: 00007f4ab17b3f60 RCX: 00007f4ab16a0b19 [ 2047.025118] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000007 [ 2047.026059] RBP: 00007f4aaec161d0 R08: 0000000000000000 R09: 0000000000000000 [ 2047.027033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2047.028004] R13: 00007ffcbd46ad9f R14: 00007f4aaec16300 R15: 0000000000022000 10:36:11 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 12) 10:36:11 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 42) 10:36:11 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 35) 10:36:11 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x0) 10:36:11 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 16) 10:36:11 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:36:11 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 3) 10:36:11 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2062.089721] FAULT_INJECTION: forcing a failure. [ 2062.089721] name failslab, interval 1, probability 0, space 0, times 0 [ 2062.092167] CPU: 1 PID: 10712 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2062.093640] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2062.094188] FAULT_INJECTION: forcing a failure. [ 2062.094188] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2062.095405] Call Trace: [ 2062.095431] dump_stack+0x107/0x167 [ 2062.095452] should_fail.cold+0x5/0xa [ 2062.095473] ? create_object.isra.0+0x3a/0xa30 [ 2062.095491] should_failslab+0x5/0x20 [ 2062.095510] kmem_cache_alloc+0x5b/0x310 [ 2062.095534] ? igrab+0xc0/0xc0 [ 2062.103295] create_object.isra.0+0x3a/0xa30 [ 2062.104231] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2062.105312] __kmalloc+0x16e/0x390 [ 2062.106063] iter_file_splice_write+0x165/0xc90 [ 2062.107044] ? shmem_get_link+0x440/0x440 [ 2062.107930] ? generic_splice_sendpage+0x140/0x140 [ 2062.108980] ? pipe_to_user+0x170/0x170 [ 2062.109838] ? security_file_permission+0xb1/0xe0 [ 2062.110857] ? generic_splice_sendpage+0x140/0x140 [ 2062.111895] direct_splice_actor+0x10f/0x170 [ 2062.112835] splice_direct_to_actor+0x387/0x980 [ 2062.113827] ? pipe_to_sendpage+0x380/0x380 [ 2062.114743] ? do_splice_to+0x160/0x160 [ 2062.115584] ? security_file_permission+0xb1/0xe0 [ 2062.116607] do_splice_direct+0x1c4/0x290 [ 2062.117495] ? splice_direct_to_actor+0x980/0x980 [ 2062.118519] ? security_file_permission+0xb1/0xe0 [ 2062.119549] vfs_copy_file_range+0x4f8/0x13c0 [ 2062.120514] ? generic_file_rw_checks+0x240/0x240 [ 2062.121552] __do_sys_copy_file_range+0x193/0x420 [ 2062.122575] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2062.123581] ? ksys_write+0x1a9/0x260 [ 2062.124397] ? __ia32_sys_read+0xb0/0xb0 [ 2062.125264] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2062.126376] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2062.127470] do_syscall_64+0x33/0x40 [ 2062.128260] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2062.129350] RIP: 0033:0x7f134c613b19 [ 2062.130138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2062.134049] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2062.135654] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2062.137173] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2062.138676] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2062.140192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2062.141709] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 2062.143267] CPU: 0 PID: 10721 Comm: syz-executor.3 Not tainted 5.10.244 #1 [ 2062.144758] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2062.146451] Call Trace: [ 2062.147011] dump_stack+0x107/0x167 [ 2062.147760] should_fail.cold+0x5/0xa [ 2062.148560] strncpy_from_user+0x34/0x470 [ 2062.149418] getname_flags.part.0+0x95/0x4f0 [ 2062.150317] getname_flags+0x9a/0xe0 [ 2062.151074] do_mkdirat+0x8f/0x2b0 [ 2062.151799] ? user_path_create+0xf0/0xf0 [ 2062.152659] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2062.153738] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2062.154790] do_syscall_64+0x33/0x40 [ 2062.155557] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2062.156629] RIP: 0033:0x7f4ab16a0b19 [ 2062.157393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2062.161325] RSP: 002b:00007f4aaec16188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2062.162919] RAX: ffffffffffffffda RBX: 00007f4ab17b3f60 RCX: 00007f4ab16a0b19 [ 2062.164390] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000007 [ 2062.165839] RBP: 00007f4aaec161d0 R08: 0000000000000000 R09: 0000000000000000 [ 2062.167273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2062.168728] R13: 00007ffcbd46ad9f R14: 00007f4aaec16300 R15: 0000000000022000 [ 2062.173289] FAULT_INJECTION: forcing a failure. [ 2062.173289] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2062.176077] CPU: 1 PID: 10714 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 2062.177560] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2062.179311] Call Trace: [ 2062.179869] dump_stack+0x107/0x167 [ 2062.180654] should_fail.cold+0x5/0xa [ 2062.181464] __alloc_pages_nodemask+0x182/0x600 [ 2062.182460] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2062.183720] ? lock_downgrade+0x6d0/0x6d0 [ 2062.184608] ? lock_acquire+0x197/0x470 [ 2062.185468] alloc_pages_vma+0xbb/0x410 [ 2062.186315] shmem_alloc_page+0x10f/0x1e0 [ 2062.187184] ? shmem_init_inode+0x20/0x20 [ 2062.188087] ? percpu_counter_add_batch+0x8b/0x140 [ 2062.189119] ? __vm_enough_memory+0x184/0x360 [ 2062.190066] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2062.191205] ? shmem_unuse_inode+0xf60/0xf60 [ 2062.192148] shmem_file_read_iter+0x2a6/0xbb0 [ 2062.193120] ? shmem_get_link+0x440/0x440 [ 2062.193994] ? inode_has_perm+0x171/0x1d0 [ 2062.194872] ? iov_iter_pipe+0xf1/0x2a0 [ 2062.195715] generic_file_splice_read+0x455/0x6d0 [ 2062.196744] ? pipe_to_user+0x170/0x170 [ 2062.197590] ? fsnotify_perm.part.0+0x22d/0x620 [ 2062.198572] ? security_file_permission+0xb1/0xe0 [ 2062.199601] ? pipe_to_user+0x170/0x170 [ 2062.200445] do_splice_to+0x10e/0x160 [ 2062.201256] splice_direct_to_actor+0x2fe/0x980 [ 2062.202254] ? pipe_to_sendpage+0x380/0x380 [ 2062.203169] ? do_splice_to+0x160/0x160 [ 2062.204013] ? security_file_permission+0xb1/0xe0 [ 2062.205048] do_splice_direct+0x1c4/0x290 [ 2062.205923] ? splice_direct_to_actor+0x980/0x980 [ 2062.206940] ? security_file_permission+0xb1/0xe0 [ 2062.207972] vfs_copy_file_range+0x4f8/0x13c0 [ 2062.208935] ? generic_file_rw_checks+0x240/0x240 [ 2062.209988] __do_sys_copy_file_range+0x193/0x420 [ 2062.211012] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2062.212017] ? ksys_write+0x1a9/0x260 [ 2062.212831] ? __ia32_sys_read+0xb0/0xb0 [ 2062.213694] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2062.214806] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2062.215900] do_syscall_64+0x33/0x40 [ 2062.216697] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2062.217782] RIP: 0033:0x7ff72d878b19 [ 2062.218567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2062.222457] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2062.224061] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 2062.225579] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2062.227091] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 2062.228597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2062.230105] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 2062.239671] FAULT_INJECTION: forcing a failure. [ 2062.239671] name failslab, interval 1, probability 0, space 0, times 0 [ 2062.242633] CPU: 1 PID: 10727 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2062.244101] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2062.245953] Call Trace: [ 2062.246516] dump_stack+0x107/0x167 [ 2062.247291] should_fail.cold+0x5/0xa [ 2062.248097] ? create_object.isra.0+0x3a/0xa30 [ 2062.249078] should_failslab+0x5/0x20 [ 2062.249881] kmem_cache_alloc+0x5b/0x310 [ 2062.250738] ? mark_held_locks+0x9e/0xe0 [ 2062.251602] create_object.isra.0+0x3a/0xa30 [ 2062.252542] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2062.253619] __kmalloc_track_caller+0x177/0x370 [ 2062.254599] ? security_context_to_sid_core+0x7fc/0x890 [ 2062.255727] kstrdup+0x36/0x70 [ 2062.256416] security_context_to_sid_core+0x7fc/0x890 [ 2062.257508] ? do_raw_spin_unlock+0x4f/0x220 [ 2062.258435] ? security_compute_sid.part.0+0x16e0/0x16e0 [ 2062.259570] ? simple_xattr_get+0x10a/0x180 [ 2062.260500] ? kernfs_vfs_xattr_set+0xb0/0xb0 [ 2062.261443] ? kernfs_vfs_xattr_get+0xb6/0xe0 [ 2062.262385] ? __vfs_getxattr+0xeb/0x150 [ 2062.263236] ? __vfs_setxattr+0x180/0x180 [ 2062.264111] security_context_to_sid_default+0x3a/0x50 [ 2062.265242] inode_doinit_use_xattr+0x110/0x350 [ 2062.266227] inode_doinit_with_dentry+0x107e/0x1240 [ 2062.267287] ? selinux_file_lock+0x280/0x280 [ 2062.268214] ? kernfs_get_inode+0x388/0x520 [ 2062.269132] ? lock_downgrade+0x6d0/0x6d0 [ 2062.270016] selinux_d_instantiate+0x23/0x30 [ 2062.270946] security_d_instantiate+0x56/0xe0 [ 2062.271891] d_splice_alias+0x8c/0xc60 [ 2062.272724] ? _raw_spin_unlock+0x1a/0x30 [ 2062.273604] kernfs_iop_lookup+0x1ac/0x220 [ 2062.274498] __lookup_hash+0x121/0x190 [ 2062.275327] filename_create+0x186/0x4a0 [ 2062.276184] ? filename_parentat+0x570/0x570 [ 2062.277150] ? getname_flags.part.0+0x1dd/0x4f0 [ 2062.278150] do_mkdirat+0xa2/0x2b0 [ 2062.278900] ? user_path_create+0xf0/0xf0 [ 2062.279782] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2062.280894] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2062.281988] do_syscall_64+0x33/0x40 [ 2062.282765] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2062.283856] RIP: 0033:0x7f374cab7b19 [ 2062.284651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2062.288562] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2062.290165] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2062.291670] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2062.293180] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2062.294689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2062.296190] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 [ 2062.307796] FAULT_INJECTION: forcing a failure. [ 2062.307796] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2062.310318] CPU: 1 PID: 10725 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2062.311778] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2062.313545] Call Trace: [ 2062.314104] dump_stack+0x107/0x167 [ 2062.314879] should_fail.cold+0x5/0xa [ 2062.315688] __alloc_pages_nodemask+0x182/0x600 [ 2062.316684] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2062.317949] ? lock_downgrade+0x6d0/0x6d0 [ 2062.318825] ? lock_acquire+0x197/0x470 [ 2062.319682] alloc_pages_vma+0xbb/0x410 [ 2062.320530] shmem_alloc_page+0x10f/0x1e0 [ 2062.321408] ? shmem_init_inode+0x20/0x20 [ 2062.322322] ? percpu_counter_add_batch+0x8b/0x140 [ 2062.323357] ? __vm_enough_memory+0x184/0x360 [ 2062.324316] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2062.325464] ? shmem_unuse_inode+0xf60/0xf60 [ 2062.326411] shmem_file_read_iter+0x2a6/0xbb0 [ 2062.327369] ? shmem_get_link+0x440/0x440 [ 2062.328242] ? inode_has_perm+0x171/0x1d0 [ 2062.329132] ? iov_iter_pipe+0xf1/0x2a0 [ 2062.329971] generic_file_splice_read+0x455/0x6d0 [ 2062.330986] ? pipe_to_user+0x170/0x170 [ 2062.331840] ? fsnotify_perm.part.0+0x22d/0x620 [ 2062.332826] ? security_file_permission+0xb1/0xe0 [ 2062.333831] ? pipe_to_user+0x170/0x170 [ 2062.334668] do_splice_to+0x10e/0x160 [ 2062.335477] splice_direct_to_actor+0x2fe/0x980 [ 2062.336466] ? pipe_to_sendpage+0x380/0x380 [ 2062.337378] ? do_splice_to+0x160/0x160 [ 2062.338215] ? security_file_permission+0xb1/0xe0 [ 2062.339230] do_splice_direct+0x1c4/0x290 [ 2062.340107] ? splice_direct_to_actor+0x980/0x980 [ 2062.341139] ? security_file_permission+0xb1/0xe0 [ 2062.342162] vfs_copy_file_range+0x4f8/0x13c0 [ 2062.343103] ? generic_file_rw_checks+0x240/0x240 [ 2062.344140] __do_sys_copy_file_range+0x193/0x420 [ 2062.345185] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2062.346174] ? ksys_write+0x1a9/0x260 [ 2062.346972] ? __ia32_sys_read+0xb0/0xb0 [ 2062.347833] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2062.348941] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2062.350037] do_syscall_64+0x33/0x40 [ 2062.350815] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2062.351896] RIP: 0033:0x7fce96a5bb19 [ 2062.352680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2062.356565] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2062.358162] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 2062.359667] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2062.361191] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 2062.362697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2062.364215] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 10:36:11 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:36:11 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 17) 10:36:11 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 36) 10:36:11 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 4) [ 2062.463221] FAULT_INJECTION: forcing a failure. [ 2062.463221] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2062.465628] CPU: 0 PID: 10737 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 2062.466819] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2062.468255] Call Trace: [ 2062.468722] dump_stack+0x107/0x167 [ 2062.469349] should_fail.cold+0x5/0xa [ 2062.470002] __alloc_pages_nodemask+0x182/0x600 [ 2062.470806] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2062.471821] ? lock_downgrade+0x6d0/0x6d0 [ 2062.472538] ? lock_acquire+0x197/0x470 [ 2062.473231] alloc_pages_vma+0xbb/0x410 [ 2062.473920] shmem_alloc_page+0x10f/0x1e0 [ 2062.474620] ? shmem_init_inode+0x20/0x20 [ 2062.475347] ? percpu_counter_add_batch+0x8b/0x140 [ 2062.476192] ? __vm_enough_memory+0x184/0x360 [ 2062.476971] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2062.477902] ? shmem_unuse_inode+0xf60/0xf60 [ 2062.478665] shmem_file_read_iter+0x2a6/0xbb0 [ 2062.479449] ? shmem_get_link+0x440/0x440 [ 2062.480155] ? inode_has_perm+0x171/0x1d0 [ 2062.480869] ? iov_iter_pipe+0xf1/0x2a0 [ 2062.481552] generic_file_splice_read+0x455/0x6d0 [ 2062.482369] ? pipe_to_user+0x170/0x170 [ 2062.483056] ? fsnotify_perm.part.0+0x22d/0x620 [ 2062.483856] ? security_file_permission+0xb1/0xe0 [ 2062.484690] ? pipe_to_user+0x170/0x170 [ 2062.485364] do_splice_to+0x10e/0x160 [ 2062.486019] splice_direct_to_actor+0x2fe/0x980 [ 2062.486810] ? pipe_to_sendpage+0x380/0x380 [ 2062.487550] ? do_splice_to+0x160/0x160 [ 2062.488213] ? security_file_permission+0xb1/0xe0 [ 2062.489107] do_splice_direct+0x1c4/0x290 [ 2062.489811] ? splice_direct_to_actor+0x980/0x980 [ 2062.490689] ? security_file_permission+0xb1/0xe0 [ 2062.491509] vfs_copy_file_range+0x4f8/0x13c0 [ 2062.492272] ? generic_file_rw_checks+0x240/0x240 [ 2062.493114] __do_sys_copy_file_range+0x193/0x420 [ 2062.493927] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2062.494719] ? ksys_write+0x1a9/0x260 [ 2062.495370] ? __ia32_sys_read+0xb0/0xb0 [ 2062.496051] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2062.496969] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2062.497843] do_syscall_64+0x33/0x40 [ 2062.498476] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2062.499346] RIP: 0033:0x7ff72d878b19 [ 2062.499974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2062.503073] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2062.504352] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 2062.505549] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2062.506741] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 2062.507943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2062.509143] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 2062.512370] FAULT_INJECTION: forcing a failure. [ 2062.512370] name failslab, interval 1, probability 0, space 0, times 0 [ 2062.514479] CPU: 0 PID: 10738 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2062.515649] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2062.517061] Call Trace: [ 2062.517516] dump_stack+0x107/0x167 [ 2062.518116] should_fail.cold+0x5/0xa [ 2062.518760] ? create_object.isra.0+0x3a/0xa30 [ 2062.519521] should_failslab+0x5/0x20 [ 2062.520152] kmem_cache_alloc+0x5b/0x310 [ 2062.520841] create_object.isra.0+0x3a/0xa30 [ 2062.521565] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2062.522407] kmem_cache_alloc+0x159/0x310 [ 2062.523110] __kernfs_new_node+0xd4/0x860 [ 2062.523796] ? mark_held_locks+0x9e/0xe0 [ 2062.524481] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2062.525277] ? cpumask_next+0x1f/0x30 [ 2062.525911] ? kmemleak_alloc_percpu+0xaf/0x100 [ 2062.526696] ? pcpu_alloc+0x12a/0x1240 [ 2062.527347] kernfs_new_node+0x18d/0x250 [ 2062.528033] kernfs_create_dir_ns+0x49/0x160 [ 2062.528780] cgroup_mkdir+0x315/0xf50 [ 2062.529423] ? cgroup_destroy_locked+0x710/0x710 [ 2062.530212] kernfs_iop_mkdir+0x14d/0x1e0 [ 2062.530901] vfs_mkdir+0x493/0x750 [ 2062.531495] do_mkdirat+0x150/0x2b0 [ 2062.532103] ? user_path_create+0xf0/0xf0 [ 2062.532808] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2062.533668] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2062.534518] do_syscall_64+0x33/0x40 [ 2062.535130] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2062.535967] RIP: 0033:0x7f374cab7b19 [ 2062.536584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2062.539616] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2062.540885] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2062.542051] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2062.543214] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2062.544384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2062.545551] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 [ 2062.573777] FAULT_INJECTION: forcing a failure. [ 2062.573777] name failslab, interval 1, probability 0, space 0, times 0 [ 2062.576012] CPU: 0 PID: 10740 Comm: syz-executor.3 Not tainted 5.10.244 #1 [ 2062.577153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2062.578509] Call Trace: [ 2062.578948] dump_stack+0x107/0x167 [ 2062.579533] should_fail.cold+0x5/0xa [ 2062.580152] ? __d_alloc+0x2a/0x990 [ 2062.580748] should_failslab+0x5/0x20 [ 2062.581357] kmem_cache_alloc+0x5b/0x310 [ 2062.582006] ? __d_lookup+0x3bf/0x760 [ 2062.582632] __d_alloc+0x2a/0x990 [ 2062.583192] d_alloc+0x46/0x1c0 [ 2062.583733] __lookup_hash+0xcc/0x190 [ 2062.584352] filename_create+0x186/0x4a0 [ 2062.585000] ? filename_parentat+0x570/0x570 [ 2062.585697] ? getname_flags.part.0+0x1dd/0x4f0 [ 2062.586436] do_mkdirat+0xa2/0x2b0 [ 2062.587012] ? user_path_create+0xf0/0xf0 [ 2062.587678] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2062.588518] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2062.589360] do_syscall_64+0x33/0x40 [ 2062.589965] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2062.590793] RIP: 0033:0x7f4ab16a0b19 [ 2062.591397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2062.594324] RSP: 002b:00007f4aaec16188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2062.595527] RAX: ffffffffffffffda RBX: 00007f4ab17b3f60 RCX: 00007f4ab16a0b19 [ 2062.596664] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2062.597791] RBP: 00007f4aaec161d0 R08: 0000000000000000 R09: 0000000000000000 [ 2062.598912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2062.600041] R13: 00007ffcbd46ad9f R14: 00007f4aaec16300 R15: 0000000000022000 10:36:28 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 37) 10:36:28 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:36:28 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 5) 10:36:28 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:36:28 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 1) 10:36:28 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 43) 10:36:28 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 13) 10:36:28 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 18) [ 2079.123801] FAULT_INJECTION: forcing a failure. [ 2079.123801] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2079.126617] CPU: 1 PID: 10749 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 2079.126629] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2079.126634] Call Trace: [ 2079.126660] dump_stack+0x107/0x167 [ 2079.126687] should_fail.cold+0x5/0xa [ 2079.132007] __alloc_pages_nodemask+0x182/0x600 [ 2079.133015] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2079.133033] ? lock_downgrade+0x6d0/0x6d0 [ 2079.133050] ? lock_acquire+0x197/0x470 [ 2079.133084] alloc_pages_vma+0xbb/0x410 [ 2079.133109] shmem_alloc_page+0x10f/0x1e0 [ 2079.133128] ? shmem_init_inode+0x20/0x20 [ 2079.133170] ? percpu_counter_add_batch+0x8b/0x140 [ 2079.133192] ? __vm_enough_memory+0x184/0x360 [ 2079.133217] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2079.133253] ? shmem_unuse_inode+0xf60/0xf60 [ 2079.133285] shmem_file_read_iter+0x2a6/0xbb0 [ 2079.133319] ? shmem_get_link+0x440/0x440 [ 2079.133336] ? inode_has_perm+0x171/0x1d0 [ 2079.133357] ? iov_iter_pipe+0xf1/0x2a0 10:36:28 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 2) [ 2079.133380] generic_file_splice_read+0x455/0x6d0 10:36:28 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 6) 10:36:28 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 44) [ 2079.133400] ? pipe_to_user+0x170/0x170 [ 2079.133427] ? fsnotify_perm.part.0+0x22d/0x620 [ 2079.133449] ? security_file_permission+0xb1/0xe0 10:36:28 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 19) [ 2079.133469] ? pipe_to_user+0x170/0x170 [ 2079.133488] do_splice_to+0x10e/0x160 10:36:28 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 38) 10:36:28 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 14) [ 2079.133509] splice_direct_to_actor+0x2fe/0x980 [ 2079.133533] ? pipe_to_sendpage+0x380/0x380 [ 2079.133555] ? do_splice_to+0x160/0x160 [ 2079.133572] ? security_file_permission+0xb1/0xe0 [ 2079.133598] do_splice_direct+0x1c4/0x290 [ 2079.133617] ? splice_direct_to_actor+0x980/0x980 [ 2079.133641] ? security_file_permission+0xb1/0xe0 [ 2079.133667] vfs_copy_file_range+0x4f8/0x13c0 [ 2079.133692] ? generic_file_rw_checks+0x240/0x240 [ 2079.133732] __do_sys_copy_file_range+0x193/0x420 10:36:28 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2079.133752] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2079.133768] ? ksys_write+0x1a9/0x260 [ 2079.133787] ? __ia32_sys_read+0xb0/0xb0 [ 2079.133809] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2079.133829] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2079.133850] do_syscall_64+0x33/0x40 [ 2079.133868] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2079.133881] RIP: 0033:0x7ff72d878b19 [ 2079.133898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2079.133908] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2079.133927] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 2079.133937] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2079.133947] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 2079.133957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2079.133968] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 2079.157843] FAULT_INJECTION: forcing a failure. [ 2079.157843] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2079.158062] CPU: 1 PID: 10756 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2079.158076] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2079.158082] Call Trace: [ 2079.158104] dump_stack+0x107/0x167 [ 2079.158125] should_fail.cold+0x5/0xa [ 2079.158148] __alloc_pages_nodemask+0x182/0x600 [ 2079.158171] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2079.158187] ? lock_downgrade+0x6d0/0x6d0 [ 2079.158205] ? lock_acquire+0x197/0x470 [ 2079.158239] alloc_pages_vma+0xbb/0x410 [ 2079.158268] shmem_alloc_page+0x10f/0x1e0 [ 2079.158287] ? shmem_init_inode+0x20/0x20 [ 2079.158327] ? percpu_counter_add_batch+0x8b/0x140 [ 2079.158349] ? __vm_enough_memory+0x184/0x360 [ 2079.158374] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2079.158410] ? shmem_unuse_inode+0xf60/0xf60 [ 2079.158442] shmem_file_read_iter+0x2a6/0xbb0 [ 2079.158476] ? shmem_get_link+0x440/0x440 [ 2079.158492] ? inode_has_perm+0x171/0x1d0 [ 2079.158512] ? iov_iter_pipe+0xf1/0x2a0 [ 2079.158535] generic_file_splice_read+0x455/0x6d0 [ 2079.158555] ? pipe_to_user+0x170/0x170 [ 2079.158582] ? fsnotify_perm.part.0+0x22d/0x620 [ 2079.158603] ? security_file_permission+0xb1/0xe0 [ 2079.158624] ? pipe_to_user+0x170/0x170 [ 2079.158642] do_splice_to+0x10e/0x160 [ 2079.158664] splice_direct_to_actor+0x2fe/0x980 [ 2079.158687] ? pipe_to_sendpage+0x380/0x380 [ 2079.158710] ? do_splice_to+0x160/0x160 [ 2079.158726] ? security_file_permission+0xb1/0xe0 [ 2079.158752] do_splice_direct+0x1c4/0x290 [ 2079.158771] ? splice_direct_to_actor+0x980/0x980 [ 2079.158795] ? security_file_permission+0xb1/0xe0 [ 2079.158820] vfs_copy_file_range+0x4f8/0x13c0 [ 2079.158844] ? generic_file_rw_checks+0x240/0x240 [ 2079.158885] __do_sys_copy_file_range+0x193/0x420 [ 2079.158905] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2079.158922] ? ksys_write+0x1a9/0x260 [ 2079.158940] ? __ia32_sys_read+0xb0/0xb0 [ 2079.158962] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2079.158981] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2079.159002] do_syscall_64+0x33/0x40 [ 2079.159020] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2079.159032] RIP: 0033:0x7fce96a5bb19 [ 2079.159048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2079.159058] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2079.159077] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 2079.159087] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2079.159097] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 2079.159107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2079.159117] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 [ 2079.160315] FAULT_INJECTION: forcing a failure. [ 2079.160315] name failslab, interval 1, probability 0, space 0, times 0 [ 2079.160338] CPU: 0 PID: 10762 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2079.160348] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2079.160355] Call Trace: [ 2079.160385] dump_stack+0x107/0x167 [ 2079.160407] should_fail.cold+0x5/0xa [ 2079.160437] ? iter_file_splice_write+0x165/0xc90 [ 2079.160456] should_failslab+0x5/0x20 [ 2079.160475] __kmalloc+0x72/0x390 [ 2079.160516] iter_file_splice_write+0x165/0xc90 [ 2079.160536] ? shmem_get_link+0x440/0x440 [ 2079.160569] ? generic_splice_sendpage+0x140/0x140 [ 2079.160586] ? pipe_to_user+0x170/0x170 [ 2079.160621] ? security_file_permission+0xb1/0xe0 [ 2079.160644] ? generic_splice_sendpage+0x140/0x140 [ 2079.160664] direct_splice_actor+0x10f/0x170 [ 2079.160686] splice_direct_to_actor+0x387/0x980 [ 2079.160710] ? pipe_to_sendpage+0x380/0x380 [ 2079.160732] ? do_splice_to+0x160/0x160 [ 2079.160749] ? security_file_permission+0xb1/0xe0 [ 2079.160776] do_splice_direct+0x1c4/0x290 [ 2079.160795] ? splice_direct_to_actor+0x980/0x980 [ 2079.160819] ? security_file_permission+0xb1/0xe0 [ 2079.160854] vfs_copy_file_range+0x4f8/0x13c0 [ 2079.160878] ? generic_file_rw_checks+0x240/0x240 [ 2079.160919] __do_sys_copy_file_range+0x193/0x420 [ 2079.160939] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2079.160957] ? ksys_write+0x1a9/0x260 [ 2079.160976] ? __ia32_sys_read+0xb0/0xb0 [ 2079.161001] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2079.161023] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2079.161044] do_syscall_64+0x33/0x40 [ 2079.161064] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2079.161076] RIP: 0033:0x7f134c613b19 [ 2079.161094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2079.161104] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2079.161124] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2079.161134] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2079.161144] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2079.161154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2079.161165] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 2079.163216] FAULT_INJECTION: forcing a failure. [ 2079.163216] name failslab, interval 1, probability 0, space 0, times 0 [ 2079.163343] CPU: 1 PID: 10760 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2079.163353] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2079.163370] FAULT_INJECTION: forcing a failure. [ 2079.163370] name failslab, interval 1, probability 0, space 0, times 0 [ 2079.163375] Call Trace: [ 2079.163395] dump_stack+0x107/0x167 [ 2079.163417] should_fail.cold+0x5/0xa [ 2079.163440] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2079.163458] should_failslab+0x5/0x20 [ 2079.163475] kmem_cache_alloc+0x5b/0x310 [ 2079.163505] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2079.163532] radix_tree_extend+0x231/0x490 [ 2079.163562] idr_get_free+0x623/0x8f0 [ 2079.163597] idr_alloc_u32+0x170/0x2d0 [ 2079.163621] ? __fprop_inc_percpu_max+0x130/0x130 [ 2079.163644] ? lock_acquire+0x197/0x470 [ 2079.163667] ? __kernfs_new_node+0xff/0x860 [ 2079.163695] idr_alloc_cyclic+0x102/0x230 [ 2079.163716] ? idr_alloc+0x130/0x130 [ 2079.163730] ? rwlock_bug.part.0+0x90/0x90 [ 2079.163760] __kernfs_new_node+0x117/0x860 [ 2079.163777] ? mark_held_locks+0x9e/0xe0 [ 2079.163797] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2079.163819] ? cpumask_next+0x1f/0x30 [ 2079.163839] ? kmemleak_alloc_percpu+0xaf/0x100 [ 2079.163863] ? pcpu_alloc+0x12a/0x1240 [ 2079.163890] kernfs_new_node+0x18d/0x250 [ 2079.163915] kernfs_create_dir_ns+0x49/0x160 [ 2079.163936] cgroup_mkdir+0x315/0xf50 [ 2079.163962] ? cgroup_destroy_locked+0x710/0x710 [ 2079.163982] kernfs_iop_mkdir+0x14d/0x1e0 [ 2079.164004] vfs_mkdir+0x493/0x750 [ 2079.164026] do_mkdirat+0x150/0x2b0 [ 2079.164048] ? user_path_create+0xf0/0xf0 [ 2079.164072] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2079.164091] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2079.164113] do_syscall_64+0x33/0x40 [ 2079.164132] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2079.164144] RIP: 0033:0x7f374cab7b19 [ 2079.164161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2079.164171] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2079.164190] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2079.164201] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2079.164211] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2079.164221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2079.164232] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 [ 2079.164275] CPU: 0 PID: 10763 Comm: syz-executor.1 Not tainted 5.10.244 #1 [ 2079.164286] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2079.164291] Call Trace: [ 2079.164310] dump_stack+0x107/0x167 [ 2079.164330] should_fail.cold+0x5/0xa [ 2079.164350] ? getname_flags.part.0+0x50/0x4f0 [ 2079.164366] should_failslab+0x5/0x20 [ 2079.164383] kmem_cache_alloc+0x5b/0x310 [ 2079.164405] getname_flags.part.0+0x50/0x4f0 [ 2079.164427] getname_flags+0x9a/0xe0 [ 2079.164445] do_mkdirat+0x8f/0x2b0 [ 2079.164465] ? user_path_create+0xf0/0xf0 [ 2079.164487] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2079.164519] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2079.164540] do_syscall_64+0x33/0x40 [ 2079.164558] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2079.164569] RIP: 0033:0x7f147b4f2b19 [ 2079.164586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2079.164596] RSP: 002b:00007f1478a68188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2079.164615] RAX: ffffffffffffffda RBX: 00007f147b605f60 RCX: 00007f147b4f2b19 [ 2079.164625] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2079.164636] RBP: 00007f1478a681d0 R08: 0000000000000000 R09: 0000000000000000 [ 2079.164646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2079.164656] R13: 00007ffe8036c95f R14: 00007f1478a68300 R15: 0000000000022000 [ 2079.197780] FAULT_INJECTION: forcing a failure. [ 2079.197780] name failslab, interval 1, probability 0, space 0, times 0 [ 2079.197800] CPU: 0 PID: 10751 Comm: syz-executor.3 Not tainted 5.10.244 #1 [ 2079.197810] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2079.197815] Call Trace: [ 2079.197840] dump_stack+0x107/0x167 [ 2079.197862] should_fail.cold+0x5/0xa [ 2079.197882] ? create_object.isra.0+0x3a/0xa30 [ 2079.197899] should_failslab+0x5/0x20 [ 2079.197919] kmem_cache_alloc+0x5b/0x310 [ 2079.197947] create_object.isra.0+0x3a/0xa30 [ 2079.197963] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2079.197988] kmem_cache_alloc+0x159/0x310 [ 2079.198004] ? __d_lookup+0x3bf/0x760 [ 2079.198028] __d_alloc+0x2a/0x990 [ 2079.198054] d_alloc+0x46/0x1c0 [ 2079.198076] __lookup_hash+0xcc/0x190 [ 2079.198097] filename_create+0x186/0x4a0 [ 2079.198118] ? filename_parentat+0x570/0x570 [ 2079.198138] ? getname_flags.part.0+0x1dd/0x4f0 [ 2079.198167] do_mkdirat+0xa2/0x2b0 [ 2079.198187] ? user_path_create+0xf0/0xf0 [ 2079.198211] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2079.198230] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2079.198251] do_syscall_64+0x33/0x40 [ 2079.198270] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2079.198282] RIP: 0033:0x7f4ab16a0b19 [ 2079.198299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2079.198309] RSP: 002b:00007f4aaec16188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2079.198327] RAX: ffffffffffffffda RBX: 00007f4ab17b3f60 RCX: 00007f4ab16a0b19 [ 2079.198337] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000007 [ 2079.198347] RBP: 00007f4aaec161d0 R08: 0000000000000000 R09: 0000000000000000 [ 2079.198356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2079.198367] R13: 00007ffcbd46ad9f R14: 00007f4aaec16300 R15: 0000000000022000 [ 2079.388671] FAULT_INJECTION: forcing a failure. [ 2079.388671] name failslab, interval 1, probability 0, space 0, times 0 [ 2079.388719] CPU: 0 PID: 10772 Comm: syz-executor.3 Not tainted 5.10.244 #1 [ 2079.388730] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2079.388736] Call Trace: [ 2079.388771] dump_stack+0x107/0x167 [ 2079.388793] should_fail.cold+0x5/0xa [ 2079.388811] ? cgroup_mkdir+0x251/0xf50 [ 2079.388829] should_failslab+0x5/0x20 [ 2079.388853] __kmalloc+0x72/0x390 [ 2079.388875] cgroup_mkdir+0x251/0xf50 [ 2079.388901] ? cgroup_destroy_locked+0x710/0x710 [ 2079.388921] kernfs_iop_mkdir+0x14d/0x1e0 [ 2079.388943] vfs_mkdir+0x493/0x750 [ 2079.388966] do_mkdirat+0x150/0x2b0 [ 2079.388987] ? user_path_create+0xf0/0xf0 [ 2079.389012] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2079.389032] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2079.389055] do_syscall_64+0x33/0x40 [ 2079.389075] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2079.389088] RIP: 0033:0x7f4ab16a0b19 [ 2079.389106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2079.389116] RSP: 002b:00007f4aaec16188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2079.389136] RAX: ffffffffffffffda RBX: 00007f4ab17b3f60 RCX: 00007f4ab16a0b19 [ 2079.389147] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000007 [ 2079.389157] RBP: 00007f4aaec161d0 R08: 0000000000000000 R09: 0000000000000000 [ 2079.389168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2079.389178] R13: 00007ffcbd46ad9f R14: 00007f4aaec16300 R15: 0000000000022000 [ 2079.390156] FAULT_INJECTION: forcing a failure. [ 2079.390156] name failslab, interval 1, probability 0, space 0, times 0 [ 2079.390174] CPU: 0 PID: 10771 Comm: syz-executor.1 Not tainted 5.10.244 #1 [ 2079.390184] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2079.390188] Call Trace: [ 2079.390206] dump_stack+0x107/0x167 [ 2079.390226] should_fail.cold+0x5/0xa [ 2079.390246] ? create_object.isra.0+0x3a/0xa30 [ 2079.390261] should_failslab+0x5/0x20 [ 2079.390279] kmem_cache_alloc+0x5b/0x310 [ 2079.390301] create_object.isra.0+0x3a/0xa30 [ 2079.390317] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2079.390340] kmem_cache_alloc+0x159/0x310 [ 2079.390357] ? ktime_get+0x158/0x1f0 [ 2079.390378] getname_flags.part.0+0x50/0x4f0 [ 2079.390399] getname_flags+0x9a/0xe0 [ 2079.390418] do_mkdirat+0x8f/0x2b0 [ 2079.390438] ? user_path_create+0xf0/0xf0 [ 2079.390461] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2079.390482] do_syscall_64+0x33/0x40 [ 2079.390500] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2079.390510] RIP: 0033:0x7f147b4f2b19 [ 2079.390532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2079.390541] RSP: 002b:00007f1478a68188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2079.390559] RAX: ffffffffffffffda RBX: 00007f147b605f60 RCX: 00007f147b4f2b19 [ 2079.390569] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2079.390579] RBP: 00007f1478a681d0 R08: 0000000000000000 R09: 0000000000000000 [ 2079.390588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2079.390598] R13: 00007ffe8036c95f R14: 00007f1478a68300 R15: 0000000000022000 [ 2079.392646] FAULT_INJECTION: forcing a failure. [ 2079.392646] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2079.392664] CPU: 0 PID: 10774 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2079.392673] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2079.392679] Call Trace: [ 2079.392698] dump_stack+0x107/0x167 [ 2079.392718] should_fail.cold+0x5/0xa [ 2079.392741] __alloc_pages_nodemask+0x182/0x600 [ 2079.392765] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2079.392781] ? lock_downgrade+0x6d0/0x6d0 [ 2079.392799] ? lock_acquire+0x197/0x470 [ 2079.392839] alloc_pages_vma+0xbb/0x410 [ 2079.392865] shmem_alloc_page+0x10f/0x1e0 [ 2079.392884] ? shmem_init_inode+0x20/0x20 [ 2079.392925] ? percpu_counter_add_batch+0x8b/0x140 [ 2079.392948] ? __vm_enough_memory+0x184/0x360 [ 2079.392973] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2079.393009] ? shmem_unuse_inode+0xf60/0xf60 [ 2079.393041] shmem_file_read_iter+0x2a6/0xbb0 [ 2079.393075] ? shmem_get_link+0x440/0x440 [ 2079.393092] ? inode_has_perm+0x171/0x1d0 [ 2079.393113] ? iov_iter_pipe+0xf1/0x2a0 [ 2079.393141] generic_file_splice_read+0x455/0x6d0 [ 2079.393160] ? pipe_to_user+0x170/0x170 [ 2079.393188] ? fsnotify_perm.part.0+0x22d/0x620 [ 2079.393210] ? security_file_permission+0xb1/0xe0 [ 2079.393231] ? pipe_to_user+0x170/0x170 [ 2079.393250] do_splice_to+0x10e/0x160 [ 2079.393272] splice_direct_to_actor+0x2fe/0x980 [ 2079.393296] ? pipe_to_sendpage+0x380/0x380 [ 2079.393318] ? do_splice_to+0x160/0x160 [ 2079.393335] ? security_file_permission+0xb1/0xe0 [ 2079.393361] do_splice_direct+0x1c4/0x290 [ 2079.393380] ? splice_direct_to_actor+0x980/0x980 [ 2079.393405] ? security_file_permission+0xb1/0xe0 [ 2079.393432] vfs_copy_file_range+0x4f8/0x13c0 [ 2079.393456] ? generic_file_rw_checks+0x240/0x240 [ 2079.393496] __do_sys_copy_file_range+0x193/0x420 [ 2079.393517] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2079.393534] ? ksys_write+0x1a9/0x260 [ 2079.393553] ? __ia32_sys_read+0xb0/0xb0 [ 2079.393576] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2079.393594] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2079.393616] do_syscall_64+0x33/0x40 [ 2079.393634] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2079.393645] RIP: 0033:0x7f134c613b19 [ 2079.393662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2079.393671] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2079.393689] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2079.393699] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2079.393710] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2079.393719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2079.393730] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 2079.429619] FAULT_INJECTION: forcing a failure. [ 2079.429619] name failslab, interval 1, probability 0, space 0, times 0 [ 2079.548427] FAULT_INJECTION: forcing a failure. [ 2079.548427] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2079.548450] CPU: 0 PID: 10780 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 2079.548465] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2079.793603] Call Trace: [ 2079.794126] dump_stack+0x107/0x167 [ 2079.794824] should_fail.cold+0x5/0xa [ 2079.795563] __alloc_pages_nodemask+0x182/0x600 [ 2079.796466] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2079.797634] ? lock_downgrade+0x6d0/0x6d0 [ 2079.798436] ? lock_acquire+0x197/0x470 [ 2079.799210] alloc_pages_vma+0xbb/0x410 [ 2079.799974] shmem_alloc_page+0x10f/0x1e0 [ 2079.800765] ? shmem_init_inode+0x20/0x20 [ 2079.801575] ? percpu_counter_add_batch+0x8b/0x140 [ 2079.802515] ? __vm_enough_memory+0x184/0x360 [ 2079.803379] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2079.804414] ? shmem_unuse_inode+0xf60/0xf60 [ 2079.805272] shmem_file_read_iter+0x2a6/0xbb0 [ 2079.806143] ? shmem_get_link+0x440/0x440 [ 2079.806930] ? inode_has_perm+0x171/0x1d0 [ 2079.807725] ? iov_iter_pipe+0xf1/0x2a0 [ 2079.808492] generic_file_splice_read+0x455/0x6d0 [ 2079.809426] ? pipe_to_user+0x170/0x170 [ 2079.810210] ? fsnotify_perm.part.0+0x22d/0x620 [ 2079.811102] ? security_file_permission+0xb1/0xe0 [ 2079.812020] ? pipe_to_user+0x170/0x170 [ 2079.812785] do_splice_to+0x10e/0x160 [ 2079.813516] splice_direct_to_actor+0x2fe/0x980 [ 2079.814409] ? pipe_to_sendpage+0x380/0x380 [ 2079.815236] ? do_splice_to+0x160/0x160 [ 2079.815991] ? security_file_permission+0xb1/0xe0 [ 2079.816922] do_splice_direct+0x1c4/0x290 [ 2079.817713] ? splice_direct_to_actor+0x980/0x980 [ 2079.818640] ? security_file_permission+0xb1/0xe0 [ 2079.819567] vfs_copy_file_range+0x4f8/0x13c0 [ 2079.820426] ? generic_file_rw_checks+0x240/0x240 [ 2079.821358] __do_sys_copy_file_range+0x193/0x420 [ 2079.822266] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2079.823161] ? ksys_write+0x1a9/0x260 [ 2079.823880] ? __ia32_sys_read+0xb0/0xb0 [ 2079.824653] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2079.825639] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2079.826618] do_syscall_64+0x33/0x40 [ 2079.827318] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2079.828283] RIP: 0033:0x7ff72d878b19 [ 2079.828992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2079.832464] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2079.833905] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 2079.835249] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2079.836600] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 2079.837946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2079.839293] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 2079.840688] CPU: 1 PID: 10776 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2079.842210] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2079.843967] Call Trace: [ 2079.844550] dump_stack+0x107/0x167 [ 2079.845322] should_fail.cold+0x5/0xa [ 2079.846126] ? create_object.isra.0+0x3a/0xa30 [ 2079.847084] should_failslab+0x5/0x20 [ 2079.847894] kmem_cache_alloc+0x5b/0x310 [ 2079.848771] create_object.isra.0+0x3a/0xa30 [ 2079.849698] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2079.850780] kmem_cache_alloc+0x159/0x310 [ 2079.851673] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2079.852861] idr_get_free+0x4b5/0x8f0 [ 2079.853687] idr_alloc_u32+0x170/0x2d0 [ 2079.854511] ? __fprop_inc_percpu_max+0x130/0x130 [ 2079.855528] ? lock_acquire+0x197/0x470 [ 2079.856362] ? __kernfs_new_node+0xff/0x860 [ 2079.857467] idr_alloc_cyclic+0x102/0x230 [ 2079.857488] ? idr_alloc+0x130/0x130 [ 2079.857503] ? rwlock_bug.part.0+0x90/0x90 [ 2079.857533] __kernfs_new_node+0x117/0x860 [ 2079.857555] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2079.857577] ? cpumask_next+0x1f/0x30 [ 2079.857599] ? kmemleak_alloc_percpu+0xaf/0x100 [ 2079.857624] ? pcpu_alloc+0x12a/0x1240 [ 2079.857651] kernfs_new_node+0x18d/0x250 [ 2079.857676] kernfs_create_dir_ns+0x49/0x160 [ 2079.857697] cgroup_mkdir+0x315/0xf50 [ 2079.857723] ? cgroup_destroy_locked+0x710/0x710 [ 2079.857743] kernfs_iop_mkdir+0x14d/0x1e0 [ 2079.857764] vfs_mkdir+0x493/0x750 [ 2079.857787] do_mkdirat+0x150/0x2b0 [ 2079.857808] ? user_path_create+0xf0/0xf0 [ 2079.857832] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2079.857851] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2079.857874] do_syscall_64+0x33/0x40 [ 2079.857893] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2079.857905] RIP: 0033:0x7f374cab7b19 [ 2079.857926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2079.857936] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2079.857957] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2079.857968] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2079.857978] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2079.857988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2079.857998] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 [ 2079.875699] FAULT_INJECTION: forcing a failure. [ 2079.875699] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2079.875718] CPU: 0 PID: 10781 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2079.875726] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2079.875731] Call Trace: [ 2079.875752] dump_stack+0x107/0x167 [ 2079.875771] should_fail.cold+0x5/0xa [ 2079.875799] __alloc_pages_nodemask+0x182/0x600 [ 2079.875826] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2079.875854] ? lock_downgrade+0x6d0/0x6d0 [ 2079.875873] ? lock_acquire+0x197/0x470 [ 2079.875907] alloc_pages_vma+0xbb/0x410 [ 2079.875934] shmem_alloc_page+0x10f/0x1e0 [ 2079.875955] ? shmem_init_inode+0x20/0x20 [ 2079.876007] ? percpu_counter_add_batch+0x8b/0x140 [ 2079.876034] ? __vm_enough_memory+0x184/0x360 [ 2079.876062] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2079.876108] ? shmem_unuse_inode+0xf60/0xf60 [ 2079.876143] shmem_file_read_iter+0x2a6/0xbb0 [ 2079.876176] ? shmem_get_link+0x440/0x440 [ 2079.876196] ? inode_has_perm+0x171/0x1d0 [ 2079.876218] ? iov_iter_pipe+0xf1/0x2a0 [ 2079.876247] generic_file_splice_read+0x455/0x6d0 [ 2079.876269] ? pipe_to_user+0x170/0x170 [ 2079.876295] ? fsnotify_perm.part.0+0x22d/0x620 [ 2079.876319] ? security_file_permission+0xb1/0xe0 [ 2079.876342] ? pipe_to_user+0x170/0x170 [ 2079.876363] do_splice_to+0x10e/0x160 [ 2079.876385] splice_direct_to_actor+0x2fe/0x980 [ 2079.876414] ? pipe_to_sendpage+0x380/0x380 [ 2079.876437] ? do_splice_to+0x160/0x160 [ 2079.876455] ? security_file_permission+0xb1/0xe0 [ 2079.876481] do_splice_direct+0x1c4/0x290 [ 2079.876514] ? splice_direct_to_actor+0x980/0x980 [ 2079.876537] ? security_file_permission+0xb1/0xe0 [ 2079.876563] vfs_copy_file_range+0x4f8/0x13c0 [ 2079.876589] ? generic_file_rw_checks+0x240/0x240 [ 2079.876629] __do_sys_copy_file_range+0x193/0x420 [ 2079.876648] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2079.876664] ? ksys_write+0x1a9/0x260 [ 2079.876683] ? __ia32_sys_read+0xb0/0xb0 [ 2079.876709] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2079.876729] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2079.876753] do_syscall_64+0x33/0x40 [ 2079.876771] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2079.876784] RIP: 0033:0x7fce96a5bb19 [ 2079.876806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2079.876816] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2079.876837] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 2079.876849] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2079.876860] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 2079.876869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2079.876879] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 10:36:44 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:36:44 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 7) 10:36:44 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 39) 10:36:44 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:36:44 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 3) 10:36:44 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 45) 10:36:44 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 20) 10:36:44 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 15) [ 2094.614278] FAULT_INJECTION: forcing a failure. [ 2094.614278] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2094.617036] CPU: 1 PID: 10803 Comm: syz-executor.1 Not tainted 5.10.244 #1 [ 2094.618510] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2094.620255] Call Trace: [ 2094.620824] dump_stack+0x107/0x167 [ 2094.621605] should_fail.cold+0x5/0xa [ 2094.622419] strncpy_from_user+0x34/0x470 [ 2094.623301] getname_flags.part.0+0x95/0x4f0 [ 2094.624233] getname_flags+0x9a/0xe0 [ 2094.625049] do_mkdirat+0x8f/0x2b0 [ 2094.625804] ? user_path_create+0xf0/0xf0 [ 2094.626679] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2094.627791] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2094.628891] do_syscall_64+0x33/0x40 [ 2094.629681] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2094.630582] FAULT_INJECTION: forcing a failure. [ 2094.630582] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2094.630775] RIP: 0033:0x7f147b4f2b19 [ 2094.630802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2094.637903] RSP: 002b:00007f1478a68188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2094.639498] RAX: ffffffffffffffda RBX: 00007f147b605f60 RCX: 00007f147b4f2b19 [ 2094.641045] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2094.642559] RBP: 00007f1478a681d0 R08: 0000000000000000 R09: 0000000000000000 [ 2094.644079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2094.645614] R13: 00007ffe8036c95f R14: 00007f1478a68300 R15: 0000000000022000 [ 2094.647170] CPU: 0 PID: 10808 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2094.648634] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2094.649517] FAULT_INJECTION: forcing a failure. [ 2094.649517] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2094.650398] Call Trace: [ 2094.650425] dump_stack+0x107/0x167 [ 2094.650446] should_fail.cold+0x5/0xa [ 2094.650471] __alloc_pages_nodemask+0x182/0x600 [ 2094.650495] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2094.650513] ? lock_downgrade+0x6d0/0x6d0 [ 2094.650530] ? lock_acquire+0x197/0x470 [ 2094.650566] alloc_pages_vma+0xbb/0x410 [ 2094.650592] shmem_alloc_page+0x10f/0x1e0 [ 2094.650618] ? shmem_init_inode+0x20/0x20 [ 2094.661508] ? percpu_counter_add_batch+0x8b/0x140 [ 2094.662537] ? __vm_enough_memory+0x184/0x360 [ 2094.663481] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2094.664604] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2094.665672] ? shmem_unuse_inode+0xf60/0xf60 [ 2094.666625] ? avc_has_perm+0xc5/0x1b0 [ 2094.667451] shmem_file_read_iter+0x2a6/0xbb0 [ 2094.668396] ? kfree+0xd7/0x340 [ 2094.669112] ? shmem_get_link+0x440/0x440 [ 2094.669986] ? inode_has_perm+0x171/0x1d0 [ 2094.670824] ? iov_iter_pipe+0xf1/0x2a0 [ 2094.671650] generic_file_splice_read+0x455/0x6d0 [ 2094.672671] ? pipe_to_user+0x170/0x170 [ 2094.673520] ? fsnotify_perm.part.0+0x22d/0x620 [ 2094.674510] ? security_file_permission+0xb1/0xe0 [ 2094.675539] ? pipe_to_user+0x170/0x170 [ 2094.676379] do_splice_to+0x10e/0x160 [ 2094.677202] splice_direct_to_actor+0x2fe/0x980 [ 2094.678202] ? pipe_to_sendpage+0x380/0x380 [ 2094.679119] ? do_splice_to+0x160/0x160 [ 2094.679944] ? security_file_permission+0xb1/0xe0 [ 2094.680968] do_splice_direct+0x1c4/0x290 [ 2094.681855] ? splice_direct_to_actor+0x980/0x980 [ 2094.682878] ? security_file_permission+0xb1/0xe0 [ 2094.683893] vfs_copy_file_range+0x4f8/0x13c0 [ 2094.684841] ? generic_file_rw_checks+0x240/0x240 [ 2094.685860] __do_sys_copy_file_range+0x193/0x420 [ 2094.686860] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2094.687836] ? ksys_write+0x1a9/0x260 [ 2094.688629] ? __ia32_sys_read+0xb0/0xb0 [ 2094.689478] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2094.690562] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2094.691653] do_syscall_64+0x33/0x40 [ 2094.692441] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2094.693506] RIP: 0033:0x7f134c613b19 [ 2094.694279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2094.698136] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2094.699749] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2094.701243] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2094.702714] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2094.704190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2094.705674] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 2094.707200] CPU: 1 PID: 10802 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2094.708717] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2094.710502] Call Trace: [ 2094.711072] dump_stack+0x107/0x167 [ 2094.711844] should_fail.cold+0x5/0xa [ 2094.712660] __alloc_pages_nodemask+0x182/0x600 [ 2094.713503] FAULT_INJECTION: forcing a failure. [ 2094.713503] name failslab, interval 1, probability 0, space 0, times 0 [ 2094.713662] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2094.717236] ? lock_downgrade+0x6d0/0x6d0 [ 2094.718097] ? lock_acquire+0x197/0x470 [ 2094.719082] alloc_pages_vma+0xbb/0x410 [ 2094.719934] shmem_alloc_page+0x10f/0x1e0 [ 2094.720826] ? shmem_init_inode+0x20/0x20 [ 2094.721739] ? percpu_counter_add_batch+0x8b/0x140 [ 2094.722784] ? __vm_enough_memory+0x184/0x360 [ 2094.723752] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2094.724897] ? shmem_unuse_inode+0xf60/0xf60 [ 2094.725821] shmem_file_read_iter+0x2a6/0xbb0 [ 2094.726770] ? shmem_get_link+0x440/0x440 [ 2094.727648] ? inode_has_perm+0x171/0x1d0 [ 2094.728519] ? iov_iter_pipe+0xf1/0x2a0 [ 2094.729383] generic_file_splice_read+0x455/0x6d0 [ 2094.730391] ? pipe_to_user+0x170/0x170 [ 2094.731230] ? fsnotify_perm.part.0+0x22d/0x620 [ 2094.732204] ? security_file_permission+0xb1/0xe0 [ 2094.733256] ? pipe_to_user+0x170/0x170 [ 2094.734093] do_splice_to+0x10e/0x160 [ 2094.734901] splice_direct_to_actor+0x2fe/0x980 [ 2094.735873] ? pipe_to_sendpage+0x380/0x380 [ 2094.736786] ? do_splice_to+0x160/0x160 [ 2094.737610] ? security_file_permission+0xb1/0xe0 [ 2094.738631] do_splice_direct+0x1c4/0x290 [ 2094.739507] ? splice_direct_to_actor+0x980/0x980 [ 2094.740515] ? security_file_permission+0xb1/0xe0 [ 2094.741542] vfs_copy_file_range+0x4f8/0x13c0 [ 2094.742481] ? generic_file_rw_checks+0x240/0x240 [ 2094.743501] __do_sys_copy_file_range+0x193/0x420 [ 2094.744521] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2094.745516] ? ksys_write+0x1a9/0x260 [ 2094.746306] ? __ia32_sys_read+0xb0/0xb0 [ 2094.747160] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2094.748255] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2094.749351] do_syscall_64+0x33/0x40 [ 2094.750140] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2094.751223] RIP: 0033:0x7fce96a5bb19 [ 2094.751997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2094.755785] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2094.757410] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 2094.758898] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2094.760379] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 2094.762340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2094.764129] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 [ 2094.765975] CPU: 0 PID: 10805 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2094.767417] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2094.769181] Call Trace: [ 2094.769728] dump_stack+0x107/0x167 [ 2094.770496] should_fail.cold+0x5/0xa [ 2094.771303] should_failslab+0x5/0x20 [ 2094.772108] __kmalloc_track_caller+0x79/0x370 [ 2094.773066] ? security_context_to_sid_core+0xb4/0x890 [ 2094.774155] kmemdup_nul+0x2d/0xa0 [ 2094.774884] security_context_to_sid_core+0xb4/0x890 [ 2094.775949] ? security_compute_sid.part.0+0x16e0/0x16e0 [ 2094.777236] ? do_raw_spin_lock+0x121/0x260 [ 2094.778126] ? rwlock_bug.part.0+0x90/0x90 [ 2094.778998] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2094.779998] ? do_raw_spin_unlock+0x4f/0x220 [ 2094.780916] ? _raw_spin_unlock+0x1a/0x30 [ 2094.781777] security_context_to_sid+0x35/0x50 [ 2094.782732] selinux_kernfs_init_security+0x19d/0x4c0 [ 2094.783807] ? selinux_file_mprotect+0x610/0x610 [ 2094.784787] ? find_held_lock+0x2c/0x110 [ 2094.785636] ? __kernfs_new_node+0x2ad/0x860 [ 2094.786564] ? lock_downgrade+0x6d0/0x6d0 [ 2094.787430] ? rwlock_bug.part.0+0x90/0x90 [ 2094.788314] security_kernfs_init_security+0x4e/0xb0 [ 2094.789494] __kernfs_new_node+0x531/0x860 [ 2094.790372] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2094.791364] ? cpumask_next+0x1f/0x30 [ 2094.792163] ? kmemleak_alloc_percpu+0xaf/0x100 [ 2094.793141] ? pcpu_alloc+0x12a/0x1240 [ 2094.793967] kernfs_new_node+0x18d/0x250 [ 2094.794829] kernfs_create_dir_ns+0x49/0x160 [ 2094.795758] cgroup_mkdir+0x315/0xf50 [ 2094.796562] ? cgroup_destroy_locked+0x710/0x710 [ 2094.797575] kernfs_iop_mkdir+0x14d/0x1e0 [ 2094.798531] vfs_mkdir+0x493/0x750 [ 2094.799380] do_mkdirat+0x150/0x2b0 [ 2094.800355] ? user_path_create+0xf0/0xf0 [ 2094.801234] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2094.802333] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2094.803407] do_syscall_64+0x33/0x40 [ 2094.804180] entry_SYSCALL_64_after_hwframe+0x67/0xd1 10:36:44 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 4) [ 2094.805266] RIP: 0033:0x7f374cab7b19 [ 2094.806151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2094.809982] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2094.811582] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2094.813068] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2094.814553] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2094.816036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2094.817543] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 [ 2094.823694] FAULT_INJECTION: forcing a failure. [ 2094.823694] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2094.826564] CPU: 0 PID: 10807 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 2094.828002] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2094.829759] Call Trace: [ 2094.830312] dump_stack+0x107/0x167 [ 2094.831073] should_fail.cold+0x5/0xa [ 2094.831880] __alloc_pages_nodemask+0x182/0x600 [ 2094.832898] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2094.834192] ? lock_downgrade+0x6d0/0x6d0 [ 2094.835064] ? lock_acquire+0x197/0x470 [ 2094.835903] alloc_pages_vma+0xbb/0x410 [ 2094.836763] shmem_alloc_page+0x10f/0x1e0 [ 2094.837632] ? shmem_init_inode+0x20/0x20 [ 2094.838517] ? percpu_counter_add_batch+0x8b/0x140 [ 2094.839548] ? __vm_enough_memory+0x184/0x360 [ 2094.840497] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2094.841633] ? shmem_unuse_inode+0xf60/0xf60 [ 2094.842595] shmem_file_read_iter+0x2a6/0xbb0 [ 2094.843578] ? shmem_get_link+0x440/0x440 [ 2094.844465] ? inode_has_perm+0x171/0x1d0 [ 2094.845356] ? iov_iter_pipe+0xf1/0x2a0 [ 2094.846218] generic_file_splice_read+0x455/0x6d0 [ 2094.847282] ? pipe_to_user+0x170/0x170 [ 2094.848139] ? fsnotify_perm.part.0+0x22d/0x620 [ 2094.849117] ? security_file_permission+0xb1/0xe0 [ 2094.850149] ? pipe_to_user+0x170/0x170 [ 2094.850970] do_splice_to+0x10e/0x160 [ 2094.851797] splice_direct_to_actor+0x2fe/0x980 [ 2094.852790] ? pipe_to_sendpage+0x380/0x380 [ 2094.853686] ? do_splice_to+0x160/0x160 [ 2094.854514] ? security_file_permission+0xb1/0xe0 [ 2094.855556] do_splice_direct+0x1c4/0x290 [ 2094.856441] ? splice_direct_to_actor+0x980/0x980 [ 2094.857501] ? security_file_permission+0xb1/0xe0 [ 2094.858533] vfs_copy_file_range+0x4f8/0x13c0 [ 2094.859501] ? generic_file_rw_checks+0x240/0x240 [ 2094.860550] __do_sys_copy_file_range+0x193/0x420 [ 2094.861607] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2094.862627] ? ksys_write+0x1a9/0x260 [ 2094.863449] ? __ia32_sys_read+0xb0/0xb0 [ 2094.864319] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2094.865447] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2094.866531] do_syscall_64+0x33/0x40 [ 2094.867330] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2094.868434] RIP: 0033:0x7ff72d878b19 10:36:44 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 16) [ 2094.869246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2094.873259] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2094.874864] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 2094.876380] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2094.877911] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 2094.879429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2094.880927] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 2094.953318] FAULT_INJECTION: forcing a failure. [ 2094.953318] name failslab, interval 1, probability 0, space 0, times 0 [ 2094.956350] CPU: 1 PID: 10814 Comm: syz-executor.1 Not tainted 5.10.244 #1 [ 2094.957907] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2094.959695] Call Trace: [ 2094.960273] dump_stack+0x107/0x167 [ 2094.961082] should_fail.cold+0x5/0xa [ 2094.961913] ? __d_alloc+0x2a/0x990 [ 2094.962708] should_failslab+0x5/0x20 [ 2094.963533] kmem_cache_alloc+0x5b/0x310 [ 2094.964416] ? __d_lookup+0x3bf/0x760 [ 2094.965253] __d_alloc+0x2a/0x990 [ 2094.966008] d_alloc+0x46/0x1c0 [ 2094.966724] __lookup_hash+0xcc/0x190 [ 2094.967558] filename_create+0x186/0x4a0 [ 2094.968445] ? filename_parentat+0x570/0x570 [ 2094.969410] ? getname_flags.part.0+0x1dd/0x4f0 [ 2094.970423] do_mkdirat+0xa2/0x2b0 [ 2094.971177] ? user_path_create+0xf0/0xf0 [ 2094.972077] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2094.973230] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2094.974362] do_syscall_64+0x33/0x40 [ 2094.975153] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2094.976260] RIP: 0033:0x7f147b4f2b19 [ 2094.977104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2094.981104] RSP: 002b:00007f1478a47188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2094.982723] RAX: ffffffffffffffda RBX: 00007f147b606020 RCX: 00007f147b4f2b19 [ 2094.984252] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2094.985807] RBP: 00007f1478a471d0 R08: 0000000000000000 R09: 0000000000000000 [ 2094.987342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2094.988889] R13: 00007ffe8036c95f R14: 00007f1478a47300 R15: 0000000000022000 10:36:44 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2095.009814] FAULT_INJECTION: forcing a failure. [ 2095.009814] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2095.012628] CPU: 0 PID: 10818 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2095.014104] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2095.015852] Call Trace: [ 2095.016417] dump_stack+0x107/0x167 [ 2095.017196] should_fail.cold+0x5/0xa [ 2095.017999] __alloc_pages_nodemask+0x182/0x600 [ 2095.018984] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2095.020246] ? lock_downgrade+0x6d0/0x6d0 [ 2095.021122] ? lock_acquire+0x197/0x470 [ 2095.021972] alloc_pages_vma+0xbb/0x410 [ 2095.022808] shmem_alloc_page+0x10f/0x1e0 [ 2095.023677] ? shmem_init_inode+0x20/0x20 [ 2095.024576] ? percpu_counter_add_batch+0x8b/0x140 [ 2095.025618] ? __vm_enough_memory+0x184/0x360 [ 2095.026560] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2095.027697] ? shmem_unuse_inode+0xf60/0xf60 [ 2095.028632] shmem_file_read_iter+0x2a6/0xbb0 [ 2095.029596] ? shmem_get_link+0x440/0x440 [ 2095.030475] ? inode_has_perm+0x171/0x1d0 [ 2095.031357] ? iov_iter_pipe+0xf1/0x2a0 [ 2095.032205] generic_file_splice_read+0x455/0x6d0 [ 2095.033219] ? pipe_to_user+0x170/0x170 [ 2095.034061] ? fsnotify_perm.part.0+0x22d/0x620 [ 2095.035051] ? security_file_permission+0xb1/0xe0 [ 2095.036071] ? pipe_to_user+0x170/0x170 [ 2095.036920] do_splice_to+0x10e/0x160 [ 2095.037720] splice_direct_to_actor+0x2fe/0x980 [ 2095.038718] ? pipe_to_sendpage+0x380/0x380 [ 2095.039634] ? do_splice_to+0x160/0x160 [ 2095.040474] ? security_file_permission+0xb1/0xe0 [ 2095.041509] do_splice_direct+0x1c4/0x290 [ 2095.042386] ? splice_direct_to_actor+0x980/0x980 [ 2095.043403] ? security_file_permission+0xb1/0xe0 [ 2095.044666] vfs_copy_file_range+0x4f8/0x13c0 [ 2095.045842] ? generic_file_rw_checks+0x240/0x240 [ 2095.046974] __do_sys_copy_file_range+0x193/0x420 [ 2095.047983] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2095.048992] ? ksys_write+0x1a9/0x260 [ 2095.049819] ? __ia32_sys_read+0xb0/0xb0 [ 2095.050716] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2095.051854] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2095.052941] do_syscall_64+0x33/0x40 [ 2095.053765] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2095.053787] RIP: 0033:0x7fce96a5bb19 [ 2095.055727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2095.059679] RSP: 002b:00007fce93fb0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2095.061284] RAX: ffffffffffffffda RBX: 00007fce96b6f020 RCX: 00007fce96a5bb19 [ 2095.062804] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2095.064303] RBP: 00007fce93fb01d0 R08: 0000000300000000 R09: 0000000000000000 [ 2095.065822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2095.067337] R13: 00007ffdd8c2850f R14: 00007fce93fb0300 R15: 0000000000022000 10:36:44 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 40) 10:36:44 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 46) [ 2095.116823] FAULT_INJECTION: forcing a failure. [ 2095.116823] name failslab, interval 1, probability 0, space 0, times 0 [ 2095.119591] CPU: 1 PID: 10812 Comm: syz-executor.3 Not tainted 5.10.244 #1 [ 2095.121074] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2095.122825] Call Trace: [ 2095.123387] dump_stack+0x107/0x167 [ 2095.124160] should_fail.cold+0x5/0xa [ 2095.125043] ? cgroup_mkdir+0x251/0xf50 [ 2095.126112] should_failslab+0x5/0x20 [ 2095.127128] __kmalloc+0x72/0x390 [ 2095.127934] cgroup_mkdir+0x251/0xf50 [ 2095.128801] ? cgroup_destroy_locked+0x710/0x710 [ 2095.129853] kernfs_iop_mkdir+0x14d/0x1e0 [ 2095.130760] vfs_mkdir+0x493/0x750 [ 2095.131548] do_mkdirat+0x150/0x2b0 [ 2095.132345] ? user_path_create+0xf0/0xf0 [ 2095.133269] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2095.134405] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2095.135516] do_syscall_64+0x33/0x40 [ 2095.136330] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2095.137489] RIP: 0033:0x7f4ab16a0b19 [ 2095.138277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2095.142144] RSP: 002b:00007f4aaebf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2095.143745] RAX: ffffffffffffffda RBX: 00007f4ab17b4020 RCX: 00007f4ab16a0b19 [ 2095.145269] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000007 [ 2095.146815] RBP: 00007f4aaebf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2095.148375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2095.149916] R13: 00007ffcbd46ad9f R14: 00007f4aaebf5300 R15: 0000000000022000 10:36:44 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2095.205852] FAULT_INJECTION: forcing a failure. [ 2095.205852] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2095.209562] CPU: 1 PID: 10822 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 2095.211452] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2095.213718] Call Trace: [ 2095.214450] dump_stack+0x107/0x167 [ 2095.215469] should_fail.cold+0x5/0xa [ 2095.216534] __alloc_pages_nodemask+0x182/0x600 [ 2095.217846] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2095.219505] ? lock_downgrade+0x6d0/0x6d0 [ 2095.220653] ? lock_acquire+0x197/0x470 [ 2095.221804] alloc_pages_vma+0xbb/0x410 [ 2095.222890] shmem_alloc_page+0x10f/0x1e0 [ 2095.224036] ? shmem_init_inode+0x20/0x20 [ 2095.225223] ? percpu_counter_add_batch+0x8b/0x140 [ 2095.226594] ? __vm_enough_memory+0x184/0x360 [ 2095.227811] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2095.229361] ? shmem_unuse_inode+0xf60/0xf60 [ 2095.230508] shmem_file_read_iter+0x2a6/0xbb0 [ 2095.231658] ? shmem_get_link+0x440/0x440 [ 2095.232689] ? inode_has_perm+0x171/0x1d0 [ 2095.233675] ? iov_iter_pipe+0xf1/0x2a0 [ 2095.234525] generic_file_splice_read+0x455/0x6d0 [ 2095.235531] ? pipe_to_user+0x170/0x170 [ 2095.236377] ? fsnotify_perm.part.0+0x22d/0x620 [ 2095.237368] ? security_file_permission+0xb1/0xe0 [ 2095.238379] ? pipe_to_user+0x170/0x170 [ 2095.239217] do_splice_to+0x10e/0x160 [ 2095.240024] splice_direct_to_actor+0x2fe/0x980 [ 2095.241031] ? pipe_to_sendpage+0x380/0x380 [ 2095.241955] ? do_splice_to+0x160/0x160 [ 2095.242795] ? security_file_permission+0xb1/0xe0 [ 2095.243827] do_splice_direct+0x1c4/0x290 [ 2095.244719] ? splice_direct_to_actor+0x980/0x980 [ 2095.245742] ? security_file_permission+0xb1/0xe0 [ 2095.246765] vfs_copy_file_range+0x4f8/0x13c0 [ 2095.247716] ? generic_file_rw_checks+0x240/0x240 [ 2095.248769] __do_sys_copy_file_range+0x193/0x420 [ 2095.249786] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2095.250781] ? ksys_write+0x1a9/0x260 [ 2095.251591] ? __ia32_sys_read+0xb0/0xb0 [ 2095.252457] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2095.253607] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2095.253629] do_syscall_64+0x33/0x40 10:36:44 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 21) [ 2095.253648] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2095.253659] RIP: 0033:0x7ff72d878b19 [ 2095.253676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2095.253686] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2095.253705] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 2095.253715] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2095.253726] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 2095.253736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2095.253746] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 2095.280374] FAULT_INJECTION: forcing a failure. [ 2095.280374] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2095.280400] CPU: 0 PID: 10824 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2095.280414] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2095.280421] Call Trace: [ 2095.280452] dump_stack+0x107/0x167 [ 2095.280479] should_fail.cold+0x5/0xa [ 2095.280512] __alloc_pages_nodemask+0x182/0x600 [ 2095.280543] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2095.280566] ? lock_downgrade+0x6d0/0x6d0 [ 2095.280589] ? lock_acquire+0x197/0x470 [ 2095.280635] alloc_pages_vma+0xbb/0x410 [ 2095.280669] shmem_alloc_page+0x10f/0x1e0 [ 2095.280693] ? shmem_init_inode+0x20/0x20 [ 2095.280761] ? percpu_counter_add_batch+0x8b/0x140 [ 2095.280791] ? __vm_enough_memory+0x184/0x360 [ 2095.280823] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2095.280878] ? shmem_unuse_inode+0xf60/0xf60 [ 2095.280919] shmem_file_read_iter+0x2a6/0xbb0 [ 2095.280966] ? shmem_get_link+0x440/0x440 [ 2095.280988] ? inode_has_perm+0x171/0x1d0 [ 2095.281017] ? iov_iter_pipe+0xf1/0x2a0 [ 2095.281052] generic_file_splice_read+0x455/0x6d0 [ 2095.281079] ? pipe_to_user+0x170/0x170 [ 2095.281115] ? fsnotify_perm.part.0+0x22d/0x620 [ 2095.281144] ? security_file_permission+0xb1/0xe0 [ 2095.281172] ? pipe_to_user+0x170/0x170 [ 2095.281198] do_splice_to+0x10e/0x160 [ 2095.281227] splice_direct_to_actor+0x2fe/0x980 [ 2095.281258] ? pipe_to_sendpage+0x380/0x380 [ 2095.281288] ? do_splice_to+0x160/0x160 [ 2095.281311] ? security_file_permission+0xb1/0xe0 [ 2095.281346] do_splice_direct+0x1c4/0x290 [ 2095.281372] ? splice_direct_to_actor+0x980/0x980 [ 2095.281404] ? security_file_permission+0xb1/0xe0 [ 2095.281441] vfs_copy_file_range+0x4f8/0x13c0 [ 2095.281474] ? generic_file_rw_checks+0x240/0x240 [ 2095.281530] __do_sys_copy_file_range+0x193/0x420 [ 2095.281558] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2095.281581] ? ksys_write+0x1a9/0x260 [ 2095.281605] ? __ia32_sys_read+0xb0/0xb0 [ 2095.281636] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2095.281663] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2095.281692] do_syscall_64+0x33/0x40 [ 2095.281717] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2095.281732] RIP: 0033:0x7f134c613b19 [ 2095.281758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2095.281772] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2095.281797] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2095.281812] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2095.281827] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2095.281841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2095.281856] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 2095.334802] FAULT_INJECTION: forcing a failure. [ 2095.334802] name failslab, interval 1, probability 0, space 0, times 0 [ 2095.334824] CPU: 1 PID: 10829 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2095.334842] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2095.334848] Call Trace: [ 2095.334874] dump_stack+0x107/0x167 [ 2095.334895] should_fail.cold+0x5/0xa [ 2095.334916] ? create_object.isra.0+0x3a/0xa30 [ 2095.334934] should_failslab+0x5/0x20 [ 2095.334953] kmem_cache_alloc+0x5b/0x310 [ 2095.334978] create_object.isra.0+0x3a/0xa30 [ 2095.334993] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2095.335019] __kmalloc_track_caller+0x177/0x370 [ 2095.335037] ? security_context_to_sid_core+0xb4/0x890 [ 2095.335061] kmemdup_nul+0x2d/0xa0 [ 2095.335081] security_context_to_sid_core+0xb4/0x890 [ 2095.335106] ? security_compute_sid.part.0+0x16e0/0x16e0 [ 2095.335123] ? do_raw_spin_lock+0x121/0x260 [ 2095.335140] ? rwlock_bug.part.0+0x90/0x90 [ 2095.335156] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2095.335182] ? do_raw_spin_unlock+0x4f/0x220 [ 2095.335206] ? _raw_spin_unlock+0x1a/0x30 [ 2095.418532] security_context_to_sid+0x35/0x50 [ 2095.419522] selinux_kernfs_init_security+0x19d/0x4c0 [ 2095.420626] ? selinux_file_mprotect+0x610/0x610 [ 2095.421656] ? find_held_lock+0x2c/0x110 [ 2095.422520] ? __kernfs_new_node+0x2ad/0x860 [ 2095.423446] ? lock_downgrade+0x6d0/0x6d0 [ 2095.424314] ? rwlock_bug.part.0+0x90/0x90 [ 2095.425260] security_kernfs_init_security+0x4e/0xb0 [ 2095.426343] __kernfs_new_node+0x531/0x860 [ 2095.427258] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2095.428262] ? cpumask_next+0x1f/0x30 [ 2095.429212] ? kmemleak_alloc_percpu+0xaf/0x100 [ 2095.430187] ? pcpu_alloc+0x12a/0x1240 [ 2095.431020] kernfs_new_node+0x18d/0x250 [ 2095.431879] kernfs_create_dir_ns+0x49/0x160 [ 2095.432803] cgroup_mkdir+0x315/0xf50 [ 2095.433611] ? cgroup_destroy_locked+0x710/0x710 [ 2095.434600] kernfs_iop_mkdir+0x14d/0x1e0 [ 2095.435468] vfs_mkdir+0x493/0x750 [ 2095.436215] do_mkdirat+0x150/0x2b0 [ 2095.436988] ? user_path_create+0xf0/0xf0 [ 2095.437877] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2095.438949] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2095.440052] do_syscall_64+0x33/0x40 [ 2095.440854] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2095.441929] RIP: 0033:0x7f374cab7b19 [ 2095.442722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2095.446564] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2095.448156] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2095.449667] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2095.451171] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2095.452651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2095.454158] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 10:37:00 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:37:00 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 22) 10:37:00 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 17) [ 2110.863195] FAULT_INJECTION: forcing a failure. 10:37:00 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 41) 10:37:00 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 5) 10:37:00 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 8) 10:37:00 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:37:00 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 47) [ 2110.863195] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2110.867238] CPU: 1 PID: 10837 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2110.868485] FAULT_INJECTION: forcing a failure. [ 2110.868485] name failslab, interval 1, probability 0, space 0, times 0 [ 2110.869001] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2110.869010] Call Trace: [ 2110.869040] dump_stack+0x107/0x167 [ 2110.869070] should_fail.cold+0x5/0xa [ 2110.875083] __alloc_pages_nodemask+0x182/0x600 [ 2110.876249] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2110.877752] ? lock_downgrade+0x6d0/0x6d0 [ 2110.878779] ? lock_acquire+0x197/0x470 [ 2110.879784] alloc_pages_vma+0xbb/0x410 [ 2110.880832] shmem_alloc_page+0x10f/0x1e0 [ 2110.881895] ? shmem_init_inode+0x20/0x20 [ 2110.882990] ? percpu_counter_add_batch+0x8b/0x140 [ 2110.884222] ? __vm_enough_memory+0x184/0x360 [ 2110.885383] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2110.886735] ? shmem_unuse_inode+0xf60/0xf60 [ 2110.887873] shmem_file_read_iter+0x2a6/0xbb0 [ 2110.889028] ? shmem_get_link+0x440/0x440 [ 2110.890085] ? inode_has_perm+0x171/0x1d0 [ 2110.891220] ? iov_iter_pipe+0xf1/0x2a0 [ 2110.892217] generic_file_splice_read+0x455/0x6d0 [ 2110.893422] ? pipe_to_user+0x170/0x170 [ 2110.894407] ? fsnotify_perm.part.0+0x22d/0x620 [ 2110.895564] ? security_file_permission+0xb1/0xe0 [ 2110.896751] ? pipe_to_user+0x170/0x170 [ 2110.897741] do_splice_to+0x10e/0x160 [ 2110.898693] splice_direct_to_actor+0x2fe/0x980 [ 2110.899851] ? pipe_to_sendpage+0x380/0x380 [ 2110.900918] ? do_splice_to+0x160/0x160 [ 2110.901898] ? security_file_permission+0xb1/0xe0 [ 2110.903112] do_splice_direct+0x1c4/0x290 [ 2110.904134] ? splice_direct_to_actor+0x980/0x980 [ 2110.905316] ? security_file_permission+0xb1/0xe0 [ 2110.906516] vfs_copy_file_range+0x4f8/0x13c0 [ 2110.907610] ? generic_file_rw_checks+0x240/0x240 [ 2110.908829] __do_sys_copy_file_range+0x193/0x420 [ 2110.910012] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2110.911179] ? ksys_write+0x1a9/0x260 [ 2110.912117] ? __ia32_sys_read+0xb0/0xb0 [ 2110.913137] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2110.914427] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2110.915700] do_syscall_64+0x33/0x40 [ 2110.916619] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2110.917890] RIP: 0033:0x7fce96a5bb19 [ 2110.918807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2110.923350] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2110.925233] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 2110.926998] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2110.928752] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 2110.930500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2110.932247] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 [ 2110.934025] CPU: 0 PID: 10835 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2110.935008] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2110.936121] Call Trace: [ 2110.936485] dump_stack+0x107/0x167 [ 2110.936991] should_fail.cold+0x5/0xa [ 2110.937521] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2110.938308] should_failslab+0x5/0x20 [ 2110.938815] kmem_cache_alloc+0x5b/0x310 [ 2110.939370] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2110.940130] idr_get_free+0x4b5/0x8f0 [ 2110.940660] idr_alloc_u32+0x170/0x2d0 [ 2110.941205] ? __fprop_inc_percpu_max+0x130/0x130 [ 2110.941860] ? lock_acquire+0x197/0x470 [ 2110.942375] ? __kernfs_new_node+0xff/0x860 [ 2110.942957] idr_alloc_cyclic+0x102/0x230 [ 2110.943517] ? idr_alloc+0x130/0x130 [ 2110.944008] ? rwlock_bug.part.0+0x90/0x90 [ 2110.944585] __kernfs_new_node+0x117/0x860 [ 2110.945164] ? mark_held_locks+0x9e/0xe0 [ 2110.945708] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2110.946350] ? cpumask_next+0x1f/0x30 [ 2110.946867] ? kmemleak_alloc_percpu+0xaf/0x100 [ 2110.947493] ? pcpu_alloc+0x12a/0x1240 [ 2110.948021] kernfs_new_node+0x18d/0x250 [ 2110.948572] kernfs_create_dir_ns+0x49/0x160 [ 2110.949172] cgroup_mkdir+0x315/0xf50 [ 2110.949685] ? cgroup_destroy_locked+0x710/0x710 [ 2110.950318] kernfs_iop_mkdir+0x14d/0x1e0 [ 2110.950878] vfs_mkdir+0x493/0x750 [ 2110.951358] do_mkdirat+0x150/0x2b0 [ 2110.951848] ? user_path_create+0xf0/0xf0 [ 2110.952403] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2110.953122] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2110.953811] do_syscall_64+0x33/0x40 [ 2110.954312] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2110.954994] RIP: 0033:0x7f374cab7b19 [ 2110.955493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2110.957940] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2110.958092] FAULT_INJECTION: forcing a failure. [ 2110.958092] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2110.958940] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2110.958948] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2110.958955] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2110.958962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2110.958969] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 [ 2110.972241] CPU: 1 PID: 10840 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 2110.974235] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2110.976533] Call Trace: [ 2110.977185] dump_stack+0x107/0x167 [ 2110.978065] should_fail.cold+0x5/0xa [ 2110.979005] __alloc_pages_nodemask+0x182/0x600 [ 2110.980373] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2110.982057] ? lock_downgrade+0x6d0/0x6d0 [ 2110.983116] ? lock_acquire+0x197/0x470 [ 2110.984266] alloc_pages_vma+0xbb/0x410 [ 2110.985458] shmem_alloc_page+0x10f/0x1e0 [ 2110.986677] ? shmem_init_inode+0x20/0x20 [ 2110.987954] ? percpu_counter_add_batch+0x8b/0x140 [ 2110.989337] ? __vm_enough_memory+0x184/0x360 [ 2110.990669] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2110.992492] ? shmem_unuse_inode+0xf60/0xf60 [ 2110.993853] shmem_file_read_iter+0x2a6/0xbb0 [ 2110.995069] ? shmem_get_link+0x440/0x440 [ 2110.996336] ? inode_has_perm+0x171/0x1d0 [ 2110.997631] ? iov_iter_pipe+0xf1/0x2a0 [ 2110.998887] generic_file_splice_read+0x455/0x6d0 [ 2111.000315] ? pipe_to_user+0x170/0x170 [ 2111.001504] ? fsnotify_perm.part.0+0x22d/0x620 [ 2111.002892] ? security_file_permission+0xb1/0xe0 [ 2111.004302] ? pipe_to_user+0x170/0x170 [ 2111.005472] do_splice_to+0x10e/0x160 [ 2111.006496] splice_direct_to_actor+0x2fe/0x980 [ 2111.007874] ? pipe_to_sendpage+0x380/0x380 [ 2111.009001] ? do_splice_to+0x160/0x160 [ 2111.009965] ? security_file_permission+0xb1/0xe0 [ 2111.011378] do_splice_direct+0x1c4/0x290 [ 2111.012463] ? splice_direct_to_actor+0x980/0x980 [ 2111.013763] ? security_file_permission+0xb1/0xe0 [ 2111.015097] vfs_copy_file_range+0x4f8/0x13c0 [ 2111.016196] ? generic_file_rw_checks+0x240/0x240 [ 2111.017398] __do_sys_copy_file_range+0x193/0x420 [ 2111.018570] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2111.019711] ? ksys_write+0x1a9/0x260 [ 2111.020641] ? __ia32_sys_read+0xb0/0xb0 [ 2111.021641] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2111.022929] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2111.024148] do_syscall_64+0x33/0x40 [ 2111.025052] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2111.026260] RIP: 0033:0x7ff72d878b19 [ 2111.027154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2111.031591] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2111.033425] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 2111.035126] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2111.036824] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 2111.038528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2111.040227] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 2111.062312] FAULT_INJECTION: forcing a failure. [ 2111.062312] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2111.062736] FAULT_INJECTION: forcing a failure. [ 2111.062736] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2111.065712] CPU: 1 PID: 10842 Comm: syz-executor.1 Not tainted 5.10.244 #1 [ 2111.068785] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2111.070703] Call Trace: [ 2111.071329] dump_stack+0x107/0x167 [ 2111.072169] should_fail.cold+0x5/0xa [ 2111.073055] _copy_from_user+0x2e/0x1b0 [ 2111.073966] kstrtouint_from_user+0xbd/0x220 [ 2111.074965] ? kstrtou8_from_user+0x210/0x210 [ 2111.075996] ? lock_acquire+0x197/0x470 [ 2111.076908] ? ksys_write+0x12d/0x260 [ 2111.077800] proc_fail_nth_write+0x78/0x220 [ 2111.078782] ? proc_task_getattr+0x1f0/0x1f0 [ 2111.079803] ? proc_task_getattr+0x1f0/0x1f0 [ 2111.080803] vfs_write+0x29a/0xb10 [ 2111.081628] ksys_write+0x12d/0x260 [ 2111.082473] ? __ia32_sys_read+0xb0/0xb0 [ 2111.083406] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2111.084613] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2111.085798] do_syscall_64+0x33/0x40 [ 2111.086651] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2111.087816] RIP: 0033:0x7f147b4a55ff [ 2111.088659] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 2111.092950] RSP: 002b:00007f1478a68170 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 2111.094771] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f147b4a55ff [ 2111.096480] RDX: 0000000000000001 RSI: 00007f1478a681e0 RDI: 0000000000000007 [ 2111.098181] RBP: 00007f1478a681d0 R08: 0000000000000000 R09: 0000000000000000 [ 2111.099876] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 2111.101577] R13: 00007ffe8036c95f R14: 00007f1478a68300 R15: 0000000000022000 [ 2111.103282] CPU: 0 PID: 10849 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2111.104210] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2111.105239] Call Trace: [ 2111.105570] dump_stack+0x107/0x167 [ 2111.106017] should_fail.cold+0x5/0xa [ 2111.106488] __alloc_pages_nodemask+0x182/0x600 [ 2111.107058] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2111.107788] ? lock_downgrade+0x6d0/0x6d0 [ 2111.108299] ? lock_acquire+0x197/0x470 [ 2111.108808] alloc_pages_vma+0xbb/0x410 [ 2111.109313] shmem_alloc_page+0x10f/0x1e0 [ 2111.109816] ? shmem_init_inode+0x20/0x20 [ 2111.110337] ? percpu_counter_add_batch+0x8b/0x140 [ 2111.110945] ? __vm_enough_memory+0x184/0x360 [ 2111.111494] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2111.112152] ? shmem_unuse_inode+0xf60/0xf60 10:37:00 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2111.112696] shmem_file_read_iter+0x2a6/0xbb0 [ 2111.113469] ? shmem_get_link+0x440/0x440 [ 2111.113991] ? inode_has_perm+0x171/0x1d0 [ 2111.114514] ? iov_iter_pipe+0xf1/0x2a0 [ 2111.115026] generic_file_splice_read+0x455/0x6d0 [ 2111.115633] ? pipe_to_user+0x170/0x170 [ 2111.116138] ? fsnotify_perm.part.0+0x22d/0x620 [ 2111.116723] ? security_file_permission+0xb1/0xe0 [ 2111.117344] ? pipe_to_user+0x170/0x170 [ 2111.117845] do_splice_to+0x10e/0x160 [ 2111.118329] splice_direct_to_actor+0x2fe/0x980 [ 2111.118920] ? pipe_to_sendpage+0x380/0x380 [ 2111.119466] ? do_splice_to+0x160/0x160 [ 2111.119966] ? security_file_permission+0xb1/0xe0 [ 2111.120577] do_splice_direct+0x1c4/0x290 [ 2111.121111] ? splice_direct_to_actor+0x980/0x980 [ 2111.121713] ? security_file_permission+0xb1/0xe0 [ 2111.122322] vfs_copy_file_range+0x4f8/0x13c0 [ 2111.122881] ? generic_file_rw_checks+0x240/0x240 [ 2111.123495] __do_sys_copy_file_range+0x193/0x420 [ 2111.124099] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2111.124696] ? ksys_write+0x1a9/0x260 [ 2111.125178] ? __ia32_sys_read+0xb0/0xb0 [ 2111.125683] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2111.126340] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2111.126979] do_syscall_64+0x33/0x40 [ 2111.127450] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2111.128088] RIP: 0033:0x7f134c613b19 [ 2111.128558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2111.130842] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2111.131790] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2111.132686] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2111.133576] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2111.134462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2111.135346] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 2111.147557] FAULT_INJECTION: forcing a failure. [ 2111.147557] name failslab, interval 1, probability 0, space 0, times 0 [ 2111.149220] CPU: 0 PID: 10847 Comm: syz-executor.3 Not tainted 5.10.244 #1 [ 2111.150072] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2111.151110] Call Trace: [ 2111.151451] dump_stack+0x107/0x167 [ 2111.151914] should_fail.cold+0x5/0xa [ 2111.152405] ? create_object.isra.0+0x3a/0xa30 [ 2111.152990] should_failslab+0x5/0x20 [ 2111.153476] kmem_cache_alloc+0x5b/0x310 [ 2111.154004] create_object.isra.0+0x3a/0xa30 [ 2111.154565] kmemleak_alloc_percpu+0xa0/0x100 [ 2111.155139] pcpu_alloc+0x4e2/0x1240 [ 2111.155626] ? cset_cgroup_from_root+0x220/0x220 [ 2111.156235] percpu_ref_init+0x31/0x3d0 [ 2111.156739] cgroup_mkdir+0x288/0xf50 [ 2111.157233] ? cgroup_destroy_locked+0x710/0x710 [ 2111.157813] kernfs_iop_mkdir+0x14d/0x1e0 [ 2111.158322] vfs_mkdir+0x493/0x750 [ 2111.158764] do_mkdirat+0x150/0x2b0 [ 2111.159218] ? user_path_create+0xf0/0xf0 [ 2111.159727] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2111.160379] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2111.161018] do_syscall_64+0x33/0x40 [ 2111.161477] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2111.162101] RIP: 0033:0x7f4ab16a0b19 [ 2111.162569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2111.164813] RSP: 002b:00007f4aaec16188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2111.165757] RAX: ffffffffffffffda RBX: 00007f4ab17b3f60 RCX: 00007f4ab16a0b19 10:37:00 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2111.166628] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000007 [ 2111.167635] RBP: 00007f4aaec161d0 R08: 0000000000000000 R09: 0000000000000000 [ 2111.168497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2111.169410] R13: 00007ffcbd46ad9f R14: 00007f4aaec16300 R15: 0000000000022000 10:37:00 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 23) 10:37:00 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:37:00 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 42) 10:37:00 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 18) [ 2111.284730] FAULT_INJECTION: forcing a failure. 10:37:00 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 48) [ 2111.284730] name failslab, interval 1, probability 0, space 0, times 0 [ 2111.286673] CPU: 0 PID: 10860 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2111.287467] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2111.288420] Call Trace: [ 2111.288729] dump_stack+0x107/0x167 [ 2111.289157] should_fail.cold+0x5/0xa [ 2111.289615] ? create_object.isra.0+0x3a/0xa30 [ 2111.289634] should_failslab+0x5/0x20 10:37:00 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 9) [ 2111.289646] kmem_cache_alloc+0x5b/0x310 [ 2111.289658] ? sidtab_sid2str_get+0x65/0x720 [ 2111.289671] create_object.isra.0+0x3a/0xa30 [ 2111.289680] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2111.289694] __kmalloc_track_caller+0x177/0x370 [ 2111.289703] ? sidtab_sid2str_get+0x17e/0x720 [ 2111.289716] kmemdup+0x23/0x50 [ 2111.289728] sidtab_sid2str_get+0x17e/0x720 [ 2111.289742] sidtab_entry_to_string+0x33/0x110 [ 2111.289756] security_sid_to_context_core+0x33c/0x5d0 [ 2111.289772] selinux_kernfs_init_security+0x239/0x4c0 10:37:00 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 43) [ 2111.289783] ? selinux_file_mprotect+0x610/0x610 10:37:00 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 24) 10:37:00 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 19) [ 2111.289795] ? find_held_lock+0x2c/0x110 [ 2111.289808] ? __kernfs_new_node+0x2ad/0x860 [ 2111.289821] ? rwlock_bug.part.0+0x90/0x90 [ 2111.289835] security_kernfs_init_security+0x4e/0xb0 [ 2111.289848] __kernfs_new_node+0x531/0x860 [ 2111.289861] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2111.289876] ? cpumask_next+0x1f/0x30 [ 2111.289888] ? kmemleak_alloc_percpu+0xaf/0x100 [ 2111.289901] ? pcpu_alloc+0x12a/0x1240 [ 2111.289916] kernfs_new_node+0x18d/0x250 [ 2111.289930] kernfs_create_dir_ns+0x49/0x160 [ 2111.289942] cgroup_mkdir+0x315/0xf50 [ 2111.289959] ? cgroup_destroy_locked+0x710/0x710 [ 2111.289970] kernfs_iop_mkdir+0x14d/0x1e0 [ 2111.289982] vfs_mkdir+0x493/0x750 [ 2111.289994] do_mkdirat+0x150/0x2b0 [ 2111.290007] ? user_path_create+0xf0/0xf0 [ 2111.290020] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2111.290033] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2111.290045] do_syscall_64+0x33/0x40 [ 2111.290056] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2111.290063] RIP: 0033:0x7f374cab7b19 [ 2111.290074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2111.290079] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2111.290090] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2111.290096] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2111.290103] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2111.290109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2111.290115] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 [ 2111.297392] FAULT_INJECTION: forcing a failure. [ 2111.297392] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2111.297403] CPU: 0 PID: 10863 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 2111.297408] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2111.297411] Call Trace: [ 2111.297422] dump_stack+0x107/0x167 [ 2111.297433] should_fail.cold+0x5/0xa [ 2111.297446] __alloc_pages_nodemask+0x182/0x600 [ 2111.297458] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2111.297467] ? lock_downgrade+0x6d0/0x6d0 [ 2111.297476] ? lock_acquire+0x197/0x470 [ 2111.297495] alloc_pages_vma+0xbb/0x410 [ 2111.297508] shmem_alloc_page+0x10f/0x1e0 [ 2111.297518] ? shmem_init_inode+0x20/0x20 [ 2111.297544] ? percpu_counter_add_batch+0x8b/0x140 [ 2111.297556] ? __vm_enough_memory+0x184/0x360 [ 2111.297569] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2111.297588] ? shmem_unuse_inode+0xf60/0xf60 [ 2111.297605] shmem_file_read_iter+0x2a6/0xbb0 [ 2111.297623] ? shmem_get_link+0x440/0x440 [ 2111.297632] ? inode_has_perm+0x171/0x1d0 [ 2111.297644] ? iov_iter_pipe+0xf1/0x2a0 [ 2111.297660] generic_file_splice_read+0x455/0x6d0 [ 2111.297671] ? pipe_to_user+0x170/0x170 [ 2111.297686] ? fsnotify_perm.part.0+0x22d/0x620 [ 2111.297697] ? security_file_permission+0xb1/0xe0 [ 2111.297708] ? pipe_to_user+0x170/0x170 [ 2111.297719] do_splice_to+0x10e/0x160 [ 2111.297730] splice_direct_to_actor+0x2fe/0x980 [ 2111.297743] ? pipe_to_sendpage+0x380/0x380 [ 2111.297754] ? do_splice_to+0x160/0x160 [ 2111.297763] ? security_file_permission+0xb1/0xe0 [ 2111.297777] do_splice_direct+0x1c4/0x290 [ 2111.297787] ? splice_direct_to_actor+0x980/0x980 [ 2111.297800] ? security_file_permission+0xb1/0xe0 [ 2111.297815] vfs_copy_file_range+0x4f8/0x13c0 [ 2111.297832] ? generic_file_rw_checks+0x240/0x240 [ 2111.297853] __do_sys_copy_file_range+0x193/0x420 [ 2111.297864] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2111.297874] ? ksys_write+0x1a9/0x260 [ 2111.297884] ? __ia32_sys_read+0xb0/0xb0 [ 2111.297896] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2111.297906] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2111.297918] do_syscall_64+0x33/0x40 [ 2111.297928] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2111.297934] RIP: 0033:0x7ff72d878b19 [ 2111.297943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2111.297948] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2111.297959] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 2111.297964] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2111.297970] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 2111.297975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2111.297981] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 2111.305401] FAULT_INJECTION: forcing a failure. [ 2111.305401] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2111.305411] CPU: 0 PID: 10866 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2111.305416] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2111.305419] Call Trace: [ 2111.305429] dump_stack+0x107/0x167 [ 2111.305440] should_fail.cold+0x5/0xa [ 2111.305452] __alloc_pages_nodemask+0x182/0x600 [ 2111.305465] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2111.305474] ? lock_downgrade+0x6d0/0x6d0 [ 2111.305483] ? lock_acquire+0x197/0x470 [ 2111.305501] alloc_pages_vma+0xbb/0x410 [ 2111.305514] shmem_alloc_page+0x10f/0x1e0 [ 2111.305524] ? shmem_init_inode+0x20/0x20 [ 2111.305546] ? percpu_counter_add_batch+0x8b/0x140 [ 2111.305562] ? __vm_enough_memory+0x184/0x360 [ 2111.305575] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2111.305594] ? shmem_unuse_inode+0xf60/0xf60 [ 2111.305611] shmem_file_read_iter+0x2a6/0xbb0 [ 2111.305629] ? shmem_get_link+0x440/0x440 [ 2111.305638] ? inode_has_perm+0x171/0x1d0 [ 2111.305649] ? iov_iter_pipe+0xf1/0x2a0 [ 2111.305661] generic_file_splice_read+0x455/0x6d0 [ 2111.305671] ? pipe_to_user+0x170/0x170 [ 2111.305686] ? fsnotify_perm.part.0+0x22d/0x620 [ 2111.305697] ? security_file_permission+0xb1/0xe0 [ 2111.305708] ? pipe_to_user+0x170/0x170 [ 2111.305718] do_splice_to+0x10e/0x160 [ 2111.305730] splice_direct_to_actor+0x2fe/0x980 [ 2111.305742] ? pipe_to_sendpage+0x380/0x380 [ 2111.305754] ? do_splice_to+0x160/0x160 [ 2111.305763] ? security_file_permission+0xb1/0xe0 [ 2111.305777] do_splice_direct+0x1c4/0x290 [ 2111.305787] ? splice_direct_to_actor+0x980/0x980 [ 2111.305800] ? security_file_permission+0xb1/0xe0 [ 2111.305814] vfs_copy_file_range+0x4f8/0x13c0 [ 2111.305827] ? generic_file_rw_checks+0x240/0x240 [ 2111.305848] __do_sys_copy_file_range+0x193/0x420 [ 2111.305859] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2111.305871] ? ksys_write+0x1a9/0x260 [ 2111.305881] ? __ia32_sys_read+0xb0/0xb0 [ 2111.305894] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2111.305904] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2111.305915] do_syscall_64+0x33/0x40 [ 2111.305925] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2111.305931] RIP: 0033:0x7fce96a5bb19 [ 2111.305940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2111.305945] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2111.305955] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 2111.305961] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2111.305966] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 2111.305972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2111.305978] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 [ 2111.354661] FAULT_INJECTION: forcing a failure. [ 2111.354661] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2111.354675] CPU: 0 PID: 10868 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2111.354680] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2111.354684] Call Trace: [ 2111.354699] dump_stack+0x107/0x167 [ 2111.354710] should_fail.cold+0x5/0xa [ 2111.354725] __alloc_pages_nodemask+0x182/0x600 [ 2111.354737] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2111.354748] ? lock_downgrade+0x6d0/0x6d0 [ 2111.354757] ? lock_acquire+0x197/0x470 [ 2111.354776] alloc_pages_vma+0xbb/0x410 [ 2111.354790] shmem_alloc_page+0x10f/0x1e0 [ 2111.354800] ? shmem_init_inode+0x20/0x20 [ 2111.354823] ? percpu_counter_add_batch+0x8b/0x140 [ 2111.354839] ? __vm_enough_memory+0x184/0x360 [ 2111.354852] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2111.354871] ? shmem_unuse_inode+0xf60/0xf60 [ 2111.354892] shmem_file_read_iter+0x2a6/0xbb0 [ 2111.354910] ? shmem_get_link+0x440/0x440 [ 2111.354920] ? inode_has_perm+0x171/0x1d0 [ 2111.354932] ? iov_iter_pipe+0xf1/0x2a0 [ 2111.354945] generic_file_splice_read+0x455/0x6d0 [ 2111.354955] ? pipe_to_user+0x170/0x170 [ 2111.354971] ? fsnotify_perm.part.0+0x22d/0x620 [ 2111.354982] ? security_file_permission+0xb1/0xe0 [ 2111.354993] ? pipe_to_user+0x170/0x170 [ 2111.355003] do_splice_to+0x10e/0x160 [ 2111.355014] splice_direct_to_actor+0x2fe/0x980 [ 2111.355027] ? pipe_to_sendpage+0x380/0x380 [ 2111.355038] ? do_splice_to+0x160/0x160 [ 2111.355047] ? security_file_permission+0xb1/0xe0 [ 2111.355062] do_splice_direct+0x1c4/0x290 [ 2111.355071] ? splice_direct_to_actor+0x980/0x980 [ 2111.355084] ? security_file_permission+0xb1/0xe0 [ 2111.355099] vfs_copy_file_range+0x4f8/0x13c0 [ 2111.355112] ? generic_file_rw_checks+0x240/0x240 [ 2111.355134] __do_sys_copy_file_range+0x193/0x420 [ 2111.355144] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2111.355154] ? ksys_write+0x1a9/0x260 [ 2111.355164] ? __ia32_sys_read+0xb0/0xb0 [ 2111.355176] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2111.355188] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2111.355199] do_syscall_64+0x33/0x40 [ 2111.355210] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2111.355217] RIP: 0033:0x7f134c613b19 [ 2111.355227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2111.355232] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2111.355243] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2111.355249] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2111.355254] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2111.355260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2111.355265] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 2111.408570] FAULT_INJECTION: forcing a failure. [ 2111.408570] name failslab, interval 1, probability 0, space 0, times 0 [ 2111.408593] CPU: 1 PID: 10871 Comm: syz-executor.3 Not tainted 5.10.244 #1 [ 2111.408603] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2111.408609] Call Trace: [ 2111.408635] dump_stack+0x107/0x167 [ 2111.408659] should_fail.cold+0x5/0xa [ 2111.408683] ? create_object.isra.0+0x3a/0xa30 [ 2111.408701] should_failslab+0x5/0x20 [ 2111.408720] kmem_cache_alloc+0x5b/0x310 [ 2111.408745] create_object.isra.0+0x3a/0xa30 [ 2111.408772] kmemleak_alloc_percpu+0xa0/0x100 [ 2111.408796] pcpu_alloc+0x4e2/0x1240 [ 2111.408839] ? cset_cgroup_from_root+0x220/0x220 [ 2111.408858] percpu_ref_init+0x31/0x3d0 [ 2111.408879] cgroup_mkdir+0x288/0xf50 [ 2111.408918] ? cgroup_destroy_locked+0x710/0x710 [ 2111.408939] kernfs_iop_mkdir+0x14d/0x1e0 [ 2111.408959] vfs_mkdir+0x493/0x750 [ 2111.408981] do_mkdirat+0x150/0x2b0 [ 2111.409002] ? user_path_create+0xf0/0xf0 [ 2111.409026] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2111.409046] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2111.409067] do_syscall_64+0x33/0x40 [ 2111.409086] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2111.409098] RIP: 0033:0x7f4ab16a0b19 [ 2111.409116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2111.409126] RSP: 002b:00007f4aaec16188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2111.409146] RAX: ffffffffffffffda RBX: 00007f4ab17b3f60 RCX: 00007f4ab16a0b19 [ 2111.409156] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000007 [ 2111.409167] RBP: 00007f4aaec161d0 R08: 0000000000000000 R09: 0000000000000000 [ 2111.409178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2111.409189] R13: 00007ffcbd46ad9f R14: 00007f4aaec16300 R15: 0000000000022000 [ 2111.417693] FAULT_INJECTION: forcing a failure. [ 2111.417693] name failslab, interval 1, probability 0, space 0, times 0 [ 2111.498595] FAULT_INJECTION: forcing a failure. [ 2111.498595] name failslab, interval 1, probability 0, space 0, times 0 [ 2111.499384] CPU: 0 PID: 10874 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 2111.499392] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2111.499396] Call Trace: [ 2111.499418] dump_stack+0x107/0x167 [ 2111.499437] should_fail.cold+0x5/0xa [ 2111.556232] ? iter_file_splice_write+0x165/0xc90 [ 2111.556785] should_failslab+0x5/0x20 [ 2111.557231] __kmalloc+0x72/0x390 [ 2111.557631] iter_file_splice_write+0x165/0xc90 [ 2111.558168] ? shmem_get_link+0x440/0x440 [ 2111.558645] ? generic_splice_sendpage+0x140/0x140 [ 2111.559203] ? pipe_to_user+0x170/0x170 [ 2111.559659] ? security_file_permission+0xb1/0xe0 [ 2111.560217] ? generic_splice_sendpage+0x140/0x140 [ 2111.560764] direct_splice_actor+0x10f/0x170 [ 2111.561301] splice_direct_to_actor+0x387/0x980 [ 2111.561824] ? pipe_to_sendpage+0x380/0x380 [ 2111.562322] ? do_splice_to+0x160/0x160 [ 2111.562764] ? security_file_permission+0xb1/0xe0 [ 2111.563321] do_splice_direct+0x1c4/0x290 [ 2111.563784] ? splice_direct_to_actor+0x980/0x980 [ 2111.564337] ? security_file_permission+0xb1/0xe0 [ 2111.564882] vfs_copy_file_range+0x4f8/0x13c0 [ 2111.565408] ? generic_file_rw_checks+0x240/0x240 [ 2111.565965] __do_sys_copy_file_range+0x193/0x420 [ 2111.566516] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2111.567048] ? ksys_write+0x1a9/0x260 [ 2111.567481] ? __ia32_sys_read+0xb0/0xb0 [ 2111.567944] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2111.568548] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2111.569138] do_syscall_64+0x33/0x40 [ 2111.569563] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2111.570151] RIP: 0033:0x7ff72d878b19 [ 2111.570581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2111.572650] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2111.573510] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 2111.574313] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2111.575114] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 2111.575915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2111.576720] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 [ 2111.577554] CPU: 1 PID: 10878 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2111.579030] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2111.580777] Call Trace: [ 2111.581359] dump_stack+0x107/0x167 [ 2111.582131] should_fail.cold+0x5/0xa [ 2111.582931] ? create_object.isra.0+0x3a/0xa30 [ 2111.583885] should_failslab+0x5/0x20 [ 2111.584679] kmem_cache_alloc+0x5b/0x310 [ 2111.585538] ? sidtab_sid2str_get+0x65/0x720 [ 2111.586465] create_object.isra.0+0x3a/0xa30 [ 2111.587381] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2111.588457] __kmalloc_track_caller+0x177/0x370 [ 2111.589446] ? sidtab_sid2str_get+0x17e/0x720 [ 2111.590391] kmemdup+0x23/0x50 [ 2111.591068] sidtab_sid2str_get+0x17e/0x720 [ 2111.591977] sidtab_entry_to_string+0x33/0x110 [ 2111.592945] security_sid_to_context_core+0x33c/0x5d0 [ 2111.594037] selinux_kernfs_init_security+0x239/0x4c0 [ 2111.595115] ? selinux_file_mprotect+0x610/0x610 [ 2111.596110] ? find_held_lock+0x2c/0x110 [ 2111.596974] ? __kernfs_new_node+0x2ad/0x860 [ 2111.597899] ? rwlock_bug.part.0+0x90/0x90 [ 2111.598794] security_kernfs_init_security+0x4e/0xb0 [ 2111.599854] __kernfs_new_node+0x531/0x860 [ 2111.600759] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2111.601764] ? cpumask_next+0x1f/0x30 [ 2111.602576] ? kmemleak_alloc_percpu+0xaf/0x100 [ 2111.603559] ? pcpu_alloc+0x12a/0x1240 [ 2111.604393] kernfs_new_node+0x18d/0x250 [ 2111.605258] kernfs_create_dir_ns+0x49/0x160 [ 2111.606192] cgroup_mkdir+0x315/0xf50 [ 2111.607005] ? cgroup_destroy_locked+0x710/0x710 [ 2111.608009] kernfs_iop_mkdir+0x14d/0x1e0 [ 2111.608884] vfs_mkdir+0x493/0x750 [ 2111.609648] do_mkdirat+0x150/0x2b0 [ 2111.610421] ? user_path_create+0xf0/0xf0 [ 2111.611303] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2111.612413] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2111.613519] do_syscall_64+0x33/0x40 [ 2111.614302] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2111.615388] RIP: 0033:0x7f374cab7b19 [ 2111.616168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2111.620080] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2111.621679] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2111.623174] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2111.624674] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2111.626173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2111.627669] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 [ 2111.630836] FAULT_INJECTION: forcing a failure. [ 2111.630836] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2111.632252] CPU: 0 PID: 10876 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2111.633052] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2111.634011] Call Trace: [ 2111.634321] dump_stack+0x107/0x167 [ 2111.634736] should_fail.cold+0x5/0xa [ 2111.635178] __alloc_pages_nodemask+0x182/0x600 [ 2111.635710] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2111.636398] ? lock_downgrade+0x6d0/0x6d0 [ 2111.636869] ? lock_acquire+0x197/0x470 [ 2111.637333] alloc_pages_vma+0xbb/0x410 [ 2111.637790] shmem_alloc_page+0x10f/0x1e0 [ 2111.638259] ? shmem_init_inode+0x20/0x20 [ 2111.638745] ? percpu_counter_add_batch+0x8b/0x140 [ 2111.639296] ? __vm_enough_memory+0x184/0x360 [ 2111.639798] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2111.640401] ? shmem_unuse_inode+0xf60/0xf60 [ 2111.640909] shmem_file_read_iter+0x2a6/0xbb0 [ 2111.641420] ? shmem_get_link+0x440/0x440 [ 2111.641885] ? inode_has_perm+0x171/0x1d0 [ 2111.642351] ? iov_iter_pipe+0xf1/0x2a0 [ 2111.642797] generic_file_splice_read+0x455/0x6d0 [ 2111.643349] ? pipe_to_user+0x170/0x170 [ 2111.643799] ? fsnotify_perm.part.0+0x22d/0x620 [ 2111.644336] ? security_file_permission+0xb1/0xe0 [ 2111.644878] ? pipe_to_user+0x170/0x170 [ 2111.645335] do_splice_to+0x10e/0x160 [ 2111.645769] splice_direct_to_actor+0x2fe/0x980 [ 2111.646300] ? pipe_to_sendpage+0x380/0x380 [ 2111.646796] ? do_splice_to+0x160/0x160 [ 2111.647448] ? security_file_permission+0xb1/0xe0 [ 2111.648004] do_splice_direct+0x1c4/0x290 [ 2111.648477] ? splice_direct_to_actor+0x980/0x980 [ 2111.649042] ? security_file_permission+0xb1/0xe0 [ 2111.649589] vfs_copy_file_range+0x4f8/0x13c0 [ 2111.650107] ? generic_file_rw_checks+0x240/0x240 [ 2111.650658] __do_sys_copy_file_range+0x193/0x420 [ 2111.651211] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2111.651741] ? ksys_write+0x1a9/0x260 [ 2111.652172] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2111.652761] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2111.653361] do_syscall_64+0x33/0x40 [ 2111.653780] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2111.654363] RIP: 0033:0x7fce96a5bb19 [ 2111.654783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2111.656867] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2111.657725] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 2111.658520] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2111.659315] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 2111.660107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2111.660914] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 10:37:01 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) 10:37:01 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 10) 10:37:01 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:37:01 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 49) [ 2111.726386] FAULT_INJECTION: forcing a failure. [ 2111.726386] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2111.729011] CPU: 1 PID: 10888 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2111.730463] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2111.732212] Call Trace: [ 2111.732771] dump_stack+0x107/0x167 [ 2111.733547] should_fail.cold+0x5/0xa [ 2111.734351] __alloc_pages_nodemask+0x182/0x600 [ 2111.735329] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2111.736593] ? lock_downgrade+0x6d0/0x6d0 [ 2111.737469] ? lock_acquire+0x197/0x470 [ 2111.738319] alloc_pages_vma+0xbb/0x410 [ 2111.739159] shmem_alloc_page+0x10f/0x1e0 [ 2111.740027] ? shmem_init_inode+0x20/0x20 [ 2111.740928] ? percpu_counter_add_batch+0x8b/0x140 [ 2111.741963] ? __vm_enough_memory+0x184/0x360 [ 2111.742907] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2111.744046] ? shmem_unuse_inode+0xf60/0xf60 [ 2111.745003] shmem_file_read_iter+0x2a6/0xbb0 [ 2111.745963] ? shmem_get_link+0x440/0x440 [ 2111.746845] ? inode_has_perm+0x171/0x1d0 [ 2111.747719] ? iov_iter_pipe+0xf1/0x2a0 [ 2111.748572] generic_file_splice_read+0x455/0x6d0 [ 2111.749590] ? pipe_to_user+0x170/0x170 [ 2111.750452] ? fsnotify_perm.part.0+0x22d/0x620 [ 2111.751431] ? security_file_permission+0xb1/0xe0 [ 2111.752455] ? pipe_to_user+0x170/0x170 [ 2111.753302] do_splice_to+0x10e/0x160 [ 2111.754102] splice_direct_to_actor+0x2fe/0x980 [ 2111.755086] ? pipe_to_sendpage+0x380/0x380 [ 2111.755988] ? do_splice_to+0x160/0x160 [ 2111.756817] ? security_file_permission+0xb1/0xe0 [ 2111.757840] do_splice_direct+0x1c4/0x290 [ 2111.758710] ? splice_direct_to_actor+0x980/0x980 [ 2111.759724] ? security_file_permission+0xb1/0xe0 [ 2111.760746] vfs_copy_file_range+0x4f8/0x13c0 [ 2111.761700] ? generic_file_rw_checks+0x240/0x240 [ 2111.762744] __do_sys_copy_file_range+0x193/0x420 [ 2111.763761] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2111.764769] ? ksys_write+0x1a9/0x260 [ 2111.765579] ? __ia32_sys_read+0xb0/0xb0 [ 2111.766430] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2111.767526] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2111.768623] do_syscall_64+0x33/0x40 [ 2111.769444] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2111.770533] RIP: 0033:0x7f134c613b19 [ 2111.771314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2111.775228] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2111.776823] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2111.778323] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2111.779819] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2111.781319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2111.782818] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 2111.818221] FAULT_INJECTION: forcing a failure. [ 2111.818221] name failslab, interval 1, probability 0, space 0, times 0 [ 2111.820007] CPU: 0 PID: 10887 Comm: syz-executor.3 Not tainted 5.10.244 #1 [ 2111.820786] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2111.821719] Call Trace: [ 2111.822024] dump_stack+0x107/0x167 [ 2111.822432] should_fail.cold+0x5/0xa [ 2111.822861] ? percpu_ref_init+0xd8/0x3d0 [ 2111.823325] should_failslab+0x5/0x20 [ 2111.823756] kmem_cache_alloc_trace+0x55/0x320 [ 2111.824274] ? cset_cgroup_from_root+0x220/0x220 [ 2111.824804] percpu_ref_init+0xd8/0x3d0 [ 2111.825262] cgroup_mkdir+0x288/0xf50 [ 2111.825690] ? cgroup_destroy_locked+0x710/0x710 [ 2111.826221] kernfs_iop_mkdir+0x14d/0x1e0 [ 2111.826702] vfs_mkdir+0x493/0x750 [ 2111.827102] do_mkdirat+0x150/0x2b0 [ 2111.827519] ? user_path_create+0xf0/0xf0 [ 2111.827989] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2111.828575] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2111.829176] do_syscall_64+0x33/0x40 [ 2111.829595] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2111.830182] RIP: 0033:0x7f4ab16a0b19 [ 2111.830601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2111.832654] RSP: 002b:00007f4aaec16188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2111.833524] RAX: ffffffffffffffda RBX: 00007f4ab17b3f60 RCX: 00007f4ab16a0b19 [ 2111.834322] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000007 [ 2111.835121] RBP: 00007f4aaec161d0 R08: 0000000000000000 R09: 0000000000000000 [ 2111.835921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2111.836724] R13: 00007ffcbd46ad9f R14: 00007f4aaec16300 R15: 0000000000022000 10:37:15 executing program 7: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 44) 10:37:15 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 25) 10:37:15 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:37:15 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 11) 10:37:15 executing program 5: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c000000", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x1a, &(0x7f0000003d40), 0x4) mmap$perf(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) 10:37:15 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 50) 10:37:15 executing program 1: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) setfsgid(0xee01) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r1, 0x0, 0x4) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x1fe) 10:37:15 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 20) [ 2126.457464] FAULT_INJECTION: forcing a failure. [ 2126.457464] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2126.459117] CPU: 0 PID: 10912 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2126.459978] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2126.461003] Call Trace: [ 2126.461356] dump_stack+0x107/0x167 [ 2126.461813] should_fail.cold+0x5/0xa [ 2126.462285] __alloc_pages_nodemask+0x182/0x600 [ 2126.462735] FAULT_INJECTION: forcing a failure. [ 2126.462735] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2126.462861] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2126.462872] ? lock_downgrade+0x6d0/0x6d0 [ 2126.462883] ? lock_acquire+0x197/0x470 [ 2126.462903] alloc_pages_vma+0xbb/0x410 [ 2126.462918] shmem_alloc_page+0x10f/0x1e0 [ 2126.462929] ? shmem_init_inode+0x20/0x20 [ 2126.462957] ? percpu_counter_add_batch+0x8b/0x140 [ 2126.469254] ? __vm_enough_memory+0x184/0x360 [ 2126.469808] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2126.470494] ? shmem_unuse_inode+0xf60/0xf60 [ 2126.471055] shmem_file_read_iter+0x2a6/0xbb0 [ 2126.471636] ? shmem_get_link+0x440/0x440 [ 2126.472153] ? inode_has_perm+0x171/0x1d0 [ 2126.472671] ? iov_iter_pipe+0xf1/0x2a0 [ 2126.473177] generic_file_splice_read+0x455/0x6d0 [ 2126.473771] ? pipe_to_user+0x170/0x170 [ 2126.474268] ? fsnotify_perm.part.0+0x22d/0x620 [ 2126.474839] ? security_file_permission+0xb1/0xe0 [ 2126.475435] ? pipe_to_user+0x170/0x170 [ 2126.475923] do_splice_to+0x10e/0x160 [ 2126.476394] splice_direct_to_actor+0x2fe/0x980 [ 2126.476981] ? pipe_to_sendpage+0x380/0x380 [ 2126.477534] ? do_splice_to+0x160/0x160 [ 2126.478028] ? security_file_permission+0xb1/0xe0 [ 2126.478623] do_splice_direct+0x1c4/0x290 [ 2126.479132] ? splice_direct_to_actor+0x980/0x980 [ 2126.479723] ? security_file_permission+0xb1/0xe0 [ 2126.480317] vfs_copy_file_range+0x4f8/0x13c0 [ 2126.480867] ? generic_file_rw_checks+0x240/0x240 [ 2126.481482] __do_sys_copy_file_range+0x193/0x420 [ 2126.482082] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2126.482668] ? ksys_write+0x1a9/0x260 [ 2126.483137] ? __ia32_sys_read+0xb0/0xb0 [ 2126.483642] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2126.484289] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2126.484935] do_syscall_64+0x33/0x40 [ 2126.485408] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2126.486037] RIP: 0033:0x7f134c613b19 [ 2126.486498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2126.488949] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2126.489898] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2126.490780] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2126.491659] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2126.492553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2126.493437] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 2126.494348] CPU: 1 PID: 10906 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2126.495835] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2126.497619] Call Trace: [ 2126.498182] dump_stack+0x107/0x167 [ 2126.498952] should_fail.cold+0x5/0xa [ 2126.499766] __alloc_pages_nodemask+0x182/0x600 [ 2126.500756] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2126.502033] ? lock_downgrade+0x6d0/0x6d0 [ 2126.502857] FAULT_INJECTION: forcing a failure. [ 2126.502857] name failslab, interval 1, probability 0, space 0, times 0 [ 2126.505211] ? lock_acquire+0x197/0x470 [ 2126.505246] alloc_pages_vma+0xbb/0x410 [ 2126.505269] shmem_alloc_page+0x10f/0x1e0 [ 2126.505289] ? shmem_init_inode+0x20/0x20 [ 2126.505329] ? percpu_counter_add_batch+0x8b/0x140 [ 2126.509491] ? __vm_enough_memory+0x184/0x360 [ 2126.510453] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2126.511599] ? shmem_unuse_inode+0xf60/0xf60 [ 2126.512546] shmem_file_read_iter+0x2a6/0xbb0 [ 2126.513526] ? shmem_get_link+0x440/0x440 [ 2126.514403] ? inode_has_perm+0x171/0x1d0 [ 2126.515286] ? iov_iter_pipe+0xf1/0x2a0 [ 2126.516131] generic_file_splice_read+0x455/0x6d0 [ 2126.517162] ? pipe_to_user+0x170/0x170 [ 2126.518006] ? fsnotify_perm.part.0+0x22d/0x620 [ 2126.518991] ? security_file_permission+0xb1/0xe0 [ 2126.520006] ? pipe_to_user+0x170/0x170 [ 2126.520843] do_splice_to+0x10e/0x160 [ 2126.521655] splice_direct_to_actor+0x2fe/0x980 [ 2126.522637] ? pipe_to_sendpage+0x380/0x380 [ 2126.523546] ? do_splice_to+0x160/0x160 [ 2126.524384] ? security_file_permission+0xb1/0xe0 [ 2126.525413] do_splice_direct+0x1c4/0x290 [ 2126.526287] ? splice_direct_to_actor+0x980/0x980 [ 2126.527307] ? security_file_permission+0xb1/0xe0 [ 2126.528325] vfs_copy_file_range+0x4f8/0x13c0 [ 2126.529282] ? generic_file_rw_checks+0x240/0x240 [ 2126.530320] __do_sys_copy_file_range+0x193/0x420 [ 2126.531334] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2126.532327] ? ksys_write+0x1a9/0x260 [ 2126.533139] ? __ia32_sys_read+0xb0/0xb0 [ 2126.533997] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2126.535102] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2126.536192] do_syscall_64+0x33/0x40 [ 2126.537114] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2126.538347] RIP: 0033:0x7fce96a5bb19 [ 2126.539239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2126.543662] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2126.545515] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 2126.547232] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2126.548943] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 2126.550664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2126.552379] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 [ 2126.554118] CPU: 0 PID: 10909 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2126.554946] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2126.555937] Call Trace: [ 2126.556250] dump_stack+0x107/0x167 [ 2126.556688] should_fail.cold+0x5/0xa [ 2126.557146] ? create_object.isra.0+0x3a/0xa30 [ 2126.557707] should_failslab+0x5/0x20 [ 2126.558161] kmem_cache_alloc+0x5b/0x310 [ 2126.558652] create_object.isra.0+0x3a/0xa30 [ 2126.559170] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2126.559772] kmem_cache_alloc+0x159/0x310 [ 2126.560270] __kernfs_iattrs+0xbc/0x470 [ 2126.560745] kernfs_xattr_set+0x2b/0x80 [ 2126.561227] selinux_kernfs_init_security+0x26d/0x4c0 [ 2126.561844] ? selinux_file_mprotect+0x610/0x610 [ 2126.562421] ? find_held_lock+0x2c/0x110 [ 2126.562906] ? __kernfs_new_node+0x2ad/0x860 [ 2126.563435] ? rwlock_bug.part.0+0x90/0x90 [ 2126.563944] security_kernfs_init_security+0x4e/0xb0 [ 2126.564549] __kernfs_new_node+0x531/0x860 [ 2126.565055] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2126.565637] ? cpumask_next+0x1f/0x30 [ 2126.566083] ? kmemleak_alloc_percpu+0xaf/0x100 [ 2126.566637] ? pcpu_alloc+0x12a/0x1240 [ 2126.567101] kernfs_new_node+0x18d/0x250 [ 2126.567587] kernfs_create_dir_ns+0x49/0x160 [ 2126.568108] cgroup_mkdir+0x315/0xf50 [ 2126.568560] ? cgroup_destroy_locked+0x710/0x710 [ 2126.569125] kernfs_iop_mkdir+0x14d/0x1e0 [ 2126.569621] vfs_mkdir+0x493/0x750 [ 2126.570053] do_mkdirat+0x150/0x2b0 [ 2126.570485] ? user_path_create+0xf0/0xf0 [ 2126.570978] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2126.571607] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2126.572216] do_syscall_64+0x33/0x40 [ 2126.572657] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2126.573271] RIP: 0033:0x7f374cab7b19 [ 2126.573706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2126.575878] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2126.576772] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2126.577617] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2126.578154] FAULT_INJECTION: forcing a failure. [ 2126.578154] name failslab, interval 1, probability 0, space 0, times 0 [ 2126.578450] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2126.578465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2126.582715] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 [ 2126.583591] CPU: 1 PID: 10898 Comm: syz-executor.7 Not tainted 5.10.244 #1 [ 2126.585239] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2126.587202] Call Trace: [ 2126.587826] dump_stack+0x107/0x167 [ 2126.588686] should_fail.cold+0x5/0xa [ 2126.589601] ? create_object.isra.0+0x3a/0xa30 [ 2126.590671] should_failslab+0x5/0x20 [ 2126.591567] kmem_cache_alloc+0x5b/0x310 [ 2126.592519] ? igrab+0xc0/0xc0 [ 2126.593288] create_object.isra.0+0x3a/0xa30 [ 2126.594321] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2126.595511] __kmalloc+0x16e/0x390 [ 2126.596349] iter_file_splice_write+0x165/0xc90 [ 2126.597447] ? shmem_get_link+0x440/0x440 [ 2126.598431] ? generic_splice_sendpage+0x140/0x140 [ 2126.599579] ? pipe_to_user+0x170/0x170 [ 2126.600522] ? security_file_permission+0xb1/0xe0 [ 2126.601669] ? generic_splice_sendpage+0x140/0x140 [ 2126.602823] direct_splice_actor+0x10f/0x170 [ 2126.603858] splice_direct_to_actor+0x387/0x980 [ 2126.604952] ? pipe_to_sendpage+0x380/0x380 [ 2126.605971] ? do_splice_to+0x160/0x160 [ 2126.606897] ? security_file_permission+0xb1/0xe0 [ 2126.608026] do_splice_direct+0x1c4/0x290 [ 2126.608990] ? splice_direct_to_actor+0x980/0x980 [ 2126.610120] ? vfs_copy_file_range+0x4c4/0x13c0 [ 2126.611196] vfs_copy_file_range+0x4f8/0x13c0 [ 2126.612243] ? generic_file_rw_checks+0x240/0x240 [ 2126.613387] __do_sys_copy_file_range+0x193/0x420 [ 2126.614500] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2126.615592] ? ksys_write+0x1a9/0x260 [ 2126.616475] ? __ia32_sys_read+0xb0/0xb0 [ 2126.617436] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2126.618651] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2126.619848] do_syscall_64+0x33/0x40 [ 2126.620717] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2126.621910] RIP: 0033:0x7ff72d878b19 [ 2126.622766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2126.626986] RSP: 002b:00007ff72adee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2126.628743] RAX: ffffffffffffffda RBX: 00007ff72d98bf60 RCX: 00007ff72d878b19 [ 2126.630405] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2126.632040] RBP: 00007ff72adee1d0 R08: 0000000300000000 R09: 0000000000000000 [ 2126.633685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2126.635310] R13: 00007ffcc261567f R14: 00007ff72adee300 R15: 0000000000022000 10:37:16 executing program 6: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) syz_io_uring_submit(0x0, 0x0, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r2, r3, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r4}}, 0x101) syz_io_uring_submit(r2, r3, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r5, &(0x7f0000000200)='./file0\x00', 0x86) (fail_nth: 26) 10:37:16 executing program 2: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0x0, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 51) 10:37:16 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 21) [ 2126.694575] FAULT_INJECTION: forcing a failure. [ 2126.694575] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2126.696477] FAULT_INJECTION: forcing a failure. [ 2126.696477] name failslab, interval 1, probability 0, space 0, times 0 [ 2126.697270] CPU: 1 PID: 10920 Comm: syz-executor.2 Not tainted 5.10.244 #1 [ 2126.697282] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2126.697288] Call Trace: [ 2126.697315] dump_stack+0x107/0x167 [ 2126.697338] should_fail.cold+0x5/0xa [ 2126.697363] __alloc_pages_nodemask+0x182/0x600 [ 2126.697388] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2126.706705] ? lock_downgrade+0x6d0/0x6d0 [ 2126.707647] ? lock_acquire+0x197/0x470 [ 2126.708571] alloc_pages_vma+0xbb/0x410 [ 2126.709490] shmem_alloc_page+0x10f/0x1e0 [ 2126.710438] ? shmem_init_inode+0x20/0x20 [ 2126.711410] ? percpu_counter_add_batch+0x8b/0x140 [ 2126.712531] ? __vm_enough_memory+0x184/0x360 [ 2126.713560] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2126.714799] ? shmem_unuse_inode+0xf60/0xf60 [ 2126.715818] shmem_file_read_iter+0x2a6/0xbb0 [ 2126.716851] ? shmem_get_link+0x440/0x440 [ 2126.717802] ? inode_has_perm+0x171/0x1d0 [ 2126.718749] ? iov_iter_pipe+0xf1/0x2a0 [ 2126.719658] generic_file_splice_read+0x455/0x6d0 [ 2126.720757] ? pipe_to_user+0x170/0x170 [ 2126.721685] ? fsnotify_perm.part.0+0x22d/0x620 [ 2126.722758] ? security_file_permission+0xb1/0xe0 [ 2126.723863] ? pipe_to_user+0x170/0x170 [ 2126.724774] do_splice_to+0x10e/0x160 [ 2126.725654] splice_direct_to_actor+0x2fe/0x980 [ 2126.726722] ? pipe_to_sendpage+0x380/0x380 [ 2126.727709] ? do_splice_to+0x160/0x160 [ 2126.728618] ? security_file_permission+0xb1/0xe0 [ 2126.729729] do_splice_direct+0x1c4/0x290 [ 2126.730674] ? splice_direct_to_actor+0x980/0x980 [ 2126.731788] ? security_file_permission+0xb1/0xe0 [ 2126.732895] vfs_copy_file_range+0x4f8/0x13c0 [ 2126.733935] ? generic_file_rw_checks+0x240/0x240 [ 2126.735059] __do_sys_copy_file_range+0x193/0x420 [ 2126.736159] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2126.737251] ? ksys_write+0x1a9/0x260 [ 2126.738124] ? __ia32_sys_read+0xb0/0xb0 [ 2126.739062] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2126.740262] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2126.741456] do_syscall_64+0x33/0x40 [ 2126.742308] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2126.743484] RIP: 0033:0x7f134c613b19 [ 2126.744339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2126.748561] RSP: 002b:00007f1349b89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2126.750316] RAX: ffffffffffffffda RBX: 00007f134c726f60 RCX: 00007f134c613b19 [ 2126.751948] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2126.753582] RBP: 00007f1349b891d0 R08: 0000000300000000 R09: 0000000000000000 [ 2126.755200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2126.756831] R13: 00007ffdeb82d76f R14: 00007f1349b89300 R15: 0000000000022000 [ 2126.758491] CPU: 0 PID: 10922 Comm: syz-executor.6 Not tainted 5.10.244 #1 [ 2126.759284] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2126.760232] Call Trace: [ 2126.760535] dump_stack+0x107/0x167 [ 2126.760951] should_fail.cold+0x5/0xa [ 2126.761394] ? kvmalloc_node+0x119/0x170 [ 2126.761864] should_failslab+0x5/0x20 [ 2126.762300] __kmalloc_node+0x76/0x420 [ 2126.762750] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2126.763300] kvmalloc_node+0x119/0x170 [ 2126.763747] simple_xattr_alloc+0x43/0xa0 [ 2126.764217] simple_xattr_set+0x75/0x610 [ 2126.764694] kernfs_xattr_set+0x50/0x80 [ 2126.765161] selinux_kernfs_init_security+0x26d/0x4c0 [ 2126.765747] ? selinux_file_mprotect+0x610/0x610 [ 2126.766281] ? find_held_lock+0x2c/0x110 [ 2126.766744] ? __kernfs_new_node+0x2ad/0x860 [ 2126.767243] ? rwlock_bug.part.0+0x90/0x90 [ 2126.767728] security_kernfs_init_security+0x4e/0xb0 [ 2126.768305] __kernfs_new_node+0x531/0x860 [ 2126.768791] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2126.769341] ? cpumask_next+0x1f/0x30 [ 2126.769775] ? kmemleak_alloc_percpu+0xaf/0x100 [ 2126.770304] ? pcpu_alloc+0x12a/0x1240 [ 2126.770752] kernfs_new_node+0x18d/0x250 [ 2126.771218] kernfs_create_dir_ns+0x49/0x160 [ 2126.771729] cgroup_mkdir+0x315/0xf50 [ 2126.772163] ? cgroup_destroy_locked+0x710/0x710 [ 2126.772698] kernfs_iop_mkdir+0x14d/0x1e0 [ 2126.773190] vfs_mkdir+0x493/0x750 [ 2126.773597] do_mkdirat+0x150/0x2b0 [ 2126.774009] ? user_path_create+0xf0/0xf0 [ 2126.774487] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2126.775081] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2126.775667] do_syscall_64+0x33/0x40 [ 2126.776087] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2126.776665] RIP: 0033:0x7f374cab7b19 [ 2126.777088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2126.779202] RSP: 002b:00007f374a02d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 2126.780060] RAX: ffffffffffffffda RBX: 00007f374cbcaf60 RCX: 00007f374cab7b19 [ 2126.780878] RDX: 0000000000000086 RSI: 0000000020000200 RDI: 0000000000000006 [ 2126.781691] RBP: 00007f374a02d1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2126.782504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2126.783309] R13: 00007ffedc9f917f R14: 00007f374a02d300 R15: 0000000000022000 10:37:16 executing program 3: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x920420, &(0x7f00000000c0)=ANY=[]) setfsgid(0xee01) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb052) syz_io_uring_setup(0x53a0, &(0x7f00000002c0)={0x0, 0x1688, 0x2, 0x0, 0x353}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000440)=0x0) syz_io_uring_submit(0x0, r2, 0x0, 0x4) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0xffff) syz_io_uring_setup(0x52dd, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, 0x0, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x2, 0x0, {0x0, r5}}, 0x10000) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_FSYNC={0x3, 0x2, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x0, r5}}, 0x101) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, &(0x7f0000000240)=@caif, 0x0, 0x800, 0x1}, 0xfffffe01) unlinkat(r1, &(0x7f00000004c0)='./file0\x00', 0x200) ioctl$VFAT_IOCTL_READDIR_SHORT(r0, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000180)='./file0\x00', 0x240880, 0x0) mkdirat(r6, &(0x7f0000000200)='./file0\x00', 0x86) [ 2126.801369] FAULT_INJECTION: forcing a failure. [ 2126.801369] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2126.803039] CPU: 0 PID: 10924 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2126.803833] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2126.804784] Call Trace: [ 2126.805105] dump_stack+0x107/0x167 [ 2126.805517] should_fail.cold+0x5/0xa [ 2126.805953] __alloc_pages_nodemask+0x182/0x600 [ 2126.806497] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2126.807173] ? lock_downgrade+0x6d0/0x6d0 [ 2126.807648] ? lock_acquire+0x197/0x470 [ 2126.808109] alloc_pages_vma+0xbb/0x410 [ 2126.808566] shmem_alloc_page+0x10f/0x1e0 [ 2126.809036] ? shmem_init_inode+0x20/0x20 [ 2126.809525] ? percpu_counter_add_batch+0x8b/0x140 [ 2126.810080] ? __vm_enough_memory+0x184/0x360 [ 2126.810588] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2126.811198] ? shmem_unuse_inode+0xf60/0xf60 [ 2126.811701] shmem_file_read_iter+0x2a6/0xbb0 [ 2126.812221] ? shmem_get_link+0x440/0x440 [ 2126.812688] ? inode_has_perm+0x171/0x1d0 [ 2126.813166] ? iov_iter_pipe+0xf1/0x2a0 [ 2126.813615] generic_file_splice_read+0x455/0x6d0 [ 2126.814159] ? pipe_to_user+0x170/0x170 [ 2126.814616] ? fsnotify_perm.part.0+0x22d/0x620 [ 2126.815146] ? security_file_permission+0xb1/0xe0 [ 2126.815690] ? pipe_to_user+0x170/0x170 [ 2126.816141] do_splice_to+0x10e/0x160 [ 2126.816576] splice_direct_to_actor+0x2fe/0x980 10:37:16 executing program 4: sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x80) r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) readv(0xffffffffffffffff, &(0x7f0000000280), 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') readlinkat(r2, &(0x7f0000000000)='./mnt\x00', &(0x7f00000000c0)=""/253, 0xfd) sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1ce30004080006400000000108000640000000013000020006000340000300000c000280050001003a0000000c00028005000100060000000c000280050001004700000009000100b3797a300000000008000340000000090800064000000001f900048008000140000000020800"], 0x90}, 0x1, 0x0, 0x0, 0x8041}, 0x4081) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) fchmodat(r3, &(0x7f0000000280)='./mnt\x00', 0x44) syz_open_dev$vcsa(&(0x7f0000000300), 0x3, 0x181d80) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x1a, &(0x7f0000003d40), 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) [ 2126.817115] ? pipe_to_sendpage+0x380/0x380 [ 2126.817788] ? do_splice_to+0x160/0x160 [ 2126.818240] ? security_file_permission+0xb1/0xe0 [ 2126.818795] do_splice_direct+0x1c4/0x290 [ 2126.819263] ? splice_direct_to_actor+0x980/0x980 [ 2126.819813] ? security_file_permission+0xb1/0xe0 [ 2126.820370] vfs_copy_file_range+0x4f8/0x13c0 [ 2126.820882] ? generic_file_rw_checks+0x240/0x240 [ 2126.821450] __do_sys_copy_file_range+0x193/0x420 [ 2126.822014] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2126.822552] ? ksys_write+0x1a9/0x260 [ 2126.822985] ? __ia32_sys_read+0xb0/0xb0 [ 2126.823447] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2126.824043] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2126.824629] do_syscall_64+0x33/0x40 [ 2126.825060] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2126.825651] RIP: 0033:0x7fce96a5bb19 [ 2126.826075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2126.828169] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2126.829032] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 2126.829853] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2126.830662] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 2126.831471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2126.832282] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 10:37:16 executing program 0: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000000)='\a', 0x0) pwritev2(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x100009, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './mnt\x00'}) r2 = syz_open_dev$vcsa(0x0, 0x3, 0x181d80) sendmsg$NL80211_CMD_SET_MCAST_RATE(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf255c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099fbffffffffffffff00006b00b400000000"], 0x30}, 0x1, 0x0, 0x0, 0x44014}, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x108000}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x99}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x300000000, 0x0) (fail_nth: 22) [ 2126.883739] FAULT_INJECTION: forcing a failure. [ 2126.883739] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2126.885244] CPU: 0 PID: 10931 Comm: syz-executor.0 Not tainted 5.10.244 #1 [ 2126.886028] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2126.886965] Call Trace: [ 2126.887266] dump_stack+0x107/0x167 [ 2126.887680] should_fail.cold+0x5/0xa [ 2126.888118] __alloc_pages_nodemask+0x182/0x600 [ 2126.888642] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2126.889335] ? lock_downgrade+0x6d0/0x6d0 [ 2126.889799] ? lock_acquire+0x197/0x470 [ 2126.890262] alloc_pages_vma+0xbb/0x410 [ 2126.890714] shmem_alloc_page+0x10f/0x1e0 [ 2126.891181] ? shmem_init_inode+0x20/0x20 [ 2126.891659] ? percpu_counter_add_batch+0x8b/0x140 [ 2126.892212] ? __vm_enough_memory+0x184/0x360 [ 2126.892719] shmem_getpage_gfp.constprop.0+0x512/0x1920 [ 2126.893341] ? shmem_unuse_inode+0xf60/0xf60 [ 2126.893844] shmem_file_read_iter+0x2a6/0xbb0 [ 2126.894359] ? shmem_get_link+0x440/0x440 [ 2126.894825] ? inode_has_perm+0x171/0x1d0 [ 2126.895300] ? iov_iter_pipe+0xf1/0x2a0 [ 2126.895750] generic_file_splice_read+0x455/0x6d0 [ 2126.896295] ? pipe_to_user+0x170/0x170 [ 2126.896748] ? fsnotify_perm.part.0+0x22d/0x620 [ 2126.897282] ? security_file_permission+0xb1/0xe0 [ 2126.897821] ? pipe_to_user+0x170/0x170 [ 2126.898280] do_splice_to+0x10e/0x160 [ 2126.898708] splice_direct_to_actor+0x2fe/0x980 [ 2126.899234] ? pipe_to_sendpage+0x380/0x380 [ 2126.899722] ? do_splice_to+0x160/0x160 [ 2126.900186] ? security_file_permission+0xb1/0xe0 [ 2126.900733] do_splice_direct+0x1c4/0x290 [ 2126.901210] ? splice_direct_to_actor+0x980/0x980 [ 2126.901756] ? security_file_permission+0xb1/0xe0 [ 2126.902301] vfs_copy_file_range+0x4f8/0x13c0 [ 2126.902812] ? generic_file_rw_checks+0x240/0x240 [ 2126.903375] __do_sys_copy_file_range+0x193/0x420 [ 2126.903918] ? vfs_copy_file_range+0x13c0/0x13c0 [ 2126.904450] ? ksys_write+0x1a9/0x260 [ 2126.904881] ? __ia32_sys_read+0xb0/0xb0 [ 2126.905348] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2126.905939] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2126.906522] do_syscall_64+0x33/0x40 [ 2126.906943] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2126.907520] RIP: 0033:0x7fce96a5bb19 [ 2126.907948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2126.910020] RSP: 002b:00007fce93fd1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 2126.910875] RAX: ffffffffffffffda RBX: 00007fce96b6ef60 RCX: 00007fce96a5bb19 [ 2126.911671] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000004 [ 2126.912480] RBP: 00007fce93fd11d0 R08: 0000000300000000 R09: 0000000000000000 [ 2126.913295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2126.914103] R13: 00007ffdd8c2850f R14: 00007fce93fd1300 R15: 0000000000022000 [ 2139.761740] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) BUG: memory leak unreferenced object 0xffff8880498bc0d0 (size 144): comm "syz-executor.6", pid 10922, jiffies 4296793626 (age 20.798s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 5c 04 dd 68 00 00 00 00 ........\..h.... 37 c5 a4 0b 00 00 00 00 5c 04 dd 68 00 00 00 00 7.......\..h.... backtrace: [<00000000ac737027>] __kernfs_iattrs+0xbc/0x470 [<00000000ef5b13d2>] kernfs_xattr_set+0x2b/0x80 [<00000000489dde90>] selinux_kernfs_init_security+0x26d/0x4c0 [<000000003f3a91eb>] security_kernfs_init_security+0x4e/0xb0 [<00000000a6b42547>] __kernfs_new_node+0x531/0x860 [<00000000a4b4ed45>] kernfs_new_node+0x18d/0x250 [<000000003ecaf559>] kernfs_create_dir_ns+0x49/0x160 [<00000000cd870927>] cgroup_mkdir+0x315/0xf50 [<0000000098480717>] kernfs_iop_mkdir+0x14d/0x1e0 [<00000000cfaaa595>] vfs_mkdir+0x493/0x750 [<000000003f6cb44f>] do_mkdirat+0x150/0x2b0 [<0000000097c68928>] do_syscall_64+0x33/0x40 [<0000000035e8dc4f>] entry_SYSCALL_64_after_hwframe+0x67/0xd1 BUG: leak checking failed VM DIAGNOSIS: 10:37:37 Registers: info registers vcpu 0 RAX=ffffffff83e979f0 RBX=0000000000000000 RCX=ffffffff83e7f65c RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff83e981b8 RBP=0000000000000000 RSP=ffffffff84e07e38 R8 =0000000000000001 R9 =ffff88806ce3c12b R10=ffffed100d9c7825 R11=0000000000000001 R12=0000000000000000 R13=ffffffff85679e08 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff83e979fe RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fff2aa48930 CR3=000000000d828000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=0a64656c69616620676e696b63656863 XMM02=31636e75662e6e75522e6c697475736f XMM03=00000000000000000000000000000000 XMM04=22726f7475636578652d7a79732f225b XMM05=7463656a626f6b2220226b61656c2220 XMM06=2273677261765f656d616e5f7465735f XMM07=31207375746174732074697865203a5d XMM08=000000c00130f680000000c00130f640 XMM09=000000c00130f740000000c00130f6c0 XMM10=000000c00543cf40000000c00130ff00 XMM11=000000c0012f9d00000000c00545acc0 XMM12=000000c00130f7c0000000c00130f780 XMM13=000000c00130f8c0000000c00130f840 XMM14=000000c00130f9c0000000c00130f940 XMM15=000000c00130fa40000000c00130fa00 info registers vcpu 1 RAX=ffffffff83e979f0 RBX=0000000000000001 RCX=ffffffff83e7f65c RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff83e981b8 RBP=0000000000000001 RSP=ffff888008987e70 R8 =0000000000000001 R9 =ffff88806cf3c12b R10=ffffed100d9e7825 R11=0000000000000001 R12=0000000000000001 R13=ffffffff85679e08 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff83e979fe RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd54fc379a8 CR3=000000000d828000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=000000000000000041785cea00000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000