0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, 0x0, 0x0) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:27:46 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x1a733, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:27:46 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000100)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x2004009, &(0x7f0000000240)=ANY=[]) statfs(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)=""/129) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000016c0)={0x0, 0x2, 0x3ff, 0x7}) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x100000001) 18:27:46 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 8) 18:27:46 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 8) [ 2823.444651] FAULT_INJECTION: forcing a failure. [ 2823.444651] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2823.445254] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2823.447330] CPU: 1 PID: 14769 Comm: syz-executor.1 Not tainted 5.10.246 #1 [ 2823.450480] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2823.452248] Call Trace: [ 2823.452730] FAULT_INJECTION: forcing a failure. [ 2823.452730] name failslab, interval 1, probability 0, space 0, times 0 [ 2823.452820] dump_stack+0x107/0x167 [ 2823.455879] should_fail.cold+0x5/0xa [ 2823.456706] _copy_from_user+0x2e/0x1b0 [ 2823.457556] iovec_from_user+0x141/0x400 [ 2823.458434] __import_iovec+0x67/0x590 [ 2823.459257] ? __ia32_sys_shutdown+0x80/0x80 [ 2823.460198] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2823.461322] import_iovec+0x83/0xb0 [ 2823.462107] sendmsg_copy_msghdr+0x131/0x160 [ 2823.463045] ? do_recvmmsg+0x6d0/0x6d0 [ 2823.463879] ? lock_downgrade+0x6d0/0x6d0 [ 2823.464765] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2823.465901] ___sys_sendmsg+0xc6/0x170 [ 2823.466736] ? sendmsg_copy_msghdr+0x160/0x160 [ 2823.467714] ? __fget_files+0x2cf/0x520 [ 2823.468561] ? lock_downgrade+0x6d0/0x6d0 [ 2823.469443] ? find_held_lock+0x2c/0x110 [ 2823.470327] ? __fget_files+0x2f8/0x520 [ 2823.471182] ? __fget_light+0xea/0x290 [ 2823.472009] __sys_sendmsg+0xe5/0x1b0 [ 2823.472814] ? __sys_sendmsg_sock+0x40/0x40 [ 2823.473742] ? rcu_read_lock_any_held+0x75/0xa0 [ 2823.474740] ? fput_many+0x2f/0x1a0 [ 2823.475515] ? ksys_write+0x1a9/0x260 [ 2823.476337] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2823.477456] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2823.478556] ? trace_hardirqs_on+0x5b/0x180 [ 2823.479481] do_syscall_64+0x33/0x40 [ 2823.480275] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2823.481365] RIP: 0033:0x7f669cd3cb19 [ 2823.482175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2823.486120] RSP: 002b:00007f669a2b2188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2823.487744] RAX: ffffffffffffffda RBX: 00007f669ce4ff60 RCX: 00007f669cd3cb19 [ 2823.489253] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 2823.490773] RBP: 00007f669a2b21d0 R08: 0000000000000000 R09: 0000000000000000 [ 2823.492291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2823.493815] R13: 00007ffcc965a80f R14: 00007f669a2b2300 R15: 0000000000022000 [ 2823.495368] CPU: 0 PID: 14771 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 2823.496863] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2823.498637] Call Trace: [ 2823.499204] dump_stack+0x107/0x167 [ 2823.499977] should_fail.cold+0x5/0xa [ 2823.500792] ? __alloc_skb+0x6d/0x5b0 [ 2823.501600] should_failslab+0x5/0x20 [ 2823.502418] kmem_cache_alloc_node+0x55/0x330 [ 2823.503372] __alloc_skb+0x6d/0x5b0 [ 2823.504149] netlink_ack+0x1ed/0xab0 [ 2823.504943] ? netlink_sendmsg+0xe00/0xe00 [ 2823.505850] ? lock_acquire+0x197/0x470 [ 2823.506692] ? netlink_deliver_tap+0xf4/0xcc0 [ 2823.507647] netlink_rcv_skb+0x348/0x430 [ 2823.508492] ? rtnl_getlink+0xaa0/0xaa0 [ 2823.509327] ? netlink_ack+0xab0/0xab0 [ 2823.510148] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2823.511129] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2823.512098] ? is_vmalloc_addr+0x7b/0xb0 [ 2823.512962] netlink_unicast+0x6ce/0xa00 [ 2823.513839] ? netlink_attachskb+0xab0/0xab0 [ 2823.514776] netlink_sendmsg+0x90f/0xe00 [ 2823.515645] ? netlink_unicast+0xa00/0xa00 [ 2823.516553] ? netlink_unicast+0xa00/0xa00 [ 2823.517449] __sock_sendmsg+0x154/0x190 [ 2823.518305] ____sys_sendmsg+0x70d/0x870 [ 2823.519174] ? sock_write_iter+0x3d0/0x3d0 [ 2823.520060] ? do_recvmmsg+0x6d0/0x6d0 [ 2823.520890] ? lock_downgrade+0x6d0/0x6d0 [ 2823.521785] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2823.522899] ___sys_sendmsg+0xf3/0x170 [ 2823.523724] ? sendmsg_copy_msghdr+0x160/0x160 [ 2823.524701] ? __fget_files+0x2cf/0x520 [ 2823.525546] ? lock_downgrade+0x6d0/0x6d0 [ 2823.526446] ? find_held_lock+0x2c/0x110 [ 2823.527311] ? __fget_files+0x2f8/0x520 [ 2823.528164] ? __fget_light+0xea/0x290 [ 2823.528990] __sys_sendmsg+0xe5/0x1b0 [ 2823.529815] ? __sys_sendmsg_sock+0x40/0x40 [ 2823.530731] ? rcu_read_lock_any_held+0x75/0xa0 [ 2823.531738] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2823.532846] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2823.533948] ? trace_hardirqs_on+0x5b/0x180 [ 2823.534860] do_syscall_64+0x33/0x40 [ 2823.535659] entry_SYSCALL_64_after_hwframe+0x67/0xd1 18:27:46 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 3) [ 2823.536739] RIP: 0033:0x7fe2e1a61b19 [ 2823.537674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2823.541603] RSP: 002b:00007fe2defd7188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2823.543235] RAX: ffffffffffffffda RBX: 00007fe2e1b74f60 RCX: 00007fe2e1a61b19 [ 2823.544764] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 2823.546283] RBP: 00007fe2defd71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2823.547811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2823.549334] R13: 00007ffd1d2ec3df R14: 00007fe2defd7300 R15: 0000000000022000 [ 2823.555579] loop7: detected capacity change from 0 to 32256 [ 2823.562398] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2823.575592] FAULT_INJECTION: forcing a failure. [ 2823.575592] name failslab, interval 1, probability 0, space 0, times 0 [ 2823.578097] CPU: 0 PID: 14779 Comm: syz-executor.4 Not tainted 5.10.246 #1 [ 2823.579563] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2823.581294] Call Trace: [ 2823.581856] dump_stack+0x107/0x167 [ 2823.582635] should_fail.cold+0x5/0xa [ 2823.583439] ? __alloc_skb+0x6d/0x5b0 [ 2823.584233] should_failslab+0x5/0x20 [ 2823.585044] kmem_cache_alloc_node+0x55/0x330 [ 2823.586009] __alloc_skb+0x6d/0x5b0 [ 2823.586785] netlink_ack+0x1ed/0xab0 [ 2823.587579] ? netlink_sendmsg+0xe00/0xe00 [ 2823.588451] ? lock_acquire+0x197/0x470 [ 2823.589283] ? netlink_deliver_tap+0xf4/0xcc0 [ 2823.590241] netlink_rcv_skb+0x348/0x430 [ 2823.591102] ? rtnl_getlink+0xaa0/0xaa0 [ 2823.591934] ? netlink_ack+0xab0/0xab0 [ 2823.592763] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2823.593741] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2823.594700] ? is_vmalloc_addr+0x7b/0xb0 [ 2823.595564] netlink_unicast+0x6ce/0xa00 [ 2823.596423] ? netlink_attachskb+0xab0/0xab0 [ 2823.597341] netlink_sendmsg+0x90f/0xe00 [ 2823.598208] ? netlink_unicast+0xa00/0xa00 [ 2823.599111] ? netlink_unicast+0xa00/0xa00 [ 2823.599999] __sock_sendmsg+0x154/0x190 [ 2823.600843] ____sys_sendmsg+0x70d/0x870 [ 2823.601722] ? sock_write_iter+0x3d0/0x3d0 [ 2823.602606] ? do_recvmmsg+0x6d0/0x6d0 [ 2823.603432] ? lock_downgrade+0x6d0/0x6d0 [ 2823.604313] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2823.605421] ___sys_sendmsg+0xf3/0x170 [ 2823.606239] ? sendmsg_copy_msghdr+0x160/0x160 [ 2823.607211] ? __fget_files+0x2cf/0x520 [ 2823.608048] ? lock_downgrade+0x6d0/0x6d0 [ 2823.608924] ? find_held_lock+0x2c/0x110 [ 2823.609786] ? __fget_files+0x2f8/0x520 [ 2823.610608] ? __fget_light+0xea/0x290 [ 2823.611410] __sys_sendmsg+0xe5/0x1b0 [ 2823.612192] ? __sys_sendmsg_sock+0x40/0x40 [ 2823.613086] ? rcu_read_lock_any_held+0x75/0xa0 [ 2823.614074] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2823.615183] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2823.616268] ? trace_hardirqs_on+0x5b/0x180 [ 2823.617178] do_syscall_64+0x33/0x40 [ 2823.617970] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2823.619058] RIP: 0033:0x7fdc4a254b19 [ 2823.619846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2823.623741] RSP: 002b:00007fdc477a9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2823.625338] RAX: ffffffffffffffda RBX: 00007fdc4a368020 RCX: 00007fdc4a254b19 [ 2823.626849] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005 [ 2823.628337] RBP: 00007fdc477a91d0 R08: 0000000000000000 R09: 0000000000000000 [ 2823.629851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2823.631325] R13: 00007ffd1285803f R14: 00007fdc477a9300 R15: 0000000000022000 [ 2823.643897] FAULT_INJECTION: forcing a failure. [ 2823.643897] name failslab, interval 1, probability 0, space 0, times 0 [ 2823.646359] CPU: 0 PID: 14783 Comm: syz-executor.1 Not tainted 5.10.246 #1 [ 2823.647824] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2823.649582] Call Trace: [ 2823.650142] dump_stack+0x107/0x167 [ 2823.650917] should_fail.cold+0x5/0xa [ 2823.651713] ? __alloc_skb+0x6d/0x5b0 [ 2823.652534] should_failslab+0x5/0x20 [ 2823.653330] kmem_cache_alloc_node+0x55/0x330 [ 2823.654298] __alloc_skb+0x6d/0x5b0 [ 2823.655072] netlink_sendmsg+0x998/0xe00 [ 2823.655927] ? netlink_unicast+0xa00/0xa00 [ 2823.656841] ? netlink_unicast+0xa00/0xa00 [ 2823.657743] __sock_sendmsg+0x154/0x190 [ 2823.658551] ____sys_sendmsg+0x70d/0x870 [ 2823.659406] ? sock_write_iter+0x3d0/0x3d0 [ 2823.660429] ? do_recvmmsg+0x6d0/0x6d0 [ 2823.661271] ? lock_downgrade+0x6d0/0x6d0 [ 2823.662178] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2823.663304] ___sys_sendmsg+0xf3/0x170 [ 2823.664138] ? sendmsg_copy_msghdr+0x160/0x160 [ 2823.665125] ? __fget_files+0x2cf/0x520 [ 2823.665994] ? lock_downgrade+0x6d0/0x6d0 [ 2823.666877] ? find_held_lock+0x2c/0x110 [ 2823.667757] ? __fget_files+0x2f8/0x520 [ 2823.668626] ? __fget_light+0xea/0x290 [ 2823.669470] __sys_sendmsg+0xe5/0x1b0 [ 2823.670300] ? __sys_sendmsg_sock+0x40/0x40 [ 2823.671228] ? rcu_read_lock_any_held+0x75/0xa0 [ 2823.672254] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2823.673379] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2823.674481] ? trace_hardirqs_on+0x5b/0x180 [ 2823.675399] do_syscall_64+0x33/0x40 [ 2823.676192] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2823.677281] RIP: 0033:0x7f669cd3cb19 [ 2823.678087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2823.682045] RSP: 002b:00007f669a2b2188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2823.683668] RAX: ffffffffffffffda RBX: 00007f669ce4ff60 RCX: 00007f669cd3cb19 [ 2823.685205] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 2823.686742] RBP: 00007f669a2b21d0 R08: 0000000000000000 R09: 0000000000000000 [ 2823.688274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2823.689816] R13: 00007ffcc965a80f R14: 00007f669a2b2300 R15: 0000000000022000 18:27:46 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, 0x0, 0x0) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:27:46 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x1a734, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 2823.753453] FAT-fs (loop5): bogus number of reserved sectors [ 2823.754887] FAT-fs (loop5): Can't find a valid FAT filesystem 18:27:46 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 4) 18:27:46 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 9) 18:27:46 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000100)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x2004009, &(0x7f0000000240)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x2, 0x3ff, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) 18:27:46 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000062000210c000000000000000002"], 0x28}}, 0x0) 18:27:46 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 9) [ 2823.888750] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2823.891568] FAULT_INJECTION: forcing a failure. [ 2823.891568] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2823.893328] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2823.894180] CPU: 1 PID: 14798 Comm: syz-executor.1 Not tainted 5.10.246 #1 [ 2823.896004] FAULT_INJECTION: forcing a failure. [ 2823.896004] name failslab, interval 1, probability 0, space 0, times 0 [ 2823.897347] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2823.897354] Call Trace: [ 2823.897381] dump_stack+0x107/0x167 [ 2823.897405] should_fail.cold+0x5/0xa [ 2823.903556] __alloc_pages_nodemask+0x182/0x600 [ 2823.904524] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2823.905804] ? kmem_cache_alloc_node+0x313/0x330 [ 2823.906801] alloc_pages_current+0x187/0x280 [ 2823.907724] allocate_slab+0x26f/0x380 [ 2823.908547] ___slab_alloc+0x470/0x700 [ 2823.909367] ? __alloc_skb+0x6d/0x5b0 [ 2823.910185] ? __alloc_skb+0x6d/0x5b0 [ 2823.910986] ? kmem_cache_alloc_node+0x313/0x330 [ 2823.911978] ? __alloc_skb+0x6d/0x5b0 [ 2823.912783] kmem_cache_alloc_node+0x313/0x330 [ 2823.913770] __alloc_skb+0x6d/0x5b0 [ 2823.914540] netlink_sendmsg+0x998/0xe00 [ 2823.915395] ? netlink_unicast+0xa00/0xa00 [ 2823.916294] ? netlink_unicast+0xa00/0xa00 [ 2823.917177] __sock_sendmsg+0x154/0x190 [ 2823.918029] ____sys_sendmsg+0x70d/0x870 [ 2823.918880] ? sock_write_iter+0x3d0/0x3d0 [ 2823.919751] ? do_recvmmsg+0x6d0/0x6d0 [ 2823.920559] ? lock_downgrade+0x6d0/0x6d0 [ 2823.921431] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2823.922541] ___sys_sendmsg+0xf3/0x170 [ 2823.923358] ? sendmsg_copy_msghdr+0x160/0x160 [ 2823.924322] ? __fget_files+0x2cf/0x520 [ 2823.925168] ? lock_downgrade+0x6d0/0x6d0 [ 2823.926059] ? find_held_lock+0x2c/0x110 [ 2823.926939] ? __fget_files+0x2f8/0x520 [ 2823.927806] ? __fget_light+0xea/0x290 [ 2823.928641] __sys_sendmsg+0xe5/0x1b0 [ 2823.929453] ? __sys_sendmsg_sock+0x40/0x40 [ 2823.930390] ? rcu_read_lock_any_held+0x75/0xa0 [ 2823.931401] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2823.932524] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2823.933607] ? trace_hardirqs_on+0x5b/0x180 [ 2823.934540] do_syscall_64+0x33/0x40 [ 2823.935339] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2823.936443] RIP: 0033:0x7f669cd3cb19 [ 2823.937238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2823.941196] RSP: 002b:00007f669a2b2188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2823.942838] RAX: ffffffffffffffda RBX: 00007f669ce4ff60 RCX: 00007f669cd3cb19 [ 2823.944344] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 2823.945880] RBP: 00007f669a2b21d0 R08: 0000000000000000 R09: 0000000000000000 [ 2823.947408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2823.948940] R13: 00007ffcc965a80f R14: 00007f669a2b2300 R15: 0000000000022000 [ 2823.950512] CPU: 0 PID: 14796 Comm: syz-executor.4 Not tainted 5.10.246 #1 [ 2823.951082] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2823.952005] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2823.952012] Call Trace: [ 2823.952040] dump_stack+0x107/0x167 [ 2823.952064] should_fail.cold+0x5/0xa [ 2823.957805] ? create_object.isra.0+0x3a/0xa30 [ 2823.958787] should_failslab+0x5/0x20 [ 2823.959608] kmem_cache_alloc+0x5b/0x310 [ 2823.960490] create_object.isra.0+0x3a/0xa30 [ 2823.961432] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2823.962536] kmem_cache_alloc_node+0x169/0x330 [ 2823.963521] __alloc_skb+0x6d/0x5b0 [ 2823.964309] netlink_ack+0x1ed/0xab0 [ 2823.965121] ? netlink_sendmsg+0xe00/0xe00 [ 2823.966042] ? lock_acquire+0x197/0x470 [ 2823.966890] ? netlink_deliver_tap+0xf4/0xcc0 [ 2823.967861] netlink_rcv_skb+0x348/0x430 [ 2823.968730] ? rtnl_getlink+0xaa0/0xaa0 [ 2823.969583] ? netlink_ack+0xab0/0xab0 [ 2823.970426] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2823.971406] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2823.972382] ? is_vmalloc_addr+0x7b/0xb0 [ 2823.973254] netlink_unicast+0x6ce/0xa00 [ 2823.974142] ? netlink_attachskb+0xab0/0xab0 [ 2823.975096] netlink_sendmsg+0x90f/0xe00 [ 2823.975959] ? netlink_unicast+0xa00/0xa00 [ 2823.976870] ? netlink_unicast+0xa00/0xa00 [ 2823.977785] __sock_sendmsg+0x154/0x190 [ 2823.978635] ____sys_sendmsg+0x70d/0x870 [ 2823.979505] ? sock_write_iter+0x3d0/0x3d0 [ 2823.980407] ? do_recvmmsg+0x6d0/0x6d0 [ 2823.981246] ? lock_downgrade+0x6d0/0x6d0 [ 2823.982147] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2823.983272] ___sys_sendmsg+0xf3/0x170 [ 2823.984110] ? sendmsg_copy_msghdr+0x160/0x160 [ 2823.985093] ? __fget_files+0x2cf/0x520 [ 2823.985954] ? lock_downgrade+0x6d0/0x6d0 [ 2823.986851] ? find_held_lock+0x2c/0x110 [ 2823.987732] ? __fget_files+0x2f8/0x520 [ 2823.988601] ? __fget_light+0xea/0x290 [ 2823.989439] __sys_sendmsg+0xe5/0x1b0 [ 2823.990268] ? __sys_sendmsg_sock+0x40/0x40 [ 2823.991199] ? rcu_read_lock_any_held+0x75/0xa0 [ 2823.992210] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2823.993333] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2823.994448] ? trace_hardirqs_on+0x5b/0x180 [ 2823.995381] do_syscall_64+0x33/0x40 [ 2823.996175] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2823.997274] RIP: 0033:0x7fdc4a254b19 [ 2823.998081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2824.002066] RSP: 002b:00007fdc477ca188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2824.003679] RAX: ffffffffffffffda RBX: 00007fdc4a367f60 RCX: 00007fdc4a254b19 [ 2824.005205] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005 [ 2824.006723] RBP: 00007fdc477ca1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2824.008245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2824.009772] R13: 00007ffd1285803f R14: 00007fdc477ca300 R15: 0000000000022000 18:27:46 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 5) 18:27:46 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) [ 2824.049603] FAULT_INJECTION: forcing a failure. [ 2824.049603] name failslab, interval 1, probability 0, space 0, times 0 [ 2824.052134] CPU: 0 PID: 14801 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 2824.053606] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2824.055367] Call Trace: [ 2824.055926] dump_stack+0x107/0x167 [ 2824.056697] should_fail.cold+0x5/0xa [ 2824.057506] ? __alloc_skb+0x6d/0x5b0 [ 2824.058332] should_failslab+0x5/0x20 [ 2824.059136] kmem_cache_alloc_node+0x55/0x330 [ 2824.060083] __alloc_skb+0x6d/0x5b0 [ 2824.060856] netlink_ack+0x1ed/0xab0 [ 2824.061647] ? netlink_sendmsg+0xe00/0xe00 [ 2824.062556] ? lock_acquire+0x197/0x470 [ 2824.063391] ? netlink_deliver_tap+0xf4/0xcc0 [ 2824.064346] netlink_rcv_skb+0x348/0x430 [ 2824.065208] ? rtnl_getlink+0xaa0/0xaa0 [ 2824.066059] ? netlink_ack+0xab0/0xab0 [ 2824.066873] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2824.067846] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2824.068802] ? is_vmalloc_addr+0x7b/0xb0 [ 2824.069667] netlink_unicast+0x6ce/0xa00 [ 2824.070543] ? netlink_attachskb+0xab0/0xab0 [ 2824.071491] netlink_sendmsg+0x90f/0xe00 [ 2824.072365] ? netlink_unicast+0xa00/0xa00 [ 2824.073270] ? netlink_unicast+0xa00/0xa00 [ 2824.074180] __sock_sendmsg+0x154/0x190 [ 2824.075021] ____sys_sendmsg+0x70d/0x870 [ 2824.075876] ? sock_write_iter+0x3d0/0x3d0 [ 2824.076753] ? do_recvmmsg+0x6d0/0x6d0 [ 2824.077573] ? lock_downgrade+0x6d0/0x6d0 [ 2824.078456] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2824.079557] ___sys_sendmsg+0xf3/0x170 [ 2824.080371] ? sendmsg_copy_msghdr+0x160/0x160 [ 2824.081343] ? __fget_files+0x2cf/0x520 [ 2824.082190] ? lock_downgrade+0x6d0/0x6d0 [ 2824.083061] ? find_held_lock+0x2c/0x110 [ 2824.083929] ? __fget_files+0x2f8/0x520 [ 2824.084771] ? __fget_light+0xea/0x290 [ 2824.085589] __sys_sendmsg+0xe5/0x1b0 [ 2824.086406] ? __sys_sendmsg_sock+0x40/0x40 [ 2824.087308] ? rcu_read_lock_any_held+0x75/0xa0 [ 2824.088301] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2824.089399] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2824.090496] ? trace_hardirqs_on+0x5b/0x180 [ 2824.091406] do_syscall_64+0x33/0x40 [ 2824.092189] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2824.093261] RIP: 0033:0x7fe2e1a61b19 [ 2824.094050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2824.097895] RSP: 002b:00007fe2defd7188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2824.099486] RAX: ffffffffffffffda RBX: 00007fe2e1b74f60 RCX: 00007fe2e1a61b19 [ 2824.100981] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 2824.102499] RBP: 00007fe2defd71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2824.103983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2824.105465] R13: 00007ffd1d2ec3df R14: 00007fe2defd7300 R15: 0000000000022000 [ 2824.163296] FAT-fs (loop5): bogus number of reserved sectors [ 2824.164521] FAT-fs (loop5): Can't find a valid FAT filesystem 18:27:46 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x1a735, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 2824.171872] FAULT_INJECTION: forcing a failure. [ 2824.171872] name failslab, interval 1, probability 0, space 0, times 0 [ 2824.174489] CPU: 0 PID: 14813 Comm: syz-executor.1 Not tainted 5.10.246 #1 [ 2824.175887] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2824.177569] Call Trace: [ 2824.178123] dump_stack+0x107/0x167 [ 2824.178865] should_fail.cold+0x5/0xa [ 2824.179636] should_failslab+0x5/0x20 [ 2824.180415] __kmalloc_node_track_caller+0x74/0x3b0 [ 2824.181433] ? netlink_sendmsg+0x998/0xe00 [ 2824.182310] __alloc_skb+0xb1/0x5b0 [ 2824.183051] netlink_sendmsg+0x998/0xe00 [ 2824.183880] ? netlink_unicast+0xa00/0xa00 [ 2824.184752] ? netlink_unicast+0xa00/0xa00 [ 2824.185618] __sock_sendmsg+0x154/0x190 [ 2824.186436] ____sys_sendmsg+0x70d/0x870 [ 2824.187262] ? sock_write_iter+0x3d0/0x3d0 [ 2824.188112] ? do_recvmmsg+0x6d0/0x6d0 [ 2824.188901] ? lock_downgrade+0x6d0/0x6d0 [ 2824.189749] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2824.190806] ___sys_sendmsg+0xf3/0x170 [ 2824.191589] ? sendmsg_copy_msghdr+0x160/0x160 [ 2824.192513] ? __fget_files+0x2cf/0x520 [ 2824.193313] ? lock_downgrade+0x6d0/0x6d0 [ 2824.194151] ? find_held_lock+0x2c/0x110 [ 2824.194981] ? __fget_files+0x2f8/0x520 [ 2824.195790] ? __fget_light+0xea/0x290 [ 2824.196580] __sys_sendmsg+0xe5/0x1b0 [ 2824.197348] ? __sys_sendmsg_sock+0x40/0x40 [ 2824.198219] ? rcu_read_lock_any_held+0x75/0xa0 [ 2824.199174] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2824.200225] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2824.201267] ? trace_hardirqs_on+0x5b/0x180 [ 2824.202136] do_syscall_64+0x33/0x40 [ 2824.202886] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2824.203912] RIP: 0033:0x7f669cd3cb19 [ 2824.204654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2824.208364] RSP: 002b:00007f669a2b2188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2824.209899] RAX: ffffffffffffffda RBX: 00007f669ce4ff60 RCX: 00007f669cd3cb19 [ 2824.211337] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 2824.212763] RBP: 00007f669a2b21d0 R08: 0000000000000000 R09: 0000000000000000 [ 2824.214183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2824.215596] R13: 00007ffcc965a80f R14: 00007f669a2b2300 R15: 0000000000022000 18:27:46 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000072000210c000000000000000002"], 0x28}}, 0x0) 18:27:46 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x1a736, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:27:46 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) [ 2824.467713] FAT-fs (loop5): bogus number of reserved sectors [ 2824.469184] FAT-fs (loop5): Can't find a valid FAT filesystem 18:27:58 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:27:58 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x2, 0x3ff, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) 18:27:58 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 6) 18:27:58 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x1a737, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:27:58 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, 0x0, 0x0) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:27:58 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000092000210c000000000000000002"], 0x28}}, 0x0) 18:27:58 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 10) 18:27:58 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 10) [ 2836.335400] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2836.338726] FAULT_INJECTION: forcing a failure. [ 2836.338726] name failslab, interval 1, probability 0, space 0, times 0 [ 2836.340123] CPU: 1 PID: 14838 Comm: syz-executor.4 Not tainted 5.10.246 #1 [ 2836.340946] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2836.341948] Call Trace: [ 2836.342273] dump_stack+0x107/0x167 [ 2836.342699] should_fail.cold+0x5/0xa [ 2836.343159] should_failslab+0x5/0x20 [ 2836.343604] __kmalloc_node_track_caller+0x74/0x3b0 [ 2836.344200] ? netlink_ack+0x1ed/0xab0 [ 2836.344662] __alloc_skb+0xb1/0x5b0 [ 2836.345101] netlink_ack+0x1ed/0xab0 [ 2836.345547] ? netlink_sendmsg+0xe00/0xe00 [ 2836.346047] ? lock_acquire+0x197/0x470 [ 2836.346529] ? netlink_deliver_tap+0xf4/0xcc0 [ 2836.347069] netlink_rcv_skb+0x348/0x430 [ 2836.347555] ? rtnl_getlink+0xaa0/0xaa0 [ 2836.348018] ? netlink_ack+0xab0/0xab0 [ 2836.348487] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2836.349037] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2836.349580] ? is_vmalloc_addr+0x7b/0xb0 [ 2836.350074] netlink_unicast+0x6ce/0xa00 [ 2836.350561] ? netlink_attachskb+0xab0/0xab0 [ 2836.351077] netlink_sendmsg+0x90f/0xe00 [ 2836.351565] ? netlink_unicast+0xa00/0xa00 [ 2836.352061] ? netlink_unicast+0xa00/0xa00 [ 2836.352568] __sock_sendmsg+0x154/0x190 [ 2836.353031] ____sys_sendmsg+0x70d/0x870 [ 2836.353520] ? sock_write_iter+0x3d0/0x3d0 [ 2836.354029] ? do_recvmmsg+0x6d0/0x6d0 [ 2836.354483] ? lock_downgrade+0x6d0/0x6d0 [ 2836.354974] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2836.355594] ___sys_sendmsg+0xf3/0x170 [ 2836.356055] ? sendmsg_copy_msghdr+0x160/0x160 [ 2836.356599] ? __fget_files+0x2cf/0x520 [ 2836.357071] ? lock_downgrade+0x6d0/0x6d0 [ 2836.357550] ? find_held_lock+0x2c/0x110 [ 2836.358043] ? __fget_files+0x2f8/0x520 [ 2836.358504] ? __fget_light+0xea/0x290 [ 2836.358972] __sys_sendmsg+0xe5/0x1b0 [ 2836.359411] ? __sys_sendmsg_sock+0x40/0x40 [ 2836.359922] ? rcu_read_lock_any_held+0x75/0xa0 [ 2836.360471] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2836.361090] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2836.361685] ? trace_hardirqs_on+0x5b/0x180 [ 2836.362204] do_syscall_64+0x33/0x40 [ 2836.362645] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2836.363251] RIP: 0033:0x7fdc4a254b19 [ 2836.363692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2836.365914] RSP: 002b:00007fdc477ca188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2836.366820] RAX: ffffffffffffffda RBX: 00007fdc4a367f60 RCX: 00007fdc4a254b19 [ 2836.367664] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005 [ 2836.368509] RBP: 00007fdc477ca1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2836.369356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2836.370185] R13: 00007ffd1285803f R14: 00007fdc477ca300 R15: 0000000000022000 [ 2836.399238] FAULT_INJECTION: forcing a failure. [ 2836.399238] name failslab, interval 1, probability 0, space 0, times 0 [ 2836.401691] CPU: 0 PID: 14853 Comm: syz-executor.1 Not tainted 5.10.246 #1 [ 2836.403186] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2836.404977] Call Trace: [ 2836.405540] dump_stack+0x107/0x167 [ 2836.406337] should_fail.cold+0x5/0xa [ 2836.407166] ? create_object.isra.0+0x3a/0xa30 [ 2836.408151] should_failslab+0x5/0x20 [ 2836.408976] kmem_cache_alloc+0x5b/0x310 [ 2836.409866] create_object.isra.0+0x3a/0xa30 [ 2836.410812] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2836.411904] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2836.412997] ? netlink_sendmsg+0x998/0xe00 [ 2836.413922] __alloc_skb+0xb1/0x5b0 [ 2836.414709] netlink_sendmsg+0x998/0xe00 [ 2836.415603] ? netlink_unicast+0xa00/0xa00 [ 2836.416523] ? netlink_unicast+0xa00/0xa00 [ 2836.417434] __sock_sendmsg+0x154/0x190 [ 2836.418299] ____sys_sendmsg+0x70d/0x870 [ 2836.419174] ? sock_write_iter+0x3d0/0x3d0 [ 2836.420086] ? do_recvmmsg+0x6d0/0x6d0 [ 2836.420928] ? lock_downgrade+0x6d0/0x6d0 [ 2836.421822] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2836.422958] ___sys_sendmsg+0xf3/0x170 18:27:59 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 11) [ 2836.423792] ? sendmsg_copy_msghdr+0x160/0x160 [ 2836.424908] ? __fget_files+0x2cf/0x520 [ 2836.425770] ? lock_downgrade+0x6d0/0x6d0 [ 2836.426681] ? find_held_lock+0x2c/0x110 [ 2836.427565] ? __fget_files+0x2f8/0x520 [ 2836.428428] ? __fget_light+0xea/0x290 [ 2836.429271] __sys_sendmsg+0xe5/0x1b0 [ 2836.430098] ? __sys_sendmsg_sock+0x40/0x40 [ 2836.430111] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2836.430145] FAULT_INJECTION: forcing a failure. [ 2836.430145] name failslab, interval 1, probability 0, space 0, times 0 [ 2836.431044] ? rcu_read_lock_any_held+0x75/0xa0 [ 2836.431079] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2836.431104] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2836.437554] ? trace_hardirqs_on+0x5b/0x180 [ 2836.438490] do_syscall_64+0x33/0x40 [ 2836.439291] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2836.440391] RIP: 0033:0x7f669cd3cb19 [ 2836.441190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2836.445162] RSP: 002b:00007f669a2b2188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2836.446811] RAX: ffffffffffffffda RBX: 00007f669ce4ff60 RCX: 00007f669cd3cb19 [ 2836.448349] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 2836.449893] RBP: 00007f669a2b21d0 R08: 0000000000000000 R09: 0000000000000000 [ 2836.451424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2836.452962] R13: 00007ffcc965a80f R14: 00007f669a2b2300 R15: 0000000000022000 [ 2836.454527] CPU: 1 PID: 14850 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 2836.455435] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2836.456589] Call Trace: [ 2836.456906] dump_stack+0x107/0x167 [ 2836.457384] should_fail.cold+0x5/0xa [ 2836.457941] should_failslab+0x5/0x20 [ 2836.458436] __kmalloc_node_track_caller+0x74/0x3b0 [ 2836.459243] ? netlink_ack+0x1ed/0xab0 [ 2836.459707] __alloc_skb+0xb1/0x5b0 [ 2836.460146] netlink_ack+0x1ed/0xab0 [ 2836.460588] ? netlink_sendmsg+0xe00/0xe00 [ 2836.461091] ? lock_acquire+0x197/0x470 [ 2836.461557] ? netlink_deliver_tap+0xf4/0xcc0 [ 2836.462095] netlink_rcv_skb+0x348/0x430 [ 2836.462574] ? rtnl_getlink+0xaa0/0xaa0 [ 2836.463045] ? netlink_ack+0xab0/0xab0 [ 2836.463503] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2836.464040] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2836.464579] ? is_vmalloc_addr+0x7b/0xb0 [ 2836.465062] netlink_unicast+0x6ce/0xa00 [ 2836.465544] ? netlink_attachskb+0xab0/0xab0 [ 2836.466077] netlink_sendmsg+0x90f/0xe00 [ 2836.466559] ? netlink_unicast+0xa00/0xa00 [ 2836.467059] ? netlink_unicast+0xa00/0xa00 [ 2836.467555] __sock_sendmsg+0x154/0x190 [ 2836.468024] ____sys_sendmsg+0x70d/0x870 [ 2836.468502] ? sock_write_iter+0x3d0/0x3d0 [ 2836.469004] ? do_recvmmsg+0x6d0/0x6d0 [ 2836.469464] ? lock_downgrade+0x6d0/0x6d0 [ 2836.469960] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2836.470580] ___sys_sendmsg+0xf3/0x170 [ 2836.471043] ? sendmsg_copy_msghdr+0x160/0x160 [ 2836.471587] ? __fget_files+0x2cf/0x520 [ 2836.472056] ? lock_downgrade+0x6d0/0x6d0 [ 2836.472545] ? find_held_lock+0x2c/0x110 [ 2836.473031] ? __fget_files+0x2f8/0x520 [ 2836.473503] ? __fget_light+0xea/0x290 [ 2836.473971] __sys_sendmsg+0xe5/0x1b0 [ 2836.474418] ? __sys_sendmsg_sock+0x40/0x40 [ 2836.474926] ? rcu_read_lock_any_held+0x75/0xa0 [ 2836.475488] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2836.476106] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2836.476713] ? trace_hardirqs_on+0x5b/0x180 [ 2836.477221] do_syscall_64+0x33/0x40 [ 2836.477662] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2836.478273] RIP: 0033:0x7fe2e1a61b19 [ 2836.478715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2836.480889] RSP: 002b:00007fe2defd7188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2836.481789] RAX: ffffffffffffffda RBX: 00007fe2e1b74f60 RCX: 00007fe2e1a61b19 [ 2836.482638] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 2836.483478] RBP: 00007fe2defd71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2836.484323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2836.485180] R13: 00007ffd1d2ec3df R14: 00007fe2defd7300 R15: 0000000000022000 18:27:59 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) [ 2836.500526] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:27:59 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:27:59 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800000a2000210c000000000000000002"], 0x28}}, 0x0) [ 2836.577520] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2836.579809] FAULT_INJECTION: forcing a failure. [ 2836.579809] name failslab, interval 1, probability 0, space 0, times 0 [ 2836.581165] CPU: 1 PID: 14861 Comm: syz-executor.4 Not tainted 5.10.246 #1 [ 2836.582016] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2836.583002] Call Trace: [ 2836.583321] dump_stack+0x107/0x167 [ 2836.583767] should_fail.cold+0x5/0xa [ 2836.584229] ? create_object.isra.0+0x3a/0xa30 [ 2836.584773] should_failslab+0x5/0x20 [ 2836.585241] kmem_cache_alloc+0x5b/0x310 [ 2836.585705] create_object.isra.0+0x3a/0xa30 [ 2836.586256] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2836.586867] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2836.587458] ? netlink_ack+0x1ed/0xab0 [ 2836.587934] __alloc_skb+0xb1/0x5b0 [ 2836.588375] netlink_ack+0x1ed/0xab0 [ 2836.588825] ? netlink_sendmsg+0xe00/0xe00 [ 2836.589339] ? lock_acquire+0x197/0x470 [ 2836.589821] ? netlink_deliver_tap+0xf4/0xcc0 [ 2836.590371] netlink_rcv_skb+0x348/0x430 [ 2836.590853] ? rtnl_getlink+0xaa0/0xaa0 [ 2836.591338] ? netlink_ack+0xab0/0xab0 [ 2836.591812] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2836.592377] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2836.592934] ? is_vmalloc_addr+0x7b/0xb0 [ 2836.593402] netlink_unicast+0x6ce/0xa00 [ 2836.593897] ? netlink_attachskb+0xab0/0xab0 [ 2836.594432] netlink_sendmsg+0x90f/0xe00 [ 2836.594906] ? netlink_unicast+0xa00/0xa00 [ 2836.595423] ? netlink_unicast+0xa00/0xa00 [ 2836.595906] __sock_sendmsg+0x154/0x190 [ 2836.596387] ____sys_sendmsg+0x70d/0x870 [ 2836.596855] ? sock_write_iter+0x3d0/0x3d0 [ 2836.597364] ? do_recvmmsg+0x6d0/0x6d0 [ 2836.597842] ? lock_downgrade+0x6d0/0x6d0 [ 2836.598342] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2836.598984] ___sys_sendmsg+0xf3/0x170 [ 2836.599433] ? sendmsg_copy_msghdr+0x160/0x160 [ 2836.599994] ? __fget_files+0x2cf/0x520 [ 2836.600469] ? lock_downgrade+0x6d0/0x6d0 [ 2836.600972] ? find_held_lock+0x2c/0x110 [ 2836.601463] ? __fget_files+0x2f8/0x520 [ 2836.601953] ? __fget_light+0xea/0x290 [ 2836.602403] __sys_sendmsg+0xe5/0x1b0 [ 2836.602859] ? __sys_sendmsg_sock+0x40/0x40 [ 2836.603381] ? rcu_read_lock_any_held+0x75/0xa0 [ 2836.603949] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2836.604582] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2836.605182] ? trace_hardirqs_on+0x5b/0x180 [ 2836.605710] do_syscall_64+0x33/0x40 [ 2836.606168] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2836.606795] RIP: 0033:0x7fdc4a254b19 [ 2836.607244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2836.609480] RSP: 002b:00007fdc477ca188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2836.610413] RAX: ffffffffffffffda RBX: 00007fdc4a367f60 RCX: 00007fdc4a254b19 [ 2836.611276] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005 [ 2836.612144] RBP: 00007fdc477ca1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2836.613008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2836.613879] R13: 00007ffd1285803f R14: 00007fdc477ca300 R15: 0000000000022000 18:28:12 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 11) 18:28:12 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28008b0b2000210c000000000000000002"], 0x28}}, 0x0) 18:28:12 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 12) 18:28:12 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}], 0x3) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:28:12 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 7) 18:28:12 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x40000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:28:12 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:28:12 executing program 7: r0 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x2, 0x3ff, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) [ 2849.478749] FAULT_INJECTION: forcing a failure. [ 2849.478749] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2849.481356] CPU: 0 PID: 14882 Comm: syz-executor.1 Not tainted 5.10.246 #1 [ 2849.482838] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2849.484594] Call Trace: [ 2849.485158] dump_stack+0x107/0x167 [ 2849.485942] should_fail.cold+0x5/0xa [ 2849.486767] _copy_from_iter_full+0x201/0xa60 [ 2849.487725] ? __virt_addr_valid+0x170/0x5d0 [ 2849.488659] ? __check_object_size+0x319/0x440 [ 2849.489635] netlink_sendmsg+0x879/0xe00 [ 2849.490515] ? netlink_unicast+0xa00/0xa00 [ 2849.491420] ? netlink_unicast+0xa00/0xa00 [ 2849.492317] __sock_sendmsg+0x154/0x190 [ 2849.493162] ____sys_sendmsg+0x70d/0x870 [ 2849.494034] ? sock_write_iter+0x3d0/0x3d0 [ 2849.494920] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2849.496692] ? do_recvmmsg+0x6d0/0x6d0 [ 2849.496717] ? lock_downgrade+0x6d0/0x6d0 [ 2849.496742] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2849.497367] FAULT_INJECTION: forcing a failure. [ 2849.497367] name failslab, interval 1, probability 0, space 0, times 0 [ 2849.498154] ___sys_sendmsg+0xf3/0x170 [ 2849.498173] ? sendmsg_copy_msghdr+0x160/0x160 [ 2849.498197] ? __fget_files+0x2cf/0x520 [ 2849.503692] ? lock_downgrade+0x6d0/0x6d0 [ 2849.504575] ? find_held_lock+0x2c/0x110 [ 2849.505445] ? __fget_files+0x2f8/0x520 [ 2849.506299] ? __fget_light+0xea/0x290 [ 2849.507125] __sys_sendmsg+0xe5/0x1b0 [ 2849.507921] ? __sys_sendmsg_sock+0x40/0x40 [ 2849.508828] ? rcu_read_lock_any_held+0x75/0xa0 [ 2849.509828] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2849.510953] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2849.512036] ? trace_hardirqs_on+0x5b/0x180 [ 2849.512948] do_syscall_64+0x33/0x40 [ 2849.513732] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2849.514817] RIP: 0033:0x7f669cd3cb19 [ 2849.515597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2849.519473] RSP: 002b:00007f669a2b2188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2849.521078] RAX: ffffffffffffffda RBX: 00007f669ce4ff60 RCX: 00007f669cd3cb19 [ 2849.522587] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 2849.524092] RBP: 00007f669a2b21d0 R08: 0000000000000000 R09: 0000000000000000 [ 2849.525586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2849.527092] R13: 00007ffcc965a80f R14: 00007f669a2b2300 R15: 0000000000022000 [ 2849.528620] CPU: 1 PID: 14885 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 2849.529462] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2849.530484] Call Trace: [ 2849.530833] dump_stack+0x107/0x167 [ 2849.531286] should_fail.cold+0x5/0xa [ 2849.531766] ? create_object.isra.0+0x3a/0xa30 [ 2849.532352] should_failslab+0x5/0x20 [ 2849.532821] kmem_cache_alloc+0x5b/0x310 [ 2849.533329] create_object.isra.0+0x3a/0xa30 [ 2849.533861] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2849.534481] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2849.534820] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2849.535098] ? netlink_ack+0x1ed/0xab0 [ 2849.535116] __alloc_skb+0xb1/0x5b0 [ 2849.535134] netlink_ack+0x1ed/0xab0 [ 2849.538242] ? netlink_sendmsg+0xe00/0xe00 18:28:12 executing program 7: r0 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x2, 0x3ff, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) [ 2849.538755] ? lock_acquire+0x197/0x470 [ 2849.539430] ? netlink_deliver_tap+0xf4/0xcc0 [ 2849.539986] netlink_rcv_skb+0x348/0x430 [ 2849.540491] ? rtnl_getlink+0xaa0/0xaa0 [ 2849.540979] ? netlink_ack+0xab0/0xab0 [ 2849.541460] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2849.542035] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2849.542593] ? is_vmalloc_addr+0x7b/0xb0 [ 2849.543084] netlink_unicast+0x6ce/0xa00 [ 2849.543578] ? netlink_attachskb+0xab0/0xab0 [ 2849.544115] netlink_sendmsg+0x90f/0xe00 [ 2849.544801] ? netlink_unicast+0xa00/0xa00 [ 2849.545037] FAULT_INJECTION: forcing a failure. [ 2849.545037] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2849.545320] ? netlink_unicast+0xa00/0xa00 [ 2849.548235] __sock_sendmsg+0x154/0x190 [ 2849.548715] ____sys_sendmsg+0x70d/0x870 [ 2849.549205] ? sock_write_iter+0x3d0/0x3d0 [ 2849.549714] ? do_recvmmsg+0x6d0/0x6d0 [ 2849.550183] ? lock_downgrade+0x6d0/0x6d0 [ 2849.550684] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2849.551314] ___sys_sendmsg+0xf3/0x170 [ 2849.551780] ? sendmsg_copy_msghdr+0x160/0x160 [ 2849.552336] ? __fget_files+0x2cf/0x520 [ 2849.552817] ? lock_downgrade+0x6d0/0x6d0 [ 2849.553313] ? find_held_lock+0x2c/0x110 [ 2849.553807] ? __fget_files+0x2f8/0x520 [ 2849.554293] ? __fget_light+0xea/0x290 [ 2849.554757] __sys_sendmsg+0xe5/0x1b0 [ 2849.555206] ? __sys_sendmsg_sock+0x40/0x40 [ 2849.555721] ? rcu_read_lock_any_held+0x75/0xa0 [ 2849.556282] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2849.556911] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2849.557519] ? trace_hardirqs_on+0x5b/0x180 [ 2849.558041] do_syscall_64+0x33/0x40 [ 2849.558485] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2849.559094] RIP: 0033:0x7fe2e1a61b19 [ 2849.559535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2849.561712] RSP: 002b:00007fe2defd7188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2849.562624] RAX: ffffffffffffffda RBX: 00007fe2e1b74f60 RCX: 00007fe2e1a61b19 [ 2849.563473] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 2849.564320] RBP: 00007fe2defd71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2849.565165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2849.566011] R13: 00007ffd1d2ec3df R14: 00007fe2defd7300 R15: 0000000000022000 [ 2849.566882] CPU: 0 PID: 14881 Comm: syz-executor.4 Not tainted 5.10.246 #1 [ 2849.568360] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2849.570120] Call Trace: [ 2849.570677] dump_stack+0x107/0x167 [ 2849.571445] should_fail.cold+0x5/0xa [ 2849.572255] _copy_to_user+0x2e/0x180 [ 2849.573061] simple_read_from_buffer+0xcc/0x160 [ 2849.574056] proc_fail_nth_read+0x198/0x230 [ 2849.574966] ? proc_sessionid_read+0x230/0x230 [ 2849.575922] ? security_file_permission+0xb1/0xe0 [ 2849.576940] ? proc_sessionid_read+0x230/0x230 [ 2849.577896] vfs_read+0x228/0x620 [ 2849.578640] ksys_read+0x12d/0x260 [ 2849.579391] ? vfs_write+0xb10/0xb10 [ 2849.580183] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2849.581282] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2849.582398] do_syscall_64+0x33/0x40 [ 2849.583179] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2849.584252] RIP: 0033:0x7fdc4a20769c [ 2849.585034] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 2849.588915] RSP: 002b:00007fdc477ca170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2849.590006] loop5: detected capacity change from 0 to 32256 [ 2849.590523] RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 00007fdc4a20769c [ 2849.590538] RDX: 000000000000000f RSI: 00007fdc477ca1e0 RDI: 0000000000000006 [ 2849.594194] RBP: 00007fdc477ca1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2849.595686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2849.597180] R13: 00007ffd1285803f R14: 00007fdc477ca300 R15: 0000000000022000 [ 2849.599637] FAT-fs (loop5): bogus number of reserved sectors [ 2849.600371] FAT-fs (loop5): Can't find a valid FAT filesystem 18:28:12 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 8) 18:28:12 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 12) 18:28:12 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x80000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 2849.689430] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:28:12 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:28:12 executing program 7: r0 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x2, 0x3ff, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) [ 2849.712216] FAULT_INJECTION: forcing a failure. [ 2849.712216] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2849.713113] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2849.714727] CPU: 0 PID: 14909 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 2849.715783] FAULT_INJECTION: forcing a failure. [ 2849.715783] name failslab, interval 1, probability 0, space 0, times 0 [ 2849.717153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2849.717160] Call Trace: [ 2849.717186] dump_stack+0x107/0x167 [ 2849.717209] should_fail.cold+0x5/0xa [ 2849.722295] _copy_to_user+0x2e/0x180 [ 2849.723106] simple_read_from_buffer+0xcc/0x160 [ 2849.724094] proc_fail_nth_read+0x198/0x230 [ 2849.725010] ? proc_sessionid_read+0x230/0x230 [ 2849.725971] ? security_file_permission+0xb1/0xe0 [ 2849.727005] ? proc_sessionid_read+0x230/0x230 [ 2849.727969] vfs_read+0x228/0x620 [ 2849.728713] ksys_read+0x12d/0x260 [ 2849.729467] ? vfs_write+0xb10/0xb10 [ 2849.730269] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2849.731379] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2849.732468] do_syscall_64+0x33/0x40 [ 2849.733251] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2849.734336] RIP: 0033:0x7fe2e1a1469c [ 2849.735118] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 2849.738994] RSP: 002b:00007fe2defd7170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2849.740595] RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 00007fe2e1a1469c [ 2849.742104] RDX: 000000000000000f RSI: 00007fe2defd71e0 RDI: 0000000000000004 [ 2849.743601] RBP: 00007fe2defd71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2849.745096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2849.746600] R13: 00007ffd1d2ec3df R14: 00007fe2defd7300 R15: 0000000000022000 [ 2849.748125] CPU: 1 PID: 14906 Comm: syz-executor.1 Not tainted 5.10.246 #1 [ 2849.748550] loop5: detected capacity change from 0 to 32256 [ 2849.748924] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2849.748929] Call Trace: [ 2849.748950] dump_stack+0x107/0x167 [ 2849.748967] should_fail.cold+0x5/0xa [ 2849.752254] ? __alloc_skb+0x6d/0x5b0 [ 2849.752709] should_failslab+0x5/0x20 [ 2849.753160] kmem_cache_alloc_node+0x55/0x330 [ 2849.753687] __alloc_skb+0x6d/0x5b0 [ 2849.754117] netlink_ack+0x1ed/0xab0 [ 2849.754544] ? netlink_sendmsg+0xe00/0xe00 [ 2849.755030] ? lock_acquire+0x197/0x470 [ 2849.755490] ? netlink_deliver_tap+0xf4/0xcc0 [ 2849.756003] netlink_rcv_skb+0x348/0x430 [ 2849.756469] ? rtnl_getlink+0xaa0/0xaa0 [ 2849.756925] ? netlink_ack+0xab0/0xab0 [ 2849.757368] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2849.757887] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2849.758408] ? is_vmalloc_addr+0x7b/0xb0 [ 2849.758877] netlink_unicast+0x6ce/0xa00 [ 2849.759349] ? netlink_attachskb+0xab0/0xab0 [ 2849.759856] netlink_sendmsg+0x90f/0xe00 [ 2849.760320] ? netlink_unicast+0xa00/0xa00 [ 2849.760804] ? netlink_unicast+0xa00/0xa00 [ 2849.761291] __sock_sendmsg+0x154/0x190 [ 2849.761744] ____sys_sendmsg+0x70d/0x870 [ 2849.762221] ? sock_write_iter+0x3d0/0x3d0 [ 2849.762698] ? do_recvmmsg+0x6d0/0x6d0 [ 2849.763143] ? lock_downgrade+0x6d0/0x6d0 [ 2849.763616] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2849.764211] ___sys_sendmsg+0xf3/0x170 [ 2849.764653] ? sendmsg_copy_msghdr+0x160/0x160 [ 2849.765175] ? __fget_files+0x2cf/0x520 [ 2849.765629] ? lock_downgrade+0x6d0/0x6d0 [ 2849.766102] ? find_held_lock+0x2c/0x110 [ 2849.766572] ? __fget_files+0x2f8/0x520 [ 2849.767026] ? __fget_light+0xea/0x290 [ 2849.767464] __sys_sendmsg+0xe5/0x1b0 [ 2849.767893] ? __sys_sendmsg_sock+0x40/0x40 [ 2849.768386] ? rcu_read_lock_any_held+0x75/0xa0 [ 2849.768918] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2849.769519] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2849.770104] ? trace_hardirqs_on+0x5b/0x180 [ 2849.770597] do_syscall_64+0x33/0x40 [ 2849.771019] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2849.771418] FAT-fs (loop5): bogus number of reserved sectors [ 2849.771604] RIP: 0033:0x7f669cd3cb19 [ 2849.771624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2849.772879] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2849.773256] RSP: 002b:00007f669a2b2188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2849.773269] RAX: ffffffffffffffda RBX: 00007f669ce4ff60 RCX: 00007f669cd3cb19 [ 2849.773275] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 2849.773281] RBP: 00007f669a2b21d0 R08: 0000000000000000 R09: 0000000000000000 [ 2849.773286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2849.773292] R13: 00007ffcc965a80f R14: 00007f669a2b2300 R15: 0000000000022000 18:28:12 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800000f2000210c000000000000000002"], 0x28}}, 0x0) 18:28:12 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:28:12 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}], 0x3) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:28:12 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x2, 0x3ff, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) 18:28:12 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2849.878660] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2849.895107] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:28:24 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}], 0x3) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:28:24 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x1000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:28:24 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:28:24 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 9) 18:28:24 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x2, 0x3ff, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) 18:28:24 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:28:24 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000482000210c000000000000000002"], 0x28}}, 0x0) 18:28:24 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:28:24 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x2, 0x3ff, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) [ 2861.785714] loop5: detected capacity change from 0 to 32256 [ 2861.792292] FAT-fs (loop5): bogus number of reserved sectors [ 2861.793009] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2861.796341] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:28:24 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{0x0}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) [ 2861.810606] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2861.824081] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2861.829391] FAULT_INJECTION: forcing a failure. [ 2861.829391] name failslab, interval 1, probability 0, space 0, times 0 [ 2861.831874] CPU: 1 PID: 14948 Comm: syz-executor.1 Not tainted 5.10.246 #1 [ 2861.833321] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2861.835061] Call Trace: [ 2861.835624] dump_stack+0x107/0x167 [ 2861.836394] should_fail.cold+0x5/0xa [ 2861.837194] ? create_object.isra.0+0x3a/0xa30 [ 2861.838158] should_failslab+0x5/0x20 [ 2861.838948] kmem_cache_alloc+0x5b/0x310 [ 2861.839804] create_object.isra.0+0x3a/0xa30 [ 2861.840712] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2861.841773] kmem_cache_alloc_node+0x169/0x330 [ 2861.842753] __alloc_skb+0x6d/0x5b0 [ 2861.843527] netlink_ack+0x1ed/0xab0 [ 2861.844316] ? netlink_sendmsg+0xe00/0xe00 [ 2861.845199] ? lock_acquire+0x197/0x470 [ 2861.846018] ? netlink_deliver_tap+0xf4/0xcc0 [ 2861.846960] netlink_rcv_skb+0x348/0x430 [ 2861.847802] ? rtnl_getlink+0xaa0/0xaa0 [ 2861.848626] ? netlink_ack+0xab0/0xab0 [ 2861.849428] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2861.850387] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2861.851329] ? is_vmalloc_addr+0x7b/0xb0 [ 2861.852176] netlink_unicast+0x6ce/0xa00 [ 2861.853037] ? netlink_attachskb+0xab0/0xab0 [ 2861.853971] netlink_sendmsg+0x90f/0xe00 [ 2861.854830] ? netlink_unicast+0xa00/0xa00 [ 2861.855718] ? netlink_unicast+0xa00/0xa00 [ 2861.856592] __sock_sendmsg+0x154/0x190 [ 2861.857419] ____sys_sendmsg+0x70d/0x870 [ 2861.858276] ? sock_write_iter+0x3d0/0x3d0 [ 2861.859146] ? do_recvmmsg+0x6d0/0x6d0 [ 2861.859954] ? lock_downgrade+0x6d0/0x6d0 [ 2861.860820] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2861.861925] ___sys_sendmsg+0xf3/0x170 [ 2861.862741] ? sendmsg_copy_msghdr+0x160/0x160 [ 2861.863686] ? __fget_files+0x2cf/0x520 [ 2861.864509] ? lock_downgrade+0x6d0/0x6d0 [ 2861.865370] ? find_held_lock+0x2c/0x110 [ 2861.866240] ? __fget_files+0x2f8/0x520 [ 2861.867069] ? __fget_light+0xea/0x290 [ 2861.867876] __sys_sendmsg+0xe5/0x1b0 [ 2861.868661] ? __sys_sendmsg_sock+0x40/0x40 [ 2861.869570] ? rcu_read_lock_any_held+0x75/0xa0 [ 2861.870555] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2861.871663] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2861.872749] ? trace_hardirqs_on+0x5b/0x180 [ 2861.873660] do_syscall_64+0x33/0x40 [ 2861.874451] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2861.875535] RIP: 0033:0x7f669cd3cb19 [ 2861.876316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2861.880186] RSP: 002b:00007f669a2b2188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2861.881771] RAX: ffffffffffffffda RBX: 00007f669ce4ff60 RCX: 00007f669cd3cb19 [ 2861.883276] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 2861.884774] RBP: 00007f669a2b21d0 R08: 0000000000000000 R09: 0000000000000000 [ 2861.886276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2861.887768] R13: 00007ffcc965a80f R14: 00007f669a2b2300 R15: 0000000000022000 [ 2861.891443] loop5: detected capacity change from 0 to 32256 [ 2861.897492] FAT-fs (loop5): bogus number of reserved sectors [ 2861.898801] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2861.960717] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:28:38 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x2, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:28:38 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{0x0}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:28:38 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000016c0)={0x0, 0x2, 0x3ff, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) 18:28:38 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 10) 18:28:38 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x2, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:28:38 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x2000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:28:38 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x0, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:28:38 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800004c2000210c000000000000000002"], 0x28}}, 0x0) [ 2875.841993] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2875.874685] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2875.879924] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2875.889672] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2875.897361] loop5: detected capacity change from 0 to 32256 [ 2875.903433] FAULT_INJECTION: forcing a failure. [ 2875.903433] name failslab, interval 1, probability 0, space 0, times 0 [ 2875.905660] CPU: 0 PID: 14986 Comm: syz-executor.1 Not tainted 5.10.246 #1 [ 2875.906960] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2875.908487] Call Trace: [ 2875.908981] dump_stack+0x107/0x167 [ 2875.909649] should_fail.cold+0x5/0xa [ 2875.910357] should_failslab+0x5/0x20 [ 2875.911062] __kmalloc_node_track_caller+0x74/0x3b0 [ 2875.911978] ? netlink_ack+0x1ed/0xab0 [ 2875.912712] __alloc_skb+0xb1/0x5b0 [ 2875.913383] netlink_ack+0x1ed/0xab0 [ 2875.914075] ? netlink_sendmsg+0xe00/0xe00 [ 2875.914880] ? lock_acquire+0x197/0x470 [ 2875.915619] ? netlink_deliver_tap+0xf4/0xcc0 [ 2875.916455] netlink_rcv_skb+0x348/0x430 [ 2875.917204] ? rtnl_getlink+0xaa0/0xaa0 [ 2875.917946] ? netlink_ack+0xab0/0xab0 [ 2875.918670] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2875.919496] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2875.920334] ? is_vmalloc_addr+0x7b/0xb0 [ 2875.921087] netlink_unicast+0x6ce/0xa00 [ 2875.921834] ? netlink_attachskb+0xab0/0xab0 [ 2875.922662] netlink_sendmsg+0x90f/0xe00 [ 2875.923413] ? netlink_unicast+0xa00/0xa00 [ 2875.924196] ? netlink_unicast+0xa00/0xa00 [ 2875.924973] __sock_sendmsg+0x154/0x190 [ 2875.925700] ____sys_sendmsg+0x70d/0x870 [ 2875.926453] ? sock_write_iter+0x3d0/0x3d0 [ 2875.927225] ? do_recvmmsg+0x6d0/0x6d0 [ 2875.927952] ? lock_downgrade+0x6d0/0x6d0 [ 2875.928705] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2875.929670] ___sys_sendmsg+0xf3/0x170 [ 2875.930386] ? sendmsg_copy_msghdr+0x160/0x160 [ 2875.931224] ? __fget_files+0x2cf/0x520 [ 2875.931945] ? lock_downgrade+0x6d0/0x6d0 [ 2875.932701] ? find_held_lock+0x2c/0x110 [ 2875.933449] ? __fget_files+0x2f8/0x520 [ 2875.934176] ? __fget_light+0xea/0x290 [ 2875.934894] __sys_sendmsg+0xe5/0x1b0 [ 2875.935586] ? __sys_sendmsg_sock+0x40/0x40 [ 2875.936370] ? rcu_read_lock_any_held+0x75/0xa0 [ 2875.937231] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2875.938181] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2875.939132] ? trace_hardirqs_on+0x5b/0x180 [ 2875.939914] do_syscall_64+0x33/0x40 [ 2875.940582] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2875.941502] RIP: 0033:0x7f669cd3cb19 [ 2875.942167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2875.945476] RSP: 002b:00007f669a2b2188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2875.946864] RAX: ffffffffffffffda RBX: 00007f669ce4ff60 RCX: 00007f669cd3cb19 [ 2875.948173] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 2875.949489] RBP: 00007f669a2b21d0 R08: 0000000000000000 R09: 0000000000000000 [ 2875.950803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2875.952118] R13: 00007ffcc965a80f R14: 00007f669a2b2300 R15: 0000000000022000 [ 2875.978108] FAT-fs (loop5): bogus number of reserved sectors [ 2875.979271] FAT-fs (loop5): Can't find a valid FAT filesystem 18:28:38 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x3, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:28:38 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x3000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:28:38 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 11) 18:28:38 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x3, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:28:38 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000682000210c000000000000000002"], 0x28}}, 0x0) [ 2876.102097] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:28:38 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{0x0}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) [ 2876.106090] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2876.127819] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2876.158223] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2876.160128] FAULT_INJECTION: forcing a failure. [ 2876.160128] name failslab, interval 1, probability 0, space 0, times 0 [ 2876.162718] CPU: 1 PID: 15006 Comm: syz-executor.1 Not tainted 5.10.246 #1 [ 2876.164167] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2876.165916] Call Trace: [ 2876.166489] dump_stack+0x107/0x167 [ 2876.167252] should_fail.cold+0x5/0xa [ 2876.168059] ? create_object.isra.0+0x3a/0xa30 [ 2876.169016] should_failslab+0x5/0x20 [ 2876.169822] kmem_cache_alloc+0x5b/0x310 [ 2876.170685] create_object.isra.0+0x3a/0xa30 [ 2876.171611] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2876.172689] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2876.173757] ? netlink_ack+0x1ed/0xab0 [ 2876.174591] __alloc_skb+0xb1/0x5b0 [ 2876.175360] netlink_ack+0x1ed/0xab0 [ 2876.176150] ? netlink_sendmsg+0xe00/0xe00 [ 2876.177042] ? lock_acquire+0x197/0x470 [ 2876.177918] ? netlink_deliver_tap+0xf4/0xcc0 [ 2876.178872] netlink_rcv_skb+0x348/0x430 [ 2876.179725] ? rtnl_getlink+0xaa0/0xaa0 [ 2876.180555] ? netlink_ack+0xab0/0xab0 [ 2876.181367] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2876.182340] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2876.183301] ? is_vmalloc_addr+0x7b/0xb0 [ 2876.184157] netlink_unicast+0x6ce/0xa00 [ 2876.185018] ? netlink_attachskb+0xab0/0xab0 [ 2876.185951] netlink_sendmsg+0x90f/0xe00 [ 2876.186817] ? netlink_unicast+0xa00/0xa00 [ 2876.187714] ? netlink_unicast+0xa00/0xa00 [ 2876.188602] __sock_sendmsg+0x154/0x190 [ 2876.189439] ____sys_sendmsg+0x70d/0x870 [ 2876.190328] ? sock_write_iter+0x3d0/0x3d0 [ 2876.191211] ? do_recvmmsg+0x6d0/0x6d0 [ 2876.192007] ? lock_downgrade+0x6d0/0x6d0 [ 2876.192880] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2876.194015] ___sys_sendmsg+0xf3/0x170 [ 2876.194918] ? sendmsg_copy_msghdr+0x160/0x160 [ 2876.195875] ? __fget_files+0x2cf/0x520 [ 2876.196701] ? lock_downgrade+0x6d0/0x6d0 [ 2876.197570] ? find_held_lock+0x2c/0x110 [ 2876.198504] ? __fget_files+0x2f8/0x520 [ 2876.199400] ? __fget_light+0xea/0x290 [ 2876.200467] __sys_sendmsg+0xe5/0x1b0 [ 2876.201304] ? __sys_sendmsg_sock+0x40/0x40 [ 2876.202309] ? rcu_read_lock_any_held+0x75/0xa0 [ 2876.203543] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2876.204842] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2876.206078] ? trace_hardirqs_on+0x5b/0x180 [ 2876.207274] do_syscall_64+0x33/0x40 [ 2876.208104] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2876.209357] RIP: 0033:0x7f669cd3cb19 [ 2876.210325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2876.214827] RSP: 002b:00007f669a2b2188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2876.216812] RAX: ffffffffffffffda RBX: 00007f669ce4ff60 RCX: 00007f669cd3cb19 [ 2876.218703] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 2876.220456] RBP: 00007f669a2b21d0 R08: 0000000000000000 R09: 0000000000000000 [ 2876.222182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2876.223960] R13: 00007ffcc965a80f R14: 00007f669a2b2300 R15: 0000000000022000 18:28:38 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x4000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:28:38 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2876.244163] loop5: detected capacity change from 0 to 32256 18:28:38 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x0, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) [ 2876.273762] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:28:38 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000016c0)={0x0, 0x2, 0x3ff, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) 18:28:38 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) (fail_nth: 12) [ 2876.288388] FAT-fs (loop5): bogus number of reserved sectors [ 2876.289281] FAT-fs (loop5): Can't find a valid FAT filesystem 18:28:38 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:28:38 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800006c2000210c000000000000000002"], 0x28}}, 0x0) 18:28:38 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x5, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2876.369511] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2876.372816] FAULT_INJECTION: forcing a failure. [ 2876.372816] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2876.374436] CPU: 0 PID: 15029 Comm: syz-executor.1 Not tainted 5.10.246 #1 [ 2876.375364] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2876.376492] Call Trace: [ 2876.376854] dump_stack+0x107/0x167 [ 2876.377353] should_fail.cold+0x5/0xa [ 2876.377874] _copy_to_user+0x2e/0x180 [ 2876.378400] simple_read_from_buffer+0xcc/0x160 [ 2876.379042] proc_fail_nth_read+0x198/0x230 [ 2876.379628] ? proc_sessionid_read+0x230/0x230 [ 2876.380248] ? security_file_permission+0xb1/0xe0 [ 2876.380915] ? proc_sessionid_read+0x230/0x230 [ 2876.381548] vfs_read+0x228/0x620 [ 2876.382030] ksys_read+0x12d/0x260 [ 2876.382514] ? vfs_write+0xb10/0xb10 [ 2876.383022] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2876.383724] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2876.384420] do_syscall_64+0x33/0x40 [ 2876.384944] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2876.385641] RIP: 0033:0x7f669ccef69c [ 2876.386143] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 2876.388620] RSP: 002b:00007f669a2b2170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2876.389650] RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 00007f669ccef69c [ 2876.390623] RDX: 000000000000000f RSI: 00007f669a2b21e0 RDI: 0000000000000004 [ 2876.391597] RBP: 00007f669a2b21d0 R08: 0000000000000000 R09: 0000000000000000 [ 2876.392570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2876.393536] R13: 00007ffcc965a80f R14: 00007f669a2b2300 R15: 0000000000022000 18:28:51 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000016c0)={0x0, 0x2, 0x3ff, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) 18:28:51 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x5, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:28:51 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x0, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:28:51 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2888.456352] __nla_validate_parse: 2 callbacks suppressed 18:28:51 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 2888.456364] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2888.466061] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2888.472536] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2888.481844] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:28:51 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000742000210c000000000000000002"], 0x28}}, 0x0) 18:28:51 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:28:51 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x5000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 2888.534596] loop5: detected capacity change from 0 to 32256 18:28:51 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:28:51 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 2888.605024] FAT-fs (loop5): bogus number of reserved sectors [ 2888.605844] FAT-fs (loop5): Can't find a valid FAT filesystem 18:28:51 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2888.643276] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2888.652640] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:28:51 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x8, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2888.668110] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:28:51 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280002742000210c000000000000000002"], 0x28}}, 0x0) 18:28:51 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:28:51 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x6000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 2888.717982] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2888.737094] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2888.749522] loop5: detected capacity change from 0 to 32256 [ 2888.786970] FAT-fs (loop5): bogus number of reserved sectors [ 2888.788250] FAT-fs (loop5): Can't find a valid FAT filesystem 18:28:51 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x2, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 2888.861312] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2903.056435] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:29:05 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800007a2000210c000000000000000002"], 0x28}}, 0x0) 18:29:05 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:29:05 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x3, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:29:05 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:29:05 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:29:05 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x9, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:29:05 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x7000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:29:05 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) [ 2903.072293] loop5: detected capacity change from 0 to 32256 [ 2903.087778] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2903.091214] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2903.092533] FAT-fs (loop5): bogus number of reserved sectors [ 2903.094109] FAT-fs (loop5): Can't find a valid FAT filesystem 18:29:05 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xb, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2903.122897] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2903.124611] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2903.166454] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:29:19 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) 18:29:19 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2916.802820] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2916.815152] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:29:19 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:29:19 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000812000210c000000000000000002"], 0x28}}, 0x0) 18:29:19 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:29:19 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400", 0xc}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:29:19 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x8, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:29:19 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x8000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 2916.825416] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2916.835771] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2916.846241] loop5: detected capacity change from 0 to 32256 [ 2916.868096] FAT-fs (loop5): bogus number of reserved sectors [ 2916.868808] FAT-fs (loop5): Can't find a valid FAT filesystem 18:29:19 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x48, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2916.900812] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:29:19 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x9000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:29:19 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x5, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 2916.960691] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:29:19 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28000b8b2000210c000000000000000002"], 0x28}}, 0x0) 18:29:19 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400", 0xc}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:29:19 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4c, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2917.009034] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2917.010239] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2917.022558] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:29:19 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000f02000210c000000000000000002"], 0x28}}, 0x0) 18:29:19 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x68, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2917.066915] loop5: detected capacity change from 0 to 32256 [ 2917.084954] FAT-fs (loop5): bogus number of reserved sectors [ 2917.085636] FAT-fs (loop5): Can't find a valid FAT filesystem 18:29:19 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:29:19 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x9, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:29:19 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x9a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:29:19 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) [ 2917.117856] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:29:19 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:29:33 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6c, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:29:33 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x0, 0x6, 0x800}], 0x3) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:29:33 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x3ff, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) 18:29:33 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400", 0xc}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:29:33 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000000a00210c000000000000000002"], 0x28}}, 0x0) 18:29:33 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:29:33 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xa000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:29:33 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xb, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2930.839992] loop5: detected capacity change from 0 to 32256 [ 2930.867308] FAT-fs (loop5): bogus number of reserved sectors [ 2930.868626] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2930.872812] __nla_validate_parse: 4 callbacks suppressed [ 2930.872822] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2930.877778] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2930.884476] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10 sclass=netlink_route_socket pid=15217 comm=syz-executor.0 [ 2930.888118] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2930.894003] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:29:33 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x74, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:29:33 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x8, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 2930.957712] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:29:33 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) [ 2930.977516] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2930.979632] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10 sclass=netlink_route_socket pid=15238 comm=syz-executor.0 [ 2931.028805] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:29:33 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xaa70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 2931.043398] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:29:33 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7a, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:29:33 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000000f00210c000000000000000002"], 0x28}}, 0x0) 18:29:33 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2931.168693] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2931.170464] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2931.175600] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15 sclass=netlink_route_socket pid=15249 comm=syz-executor.0 [ 2931.215466] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15 sclass=netlink_route_socket pid=15259 comm=syz-executor.0 [ 2943.751864] __nla_validate_parse: 1 callbacks suppressed [ 2943.751870] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:29:46 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:29:46 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x0, 0x6, 0x800}], 0x3) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:29:46 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001100210c000000000000000002"], 0x28}}, 0x0) 18:29:46 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xb000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:29:46 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x9, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 2943.756729] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:29:46 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:29:46 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) 18:29:46 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x48, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2943.778329] loop5: detected capacity change from 0 to 32256 [ 2943.788040] FAT-fs (loop5): invalid media value (0x00) [ 2943.788635] FAT-fs (loop5): Can't find a valid FAT filesystem 18:29:46 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 2943.813451] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:29:46 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) [ 2943.829570] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2943.837421] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:29:46 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x2fc, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2943.852751] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2943.875435] loop5: detected capacity change from 0 to 32256 18:29:46 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xba70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 2943.892031] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2943.917891] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2943.931408] FAT-fs (loop5): invalid media value (0x00) [ 2943.932616] FAT-fs (loop5): Can't find a valid FAT filesystem 18:29:46 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x48, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:29:46 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x300, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2943.998077] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:29:46 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4c, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:29:46 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001200210c000000000000000002"], 0x28}}, 0x0) 18:29:46 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400", 0x15}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) [ 2944.079718] loop5: detected capacity change from 0 to 32256 [ 2944.093575] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2944.097868] FAT-fs (loop5): invalid media value (0x00) [ 2944.098653] FAT-fs (loop5): Can't find a valid FAT filesystem 18:30:01 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x0, 0x6, 0x800}], 0x3) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:30:01 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xca70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:30:01 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400", 0x15}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:30:01 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4c, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:30:01 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x68, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:30:01 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) 18:30:01 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001300210c000000000000000002"], 0x28}}, 0x0) 18:30:01 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x500, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2958.406775] __nla_validate_parse: 2 callbacks suppressed [ 2958.406786] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2958.413746] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2958.432189] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2958.441395] loop5: detected capacity change from 0 to 32256 [ 2958.455858] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2958.474105] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2958.476876] FAT-fs (loop5): invalid media value (0x00) [ 2958.478192] FAT-fs (loop5): Can't find a valid FAT filesystem 18:30:01 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x600, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2958.510526] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 18:30:01 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xda70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 2958.556858] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:30:01 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x68, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:30:01 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6c, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2958.617862] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2958.708259] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2958.715450] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:30:15 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xea70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:30:15 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x74, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:30:15 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x0, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:30:15 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6c, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:30:15 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:30:15 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x700, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:30:15 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400", 0x15}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:30:15 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) [ 2972.801064] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2972.823395] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2972.827267] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2972.837574] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2972.845656] loop5: detected capacity change from 0 to 32256 [ 2972.852683] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:30:15 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x900, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2972.859601] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2972.874406] FAT-fs (loop5): invalid media value (0x00) [ 2972.876090] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2972.891142] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:30:15 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x74, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:30:15 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xb00, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2973.005748] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:30:15 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7a, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:30:15 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001500210c000000000000000002"], 0x28}}, 0x0) 18:30:15 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xfa70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 2973.036406] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:30:15 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) 18:30:15 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) [ 2973.089293] loop5: detected capacity change from 0 to 32256 [ 2973.090702] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2973.100227] FAT-fs (loop5): bogus number of FAT sectors [ 2973.101478] FAT-fs (loop5): Can't find a valid FAT filesystem 18:30:15 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:30:15 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7a, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 2973.220842] loop5: detected capacity change from 0 to 32256 [ 2973.277387] FAT-fs (loop5): bogus number of FAT sectors [ 2973.279268] FAT-fs (loop5): Can't find a valid FAT filesystem 18:30:15 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x0, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:30:15 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf00, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:30:15 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001600210c000000000000000002"], 0x28}}, 0x0) 18:30:15 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:30:16 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x10000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:30:16 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:30:16 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) [ 2973.424265] loop5: detected capacity change from 0 to 32256 18:30:16 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x1316, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 2973.447253] FAT-fs (loop5): bogus number of FAT sectors [ 2973.448486] FAT-fs (loop5): Can't find a valid FAT filesystem 18:30:29 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x0, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:30:29 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x10a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:30:29 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, 0x0, 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) 18:30:29 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:30:29 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x300, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:30:29 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x300, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:30:29 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x1613, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:30:29 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) [ 2986.728537] __nla_validate_parse: 9 callbacks suppressed [ 2986.728548] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2986.731718] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2986.733678] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2986.739285] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:30:29 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, 0x0, 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) [ 2986.754632] loop5: detected capacity change from 0 to 32256 [ 2986.759706] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2986.812603] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:30:29 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x2000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:30:29 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x3b1, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:30:29 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:30:29 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001900210c000000000000000002"], 0x28}}, 0x0) 18:30:29 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x11a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:30:29 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) [ 2986.951013] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2986.954852] loop5: detected capacity change from 0 to 32256 [ 2986.974220] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2986.985292] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2986.991860] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 18:30:41 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:30:41 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4d1, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:30:41 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001a00210c000000000000000002"], 0x28}}, 0x0) 18:30:41 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:30:41 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, 0x0, 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) 18:30:41 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4800, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:30:41 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x12a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:30:41 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x500, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 2999.054254] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2999.064287] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2999.068707] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2999.074891] loop5: detected capacity change from 0 to 32256 18:30:41 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) [ 2999.083189] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:30:41 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) [ 2999.099253] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2999.131489] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 2999.167296] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2999.231915] loop5: detected capacity change from 0 to 32256 [ 3011.037661] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:30:53 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4c00, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:30:53 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:30:53 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x100000001) 18:30:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, 0x0, &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:30:53 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x13a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:30:53 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001c00210c000000000000000002"], 0x28}}, 0x0) 18:30:53 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x500, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:30:53 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x600, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 3011.047118] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3011.055778] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3011.068534] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3011.088606] loop5: detected capacity change from 0 to 32256 18:30:53 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6800, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:30:53 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x14a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3011.111596] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:30:53 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6c00, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:30:53 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x100000001) [ 3011.141603] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:30:53 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001d00210c000000000000000002"], 0x28}}, 0x0) 18:30:53 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x700, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:30:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, 0x0, &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:30:53 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001e00210c000000000000000002"], 0x28}}, 0x0) [ 3011.246312] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3011.260123] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3011.293040] loop5: detected capacity change from 0 to 32256 18:31:06 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x600, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:31:06 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000022000210c000000000000000002"], 0x28}}, 0x0) 18:31:06 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, 0x0, &(0x7f0000000280), 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:31:06 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7400, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:31:06 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x900, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:31:06 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x15a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3024.174112] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:31:06 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x100000001) [ 3024.197205] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3024.197422] loop5: detected capacity change from 0 to 32256 18:31:06 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x3) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:31:06 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x100000001) [ 3024.218537] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3024.225661] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:31:06 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x16a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:31:06 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf00, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:31:06 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:31:06 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7a00, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3024.292275] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3024.298505] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:31:06 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x100000001) [ 3024.314734] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:31:06 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000032000210c000000000000000002"], 0x28}}, 0x0) [ 3024.329290] loop5: detected capacity change from 0 to 32256 18:31:06 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x16f6, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 3024.377364] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3024.399667] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3024.412319] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:31:20 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x17a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:31:20 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000042000210c000000000000000002"], 0x28}}, 0x0) 18:31:20 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:31:20 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4800, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:31:20 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x100000001) 18:31:20 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x700, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:31:20 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x3) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:31:20 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) [ 3037.634166] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3037.642130] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3037.642637] loop5: detected capacity change from 0 to 32256 [ 3037.650367] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3037.667215] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:31:20 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x0) 18:31:20 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:31:20 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4c00, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:31:20 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xfc02, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:31:20 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x18000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:31:20 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000052000210c000000000000000002"], 0x28}}, 0x0) [ 3037.737138] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3037.756721] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3037.761367] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:31:20 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x900, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:31:20 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x3) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) [ 3037.842803] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3037.891231] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:31:32 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x80000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:31:32 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x0, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:31:32 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000062000210c000000000000000002"], 0x28}}, 0x0) 18:31:32 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0)={'trans=unix,', {[{@aname={'aname', 0x3d, 'vfat\x00'}}, {@version_L}, {@version_L}], [{@obj_user={'obj_user', 0x3d, 'vfat\x00'}}]}}) 18:31:32 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x0) 18:31:32 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6800, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:31:32 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x18a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:31:32 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xb00, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3050.324843] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3050.330308] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3050.336702] loop5: detected capacity change from 0 to 32256 18:31:32 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x0) [ 3050.340590] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3050.354121] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3050.373457] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:31:33 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xe0ffff, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3050.459602] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3050.514112] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3050.525087] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3050.533224] loop5: detected capacity change from 0 to 32256 18:31:33 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) 18:31:33 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x0, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:31:33 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6c00, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:31:33 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000072000210c000000000000000002"], 0x28}}, 0x0) 18:31:33 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf00, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:31:33 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x19a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:31:33 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf0ffff, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:31:33 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x1aa70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3050.596401] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3050.620234] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:31:33 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7400, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:31:33 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x0, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:31:46 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 1) 18:31:46 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x0, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:31:46 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) [ 3064.027667] __nla_validate_parse: 2 callbacks suppressed [ 3064.027678] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:31:46 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x1416, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:31:46 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000092000210c000000000000000002"], 0x28}}, 0x0) 18:31:46 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x1ba70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:31:46 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7a00, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:31:46 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x1000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3064.036792] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3064.043267] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3064.056454] FAULT_INJECTION: forcing a failure. [ 3064.056454] name failslab, interval 1, probability 0, space 0, times 0 [ 3064.059227] CPU: 1 PID: 15786 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3064.060723] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3064.062487] Call Trace: [ 3064.063054] dump_stack+0x107/0x167 [ 3064.063824] should_fail.cold+0x5/0xa [ 3064.064658] ? alloc_pipe_info+0x10a/0x590 [ 3064.065541] should_failslab+0x5/0x20 [ 3064.066345] kmem_cache_alloc_trace+0x55/0x320 [ 3064.067317] alloc_pipe_info+0x10a/0x590 [ 3064.068186] splice_direct_to_actor+0x774/0x980 [ 3064.069191] ? _cond_resched+0x10/0x30 [ 3064.070009] ? inode_security+0x107/0x140 [ 3064.070896] ? pipe_to_sendpage+0x380/0x380 [ 3064.071805] ? avc_policy_seqno+0x9/0x70 [ 3064.072682] ? selinux_file_permission+0x92/0x520 [ 3064.073716] ? do_splice_to+0x160/0x160 [ 3064.074553] ? security_file_permission+0xb1/0xe0 [ 3064.075594] do_splice_direct+0x1c4/0x290 [ 3064.076485] ? splice_direct_to_actor+0x980/0x980 [ 3064.077500] ? avc_policy_seqno+0x9/0x70 [ 3064.078366] ? security_file_permission+0xb1/0xe0 [ 3064.079406] do_sendfile+0x553/0x11e0 [ 3064.080237] ? do_pwritev+0x270/0x270 [ 3064.081056] ? wait_for_completion_io+0x270/0x270 [ 3064.082081] ? rcu_read_lock_any_held+0x75/0xa0 [ 3064.083064] ? vfs_write+0x354/0xb10 [ 3064.083846] __x64_sys_sendfile64+0x1d1/0x210 [ 3064.084805] ? __ia32_sys_sendfile+0x220/0x220 [ 3064.085774] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3064.086890] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3064.087988] do_syscall_64+0x33/0x40 [ 3064.088790] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3064.089871] RIP: 0033:0x7f8c0677ab19 [ 3064.090656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3064.094563] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3064.096164] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3064.097689] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3064.099218] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3064.100741] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 3064.101048] loop5: detected capacity change from 0 to 32256 [ 3064.102246] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3064.140616] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:32:00 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800000a2000210c000000000000000002"], 0x28}}, 0x0) 18:32:00 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x2000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:00 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x1ca70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:32:00 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 2) 18:32:00 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:32:00 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xb103, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:32:00 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x1614, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:00 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) (fail_nth: 1) [ 3078.360870] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3078.370064] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3078.370622] FAULT_INJECTION: forcing a failure. [ 3078.370622] name failslab, interval 1, probability 0, space 0, times 0 [ 3078.373992] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3078.374977] CPU: 1 PID: 15813 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3078.378512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3078.379048] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3078.380625] Call Trace: [ 3078.380655] dump_stack+0x107/0x167 [ 3078.380685] should_fail.cold+0x5/0xa [ 3078.385089] ? create_object.isra.0+0x3a/0xa30 [ 3078.386248] should_failslab+0x5/0x20 [ 3078.387210] kmem_cache_alloc+0x5b/0x310 [ 3078.388249] create_object.isra.0+0x3a/0xa30 [ 3078.389299] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3078.390382] kmem_cache_alloc_trace+0x151/0x320 [ 3078.391370] alloc_pipe_info+0x10a/0x590 [ 3078.392233] splice_direct_to_actor+0x774/0x980 [ 3078.393232] ? _cond_resched+0x10/0x30 [ 3078.394054] ? inode_security+0x107/0x140 [ 3078.394926] ? pipe_to_sendpage+0x380/0x380 [ 3078.395835] ? avc_policy_seqno+0x9/0x70 [ 3078.396695] ? selinux_file_permission+0x92/0x520 [ 3078.397714] ? do_splice_to+0x160/0x160 [ 3078.398554] ? security_file_permission+0xb1/0xe0 [ 3078.399584] do_splice_direct+0x1c4/0x290 [ 3078.400457] ? splice_direct_to_actor+0x980/0x980 [ 3078.401483] ? avc_policy_seqno+0x9/0x70 [ 3078.402341] ? security_file_permission+0xb1/0xe0 [ 3078.403366] do_sendfile+0x553/0x11e0 [ 3078.404194] ? do_pwritev+0x270/0x270 [ 3078.405005] ? wait_for_completion_io+0x270/0x270 [ 3078.406022] ? rcu_read_lock_any_held+0x75/0xa0 [ 3078.407001] ? vfs_write+0x354/0xb10 [ 3078.407786] __x64_sys_sendfile64+0x1d1/0x210 [ 3078.408750] ? __ia32_sys_sendfile+0x220/0x220 [ 3078.409721] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3078.410841] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3078.411961] do_syscall_64+0x33/0x40 [ 3078.412765] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3078.413847] RIP: 0033:0x7f8c0677ab19 [ 3078.414635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3078.418567] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3078.420201] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3078.421740] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3078.423265] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3078.424793] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 3078.426304] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3078.435716] loop5: detected capacity change from 0 to 32256 18:32:01 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 3078.466710] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3078.505008] FAULT_INJECTION: forcing a failure. [ 3078.505008] name failslab, interval 1, probability 0, space 0, times 0 [ 3078.507706] CPU: 0 PID: 15823 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 3078.509411] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3078.511257] Call Trace: [ 3078.511860] dump_stack+0x107/0x167 [ 3078.512684] should_fail.cold+0x5/0xa [ 3078.513539] ? getname_flags.part.0+0x50/0x4f0 [ 3078.514566] should_failslab+0x5/0x20 [ 3078.515420] kmem_cache_alloc+0x5b/0x310 [ 3078.516332] getname_flags.part.0+0x50/0x4f0 [ 3078.517332] user_path_at_empty+0xa1/0x100 [ 3078.518283] __x64_sys_mount+0x1e9/0x300 [ 3078.519192] ? copy_mnt_ns+0xa00/0xa00 [ 3078.520057] ? copy_mnt_ns+0xa00/0xa00 [ 3078.520955] do_syscall_64+0x33/0x40 [ 3078.521794] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3078.522934] RIP: 0033:0x7fe0ee621b19 [ 3078.523768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3078.527869] RSP: 002b:00007fe0ebb97188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 3078.529572] RAX: ffffffffffffffda RBX: 00007fe0ee734f60 RCX: 00007fe0ee621b19 [ 3078.531162] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000000 [ 3078.532762] RBP: 00007fe0ebb971d0 R08: 0000000000000000 R09: 0000000000000000 [ 3078.534351] R10: 0000000001000860 R11: 0000000000000246 R12: 0000000000000001 [ 3078.535942] R13: 00007fff2b541aff R14: 00007fe0ebb97300 R15: 0000000000022000 18:32:01 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x3000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3078.565703] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3078.589060] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:32:01 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4800, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:01 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800000f2000210c000000000000000002"], 0x28}}, 0x0) 18:32:01 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x1da70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3078.638271] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3078.676241] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:32:01 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 3) 18:32:01 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) (fail_nth: 2) 18:32:01 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf616, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:32:01 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:01 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x1ea70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3078.774121] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:32:01 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000482000210c000000000000000002"], 0x28}}, 0x0) [ 3078.817340] FAULT_INJECTION: forcing a failure. [ 3078.817340] name failslab, interval 1, probability 0, space 0, times 0 [ 3078.819879] CPU: 1 PID: 15851 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3078.821376] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3078.823148] Call Trace: [ 3078.823710] dump_stack+0x107/0x167 [ 3078.824504] should_fail.cold+0x5/0xa [ 3078.825318] ? alloc_pipe_info+0x1e5/0x590 [ 3078.826214] should_failslab+0x5/0x20 [ 3078.827020] __kmalloc+0x72/0x390 [ 3078.827758] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3078.828853] alloc_pipe_info+0x1e5/0x590 [ 3078.829719] splice_direct_to_actor+0x774/0x980 [ 3078.830711] ? _cond_resched+0x10/0x30 [ 3078.831544] ? inode_security+0x107/0x140 [ 3078.832421] ? pipe_to_sendpage+0x380/0x380 [ 3078.833370] ? avc_policy_seqno+0x9/0x70 [ 3078.834230] ? selinux_file_permission+0x92/0x520 [ 3078.835253] ? do_splice_to+0x160/0x160 [ 3078.836093] ? security_file_permission+0xb1/0xe0 [ 3078.837138] do_splice_direct+0x1c4/0x290 [ 3078.838020] ? splice_direct_to_actor+0x980/0x980 [ 3078.839043] ? avc_policy_seqno+0x9/0x70 [ 3078.839912] ? security_file_permission+0xb1/0xe0 [ 3078.840952] do_sendfile+0x553/0x11e0 [ 3078.841777] ? do_pwritev+0x270/0x270 [ 3078.842590] ? wait_for_completion_io+0x270/0x270 [ 3078.843611] ? rcu_read_lock_any_held+0x75/0xa0 [ 3078.844601] ? vfs_write+0x354/0xb10 [ 3078.845397] __x64_sys_sendfile64+0x1d1/0x210 [ 3078.846349] ? __ia32_sys_sendfile+0x220/0x220 [ 3078.847322] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3078.848440] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3078.849545] do_syscall_64+0x33/0x40 [ 3078.850335] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3078.851422] RIP: 0033:0x7f8c0677ab19 [ 3078.852224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3078.856141] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3078.857751] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3078.859250] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3078.860764] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3078.862279] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 3078.863800] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:32:01 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4c00, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3078.880229] loop5: detected capacity change from 0 to 32256 [ 3078.942429] FAULT_INJECTION: forcing a failure. [ 3078.942429] name failslab, interval 1, probability 0, space 0, times 0 [ 3078.945174] CPU: 0 PID: 15855 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 3078.946724] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3078.948586] Call Trace: [ 3078.949186] dump_stack+0x107/0x167 [ 3078.950008] should_fail.cold+0x5/0xa [ 3078.950868] ? create_object.isra.0+0x3a/0xa30 [ 3078.951893] should_failslab+0x5/0x20 [ 3078.952755] kmem_cache_alloc+0x5b/0x310 [ 3078.953675] create_object.isra.0+0x3a/0xa30 [ 3078.954654] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3078.955792] kmem_cache_alloc+0x159/0x310 [ 3078.956739] getname_flags.part.0+0x50/0x4f0 [ 3078.957730] user_path_at_empty+0xa1/0x100 [ 3078.958681] __x64_sys_mount+0x1e9/0x300 [ 3078.959590] ? copy_mnt_ns+0xa00/0xa00 [ 3078.960469] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3078.961665] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3078.962820] do_syscall_64+0x33/0x40 [ 3078.963658] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3078.964808] RIP: 0033:0x7fe0ee621b19 [ 3078.965643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3078.969757] RSP: 002b:00007fe0ebb97188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 3078.971453] RAX: ffffffffffffffda RBX: 00007fe0ee734f60 RCX: 00007fe0ee621b19 [ 3078.973065] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000000 [ 3078.974656] RBP: 00007fe0ebb971d0 R08: 0000000000000000 R09: 0000000000000000 [ 3078.976246] R10: 0000000001000860 R11: 0000000000000246 R12: 0000000000000001 [ 3078.977843] R13: 00007fff2b541aff R14: 00007fe0ebb97300 R15: 0000000000022000 18:32:13 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) (fail_nth: 3) [ 3091.263741] __nla_validate_parse: 4 callbacks suppressed [ 3091.263752] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3091.266972] loop5: detected capacity change from 0 to 32256 [ 3091.274896] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:32:13 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x80000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:32:13 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6800, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:13 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800004c2000210c000000000000000002"], 0x28}}, 0x0) 18:32:13 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x5000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:13 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:32:13 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x1fa70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:32:13 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 4) [ 3091.284011] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3091.285961] FAULT_INJECTION: forcing a failure. [ 3091.285961] name failslab, interval 1, probability 0, space 0, times 0 [ 3091.287313] CPU: 1 PID: 15892 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3091.288144] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3091.289155] Call Trace: [ 3091.289481] dump_stack+0x107/0x167 [ 3091.289937] should_fail.cold+0x5/0xa [ 3091.290402] ? create_object.isra.0+0x3a/0xa30 [ 3091.290970] should_failslab+0x5/0x20 [ 3091.291442] kmem_cache_alloc+0x5b/0x310 [ 3091.291935] create_object.isra.0+0x3a/0xa30 [ 3091.292469] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3091.293097] __kmalloc+0x16e/0x390 [ 3091.293531] alloc_pipe_info+0x1e5/0x590 [ 3091.294040] splice_direct_to_actor+0x774/0x980 [ 3091.294604] ? _cond_resched+0x10/0x30 [ 3091.295076] ? inode_security+0x107/0x140 [ 3091.295574] ? pipe_to_sendpage+0x380/0x380 [ 3091.296100] ? avc_policy_seqno+0x9/0x70 [ 3091.296590] ? selinux_file_permission+0x92/0x520 [ 3091.297184] ? do_splice_to+0x160/0x160 [ 3091.297663] ? security_file_permission+0xb1/0xe0 [ 3091.298255] do_splice_direct+0x1c4/0x290 [ 3091.298755] ? splice_direct_to_actor+0x980/0x980 [ 3091.299343] ? avc_policy_seqno+0x9/0x70 [ 3091.299834] ? security_file_permission+0xb1/0xe0 [ 3091.300419] do_sendfile+0x553/0x11e0 [ 3091.300895] ? do_pwritev+0x270/0x270 [ 3091.301360] ? wait_for_completion_io+0x270/0x270 [ 3091.301941] ? rcu_read_lock_any_held+0x75/0xa0 [ 3091.302506] ? vfs_write+0x354/0xb10 [ 3091.302956] __x64_sys_sendfile64+0x1d1/0x210 [ 3091.303489] ? __ia32_sys_sendfile+0x220/0x220 [ 3091.304048] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3091.304687] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3091.305311] do_syscall_64+0x33/0x40 [ 3091.305761] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3091.306372] RIP: 0033:0x7f8c0677ab19 [ 3091.306824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3091.309038] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3091.309945] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3091.310797] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3091.311646] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3091.312502] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 3091.313363] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3091.320715] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:32:13 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3091.349439] FAULT_INJECTION: forcing a failure. [ 3091.349439] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3091.352253] CPU: 0 PID: 15885 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 3091.353740] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3091.355506] Call Trace: [ 3091.356071] dump_stack+0x107/0x167 [ 3091.356860] should_fail.cold+0x5/0xa [ 3091.357801] strncpy_from_user+0x34/0x470 18:32:13 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xe0ffff, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 3091.358760] getname_flags.part.0+0x95/0x4f0 [ 3091.359863] user_path_at_empty+0xa1/0x100 [ 3091.360855] __x64_sys_mount+0x1e9/0x300 [ 3091.361787] ? copy_mnt_ns+0xa00/0xa00 [ 3091.362691] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3091.363893] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3091.365092] do_syscall_64+0x33/0x40 [ 3091.365949] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3091.367115] RIP: 0033:0x7fe0ee621b19 [ 3091.367972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3091.372137] RSP: 002b:00007fe0ebb97188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 3091.373868] RAX: ffffffffffffffda RBX: 00007fe0ee734f60 RCX: 00007fe0ee621b19 [ 3091.375479] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000000 [ 3091.377106] RBP: 00007fe0ebb971d0 R08: 0000000000000000 R09: 0000000000000000 [ 3091.378717] R10: 0000000001000860 R11: 0000000000000246 R12: 0000000000000001 [ 3091.380329] R13: 00007fff2b541aff R14: 00007fe0ebb97300 R15: 0000000000022000 [ 3091.404694] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3091.408784] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3091.416144] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3091.433618] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:32:14 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x20000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:32:14 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6c00, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:14 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:32:14 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3091.505082] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:32:14 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) (fail_nth: 4) 18:32:14 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000682000210c000000000000000002"], 0x28}}, 0x0) [ 3091.545658] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:32:14 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf0ffff, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:32:14 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x9000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3091.669385] loop5: detected capacity change from 0 to 32256 [ 3091.685587] FAULT_INJECTION: forcing a failure. [ 3091.685587] name failslab, interval 1, probability 0, space 0, times 0 [ 3091.686876] CPU: 1 PID: 15926 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 3091.687661] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3091.688606] Call Trace: [ 3091.688920] dump_stack+0x107/0x167 [ 3091.689341] should_fail.cold+0x5/0xa [ 3091.689782] ? alloc_fs_context+0x57/0x840 [ 3091.690257] should_failslab+0x5/0x20 [ 3091.690689] kmem_cache_alloc_trace+0x55/0x320 [ 3091.691212] ? cap_capable+0x1cd/0x230 [ 3091.691648] ? cap_capable+0x1cd/0x230 [ 3091.692103] alloc_fs_context+0x57/0x840 [ 3091.692572] path_mount+0x962/0x21e0 [ 3091.693008] ? strncpy_from_user+0x9e/0x470 [ 3091.693498] ? finish_automount+0xa90/0xa90 [ 3091.693993] ? getname_flags.part.0+0x1dd/0x4f0 [ 3091.694522] __x64_sys_mount+0x282/0x300 [ 3091.694988] ? copy_mnt_ns+0xa00/0xa00 [ 3091.695433] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3091.696033] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3091.696634] do_syscall_64+0x33/0x40 [ 3091.697073] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3091.697668] RIP: 0033:0x7fe0ee621b19 [ 3091.698093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3091.700225] RSP: 002b:00007fe0ebb97188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 3091.701092] RAX: ffffffffffffffda RBX: 00007fe0ee734f60 RCX: 00007fe0ee621b19 [ 3091.701912] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000000 [ 3091.702736] RBP: 00007fe0ebb971d0 R08: 0000000000000000 R09: 0000000000000000 [ 3091.703562] R10: 0000000001000860 R11: 0000000000000246 R12: 0000000000000001 [ 3091.704372] R13: 00007fff2b541aff R14: 00007fe0ebb97300 R15: 0000000000022000 18:32:26 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7400, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:26 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) (fail_nth: 5) 18:32:26 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x20100000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:32:26 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xb000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:26 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x1000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:32:26 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 5) 18:32:26 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x3) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:32:26 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800006c2000210c000000000000000002"], 0x28}}, 0x0) [ 3104.238705] __nla_validate_parse: 2 callbacks suppressed [ 3104.238717] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3104.247365] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3104.249574] FAULT_INJECTION: forcing a failure. [ 3104.249574] name failslab, interval 1, probability 0, space 0, times 0 [ 3104.250626] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3104.252035] CPU: 0 PID: 15948 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3104.254366] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3104.256122] Call Trace: [ 3104.256678] dump_stack+0x107/0x167 [ 3104.257457] should_fail.cold+0x5/0xa [ 3104.258267] ? alloc_pipe_info+0x1e5/0x590 [ 3104.259153] should_failslab+0x5/0x20 [ 3104.259965] __kmalloc+0x72/0x390 [ 3104.260687] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3104.261763] alloc_pipe_info+0x1e5/0x590 [ 3104.262622] splice_direct_to_actor+0x774/0x980 [ 3104.263601] ? _cond_resched+0x10/0x30 [ 3104.264412] ? inode_security+0x107/0x140 [ 3104.265328] ? pipe_to_sendpage+0x380/0x380 [ 3104.266234] ? avc_policy_seqno+0x9/0x70 [ 3104.266959] loop5: detected capacity change from 0 to 32256 [ 3104.267085] ? selinux_file_permission+0x92/0x520 [ 3104.268783] ? do_splice_to+0x160/0x160 [ 3104.269620] ? security_file_permission+0xb1/0xe0 [ 3104.270640] do_splice_direct+0x1c4/0x290 [ 3104.271509] ? splice_direct_to_actor+0x980/0x980 [ 3104.272521] ? avc_policy_seqno+0x9/0x70 [ 3104.273386] ? security_file_permission+0xb1/0xe0 [ 3104.274418] do_sendfile+0x553/0x11e0 [ 3104.275227] ? do_pwritev+0x270/0x270 [ 3104.276037] ? wait_for_completion_io+0x270/0x270 [ 3104.277069] ? rcu_read_lock_any_held+0x75/0xa0 [ 3104.278049] ? vfs_write+0x354/0xb10 [ 3104.278841] __x64_sys_sendfile64+0x1d1/0x210 [ 3104.279784] ? __ia32_sys_sendfile+0x220/0x220 [ 3104.280744] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3104.281852] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3104.282942] do_syscall_64+0x33/0x40 [ 3104.283724] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3104.284477] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3104.284813] RIP: 0033:0x7f8c0677ab19 [ 3104.286540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3104.290421] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3104.292011] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3104.293514] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3104.295004] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3104.296490] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 3104.297985] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3104.301032] FAULT_INJECTION: forcing a failure. [ 3104.301032] name failslab, interval 1, probability 0, space 0, times 0 [ 3104.302390] CPU: 1 PID: 15938 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 3104.303188] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3104.304196] Call Trace: [ 3104.304523] dump_stack+0x107/0x167 [ 3104.304966] should_fail.cold+0x5/0xa [ 3104.305418] ? create_object.isra.0+0x3a/0xa30 [ 3104.305955] should_failslab+0x5/0x20 [ 3104.306403] kmem_cache_alloc+0x5b/0x310 [ 3104.306885] create_object.isra.0+0x3a/0xa30 [ 3104.307397] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3104.308030] kmem_cache_alloc_trace+0x151/0x320 [ 3104.308579] ? cap_capable+0x1cd/0x230 [ 3104.309081] alloc_fs_context+0x57/0x840 [ 3104.309565] path_mount+0x962/0x21e0 [ 3104.310010] ? strncpy_from_user+0x9e/0x470 [ 3104.310511] ? finish_automount+0xa90/0xa90 [ 3104.311008] ? getname_flags.part.0+0x1dd/0x4f0 [ 3104.311527] __x64_sys_mount+0x282/0x300 [ 3104.311978] ? copy_mnt_ns+0xa00/0xa00 [ 3104.312448] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3104.313046] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3104.313661] do_syscall_64+0x33/0x40 [ 3104.314077] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3104.314688] RIP: 0033:0x7fe0ee621b19 [ 3104.315109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3104.317291] RSP: 002b:00007fe0ebb97188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 3104.318150] RAX: ffffffffffffffda RBX: 00007fe0ee734f60 RCX: 00007fe0ee621b19 [ 3104.318945] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000000 [ 3104.319738] RBP: 00007fe0ebb971d0 R08: 0000000000000000 R09: 0000000000000000 [ 3104.320533] R10: 0000000001000860 R11: 0000000000000246 R12: 0000000000000001 [ 3104.321345] R13: 00007fff2b541aff R14: 00007fe0ebb97300 R15: 0000000000022000 18:32:26 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x2000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:32:26 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 6) [ 3104.350172] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:32:26 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:27 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x20a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3104.371282] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3104.380267] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3104.403389] FAULT_INJECTION: forcing a failure. [ 3104.403389] name failslab, interval 1, probability 0, space 0, times 0 [ 3104.405863] CPU: 0 PID: 15966 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3104.407329] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3104.408384] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3104.409109] Call Trace: [ 3104.409138] dump_stack+0x107/0x167 [ 3104.409160] should_fail.cold+0x5/0xa [ 3104.412180] ? create_object.isra.0+0x3a/0xa30 [ 3104.413154] should_failslab+0x5/0x20 [ 3104.413956] kmem_cache_alloc+0x5b/0x310 [ 3104.414856] create_object.isra.0+0x3a/0xa30 [ 3104.415794] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3104.416875] __kmalloc+0x16e/0x390 [ 3104.417638] alloc_pipe_info+0x1e5/0x590 [ 3104.418507] splice_direct_to_actor+0x774/0x980 [ 3104.419493] ? _cond_resched+0x10/0x30 [ 3104.420316] ? inode_security+0x107/0x140 [ 3104.421195] ? pipe_to_sendpage+0x380/0x380 [ 3104.422107] ? avc_policy_seqno+0x9/0x70 [ 3104.422962] ? selinux_file_permission+0x92/0x520 [ 3104.423991] ? do_splice_to+0x160/0x160 [ 3104.424841] ? security_file_permission+0xb1/0xe0 [ 3104.425860] do_splice_direct+0x1c4/0x290 [ 3104.426744] ? splice_direct_to_actor+0x980/0x980 [ 3104.427761] ? avc_policy_seqno+0x9/0x70 [ 3104.428619] ? security_file_permission+0xb1/0xe0 [ 3104.429650] do_sendfile+0x553/0x11e0 [ 3104.430467] ? do_pwritev+0x270/0x270 [ 3104.431267] ? wait_for_completion_io+0x270/0x270 [ 3104.432283] ? rcu_read_lock_any_held+0x75/0xa0 [ 3104.433269] ? vfs_write+0x354/0xb10 [ 3104.434072] __x64_sys_sendfile64+0x1d1/0x210 [ 3104.435018] ? __ia32_sys_sendfile+0x220/0x220 [ 3104.435979] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3104.437088] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3104.438180] do_syscall_64+0x33/0x40 [ 3104.438961] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3104.440038] RIP: 0033:0x7f8c0677ab19 [ 3104.440837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3104.444718] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3104.446335] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3104.447835] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3104.449346] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3104.450858] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 3104.452367] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:32:27 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x13160000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3104.469814] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:32:27 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x3000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:32:27 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) (fail_nth: 6) 18:32:27 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7a00, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:27 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000742000210c000000000000000002"], 0x28}}, 0x0) [ 3104.511499] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:32:27 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800007a2000210c000000000000000002"], 0x28}}, 0x0) 18:32:27 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x20000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:27 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x3) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) [ 3104.593865] loop5: detected capacity change from 0 to 32256 18:32:27 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xd104, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3104.622661] FAULT_INJECTION: forcing a failure. [ 3104.622661] name failslab, interval 1, probability 0, space 0, times 0 [ 3104.623994] CPU: 1 PID: 15987 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 3104.624743] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3104.625640] Call Trace: [ 3104.625948] dump_stack+0x107/0x167 [ 3104.626339] should_fail.cold+0x5/0xa [ 3104.626775] ? legacy_init_fs_context+0x44/0xe0 [ 3104.627273] should_failslab+0x5/0x20 [ 3104.627716] kmem_cache_alloc_trace+0x55/0x320 [ 3104.628210] ? lockdep_init_map_type+0x2c7/0x780 [ 3104.628752] legacy_init_fs_context+0x44/0xe0 [ 3104.629268] ? generic_parse_monolithic+0x1f0/0x1f0 [ 3104.629799] alloc_fs_context+0x4fd/0x840 [ 3104.630248] path_mount+0x962/0x21e0 [ 3104.630684] ? strncpy_from_user+0x9e/0x470 [ 3104.631150] ? finish_automount+0xa90/0xa90 [ 3104.631614] ? getname_flags.part.0+0x1dd/0x4f0 [ 3104.632151] __x64_sys_mount+0x282/0x300 [ 3104.632583] ? copy_mnt_ns+0xa00/0xa00 [ 3104.633011] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3104.633572] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3104.634165] do_syscall_64+0x33/0x40 [ 3104.634594] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3104.635144] RIP: 0033:0x7fe0ee621b19 [ 3104.635569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3104.637557] RSP: 002b:00007fe0ebb97188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 3104.638376] RAX: ffffffffffffffda RBX: 00007fe0ee734f60 RCX: 00007fe0ee621b19 [ 3104.639148] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000000 [ 3104.639913] RBP: 00007fe0ebb971d0 R08: 0000000000000000 R09: 0000000000000000 [ 3104.640689] R10: 0000000001000860 R11: 0000000000000246 R12: 0000000000000001 [ 3104.641460] R13: 00007fff2b541aff R14: 00007fe0ebb97300 R15: 0000000000022000 18:32:27 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:32:27 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) (fail_nth: 7) 18:32:27 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x48000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:27 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x21a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3104.771175] loop5: detected capacity change from 0 to 32256 [ 3104.808232] FAULT_INJECTION: forcing a failure. [ 3104.808232] name failslab, interval 1, probability 0, space 0, times 0 [ 3104.810685] CPU: 0 PID: 16006 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 3104.812156] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3104.813926] Call Trace: [ 3104.814498] dump_stack+0x107/0x167 [ 3104.815289] should_fail.cold+0x5/0xa [ 3104.816136] ? legacy_init_fs_context+0x44/0xe0 [ 3104.817138] should_failslab+0x5/0x20 [ 3104.817956] kmem_cache_alloc_trace+0x55/0x320 [ 3104.818941] ? lockdep_init_map_type+0x2c7/0x780 [ 3104.819964] legacy_init_fs_context+0x44/0xe0 [ 3104.820931] ? generic_parse_monolithic+0x1f0/0x1f0 [ 3104.822003] alloc_fs_context+0x4fd/0x840 [ 3104.822900] path_mount+0x962/0x21e0 [ 3104.823712] ? strncpy_from_user+0x9e/0x470 [ 3104.824667] ? finish_automount+0xa90/0xa90 [ 3104.825606] ? getname_flags.part.0+0x1dd/0x4f0 [ 3104.826599] __x64_sys_mount+0x282/0x300 [ 3104.827454] ? copy_mnt_ns+0xa00/0xa00 [ 3104.828274] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3104.829382] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3104.830465] do_syscall_64+0x33/0x40 [ 3104.831247] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3104.832324] RIP: 0033:0x7fe0ee621b19 [ 3104.833123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3104.837018] RSP: 002b:00007fe0ebb97188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 3104.838616] RAX: ffffffffffffffda RBX: 00007fe0ee734f60 RCX: 00007fe0ee621b19 [ 3104.840114] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000000 [ 3104.841622] RBP: 00007fe0ebb971d0 R08: 0000000000000000 R09: 0000000000000000 [ 3104.843127] R10: 0000000001000860 R11: 0000000000000246 R12: 0000000000000001 [ 3104.844638] R13: 00007fff2b541aff R14: 00007fe0ebb97300 R15: 0000000000022000 [ 3117.806621] __nla_validate_parse: 8 callbacks suppressed [ 3117.806628] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3117.815563] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:32:40 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 7) 18:32:40 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x3) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:32:40 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) (fail_nth: 8) 18:32:40 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x22a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:32:40 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x5000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:32:40 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4c000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:40 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:40 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002500210c000000000000000002"], 0x28}}, 0x0) [ 3117.834889] FAULT_INJECTION: forcing a failure. [ 3117.834889] name failslab, interval 1, probability 0, space 0, times 0 [ 3117.836536] CPU: 1 PID: 16029 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3117.837432] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3117.838485] Call Trace: [ 3117.838824] dump_stack+0x107/0x167 [ 3117.839296] should_fail.cold+0x5/0xa [ 3117.839774] ? jbd2__journal_start+0x190/0x7e0 [ 3117.840363] should_failslab+0x5/0x20 [ 3117.840851] kmem_cache_alloc+0x5b/0x310 [ 3117.841398] jbd2__journal_start+0x190/0x7e0 [ 3117.841980] __ext4_journal_start_sb+0x214/0x390 [ 3117.842601] ext4_dirty_inode+0xbc/0x130 [ 3117.843115] ? ext4_setattr+0x21b0/0x21b0 [ 3117.843644] __mark_inode_dirty+0x492/0xd40 [ 3117.844197] ? current_time+0xac/0x120 [ 3117.844697] generic_update_time+0x21c/0x370 [ 3117.845262] ? igrab+0xc0/0xc0 [ 3117.845676] file_update_time+0x43a/0x520 [ 3117.846197] ? evict_inodes+0x470/0x470 [ 3117.846699] ? down_write_killable+0x180/0x180 [ 3117.847275] file_modified+0x7d/0xa0 [ 3117.847745] ext4_file_write_iter+0x8f8/0x1530 [ 3117.848335] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3117.848923] ? kasan_save_stack+0x32/0x40 [ 3117.849440] ? kasan_save_stack+0x1b/0x40 [ 3117.849965] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3117.850611] ? iter_file_splice_write+0x165/0xc90 [ 3117.851227] ? direct_splice_actor+0x10f/0x170 [ 3117.851793] ? splice_direct_to_actor+0x387/0x980 [ 3117.852390] ? do_splice_direct+0x1c4/0x290 [ 3117.852943] ? do_sendfile+0x553/0x11e0 [ 3117.853454] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3117.854030] ? do_syscall_64+0x33/0x40 [ 3117.854525] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3117.855191] do_iter_readv_writev+0x476/0x750 [ 3117.855740] ? _cond_resched+0x10/0x30 [ 3117.856246] ? new_sync_write+0x660/0x660 [ 3117.856760] ? avc_policy_seqno+0x9/0x70 [ 3117.857282] ? selinux_file_permission+0x92/0x520 [ 3117.857885] ? security_file_permission+0xb1/0xe0 [ 3117.858496] do_iter_write+0x191/0x700 [ 3117.858979] ? trace_hardirqs_on+0x5b/0x180 [ 3117.859536] vfs_iter_write+0x70/0xa0 [ 3117.860019] iter_file_splice_write+0x726/0xc90 [ 3117.860622] ? generic_splice_sendpage+0x140/0x140 [ 3117.861278] ? security_file_permission+0xb1/0xe0 [ 3117.861875] ? generic_splice_sendpage+0x140/0x140 [ 3117.862492] direct_splice_actor+0x10f/0x170 [ 3117.863050] splice_direct_to_actor+0x387/0x980 [ 3117.863628] ? pipe_to_sendpage+0x380/0x380 [ 3117.864171] ? do_splice_to+0x160/0x160 [ 3117.864662] ? security_file_permission+0xb1/0xe0 [ 3117.865276] do_splice_direct+0x1c4/0x290 [ 3117.865796] ? splice_direct_to_actor+0x980/0x980 [ 3117.866415] ? avc_policy_seqno+0x9/0x70 [ 3117.866921] ? security_file_permission+0xb1/0xe0 [ 3117.867541] do_sendfile+0x553/0x11e0 [ 3117.868024] ? do_pwritev+0x270/0x270 [ 3117.868503] ? wait_for_completion_io+0x270/0x270 [ 3117.869127] ? rcu_read_lock_any_held+0x75/0xa0 [ 3117.869698] ? vfs_write+0x354/0xb10 [ 3117.870171] __x64_sys_sendfile64+0x1d1/0x210 [ 3117.870721] ? __ia32_sys_sendfile+0x220/0x220 [ 3117.871291] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3117.871939] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3117.872583] do_syscall_64+0x33/0x40 [ 3117.873072] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3117.873711] RIP: 0033:0x7f8c0677ab19 [ 3117.874186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3117.876464] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3117.877435] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3117.878327] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3117.879231] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3117.880117] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 3117.881008] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3117.886789] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3117.889424] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3117.896994] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 18:32:40 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x68000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3117.906182] loop5: detected capacity change from 0 to 32256 18:32:40 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x23a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3117.930612] FAULT_INJECTION: forcing a failure. [ 3117.930612] name failslab, interval 1, probability 0, space 0, times 0 [ 3117.932308] CPU: 1 PID: 16041 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 3117.933349] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3117.934851] Call Trace: [ 3117.935414] dump_stack+0x107/0x167 [ 3117.936098] should_fail.cold+0x5/0xa [ 3117.936587] ? legacy_init_fs_context+0x44/0xe0 [ 3117.937345] should_failslab+0x5/0x20 [ 3117.937811] kmem_cache_alloc_trace+0x55/0x320 [ 3117.938522] ? lockdep_init_map_type+0x2c7/0x780 [ 3117.939242] legacy_init_fs_context+0x44/0xe0 [ 3117.939988] ? generic_parse_monolithic+0x1f0/0x1f0 [ 3117.940712] alloc_fs_context+0x4fd/0x840 [ 3117.941503] path_mount+0x962/0x21e0 [ 3117.942088] ? strncpy_from_user+0x9e/0x470 [ 3117.942802] ? finish_automount+0xa90/0xa90 [ 3117.943473] ? getname_flags.part.0+0x1dd/0x4f0 [ 3117.944288] __x64_sys_mount+0x282/0x300 [ 3117.944885] ? copy_mnt_ns+0xa00/0xa00 [ 3117.945374] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3117.946173] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3117.947066] do_syscall_64+0x33/0x40 [ 3117.947775] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3117.948643] RIP: 0033:0x7fe0ee621b19 [ 3117.949105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3117.951973] RSP: 002b:00007fe0ebb76188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 3117.953293] RAX: ffffffffffffffda RBX: 00007fe0ee735020 RCX: 00007fe0ee621b19 [ 3117.954311] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000000 [ 3117.955360] RBP: 00007fe0ebb761d0 R08: 0000000000000000 R09: 0000000000000000 [ 3117.956286] R10: 0000000001000860 R11: 0000000000000246 R12: 0000000000000001 [ 3117.957469] R13: 00007fff2b541aff R14: 00007fe0ebb76300 R15: 0000000000022000 [ 3117.973703] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:32:40 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:32:40 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x0, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) [ 3118.011412] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:32:40 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6c000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:40 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x80000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:40 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000006000210c000000000000000002"], 0x28}}, 0x0) [ 3118.086229] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:32:40 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 3118.107687] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3118.217841] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:32:53 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 8) 18:32:53 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x74000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:53 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x9000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:32:53 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xe0ffff, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:53 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000007300210c000000000000000002"], 0x28}}, 0x0) [ 3130.949108] __nla_validate_parse: 1 callbacks suppressed [ 3130.949120] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:32:53 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x0, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:32:53 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x24a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3130.972431] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3130.974654] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pid=16084 comm=syz-executor.0 18:32:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) (fail_nth: 9) [ 3130.981810] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3130.986233] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3130.993492] FAULT_INJECTION: forcing a failure. [ 3130.993492] name failslab, interval 1, probability 0, space 0, times 0 [ 3130.995886] CPU: 1 PID: 16091 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3130.997363] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3130.999122] Call Trace: [ 3130.999686] dump_stack+0x107/0x167 [ 3131.000468] should_fail.cold+0x5/0xa [ 3131.001280] ? create_object.isra.0+0x3a/0xa30 [ 3131.002249] should_failslab+0x5/0x20 [ 3131.003046] kmem_cache_alloc+0x5b/0x310 [ 3131.003909] create_object.isra.0+0x3a/0xa30 [ 3131.004837] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3131.005934] __kmalloc+0x16e/0x390 [ 3131.006696] iter_file_splice_write+0x165/0xc90 [ 3131.007673] ? __fsnotify_parent+0x47a/0xb10 [ 3131.008618] ? generic_splice_sendpage+0x140/0x140 [ 3131.009655] ? pipe_to_user+0x170/0x170 [ 3131.010511] ? security_file_permission+0xb1/0xe0 [ 3131.011536] ? generic_splice_sendpage+0x140/0x140 [ 3131.012571] direct_splice_actor+0x10f/0x170 [ 3131.013505] splice_direct_to_actor+0x387/0x980 [ 3131.014495] ? pipe_to_sendpage+0x380/0x380 [ 3131.015410] ? do_splice_to+0x160/0x160 [ 3131.016245] ? security_file_permission+0xb1/0xe0 [ 3131.017272] do_splice_direct+0x1c4/0x290 [ 3131.018140] ? splice_direct_to_actor+0x980/0x980 [ 3131.019150] ? avc_policy_seqno+0x9/0x70 [ 3131.020004] ? security_file_permission+0xb1/0xe0 [ 3131.021034] do_sendfile+0x553/0x11e0 [ 3131.021852] ? do_pwritev+0x270/0x270 [ 3131.022655] ? wait_for_completion_io+0x270/0x270 [ 3131.023664] ? rcu_read_lock_any_held+0x75/0xa0 [ 3131.024641] ? vfs_write+0x354/0xb10 [ 3131.025434] __x64_sys_sendfile64+0x1d1/0x210 [ 3131.026369] ? __ia32_sys_sendfile+0x220/0x220 [ 3131.027330] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3131.028432] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3131.029528] do_syscall_64+0x33/0x40 [ 3131.030313] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3131.031395] RIP: 0033:0x7f8c0677ab19 [ 3131.032171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3131.036054] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3131.037660] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3131.039157] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3131.040659] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3131.042164] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 3131.043666] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3131.045496] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pid=16097 comm=syz-executor.0 18:32:53 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x25a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:32:53 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x0, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:32:53 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:32:53 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7a000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3131.089104] loop5: detected capacity change from 0 to 32256 [ 3131.094305] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3131.107330] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3131.124776] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3131.154020] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:32:53 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf0ffff, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:32:53 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:32:53 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000000a00210c000000000000000002"], 0x28}}, 0x0) [ 3131.222487] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3131.264322] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:32:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) [ 3131.317118] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10 sclass=netlink_route_socket pid=16123 comm=syz-executor.0 [ 3131.337745] loop5: detected capacity change from 0 to 32256 [ 3143.743811] FAULT_INJECTION: forcing a failure. [ 3143.743811] name failslab, interval 1, probability 0, space 0, times 0 [ 3143.745387] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3143.745553] CPU: 1 PID: 16137 Comm: syz-executor.7 Not tainted 5.10.246 #1 18:33:06 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 9) 18:33:06 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x26a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:33:06 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x48000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:33:06 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x9effffff, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3143.747449] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3143.748940] Call Trace: [ 3143.749343] dump_stack+0x107/0x167 [ 3143.749869] should_fail.cold+0x5/0xa [ 3143.750660] ? jbd2__journal_start+0x190/0x7e0 [ 3143.751833] should_failslab+0x5/0x20 [ 3143.752804] kmem_cache_alloc+0x5b/0x310 [ 3143.753867] jbd2__journal_start+0x190/0x7e0 [ 3143.755019] __ext4_journal_start_sb+0x214/0x390 [ 3143.756234] ext4_dirty_inode+0xbc/0x130 [ 3143.757271] ? ext4_setattr+0x21b0/0x21b0 [ 3143.758341] __mark_inode_dirty+0x492/0xd40 [ 3143.759436] ? current_time+0xac/0x120 [ 3143.760438] generic_update_time+0x21c/0x370 [ 3143.761567] ? igrab+0xc0/0xc0 [ 3143.762399] file_update_time+0x43a/0x520 [ 3143.763465] ? evict_inodes+0x470/0x470 [ 3143.764483] ? down_write_killable+0x180/0x180 [ 3143.765690] file_modified+0x7d/0xa0 [ 3143.766659] ext4_file_write_iter+0x8f8/0x1530 [ 3143.767869] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3143.769026] ? kasan_save_stack+0x32/0x40 [ 3143.770096] ? kasan_save_stack+0x1b/0x40 [ 3143.771152] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3143.772445] ? iter_file_splice_write+0x165/0xc90 [ 3143.773681] ? direct_splice_actor+0x10f/0x170 [ 3143.774845] ? splice_direct_to_actor+0x387/0x980 [ 3143.776080] ? do_splice_direct+0x1c4/0x290 [ 3143.777179] ? do_sendfile+0x553/0x11e0 [ 3143.778210] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3143.779408] ? do_syscall_64+0x33/0x40 [ 3143.780422] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3143.781805] do_iter_readv_writev+0x476/0x750 [ 3143.782966] ? _cond_resched+0x10/0x30 [ 3143.783973] ? new_sync_write+0x660/0x660 [ 3143.785035] ? avc_policy_seqno+0x9/0x70 [ 3143.786082] ? selinux_file_permission+0x92/0x520 [ 3143.787325] ? security_file_permission+0xb1/0xe0 [ 3143.788566] do_iter_write+0x191/0x700 [ 3143.789576] ? trace_hardirqs_on+0x5b/0x180 [ 3143.790704] vfs_iter_write+0x70/0xa0 [ 3143.791693] iter_file_splice_write+0x726/0xc90 [ 3143.792906] ? generic_splice_sendpage+0x140/0x140 [ 3143.794197] ? security_file_permission+0xb1/0xe0 [ 3143.795461] ? generic_splice_sendpage+0x140/0x140 [ 3143.796721] direct_splice_actor+0x10f/0x170 [ 3143.797864] splice_direct_to_actor+0x387/0x980 [ 3143.799050] ? pipe_to_sendpage+0x380/0x380 [ 3143.800161] ? do_splice_to+0x160/0x160 [ 3143.801168] ? security_file_permission+0xb1/0xe0 [ 3143.802413] do_splice_direct+0x1c4/0x290 [ 3143.803486] ? splice_direct_to_actor+0x980/0x980 [ 3143.804715] ? avc_policy_seqno+0x9/0x70 [ 3143.805777] ? security_file_permission+0xb1/0xe0 [ 3143.806731] do_sendfile+0x553/0x11e0 [ 3143.807359] ? do_pwritev+0x270/0x270 [ 3143.807989] ? wait_for_completion_io+0x270/0x270 [ 3143.808776] ? rcu_read_lock_any_held+0x75/0xa0 [ 3143.809525] ? vfs_write+0x354/0xb10 [ 3143.810114] __x64_sys_sendfile64+0x1d1/0x210 [ 3143.810782] ? __ia32_sys_sendfile+0x220/0x220 [ 3143.811451] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3143.812224] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3143.812981] do_syscall_64+0x33/0x40 [ 3143.813526] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3143.814269] RIP: 0033:0x7f8c0677ab19 [ 3143.814807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3143.817465] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3143.818572] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3143.819608] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3143.820643] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3143.821695] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 3143.822737] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:33:06 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) [ 3143.829652] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:33:06 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) creat(&(0x7f0000000000)='./file0\x00', 0xca) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) 18:33:06 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000000f00210c000000000000000002"], 0x28}}, 0x0) 18:33:06 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x1000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3143.842447] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3143.847570] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15 sclass=netlink_route_socket pid=16152 comm=syz-executor.0 [ 3143.852890] loop5: detected capacity change from 0 to 32256 18:33:06 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf0ffffff, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:33:06 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4c000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 3143.897772] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15 sclass=netlink_route_socket pid=16162 comm=syz-executor.0 [ 3143.902643] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3143.921604] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3143.930026] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3143.945608] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:33:06 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001000210c000000000000000002"], 0x28}}, 0x0) 18:33:06 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x27a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:33:06 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x48020200) 18:33:06 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x68000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:33:06 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0/file0\x00', 0x7fff, 0x3, &(0x7f0000000300)=[{&(0x7f0000000140)="760490000200000036", 0x9, 0x2}, {&(0x7f00000001c0)="2d192abfda38133a915bd983799e8f9996f3bdbf990dda4309c1c20e1fbbb51aeb2d3d6891b22cd699b73cd2ea25f469d8d1091446694349468e139d68950115cb96478caff1dd756227d43ef6e278", 0x4f, 0x2}, {&(0x7f0000000240)="ab7f8d2496d7ab1826e05aefeada11f65d4c8ac0102c95f17f3e6ed31d6e4dfc06cf1eea8ab8eaafe127c68ce9170b88f561a7d5cbb7a1c426a572f30d18822b0ff61dec96cb01d94488e1d352f05ece38747c82102b066e6cdab2f9f2b375295d8ff9b50eb0505a1f1440c1d51d27434253376efed5057c745cd299d724d4cb3edd295fbb59f13516332630bfa7ce84654c13374ef37c0aa75be4", 0x9b, 0x10000}], 0x20000, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x4) [ 3144.030257] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3144.045322] loop5: detected capacity change from 0 to 131072 [ 3144.082530] loop5: detected capacity change from 0 to 131072 18:33:06 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x2000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3144.110837] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3144.116917] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3158.500772] __nla_validate_parse: 2 callbacks suppressed [ 3158.500783] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:33:21 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 10) 18:33:21 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x0, 0x13, 0x0) unshare(0x48020200) 18:33:21 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x28a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:33:21 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x3000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:33:21 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xfc020000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:33:21 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6c000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:33:21 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x2, &(0x7f0000000000)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {&(0x7f0000000280)="d96823a03e1f271a80497486e4e111b65d4085e6cd94bf32f95a49801db2342391948f94c5a3cbf8e06375a4371fb1f455ea7bc72373af63edf013e293d08ddc11cfea57bebfaf7fdb80bb5d1dd9790abaf11c338044fb95d844d8ef768112d8fd698963ddaa31106a05b9dc65cc334628824a2fca2c2e8e59cd7dc42506351d2d9400782fa3925c44097625b7", 0x8d, 0x74c}], 0x80, &(0x7f0000000180)=ANY=[@ANYBLOB="909315b2acdc15224313f2c1fec04f804759393d43bf62ca2159f95410a42499ef27849a58ee58883daf21bfe0f8706c917edefe312f238c8690a64e7378641280c720b596bd6d3863bc1374d9608935f302a8745faa3b702f617eb8d925814a103bf89dce67e87874c61e0d299311b0786da644155987d36ad35e51be1b3a76b54e6bdfd7891bf50b91e8498762aadc8c6d36cb26ea6e481d6a877afa6862f6b9bfcf98f33c8a31926a1907db4020fb614009e769a29490a9d47445598d66311fe34e"]) openat(r0, &(0x7f0000000040)='./file0\x00', 0x40, 0x20) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) 18:33:21 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001100210c000000000000000002"], 0x28}}, 0x0) [ 3158.530383] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3158.535588] FAULT_INJECTION: forcing a failure. [ 3158.535588] name failslab, interval 1, probability 0, space 0, times 0 [ 3158.538004] CPU: 1 PID: 16208 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3158.539397] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3158.541417] Call Trace: [ 3158.541967] dump_stack+0x107/0x167 [ 3158.542689] should_fail.cold+0x5/0xa [ 3158.543568] ? create_object.isra.0+0x3a/0xa30 [ 3158.544610] should_failslab+0x5/0x20 [ 3158.545379] kmem_cache_alloc+0x5b/0x310 [ 3158.546189] create_object.isra.0+0x3a/0xa30 [ 3158.547047] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3158.548053] kmem_cache_alloc+0x159/0x310 [ 3158.548864] jbd2__journal_start+0x190/0x7e0 [ 3158.549760] __ext4_journal_start_sb+0x214/0x390 [ 3158.550772] ext4_dirty_inode+0xbc/0x130 [ 3158.551752] ? ext4_setattr+0x21b0/0x21b0 [ 3158.552570] __mark_inode_dirty+0x492/0xd40 [ 3158.553429] ? current_time+0xac/0x120 [ 3158.554224] generic_update_time+0x21c/0x370 [ 3158.555258] ? igrab+0xc0/0xc0 [ 3158.555900] file_update_time+0x43a/0x520 [ 3158.556737] ? evict_inodes+0x470/0x470 [ 3158.557529] ? down_write_killable+0x180/0x180 [ 3158.558434] file_modified+0x7d/0xa0 [ 3158.559159] ext4_file_write_iter+0x8f8/0x1530 [ 3158.560065] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3158.560961] ? kasan_save_stack+0x32/0x40 [ 3158.561916] ? kasan_save_stack+0x1b/0x40 [ 3158.562713] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3158.563700] ? iter_file_splice_write+0x165/0xc90 [ 3158.564649] ? direct_splice_actor+0x10f/0x170 [ 3158.565678] ? splice_direct_to_actor+0x387/0x980 [ 3158.566845] ? do_splice_direct+0x1c4/0x290 [ 3158.567712] ? do_sendfile+0x553/0x11e0 [ 3158.568478] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3158.569383] ? do_syscall_64+0x33/0x40 [ 3158.570142] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3158.571198] do_iter_readv_writev+0x476/0x750 [ 3158.572095] ? _cond_resched+0x10/0x30 [ 3158.572858] ? new_sync_write+0x660/0x660 [ 3158.573663] ? avc_policy_seqno+0x9/0x70 [ 3158.574448] ? selinux_file_permission+0x92/0x520 [ 3158.575372] ? security_file_permission+0xb1/0xe0 [ 3158.576296] do_iter_write+0x191/0x700 [ 3158.577047] ? trace_hardirqs_on+0x5b/0x180 [ 3158.577901] vfs_iter_write+0x70/0xa0 [ 3158.578651] iter_file_splice_write+0x726/0xc90 [ 3158.579589] ? generic_splice_sendpage+0x140/0x140 [ 3158.580567] ? security_file_permission+0xb1/0xe0 [ 3158.581524] ? generic_splice_sendpage+0x140/0x140 [ 3158.582485] direct_splice_actor+0x10f/0x170 [ 3158.583332] splice_direct_to_actor+0x387/0x980 [ 3158.584232] ? pipe_to_sendpage+0x380/0x380 [ 3158.585054] ? do_splice_to+0x160/0x160 [ 3158.585821] ? security_file_permission+0xb1/0xe0 [ 3158.586745] do_splice_direct+0x1c4/0x290 [ 3158.587544] ? splice_direct_to_actor+0x980/0x980 [ 3158.588461] ? avc_policy_seqno+0x9/0x70 [ 3158.589247] ? security_file_permission+0xb1/0xe0 [ 3158.590179] do_sendfile+0x553/0x11e0 [ 3158.590922] ? do_pwritev+0x270/0x270 [ 3158.591649] ? wait_for_completion_io+0x270/0x270 [ 3158.592571] ? rcu_read_lock_any_held+0x75/0xa0 [ 3158.593460] ? vfs_write+0x354/0xb10 [ 3158.594186] __x64_sys_sendfile64+0x1d1/0x210 [ 3158.595046] ? __ia32_sys_sendfile+0x220/0x220 [ 3158.595918] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3158.596911] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3158.597907] do_syscall_64+0x33/0x40 [ 3158.598624] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3158.599603] RIP: 0033:0x7f8c0677ab19 [ 3158.600310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3158.603820] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3158.605259] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3158.606636] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3158.608003] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3158.609365] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3158.610700] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:33:21 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x29a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:33:21 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x74000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 3158.620907] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3158.632558] loop5: detected capacity change from 0 to 32256 [ 3158.633666] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3158.643750] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3158.645626] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3158.656459] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 18:33:21 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xffffe000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3158.666293] FAT-fs (loop5): Unrecognized mount option ""COGY9=Cb!YT$'XX=!pl~1/#Nsxd m8ct`5t_;p/a~%J;gxt)xmDYj^Q:vNk׉ Ib܌m6&nHjzhbϘ<1j@ a@ itEYf1N" or missing value 18:33:21 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7a000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 3158.710320] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3158.760026] loop5: detected capacity change from 0 to 32256 [ 3158.768494] FAT-fs (loop5): Unrecognized mount option ""COGY9=Cb!YT$'XX=!pl~1/#Nsxd m8ct`5t_;p/a~%J;gxt)xmDYj^Q:vNk׉ Ib܌m6&nHjzhbϘ<1j@ a@ itEYf1N" or missing value 18:33:21 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3158.795719] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3158.797528] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:33:21 executing program 5: ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, &(0x7f0000000040)={0x4, 0x800dcbe, 0x0, 0x5, 0x42, "c727154d15db27ce1888765981a7ccc4083a98", 0x8, 0x1f}) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) r0 = fsmount(0xffffffffffffffff, 0x1, 0x87) ioctl$TIOCSISO7816(r0, 0xc0285443, &(0x7f0000000000)={0x1, 0x6, 0x59ea276b, 0x0, 0x6}) 18:33:21 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x2aa70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:33:21 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x0, 0x13, 0x0) unshare(0x48020200) [ 3173.952462] __nla_validate_parse: 3 callbacks suppressed [ 3173.952470] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3173.956529] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. 18:33:36 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 11) 18:33:36 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x9effffff, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:33:36 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xfffff000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:33:36 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001200210c000000000000000002"], 0x28}}, 0x0) 18:33:36 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x0, 0x13, 0x0) unshare(0x48020200) 18:33:36 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x5000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:33:36 executing program 5: mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x0) faccessat2(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000180), 0x180508c, &(0x7f0000000240)=ANY=[@ANYRESOCT=0x0, @ANYRESDEC, @ANYRESOCT]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) 18:33:36 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x2ba70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3173.982422] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3173.988984] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3173.990515] FAULT_INJECTION: forcing a failure. [ 3173.990515] name failslab, interval 1, probability 0, space 0, times 0 [ 3173.992227] CPU: 0 PID: 16274 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3173.993064] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3173.994084] Call Trace: [ 3173.994408] dump_stack+0x107/0x167 [ 3173.994845] should_fail.cold+0x5/0xa [ 3173.995306] ? jbd2__journal_start+0x190/0x7e0 [ 3173.995861] should_failslab+0x5/0x20 [ 3173.996324] kmem_cache_alloc+0x5b/0x310 [ 3173.996814] jbd2__journal_start+0x190/0x7e0 [ 3173.997347] __ext4_journal_start_sb+0x214/0x390 [ 3173.997931] ext4_file_write_iter+0xee9/0x1530 [ 3173.998501] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3173.999051] ? kasan_save_stack+0x32/0x40 [ 3173.999552] ? kasan_save_stack+0x1b/0x40 [ 3174.000055] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3174.000679] ? iter_file_splice_write+0x165/0xc90 [ 3174.001263] ? direct_splice_actor+0x10f/0x170 [ 3174.001833] ? splice_direct_to_actor+0x387/0x980 [ 3174.002423] ? do_splice_direct+0x1c4/0x290 [ 3174.002954] ? do_sendfile+0x553/0x11e0 [ 3174.003443] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3174.004012] ? do_syscall_64+0x33/0x40 [ 3174.004489] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3174.005136] do_iter_readv_writev+0x476/0x750 [ 3174.005682] ? _cond_resched+0x10/0x30 [ 3174.006155] ? new_sync_write+0x660/0x660 [ 3174.006660] ? avc_policy_seqno+0x9/0x70 [ 3174.007160] ? selinux_file_permission+0x92/0x520 [ 3174.007757] ? security_file_permission+0xb1/0xe0 [ 3174.008355] do_iter_write+0x191/0x700 [ 3174.008846] ? trace_hardirqs_on+0x5b/0x180 [ 3174.009372] vfs_iter_write+0x70/0xa0 [ 3174.009848] iter_file_splice_write+0x726/0xc90 [ 3174.010438] ? generic_splice_sendpage+0x140/0x140 [ 3174.011060] ? security_file_permission+0xb1/0xe0 [ 3174.011638] ? generic_splice_sendpage+0x140/0x140 [ 3174.012224] direct_splice_actor+0x10f/0x170 [ 3174.012747] splice_direct_to_actor+0x387/0x980 [ 3174.013320] ? pipe_to_sendpage+0x380/0x380 [ 3174.013844] ? do_splice_to+0x160/0x160 [ 3174.014325] ? security_file_permission+0xb1/0xe0 [ 3174.014907] do_splice_direct+0x1c4/0x290 [ 3174.015408] ? splice_direct_to_actor+0x980/0x980 [ 3174.015979] ? avc_policy_seqno+0x9/0x70 [ 3174.016473] ? security_file_permission+0xb1/0xe0 [ 3174.017052] do_sendfile+0x553/0x11e0 [ 3174.017518] ? do_pwritev+0x270/0x270 [ 3174.017981] ? wait_for_completion_io+0x270/0x270 [ 3174.018557] ? rcu_read_lock_any_held+0x75/0xa0 [ 3174.019114] ? vfs_write+0x354/0xb10 [ 3174.019563] __x64_sys_sendfile64+0x1d1/0x210 [ 3174.020116] ? __ia32_sys_sendfile+0x220/0x220 [ 3174.020664] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3174.021294] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3174.021915] do_syscall_64+0x33/0x40 [ 3174.022360] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3174.022974] RIP: 0033:0x7f8c0677ab19 [ 3174.023427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3174.025628] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3174.026533] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3174.027383] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3174.028229] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3174.029084] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3174.029940] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3174.038468] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 18:33:36 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:33:36 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xffffff7f, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3174.047697] loop5: detected capacity change from 0 to 32256 18:33:36 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x2ca70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3174.063388] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3174.090753] loop5: detected capacity change from 0 to 32256 [ 3174.105684] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3193.278262] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3193.284783] FAULT_INJECTION: forcing a failure. [ 3193.284783] name failslab, interval 1, probability 0, space 0, times 0 [ 3193.287462] CPU: 1 PID: 16301 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3193.289238] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3193.291027] Call Trace: [ 3193.291600] dump_stack+0x107/0x167 [ 3193.292382] should_fail.cold+0x5/0xa [ 3193.293203] ? create_object.isra.0+0x3a/0xa30 [ 3193.294206] should_failslab+0x5/0x20 18:33:55 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xb1030000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:33:55 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 12) 18:33:55 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001300210c000000000000000002"], 0x28}}, 0x0) 18:33:55 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x0) 18:33:55 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1, 0x6, &(0x7f0000000580)=[{&(0x7f00000001c0)="e786c0460048596c67cabd0e90d9dde35a8ba6f6c3415200e5362465d01f0913c7e03171675079aabfdd9934208182585a490ca22566fc26a14d72fedb0e7ba3cafaea2499c71bbbc44b2f48217d", 0x4e, 0x8}, {&(0x7f0000000240)="612bd66be2ee3434177e15e0ac06b340173725879b5522d431c629a8f739f5fdff5ac08660fd3b18e986a8dc54e38d2ee03cd4bfcefa39c11ea4c6d4d4874077d9ca7389b1519c1dc970fc664a45d42776e6123a93ccb4758252f901882210f9a2b0b123f577ffd6cccf4c9f05f884336352fbba1854f53818b8d06cfbe336f0e2463c1a6a5b4ca631ba26aa4a2ec7a37db8999159df0b040e9767007911c9e7e313c6a93e46c20a5bfc73afef57a00fe8b23016ee8fb2fcea2b260e", 0xbc, 0x8}, {&(0x7f0000000300)="8d3424e7b2319ed78f154908c357c8668d5b91b7e191fb451defcb86ce0f3257c83cf68cd85a7c3e9bed3c6287287794de0dedfdaa04caaca57c271fcd022acdae43fb003276e34be66d902ac0da82846ab499bf81e51dbf68fa6baadb5341d33d", 0x61, 0x8}, {&(0x7f0000000380)="aa3b91a4835c84a249", 0x9, 0xd1b7}, {&(0x7f00000003c0)="d3577eb8c2e0f99d0aa8ed0b6c93df0ec00334955bb5df4548a93ad581b1e8111b0bf75d32c84a86bae9a7b11c6e968e96e9d7b81144c5470cc408d12dc64236dd3f165e0da4cc187679c7426f0475f98719c28e91543a6b8a0728a50ff067c0501eaaca83cd3252f4b67db289a1ab5841c11a4ded1d593f576a634244923a4548da766370007d3bb0f74a96c94e7579ec3e2ffd6f19b1b6a003355e994dc03a31cfb653e230992f4bfa83a7ce8101233dc16a144c7b96316e3b74e01082", 0xbe, 0x7}, {&(0x7f0000000480)="4f2c0929b852b23366c22868266f92976c518cda0f593dd78c63546b12db67ba8f1a6ade8af8e4a0996bd3fa54fd01b1d76bd6af4b16a553b7ddb70a7f8225f0bbebe5737e80ec357f00c685ee124203f2281b1a6c59e4b6345e9b70ebd9a0784ae9145cc6bf1b818865292852317ef887ea1fb8811350a85664948df0a95d180f7fdd31926de525105471171913d62d07dd8e371a3f9c16f744ecd3528c4b3fe3f15834fb048ff055c48e363630e45e4f82a8d446b07f3babb2a5fbf2723e42641d300b26", 0xc5, 0xa96f}], 0x1201022, &(0x7f0000000640)={[{@nonumtail}, {@utf8no}], [{@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@fsmagic={'fsmagic', 0x3d, 0x8001}}, {@smackfsroot}, {@hash}, {@measure}, {@dont_appraise}, {@appraise}, {@appraise_type}]}) openat(r0, &(0x7f0000000700)='./file0\x00', 0x8000, 0x4) 18:33:55 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x2da70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:33:55 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xffffff9e, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:33:55 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3193.295032] kmem_cache_alloc+0x5b/0x310 [ 3193.296312] ? ext4_dirty_inode+0x107/0x130 [ 3193.297358] create_object.isra.0+0x3a/0xa30 [ 3193.298339] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3193.299440] kmem_cache_alloc+0x159/0x310 [ 3193.300349] jbd2__journal_start+0x190/0x7e0 [ 3193.301299] __ext4_journal_start_sb+0x214/0x390 [ 3193.302350] ext4_file_write_iter+0xee9/0x1530 [ 3193.303351] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3193.304330] ? kasan_save_stack+0x32/0x40 [ 3193.305219] ? kasan_save_stack+0x1b/0x40 [ 3193.306133] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3193.307241] ? iter_file_splice_write+0x165/0xc90 [ 3193.308276] ? direct_splice_actor+0x10f/0x170 [ 3193.309261] ? splice_direct_to_actor+0x387/0x980 [ 3193.310324] ? do_splice_direct+0x1c4/0x290 [ 3193.311267] ? do_sendfile+0x553/0x11e0 [ 3193.312121] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3193.313120] ? do_syscall_64+0x33/0x40 [ 3193.313982] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3193.315125] do_iter_readv_writev+0x476/0x750 [ 3193.316091] ? _cond_resched+0x10/0x30 [ 3193.316928] ? new_sync_write+0x660/0x660 [ 3193.317844] ? avc_policy_seqno+0x9/0x70 [ 3193.318723] ? selinux_file_permission+0x92/0x520 [ 3193.318785] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3193.319761] ? security_file_permission+0xb1/0xe0 [ 3193.319792] do_iter_write+0x191/0x700 [ 3193.319815] ? trace_hardirqs_on+0x5b/0x180 [ 3193.323583] vfs_iter_write+0x70/0xa0 [ 3193.324453] iter_file_splice_write+0x726/0xc90 [ 3193.325484] ? generic_splice_sendpage+0x140/0x140 [ 3193.326595] ? security_file_permission+0xb1/0xe0 [ 3193.327676] ? generic_splice_sendpage+0x140/0x140 [ 3193.328745] direct_splice_actor+0x10f/0x170 [ 3193.329689] splice_direct_to_actor+0x387/0x980 [ 3193.330732] ? pipe_to_sendpage+0x380/0x380 [ 3193.331681] ? do_splice_to+0x160/0x160 [ 3193.332535] ? security_file_permission+0xb1/0xe0 [ 3193.333558] do_splice_direct+0x1c4/0x290 [ 3193.334457] ? splice_direct_to_actor+0x980/0x980 [ 3193.335491] ? avc_policy_seqno+0x9/0x70 [ 3193.336354] ? security_file_permission+0xb1/0xe0 [ 3193.337387] do_sendfile+0x553/0x11e0 [ 3193.338214] ? do_pwritev+0x270/0x270 [ 3193.339025] ? wait_for_completion_io+0x270/0x270 [ 3193.340052] ? rcu_read_lock_any_held+0x75/0xa0 [ 3193.341034] ? vfs_write+0x354/0xb10 [ 3193.341682] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3193.341837] __x64_sys_sendfile64+0x1d1/0x210 [ 3193.343751] ? __ia32_sys_sendfile+0x220/0x220 [ 3193.344724] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3193.345839] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3193.346939] do_syscall_64+0x33/0x40 [ 3193.347726] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3193.348791] RIP: 0033:0x7f8c0677ab19 [ 3193.349580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3193.353434] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3193.355051] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3193.356563] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3193.358097] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3193.359608] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3193.361118] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:33:56 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x0) [ 3193.366850] loop5: detected capacity change from 0 to 32256 [ 3193.372755] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3193.381543] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:34:08 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 13) 18:34:08 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x2e000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:34:08 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:34:08 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4317, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r0, 0x0, 0xb) clock_gettime(0x0, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x52e5, 0x1000}, {0x4, 0x40, 0x1800}, {0x4, 0xffd1}], 0x3, &(0x7f0000000180)) r1 = semget$private(0x0, 0x4000, 0x0) semctl$SEM_STAT_ANY(r1, 0x2, 0x14, &(0x7f00000010c0)=""/79) semctl$IPC_RMID(r1, 0x0, 0x0) r2 = semget$private(0x0, 0x2, 0x320) semtimedop(r2, &(0x7f00000001c0)=[{0x3, 0xed, 0x1000}, {0x1, 0x92, 0x1000}, {0x1, 0x2, 0x1800}, {0x0, 0x1}], 0x4, &(0x7f0000000200)) r3 = semget(0x2, 0x2, 0x81) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r3, &(0x7f0000000000)=[{0x2, 0x2, 0x1800}, {0x3, 0x81, 0x1800}, {0x2, 0x0, 0x800}, {0x3, 0x1d, 0x1000}, {0x0, 0xee9, 0x1000}, {0x3, 0x2008}, {0x1, 0x8, 0x2000}, {0x1, 0x2}, {0x4, 0xfcd, 0x800}, {0x2, 0x4, 0x1800}], 0xa, &(0x7f0000000080)={r4, r5+60000000}) semop(0x0, &(0x7f0000000240)=[{0x2, 0x5}, {0x4, 0x0, 0x800}, {0x7, 0x101}, {0x0, 0x6, 0x800}], 0x4) semctl$SEM_INFO(0x0, 0x5, 0x13, 0x0) unshare(0x0) 18:34:08 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xfffffff0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:34:08 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf0ffffff, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:34:08 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x9000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:34:08 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x80000001, 0x1, &(0x7f0000000200)="ce27c896d1d6b627a4e7372426ac2ff60605ef08e7e8011f2839026fd08641d966df9a2e9362ada8d63c927cf7cceed13a488ed2aa848208ab29f413f8e3c98b73f4adbff8e3d549dd6c2e1baa37bb06a70b80", 0x78, 0x0, 0x0, {0x1, r0}}, 0x643) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x3008, 0x0) [ 3206.104323] loop5: detected capacity change from 0 to 32256 [ 3206.134587] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3206.143521] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3206.145492] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3206.146872] FAULT_INJECTION: forcing a failure. [ 3206.146872] name failslab, interval 1, probability 0, space 0, times 0 [ 3206.149775] CPU: 0 PID: 16343 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3206.151058] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3206.151233] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3206.151240] Call Trace: [ 3206.151265] dump_stack+0x107/0x167 [ 3206.151291] should_fail.cold+0x5/0xa [ 3206.156812] ? __iomap_dio_rw+0x1ee/0x1110 [ 3206.157698] should_failslab+0x5/0x20 [ 3206.158508] kmem_cache_alloc_trace+0x55/0x320 [ 3206.159479] __iomap_dio_rw+0x1ee/0x1110 [ 3206.160350] ? jbd2_journal_stop+0x188/0xdc0 [ 3206.161274] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3206.162238] ? ext4_orphan_add+0x253/0x9e0 [ 3206.163128] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3206.164164] ? ext4_empty_dir+0xae0/0xae0 [ 3206.165035] ? jbd2__journal_start+0xf3/0x7e0 [ 3206.166000] iomap_dio_rw+0x31/0x90 [ 3206.166772] ext4_file_write_iter+0xe0e/0x1530 [ 3206.167743] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3206.168701] ? kasan_save_stack+0x32/0x40 [ 3206.169562] ? kasan_save_stack+0x1b/0x40 [ 3206.170440] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3206.171510] ? iter_file_splice_write+0x165/0xc90 [ 3206.172524] ? direct_splice_actor+0x10f/0x170 [ 3206.173494] ? splice_direct_to_actor+0x387/0x980 [ 3206.174515] ? do_splice_direct+0x1c4/0x290 [ 3206.175427] ? do_sendfile+0x553/0x11e0 [ 3206.176261] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3206.177240] ? do_syscall_64+0x33/0x40 [ 3206.178090] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3206.179226] do_iter_readv_writev+0x476/0x750 [ 3206.179430] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3206.180162] ? _cond_resched+0x10/0x30 [ 3206.180182] ? new_sync_write+0x660/0x660 [ 3206.180200] ? avc_policy_seqno+0x9/0x70 [ 3206.180224] ? selinux_file_permission+0x92/0x520 [ 3206.185385] ? security_file_permission+0xb1/0xe0 [ 3206.186411] do_iter_write+0x191/0x700 [ 3206.187234] ? trace_hardirqs_on+0x5b/0x180 [ 3206.188148] vfs_iter_write+0x70/0xa0 [ 3206.188951] iter_file_splice_write+0x726/0xc90 [ 3206.189953] ? generic_splice_sendpage+0x140/0x140 [ 3206.190998] ? security_file_permission+0xb1/0xe0 [ 3206.192017] ? generic_splice_sendpage+0x140/0x140 [ 3206.193048] direct_splice_actor+0x10f/0x170 [ 3206.193985] splice_direct_to_actor+0x387/0x980 [ 3206.194969] ? pipe_to_sendpage+0x380/0x380 [ 3206.195880] ? do_splice_to+0x160/0x160 [ 3206.196709] ? security_file_permission+0xb1/0xe0 [ 3206.197729] do_splice_direct+0x1c4/0x290 [ 3206.198617] ? splice_direct_to_actor+0x980/0x980 [ 3206.199626] ? avc_policy_seqno+0x9/0x70 [ 3206.200483] ? security_file_permission+0xb1/0xe0 [ 3206.201503] do_sendfile+0x553/0x11e0 [ 3206.202328] ? do_pwritev+0x270/0x270 [ 3206.203131] ? wait_for_completion_io+0x270/0x270 [ 3206.204149] ? rcu_read_lock_any_held+0x75/0xa0 [ 3206.205124] ? vfs_write+0x354/0xb10 [ 3206.205914] __x64_sys_sendfile64+0x1d1/0x210 [ 3206.206856] ? __ia32_sys_sendfile+0x220/0x220 [ 3206.207819] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3206.208919] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3206.210011] do_syscall_64+0x33/0x40 [ 3206.210802] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3206.211874] RIP: 0033:0x7f8c0677ab19 [ 3206.212655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3206.216550] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3206.218168] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3206.219664] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3206.221163] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3206.222672] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3206.224179] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:34:08 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf6160000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 3206.246597] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3206.264991] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:34:08 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xffffffff, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3206.287387] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3206.293047] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. 18:34:08 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 14) 18:34:08 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xb000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:34:08 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x2ea70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:34:09 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xffffe000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:34:09 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001500210c000000000000000002"], 0x28}}, 0x0) 18:34:09 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x0) faccessat2(r0, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66417400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000000)=ANY=[@ANYRES32=r0]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) unlink(&(0x7f0000000040)='./file0/file0\x00') 18:34:09 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x80000001, 0x1, &(0x7f0000000200)="ce27c896d1d6b627a4e7372426ac2ff60605ef08e7e8011f2839026fd08641d966df9a2e9362ada8d63c927cf7cceed13a488ed2aa848208ab29f413f8e3c98b73f4adbff8e3d549dd6c2e1baa37bb06a70b80", 0x78, 0x0, 0x0, {0x1, r0}}, 0x643) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x3008, 0x0) [ 3206.431060] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3206.434530] loop2: detected capacity change from 0 to 32256 [ 3206.466397] FAULT_INJECTION: forcing a failure. [ 3206.466397] name failslab, interval 1, probability 0, space 0, times 0 [ 3206.468960] CPU: 0 PID: 16381 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3206.470430] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3206.472170] Call Trace: [ 3206.472731] dump_stack+0x107/0x167 [ 3206.473508] should_fail.cold+0x5/0xa [ 3206.474324] ? create_object.isra.0+0x3a/0xa30 [ 3206.475282] should_failslab+0x5/0x20 [ 3206.476086] kmem_cache_alloc+0x5b/0x310 [ 3206.476941] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3206.478082] create_object.isra.0+0x3a/0xa30 [ 3206.479002] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3206.480075] kmem_cache_alloc+0x159/0x310 [ 3206.480948] ? __kernel_text_address+0x9/0x40 [ 3206.481907] jbd2__journal_start+0x190/0x7e0 [ 3206.482836] __ext4_journal_start_sb+0x214/0x390 [ 3206.483838] ext4_iomap_begin+0x485/0x700 [ 3206.484718] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3206.485751] ? kasan_save_stack+0x1b/0x40 [ 3206.486629] ? ext4_file_write_iter+0xe0e/0x1530 [ 3206.487635] ? truncate_exceptional_pvec_entries.part.0+0x510/0x510 [ 3206.488976] ? splice_direct_to_actor+0x387/0x980 [ 3206.489993] ? do_splice_direct+0x1c4/0x290 [ 3206.490897] ? do_sendfile+0x553/0x11e0 [ 3206.491737] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3206.492714] ? do_syscall_64+0x33/0x40 [ 3206.493533] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3206.494666] iomap_apply+0x164/0x810 [ 3206.495451] ? iomap_dio_rw+0x90/0x90 [ 3206.496258] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3206.497481] ? mark_held_locks+0x9e/0xe0 [ 3206.498357] ? filemap_check_errors+0xa5/0x150 [ 3206.499328] __iomap_dio_rw+0x6cd/0x1110 [ 3206.500188] ? iomap_dio_rw+0x90/0x90 [ 3206.501007] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3206.501974] ? ext4_orphan_add+0x253/0x9e0 [ 3206.502857] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3206.503887] ? ext4_empty_dir+0xae0/0xae0 [ 3206.504763] ? jbd2__journal_start+0xf3/0x7e0 [ 3206.505712] iomap_dio_rw+0x31/0x90 [ 3206.506490] ext4_file_write_iter+0xe0e/0x1530 [ 3206.507461] ? __switch_to_asm+0x3a/0x60 [ 3206.508326] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3206.509283] ? io_schedule_timeout+0x140/0x140 [ 3206.510248] ? splice_direct_to_actor+0x387/0x980 [ 3206.511258] ? do_splice_direct+0x1c4/0x290 [ 3206.512166] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3206.513149] ? do_syscall_64+0x33/0x40 [ 3206.513977] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3206.515107] do_iter_readv_writev+0x476/0x750 [ 3206.516051] ? _cond_resched+0x23/0x30 [ 3206.516878] ? new_sync_write+0x660/0x660 [ 3206.517745] ? avc_policy_seqno+0x9/0x70 [ 3206.518611] ? selinux_file_permission+0x92/0x520 [ 3206.519629] ? security_file_permission+0xb1/0xe0 [ 3206.520652] do_iter_write+0x191/0x700 [ 3206.521491] vfs_iter_write+0x70/0xa0 [ 3206.522303] iter_file_splice_write+0x726/0xc90 [ 3206.523305] ? generic_splice_sendpage+0x140/0x140 [ 3206.524361] ? security_file_permission+0xb1/0xe0 [ 3206.525385] ? generic_splice_sendpage+0x140/0x140 [ 3206.526429] direct_splice_actor+0x10f/0x170 [ 3206.527373] splice_direct_to_actor+0x387/0x980 [ 3206.528360] ? pipe_to_sendpage+0x380/0x380 [ 3206.529270] ? do_splice_to+0x160/0x160 [ 3206.530113] ? security_file_permission+0xb1/0xe0 [ 3206.531137] do_splice_direct+0x1c4/0x290 [ 3206.532012] ? splice_direct_to_actor+0x980/0x980 [ 3206.533024] ? avc_policy_seqno+0x9/0x70 [ 3206.533894] ? security_file_permission+0xb1/0xe0 [ 3206.534927] do_sendfile+0x553/0x11e0 [ 3206.535744] ? do_pwritev+0x270/0x270 [ 3206.536556] ? wait_for_completion_io+0x270/0x270 [ 3206.537577] ? rcu_read_lock_any_held+0x75/0xa0 [ 3206.538559] ? vfs_write+0x354/0xb10 [ 3206.539352] __x64_sys_sendfile64+0x1d1/0x210 [ 3206.540295] ? __ia32_sys_sendfile+0x220/0x220 [ 3206.541256] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3206.542367] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3206.543458] do_syscall_64+0x33/0x40 [ 3206.544244] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3206.545326] RIP: 0033:0x7f8c0677ab19 [ 3206.546116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3206.549971] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3206.551581] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3206.553088] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3206.554595] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3206.556094] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3206.557600] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3206.586195] loop5: detected capacity change from 0 to 41948160 18:34:21 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 15) 18:34:21 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x2fa70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:34:21 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x80, 0x0}, 0x0, 0x0, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x5, 0x0, @fd=r0, 0x0, 0x0, 0x10000, 0x8, 0x0, {0x0, r5, r0}}, 0x9) 18:34:21 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:34:21 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xfffff000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:34:21 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="0f0000001800210c000000000000000002"], 0x28}}, 0x0) 18:34:21 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x80000001, 0x1, &(0x7f0000000200)="ce27c896d1d6b627a4e7372426ac2ff60605ef08e7e8011f2839026fd08641d966df9a2e9362ada8d63c927cf7cceed13a488ed2aa848208ab29f413f8e3c98b73f4adbff8e3d549dd6c2e1baa37bb06a70b80", 0x78, 0x0, 0x0, {0x1, r0}}, 0x643) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x3008, 0x0) 18:34:21 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001600210c000000000000000002"], 0x28}}, 0x0) [ 3218.855562] loop2: detected capacity change from 0 to 32256 [ 3218.860228] __nla_validate_parse: 5 callbacks suppressed [ 3218.860242] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3218.893615] FAULT_INJECTION: forcing a failure. [ 3218.893615] name failslab, interval 1, probability 0, space 0, times 0 [ 3218.897170] CPU: 0 PID: 16415 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3218.899135] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3218.901431] Call Trace: [ 3218.902174] dump_stack+0x107/0x167 [ 3218.903186] should_fail.cold+0x5/0xa [ 3218.904254] ? ext4_find_extent+0xa77/0xd70 [ 3218.905428] should_failslab+0x5/0x20 [ 3218.906481] __kmalloc+0x72/0x390 [ 3218.907282] ext4_find_extent+0xa77/0xd70 [ 3218.908169] ext4_ext_map_blocks+0x1c8/0x5880 [ 3218.909031] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3218.909130] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3218.911215] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3218.912343] ? ext4_ext_release+0x10/0x10 [ 3218.913223] ? ext4_map_blocks+0x5cd/0x1910 [ 3218.914147] ? lock_release+0x680/0x680 [ 3218.914988] ? ext4_es_lookup_extent+0x485/0xa80 [ 3218.915999] ? lock_downgrade+0x6d0/0x6d0 [ 3218.916885] ? down_write+0xe0/0x160 [ 3218.917675] ? down_write_killable+0x180/0x180 [ 3218.918657] ext4_map_blocks+0x63f/0x1910 [ 3218.919541] ? kmem_cache_alloc+0x2a6/0x310 [ 3218.920466] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3218.921598] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 3218.922542] ? jbd2__journal_start+0xf3/0x7e0 [ 3218.923508] ? __ext4_journal_start_sb+0x214/0x390 [ 3218.924526] ? __ext4_journal_start_sb+0x1db/0x390 [ 3218.925568] ext4_iomap_begin+0x3ad/0x700 [ 3218.926478] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3218.927514] ? kasan_save_stack+0x1b/0x40 [ 3218.928394] ? ext4_file_write_iter+0xe0e/0x1530 [ 3218.929397] ? truncate_exceptional_pvec_entries.part.0+0x510/0x510 [ 3218.930740] ? splice_direct_to_actor+0x387/0x980 [ 3218.931765] ? do_splice_direct+0x1c4/0x290 [ 3218.932680] ? do_sendfile+0x553/0x11e0 [ 3218.933500] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3218.934483] ? do_syscall_64+0x33/0x40 [ 3218.935298] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3218.936426] iomap_apply+0x164/0x810 [ 3218.937207] ? iomap_dio_rw+0x90/0x90 [ 3218.938006] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3218.939234] ? mark_held_locks+0x9e/0xe0 [ 3218.940144] ? filemap_check_errors+0xa5/0x150 [ 3218.941276] __iomap_dio_rw+0x6cd/0x1110 [ 3218.942268] ? iomap_dio_rw+0x90/0x90 [ 3218.943201] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3218.944304] ? ext4_orphan_add+0x253/0x9e0 [ 3218.945318] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3218.946510] ? ext4_empty_dir+0xae0/0xae0 [ 3218.947520] ? jbd2__journal_start+0xf3/0x7e0 [ 3218.948617] iomap_dio_rw+0x31/0x90 [ 3218.949512] ext4_file_write_iter+0xe0e/0x1530 [ 3218.950632] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3218.951728] ? kasan_save_stack+0x32/0x40 [ 3218.952736] ? kasan_save_stack+0x1b/0x40 [ 3218.953729] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3218.954978] ? iter_file_splice_write+0x165/0xc90 [ 3218.956140] ? direct_splice_actor+0x10f/0x170 [ 3218.957231] ? splice_direct_to_actor+0x387/0x980 [ 3218.958395] ? do_splice_direct+0x1c4/0x290 [ 3218.959427] ? do_sendfile+0x553/0x11e0 [ 3218.960388] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3218.961523] ? do_syscall_64+0x33/0x40 [ 3218.962454] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3218.963730] do_iter_readv_writev+0x476/0x750 [ 3218.964791] ? _cond_resched+0x10/0x30 [ 3218.965715] ? new_sync_write+0x660/0x660 [ 3218.966715] ? avc_policy_seqno+0x9/0x70 [ 3218.967680] ? selinux_file_permission+0x92/0x520 [ 3218.968821] ? security_file_permission+0xb1/0xe0 [ 3218.969986] do_iter_write+0x191/0x700 [ 3218.970915] ? trace_hardirqs_on+0x5b/0x180 [ 3218.971949] vfs_iter_write+0x70/0xa0 [ 3218.972858] iter_file_splice_write+0x726/0xc90 [ 3218.973995] ? generic_splice_sendpage+0x140/0x140 [ 3218.975170] ? security_file_permission+0xb1/0xe0 [ 3218.976330] ? generic_splice_sendpage+0x140/0x140 [ 3218.977493] direct_splice_actor+0x10f/0x170 [ 3218.978548] splice_direct_to_actor+0x387/0x980 [ 3218.979658] ? pipe_to_sendpage+0x380/0x380 [ 3218.980691] ? do_splice_to+0x160/0x160 [ 3218.981649] ? security_file_permission+0xb1/0xe0 [ 3218.982809] do_splice_direct+0x1c4/0x290 [ 3218.983786] ? splice_direct_to_actor+0x980/0x980 [ 3218.984905] ? avc_policy_seqno+0x9/0x70 [ 3218.985870] ? security_file_permission+0xb1/0xe0 [ 3218.987044] do_sendfile+0x553/0x11e0 [ 3218.987947] ? do_pwritev+0x270/0x270 [ 3218.988855] ? wait_for_completion_io+0x270/0x270 [ 3218.989998] ? rcu_read_lock_any_held+0x75/0xa0 [ 3218.991090] ? vfs_write+0x354/0xb10 [ 3218.991965] __x64_sys_sendfile64+0x1d1/0x210 [ 3218.993021] ? __ia32_sys_sendfile+0x220/0x220 [ 3218.994124] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3218.995348] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3218.996561] do_syscall_64+0x33/0x40 [ 3218.997443] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3218.998676] RIP: 0033:0x7f8c0677ab19 [ 3218.999544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3219.003866] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3219.005632] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3219.007304] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3219.008955] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3219.010613] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3219.012254] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3219.018179] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:34:21 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="100000001800210c000000000000000002"], 0x28}}, 0x0) [ 3219.044645] loop5: detected capacity change from 0 to 32256 18:34:21 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xffffff7f, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:34:21 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x80000001, 0x1, &(0x7f0000000200)="ce27c896d1d6b627a4e7372426ac2ff60605ef08e7e8011f2839026fd08641d966df9a2e9362ada8d63c927cf7cceed13a488ed2aa848208ab29f413f8e3c98b73f4adbff8e3d549dd6c2e1baa37bb06a70b80", 0x78, 0x0, 0x0, {0x1, r0}}, 0x643) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x3008, 0x0) 18:34:21 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x30a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:34:21 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="1b0000001800210c000000000000000002"], 0x28}}, 0x0) [ 3219.098558] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3219.102461] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3219.117799] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 18:34:21 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:34:21 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 16) 18:34:21 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xffffff9e, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:34:21 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x14160000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3219.205804] FAULT_INJECTION: forcing a failure. [ 3219.205804] name failslab, interval 1, probability 0, space 0, times 0 [ 3219.207851] CPU: 1 PID: 16446 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3219.208955] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3219.210283] Call Trace: [ 3219.210718] dump_stack+0x107/0x167 [ 3219.211307] should_fail.cold+0x5/0xa [ 3219.211935] ? create_object.isra.0+0x3a/0xa30 [ 3219.212670] should_failslab+0x5/0x20 [ 3219.213160] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3219.213274] kmem_cache_alloc+0x5b/0x310 [ 3219.213297] ? lock_chain_count+0x20/0x20 [ 3219.216405] create_object.isra.0+0x3a/0xa30 [ 3219.217118] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3219.217937] __kmalloc+0x16e/0x390 [ 3219.218502] ext4_find_extent+0xa77/0xd70 [ 3219.219173] ext4_ext_map_blocks+0x1c8/0x5880 [ 3219.219893] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3219.220737] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3219.221583] ? ext4_ext_release+0x10/0x10 [ 3219.222248] ? ext4_map_blocks+0x5cd/0x1910 [ 3219.222930] ? lock_release+0x680/0x680 [ 3219.223567] ? ext4_es_lookup_extent+0x485/0xa80 [ 3219.224334] ? lock_downgrade+0x6d0/0x6d0 [ 3219.224998] ? down_write+0xe0/0x160 [ 3219.225591] ? down_write_killable+0x180/0x180 [ 3219.226352] ext4_map_blocks+0x63f/0x1910 [ 3219.227025] ? kmem_cache_alloc+0x2a6/0x310 [ 3219.227754] ? __kernel_text_address+0x9/0x40 [ 3219.228485] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 3219.229228] ? jbd2__journal_start+0xf3/0x7e0 [ 3219.229953] ? __ext4_journal_start_sb+0x214/0x390 [ 3219.230737] ? __ext4_journal_start_sb+0x1db/0x390 [ 3219.231537] ext4_iomap_begin+0x3ad/0x700 [ 3219.232230] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3219.233008] ? kasan_save_stack+0x1b/0x40 [ 3219.233683] ? ext4_file_write_iter+0xe0e/0x1530 [ 3219.234451] ? truncate_exceptional_pvec_entries.part.0+0x510/0x510 [ 3219.235480] ? splice_direct_to_actor+0x387/0x980 [ 3219.236231] ? do_splice_direct+0x1c4/0x290 [ 3219.236922] ? do_sendfile+0x553/0x11e0 [ 3219.237545] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3219.238299] ? do_syscall_64+0x33/0x40 [ 3219.238936] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3219.239804] iomap_apply+0x164/0x810 [ 3219.240408] ? iomap_dio_rw+0x90/0x90 [ 3219.241015] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3219.241954] ? mark_held_locks+0x9e/0xe0 [ 3219.242613] ? filemap_check_errors+0xa5/0x150 [ 3219.243332] __iomap_dio_rw+0x6cd/0x1110 [ 3219.243968] ? iomap_dio_rw+0x90/0x90 [ 3219.244585] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3219.245296] ? ext4_orphan_add+0x253/0x9e0 [ 3219.245977] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3219.246772] ? ext4_empty_dir+0xae0/0xae0 [ 3219.247430] ? jbd2__journal_start+0xf3/0x7e0 [ 3219.248142] iomap_dio_rw+0x31/0x90 [ 3219.248731] ext4_file_write_iter+0xe0e/0x1530 [ 3219.249482] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3219.250220] ? kasan_save_stack+0x32/0x40 [ 3219.250871] ? kasan_save_stack+0x1b/0x40 [ 3219.251526] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3219.252351] ? iter_file_splice_write+0x165/0xc90 [ 3219.253114] ? direct_splice_actor+0x10f/0x170 [ 3219.253855] ? splice_direct_to_actor+0x387/0x980 [ 3219.254615] ? do_splice_direct+0x1c4/0x290 [ 3219.255341] ? do_sendfile+0x553/0x11e0 [ 3219.255985] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3219.256719] ? do_syscall_64+0x33/0x40 [ 3219.257345] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3219.258200] do_iter_readv_writev+0x476/0x750 [ 3219.258926] ? _cond_resched+0x10/0x30 [ 3219.259551] ? new_sync_write+0x660/0x660 [ 3219.260218] ? avc_policy_seqno+0x9/0x70 [ 3219.260871] ? selinux_file_permission+0x92/0x520 [ 3219.261650] ? security_file_permission+0xb1/0xe0 [ 3219.262424] do_iter_write+0x191/0x700 [ 3219.263043] ? trace_hardirqs_on+0x5b/0x180 [ 3219.263747] vfs_iter_write+0x70/0xa0 [ 3219.264362] iter_file_splice_write+0x726/0xc90 [ 3219.265123] ? generic_splice_sendpage+0x140/0x140 [ 3219.265934] ? security_file_permission+0xb1/0xe0 [ 3219.266720] ? generic_splice_sendpage+0x140/0x140 [ 3219.267524] direct_splice_actor+0x10f/0x170 [ 3219.268237] splice_direct_to_actor+0x387/0x980 [ 3219.268968] ? pipe_to_sendpage+0x380/0x380 [ 3219.269668] ? do_splice_to+0x160/0x160 [ 3219.270298] ? security_file_permission+0xb1/0xe0 [ 3219.271072] do_splice_direct+0x1c4/0x290 [ 3219.271728] ? splice_direct_to_actor+0x980/0x980 [ 3219.272494] ? avc_policy_seqno+0x9/0x70 [ 3219.273141] ? security_file_permission+0xb1/0xe0 [ 3219.273906] do_sendfile+0x553/0x11e0 [ 3219.274519] ? do_pwritev+0x270/0x270 [ 3219.275120] ? wait_for_completion_io+0x270/0x270 [ 3219.275887] ? rcu_read_lock_any_held+0x75/0xa0 [ 3219.276629] ? vfs_write+0x354/0xb10 [ 3219.277236] __x64_sys_sendfile64+0x1d1/0x210 [ 3219.277961] ? __ia32_sys_sendfile+0x220/0x220 [ 3219.278706] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3219.279557] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3219.280385] do_syscall_64+0x33/0x40 [ 3219.281000] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3219.281818] RIP: 0033:0x7f8c0677ab19 [ 3219.282423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3219.285384] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3219.286598] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3219.287705] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3219.288847] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3219.289991] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3219.291151] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3219.300783] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3219.345730] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3219.367296] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:34:35 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 17) 18:34:35 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x31a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:34:35 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x48000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:34:35 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ff7000/0x8000)=nil, 0x8000, 0x200000d, 0x40010, 0xffffffffffffffff, 0x8000000) syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="67070042a73efbc303d7c09600000000000036e24b37cac1e3d21bd5bdb1ea1f932202e2ab8b9be357e2a08e08b16635657c6d7910995531ef2bc907440370f5d8aab7dcb52877"], 0x40) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a63a85", 0x3}], 0x1}}, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r0, r2, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x6, 0x2, &(0x7f00000001c0)="14455baea78fb9ec38c5e673fb509befc3dbb60f9799e6c4427c1a600093f398b257ac6ee013aeec37d7a8f0e09c98fba9a976596fb1b1126fb90677a1e624ca5c80757f503237466b1a762c14a167f377f147d4e6988a58d052331afcb39d7c1075a0cfb0f1678044dc310ed8ccfc0b4636db872b88fea2aa0dfeb0da212a5b3d272f5386d9ec0d9c6c9d407c5cbdf2a1025eb0c63d82d0f39822bf0609c106118315e84726e9cdf2798d0c4b70e125bc9457bc0e4dbc3de57665ad4c18bb14c3bd00d993ec", 0x10001, 0x0, 0x1, {0x1, r4}}, 0x6) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) 18:34:35 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x80000001, 0x1, &(0x7f0000000200)="ce27c896d1d6b627a4e7372426ac2ff60605ef08e7e8011f2839026fd08641d966df9a2e9362ada8d63c927cf7cceed13a488ed2aa848208ab29f413f8e3c98b73f4adbff8e3d549dd6c2e1baa37bb06a70b80", 0x78, 0x0, 0x0, {0x1, r0}}, 0x643) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:34:35 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000001800210c000000000000000002"], 0x28}}, 0x0) 18:34:35 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xfffffff0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:34:35 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001900210c000000000000000002"], 0x28}}, 0x0) [ 3232.713717] loop5: detected capacity change from 0 to 32256 [ 3232.729105] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3232.735491] FAULT_INJECTION: forcing a failure. [ 3232.735491] name failslab, interval 1, probability 0, space 0, times 0 [ 3232.737364] CPU: 0 PID: 16478 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3232.738519] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3232.739831] Call Trace: [ 3232.740252] dump_stack+0x107/0x167 [ 3232.740842] should_fail.cold+0x5/0xa [ 3232.741446] ? ext4_find_extent+0xa77/0xd70 [ 3232.742127] should_failslab+0x5/0x20 [ 3232.742751] __kmalloc+0x72/0x390 [ 3232.743326] ext4_find_extent+0xa77/0xd70 [ 3232.744020] ext4_ext_map_blocks+0x1c8/0x5880 [ 3232.744742] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3232.745582] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3232.746440] ? ext4_ext_release+0x10/0x10 [ 3232.747103] ? ext4_map_blocks+0x5cd/0x1910 [ 3232.747785] ? lock_release+0x680/0x680 [ 3232.748412] ? ext4_es_lookup_extent+0x485/0xa80 [ 3232.749158] ? lock_downgrade+0x6d0/0x6d0 [ 3232.749821] ? down_write+0xe0/0x160 [ 3232.750436] ? down_write_killable+0x180/0x180 [ 3232.751174] ext4_map_blocks+0x63f/0x1910 [ 3232.751846] ? kmem_cache_alloc+0x2a6/0x310 [ 3232.752544] ? __kernel_text_address+0x9/0x40 [ 3232.753266] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 3232.753977] ? jbd2__journal_start+0xf3/0x7e0 [ 3232.754712] ? __ext4_journal_start_sb+0x214/0x390 [ 3232.755484] ? __ext4_journal_start_sb+0x1db/0x390 [ 3232.756279] ext4_iomap_begin+0x3ad/0x700 [ 3232.756943] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3232.757728] ? kasan_save_stack+0x1b/0x40 [ 3232.758415] ? ext4_file_write_iter+0xe0e/0x1530 [ 3232.759199] ? truncate_exceptional_pvec_entries.part.0+0x510/0x510 [ 3232.760210] ? splice_direct_to_actor+0x387/0x980 [ 3232.760963] ? do_splice_direct+0x1c4/0x290 [ 3232.761653] ? do_sendfile+0x553/0x11e0 [ 3232.762316] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3232.763063] ? do_syscall_64+0x33/0x40 [ 3232.763697] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3232.764576] iomap_apply+0x164/0x810 [ 3232.765181] ? iomap_dio_rw+0x90/0x90 [ 3232.765794] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3232.766753] ? mark_held_locks+0x9e/0xe0 [ 3232.767429] ? filemap_check_errors+0xa5/0x150 [ 3232.768159] __iomap_dio_rw+0x6cd/0x1110 [ 3232.768797] ? iomap_dio_rw+0x90/0x90 [ 3232.769444] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3232.770177] ? ext4_orphan_add+0x253/0x9e0 [ 3232.770874] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3232.771661] ? ext4_empty_dir+0xae0/0xae0 [ 3232.772327] ? jbd2__journal_start+0xf3/0x7e0 [ 3232.773210] iomap_dio_rw+0x31/0x90 [ 3232.773800] ext4_file_write_iter+0xe0e/0x1530 [ 3232.774594] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3232.775340] ? kasan_save_stack+0x32/0x40 [ 3232.776011] ? kasan_save_stack+0x1b/0x40 [ 3232.776668] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3232.777453] ? iter_file_splice_write+0x165/0xc90 [ 3232.778238] ? direct_splice_actor+0x10f/0x170 [ 3232.778981] ? splice_direct_to_actor+0x387/0x980 [ 3232.779758] ? do_splice_direct+0x1c4/0x290 [ 3232.780438] ? do_sendfile+0x553/0x11e0 [ 3232.781080] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3232.781813] ? do_syscall_64+0x33/0x40 [ 3232.782433] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3232.782489] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3232.783292] do_iter_readv_writev+0x476/0x750 [ 3232.783308] ? _cond_resched+0x10/0x30 [ 3232.783322] ? new_sync_write+0x660/0x660 [ 3232.783337] ? avc_policy_seqno+0x9/0x70 [ 3232.783359] ? selinux_file_permission+0x92/0x520 [ 3232.786888] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3232.787145] ? security_file_permission+0xb1/0xe0 [ 3232.787173] do_iter_write+0x191/0x700 [ 3232.791545] ? trace_hardirqs_on+0x5b/0x180 [ 3232.792272] vfs_iter_write+0x70/0xa0 [ 3232.792897] iter_file_splice_write+0x726/0xc90 [ 3232.793691] ? generic_splice_sendpage+0x140/0x140 [ 3232.794533] ? security_file_permission+0xb1/0xe0 [ 3232.795314] ? generic_splice_sendpage+0x140/0x140 [ 3232.796104] direct_splice_actor+0x10f/0x170 [ 3232.796803] splice_direct_to_actor+0x387/0x980 [ 3232.797548] ? pipe_to_sendpage+0x380/0x380 [ 3232.798262] ? do_splice_to+0x160/0x160 [ 3232.798919] ? security_file_permission+0xb1/0xe0 [ 3232.799513] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3232.799706] do_splice_direct+0x1c4/0x290 [ 3232.799723] ? splice_direct_to_actor+0x980/0x980 [ 3232.799744] ? avc_policy_seqno+0x9/0x70 [ 3232.803648] ? security_file_permission+0xb1/0xe0 [ 3232.804428] do_sendfile+0x553/0x11e0 [ 3232.805058] ? do_pwritev+0x270/0x270 [ 3232.805664] ? wait_for_completion_io+0x270/0x270 [ 3232.806478] ? rcu_read_lock_any_held+0x75/0xa0 [ 3232.807196] ? vfs_write+0x354/0xb10 [ 3232.807788] __x64_sys_sendfile64+0x1d1/0x210 [ 3232.808497] ? __ia32_sys_sendfile+0x220/0x220 [ 3232.809251] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3232.810067] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3232.810906] do_syscall_64+0x33/0x40 [ 3232.811496] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3232.812306] RIP: 0033:0x7f8c0677ab19 [ 3232.812880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3232.815884] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3232.817089] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3232.818223] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3232.819356] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3232.820234] loop2: detected capacity change from 0 to 32256 [ 3232.820477] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3232.820487] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:34:35 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="c00000001800210c000000000000000002"], 0x28}}, 0x0) 18:34:35 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xffffffff, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) [ 3232.871463] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 18:34:35 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x32a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3232.887122] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:34:35 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x80000001, 0x1, &(0x7f0000000200)="ce27c896d1d6b627a4e7372426ac2ff60605ef08e7e8011f2839026fd08641d966df9a2e9362ada8d63c927cf7cceed13a488ed2aa848208ab29f413f8e3c98b73f4adbff8e3d549dd6c2e1baa37bb06a70b80", 0x78, 0x0, 0x0, {0x1, r0}}, 0x643) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:34:35 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f00000001c0)='system_u:object_r:hald_exec_t:s0\x00', 0x21, 0x3) [ 3232.946705] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3232.949947] loop2: detected capacity change from 0 to 32256 18:34:35 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x4c000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:34:35 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001a00210c000000000000000002"], 0x28}}, 0x0) [ 3232.996476] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3233.010627] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3233.024099] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 18:34:35 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:34:35 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 18) [ 3233.049853] loop5: detected capacity change from 0 to 32256 18:34:35 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="c00e00001800210c000000000000000002"], 0x28}}, 0x0) 18:34:35 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001c00210c000000000000000002"], 0x28}}, 0x0) [ 3233.104629] FAULT_INJECTION: forcing a failure. [ 3233.104629] name failslab, interval 1, probability 0, space 0, times 0 [ 3233.106525] CPU: 0 PID: 16517 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3233.107517] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3233.108714] Call Trace: [ 3233.109104] dump_stack+0x107/0x167 [ 3233.109640] should_fail.cold+0x5/0xa [ 3233.110196] ? kmem_cache_free+0x249/0x2d0 [ 3233.110821] ? create_object.isra.0+0x3a/0xa30 [ 3233.111481] should_failslab+0x5/0x20 [ 3233.112032] kmem_cache_alloc+0x5b/0x310 [ 3233.112625] create_object.isra.0+0x3a/0xa30 [ 3233.113253] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3233.113989] kmem_cache_alloc+0x159/0x310 [ 3233.114611] __es_insert_extent+0xed1/0x1370 [ 3233.115260] ext4_es_insert_extent+0x45d/0xf10 [ 3233.115927] ? ext4_es_scan_clu+0x2e0/0x2e0 [ 3233.116549] ? lock_downgrade+0x6d0/0x6d0 [ 3233.117154] ? down_write+0xe0/0x160 [ 3233.117697] ? down_write_killable+0x180/0x180 [ 3233.118388] ext4_map_blocks+0x80b/0x1910 [ 3233.118998] ? __kernel_text_address+0x9/0x40 [ 3233.119640] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 3233.120287] ? jbd2__journal_start+0xf3/0x7e0 [ 3233.120936] ? __ext4_journal_start_sb+0x214/0x390 [ 3233.121627] ? __ext4_journal_start_sb+0x1db/0x390 [ 3233.122351] ext4_iomap_begin+0x3ad/0x700 [ 3233.122949] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3233.123644] ? kasan_save_stack+0x1b/0x40 [ 3233.124227] ? ext4_file_write_iter+0xe0e/0x1530 [ 3233.124898] ? truncate_exceptional_pvec_entries.part.0+0x510/0x510 [ 3233.125800] ? splice_direct_to_actor+0x387/0x980 [ 3233.126506] ? do_splice_direct+0x1c4/0x290 [ 3233.127120] ? do_sendfile+0x553/0x11e0 [ 3233.127679] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3233.128332] ? do_syscall_64+0x33/0x40 [ 3233.128881] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3233.129653] iomap_apply+0x164/0x810 [ 3233.130196] ? iomap_dio_rw+0x90/0x90 [ 3233.130752] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3233.131575] ? mark_held_locks+0x9e/0xe0 [ 3233.132164] ? filemap_check_errors+0xa5/0x150 [ 3233.132818] __iomap_dio_rw+0x6cd/0x1110 [ 3233.133397] ? iomap_dio_rw+0x90/0x90 [ 3233.133950] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3233.134625] ? ext4_orphan_add+0x253/0x9e0 [ 3233.135229] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3233.135933] ? ext4_empty_dir+0xae0/0xae0 [ 3233.136521] ? jbd2__journal_start+0xf3/0x7e0 [ 3233.137171] iomap_dio_rw+0x31/0x90 [ 3233.137686] ext4_file_write_iter+0xe0e/0x1530 [ 3233.138370] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3233.139020] ? kasan_save_stack+0x32/0x40 [ 3233.139616] ? kasan_save_stack+0x1b/0x40 [ 3233.140223] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3233.140951] ? iter_file_splice_write+0x165/0xc90 [ 3233.141632] ? direct_splice_actor+0x10f/0x170 [ 3233.142309] ? splice_direct_to_actor+0x387/0x980 [ 3233.142998] ? do_splice_direct+0x1c4/0x290 [ 3233.143605] ? do_sendfile+0x553/0x11e0 [ 3233.144159] ? __x64_sys_sendfile64+0x1d1/0x210 18:34:35 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="0f0000001400210c000000000000000002"], 0x28}}, 0x0) [ 3233.144817] ? do_syscall_64+0x33/0x40 [ 3233.145530] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3233.146307] do_iter_readv_writev+0x476/0x750 [ 3233.146944] ? _cond_resched+0x10/0x30 [ 3233.147492] ? new_sync_write+0x660/0x660 [ 3233.148077] ? avc_policy_seqno+0x9/0x70 [ 3233.148650] ? selinux_file_permission+0x92/0x520 [ 3233.149332] ? security_file_permission+0xb1/0xe0 [ 3233.150014] do_iter_write+0x191/0x700 [ 3233.150587] ? trace_hardirqs_on+0x5b/0x180 [ 3233.151206] vfs_iter_write+0x70/0xa0 [ 3233.151750] iter_file_splice_write+0x726/0xc90 [ 3233.152414] ? generic_splice_sendpage+0x140/0x140 [ 3233.153130] ? security_file_permission+0xb1/0xe0 [ 3233.153820] ? generic_splice_sendpage+0x140/0x140 [ 3233.154540] direct_splice_actor+0x10f/0x170 [ 3233.155160] splice_direct_to_actor+0x387/0x980 [ 3233.155822] ? pipe_to_sendpage+0x380/0x380 [ 3233.156432] ? do_splice_to+0x160/0x160 [ 3233.156992] ? security_file_permission+0xb1/0xe0 [ 3233.157672] do_splice_direct+0x1c4/0x290 [ 3233.158275] ? splice_direct_to_actor+0x980/0x980 [ 3233.158955] ? avc_policy_seqno+0x9/0x70 [ 3233.159538] ? security_file_permission+0xb1/0xe0 [ 3233.160222] do_sendfile+0x553/0x11e0 [ 3233.160775] ? do_pwritev+0x270/0x270 [ 3233.161313] ? wait_for_completion_io+0x270/0x270 [ 3233.162005] ? rcu_read_lock_any_held+0x75/0xa0 [ 3233.162684] ? vfs_write+0x354/0xb10 [ 3233.163215] __x64_sys_sendfile64+0x1d1/0x210 [ 3233.163843] ? __ia32_sys_sendfile+0x220/0x220 [ 3233.164485] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3233.165221] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3233.165942] do_syscall_64+0x33/0x40 [ 3233.166481] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3233.167211] RIP: 0033:0x7f8c0677ab19 [ 3233.167732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3233.170316] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3233.171386] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3233.172381] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3233.173371] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3233.174384] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3233.175388] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3233.195199] loop2: detected capacity change from 0 to 32256 18:34:47 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 19) 18:34:47 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x33a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:34:47 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001d00210c000000000000000002"], 0x28}}, 0x0) 18:34:47 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66615a00020801004070008400f901", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) 18:34:48 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="e03f03001800210c000000000000000002"], 0x28}}, 0x0) 18:34:48 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="100000001400210c000000000000000002"], 0x28}}, 0x0) 18:34:48 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x68000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:34:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) [ 3245.394047] __nla_validate_parse: 4 callbacks suppressed [ 3245.394062] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3245.405761] FAULT_INJECTION: forcing a failure. [ 3245.405761] name failslab, interval 1, probability 0, space 0, times 0 [ 3245.408720] CPU: 1 PID: 16552 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3245.410504] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3245.412626] Call Trace: [ 3245.413297] dump_stack+0x107/0x167 [ 3245.414225] should_fail.cold+0x5/0xa [ 3245.415124] ? __es_insert_extent+0xed1/0x1370 [ 3245.416097] should_failslab+0x5/0x20 [ 3245.416875] kmem_cache_alloc+0x5b/0x310 [ 3245.417713] __es_insert_extent+0xed1/0x1370 [ 3245.418644] ext4_es_insert_extent+0x45d/0xf10 [ 3245.419595] ? ext4_es_scan_clu+0x2e0/0x2e0 [ 3245.420484] ? lock_downgrade+0x6d0/0x6d0 [ 3245.421346] ? down_write+0xe0/0x160 [ 3245.422127] ? down_write_killable+0x180/0x180 [ 3245.423085] ext4_map_blocks+0x80b/0x1910 [ 3245.423950] ? __kernel_text_address+0x9/0x40 [ 3245.424876] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 3245.425817] ? jbd2__journal_start+0xf3/0x7e0 [ 3245.426782] ? __ext4_journal_start_sb+0x214/0x390 [ 3245.427803] ? __ext4_journal_start_sb+0x1db/0x390 [ 3245.428813] ext4_iomap_begin+0x3ad/0x700 [ 3245.429678] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3245.430695] ? kasan_save_stack+0x1b/0x40 [ 3245.431548] ? ext4_file_write_iter+0xe0e/0x1530 [ 3245.432551] ? truncate_exceptional_pvec_entries.part.0+0x510/0x510 [ 3245.433865] ? splice_direct_to_actor+0x387/0x980 [ 3245.434904] ? do_splice_direct+0x1c4/0x290 [ 3245.435786] ? do_sendfile+0x553/0x11e0 [ 3245.436604] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3245.437564] ? do_syscall_64+0x33/0x40 [ 3245.438367] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3245.439480] iomap_apply+0x164/0x810 [ 3245.440263] ? iomap_dio_rw+0x90/0x90 [ 3245.441075] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3245.442290] ? mark_held_locks+0x9e/0xe0 [ 3245.443169] ? filemap_check_errors+0xa5/0x150 [ 3245.444142] __iomap_dio_rw+0x6cd/0x1110 [ 3245.444978] ? iomap_dio_rw+0x90/0x90 [ 3245.445781] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3245.446752] ? ext4_orphan_add+0x253/0x9e0 [ 3245.447645] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3245.448681] ? ext4_empty_dir+0xae0/0xae0 [ 3245.449551] ? jbd2__journal_start+0xf3/0x7e0 [ 3245.450516] iomap_dio_rw+0x31/0x90 [ 3245.451274] ext4_file_write_iter+0xe0e/0x1530 [ 3245.452235] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3245.453205] ? kasan_save_stack+0x32/0x40 [ 3245.454045] ? kasan_save_stack+0x1b/0x40 [ 3245.454929] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3245.455966] ? iter_file_splice_write+0x165/0xc90 [ 3245.456956] ? direct_splice_actor+0x10f/0x170 [ 3245.457910] ? splice_direct_to_actor+0x387/0x980 [ 3245.458904] ? do_splice_direct+0x1c4/0x290 [ 3245.459790] ? do_sendfile+0x553/0x11e0 [ 3245.460614] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3245.461600] ? do_syscall_64+0x33/0x40 [ 3245.462406] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3245.463502] do_iter_readv_writev+0x476/0x750 [ 3245.464422] ? _cond_resched+0x10/0x30 [ 3245.465232] ? new_sync_write+0x660/0x660 [ 3245.466075] ? avc_policy_seqno+0x9/0x70 [ 3245.466922] ? selinux_file_permission+0x92/0x520 [ 3245.467937] ? security_file_permission+0xb1/0xe0 [ 3245.468972] do_iter_write+0x191/0x700 [ 3245.469772] ? trace_hardirqs_on+0x5b/0x180 [ 3245.470678] vfs_iter_write+0x70/0xa0 [ 3245.471485] iter_file_splice_write+0x726/0xc90 [ 3245.472488] ? generic_splice_sendpage+0x140/0x140 [ 3245.473545] ? security_file_permission+0xb1/0xe0 [ 3245.474545] ? generic_splice_sendpage+0x140/0x140 [ 3245.475549] direct_splice_actor+0x10f/0x170 [ 3245.476478] splice_direct_to_actor+0x387/0x980 [ 3245.477463] ? pipe_to_sendpage+0x380/0x380 [ 3245.478378] ? do_splice_to+0x160/0x160 [ 3245.479196] ? security_file_permission+0xb1/0xe0 [ 3245.480231] do_splice_direct+0x1c4/0x290 [ 3245.481087] ? splice_direct_to_actor+0x980/0x980 [ 3245.482118] ? avc_policy_seqno+0x9/0x70 [ 3245.482985] ? security_file_permission+0xb1/0xe0 [ 3245.483981] do_sendfile+0x553/0x11e0 [ 3245.484777] ? do_pwritev+0x270/0x270 [ 3245.485559] ? wait_for_completion_io+0x270/0x270 [ 3245.486548] ? rcu_read_lock_any_held+0x75/0xa0 [ 3245.487521] ? vfs_write+0x354/0xb10 [ 3245.488291] __x64_sys_sendfile64+0x1d1/0x210 [ 3245.489204] ? __ia32_sys_sendfile+0x220/0x220 [ 3245.490143] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3245.491232] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3245.492314] do_syscall_64+0x33/0x40 [ 3245.493101] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3245.494138] RIP: 0033:0x7f8c0677ab19 [ 3245.494911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3245.498768] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3245.500333] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3245.501800] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3245.503307] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3245.504766] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3245.506257] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:34:48 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="170000001400210c000000000000000002"], 0x28}}, 0x0) 18:34:48 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="680100201800210c000000000000000002"], 0x28}}, 0x0) [ 3245.512528] loop5: detected capacity change from 0 to 32256 [ 3245.566999] loop2: detected capacity change from 0 to 32256 [ 3245.572412] FAT-fs (loop5): Directory bread(block 65) failed [ 3245.573893] FAT-fs (loop5): Directory bread(block 66) failed 18:34:48 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x34a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3245.580025] FAT-fs (loop5): Directory bread(block 67) failed [ 3245.584688] FAT-fs (loop5): Directory bread(block 68) failed [ 3245.589613] FAT-fs (loop5): Directory bread(block 69) failed [ 3245.594857] FAT-fs (loop5): Directory bread(block 70) failed [ 3245.597877] FAT-fs (loop5): Directory bread(block 71) failed 18:34:48 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="00f0ff7f1800210c000000000000000002"], 0x28}}, 0x0) 18:35:03 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 20) 18:35:03 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x35a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:35:03 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x6c000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:35:03 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:35:03 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) r1 = open_tree(r0, &(0x7f0000000000)='./file0\x00', 0x1000) write$P9_RREADLINK(r1, &(0x7f0000000040)={0x16, 0x17, 0x1, {0xd, './file0/file0'}}, 0x16) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) [ 3260.489783] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3260.493692] FAULT_INJECTION: forcing a failure. [ 3260.493692] name failslab, interval 1, probability 0, space 0, times 0 [ 3260.496121] CPU: 0 PID: 16591 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3260.497612] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3260.499386] Call Trace: [ 3260.499956] dump_stack+0x107/0x167 [ 3260.500828] should_fail.cold+0x5/0xa [ 3260.501719] ? create_object.isra.0+0x3a/0xa30 [ 3260.502692] should_failslab+0x5/0x20 [ 3260.503528] kmem_cache_alloc+0x5b/0x310 [ 3260.504384] ? quarantine_put+0x8b/0x1a0 [ 3260.505235] ? trace_hardirqs_on+0x5b/0x180 [ 3260.506161] create_object.isra.0+0x3a/0xa30 [ 3260.507121] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3260.508234] kmem_cache_alloc+0x159/0x310 [ 3260.509138] ? mempool_free_pages+0x20/0x20 [ 3260.510111] mempool_alloc+0x148/0x360 [ 3260.510972] ? mempool_resize+0x7d0/0x7d0 [ 3260.511871] ? lock_downgrade+0x6d0/0x6d0 [ 3260.512786] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3260.513858] bio_alloc_bioset+0x36e/0x600 [ 3260.513872] loop2: detected capacity change from 0 to 32256 [ 3260.515975] ? bvec_alloc+0x2f0/0x2f0 [ 3260.516829] ? iov_iter_npages+0x1fd/0xa70 [ 3260.517780] iomap_dio_bio_actor+0x518/0xef0 [ 3260.518767] iomap_dio_actor+0x36f/0x560 [ 3260.519680] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3260.520673] ? do_syscall_64+0x33/0x40 [ 3260.521508] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3260.522646] iomap_apply+0x289/0x810 [ 3260.523442] ? iomap_dio_rw+0x90/0x90 [ 3260.524250] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3260.525477] ? mark_held_locks+0x9e/0xe0 [ 3260.526347] ? filemap_check_errors+0xa5/0x150 [ 3260.527325] __iomap_dio_rw+0x6cd/0x1110 18:35:03 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001e00210c000000000000000002"], 0x28}}, 0x0) 18:35:03 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000001400210c000000000000000002"], 0x28}}, 0x0) 18:35:03 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="effdffff1800210c000000000000000002"], 0x28}}, 0x0) [ 3260.528186] ? iomap_dio_rw+0x90/0x90 [ 3260.529164] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3260.530132] ? ext4_orphan_add+0x253/0x9e0 [ 3260.531046] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3260.532090] ? ext4_empty_dir+0xae0/0xae0 [ 3260.533011] ? jbd2__journal_start+0xf3/0x7e0 [ 3260.533973] iomap_dio_rw+0x31/0x90 [ 3260.534759] ext4_file_write_iter+0xe0e/0x1530 [ 3260.535749] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3260.536757] ? kasan_save_stack+0x32/0x40 [ 3260.537628] ? kasan_save_stack+0x1b/0x40 [ 3260.538514] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3260.539581] ? iter_file_splice_write+0x165/0xc90 [ 3260.540642] ? direct_splice_actor+0x10f/0x170 [ 3260.541607] ? splice_direct_to_actor+0x387/0x980 [ 3260.542633] ? do_splice_direct+0x1c4/0x290 [ 3260.543545] ? do_sendfile+0x553/0x11e0 [ 3260.544419] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3260.545432] ? do_syscall_64+0x33/0x40 [ 3260.546249] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3260.547392] do_iter_readv_writev+0x476/0x750 [ 3260.548349] ? _cond_resched+0x10/0x30 [ 3260.549205] ? new_sync_write+0x660/0x660 [ 3260.550075] ? avc_policy_seqno+0x9/0x70 [ 3260.550938] ? selinux_file_permission+0x92/0x520 [ 3260.551953] ? security_file_permission+0xb1/0xe0 [ 3260.553018] do_iter_write+0x191/0x700 [ 3260.553847] ? trace_hardirqs_on+0x5b/0x180 [ 3260.554785] vfs_iter_write+0x70/0xa0 [ 3260.555587] iter_file_splice_write+0x726/0xc90 [ 3260.556683] ? generic_splice_sendpage+0x140/0x140 [ 3260.558025] ? security_file_permission+0xb1/0xe0 [ 3260.559321] ? generic_splice_sendpage+0x140/0x140 [ 3260.560634] direct_splice_actor+0x10f/0x170 [ 3260.561828] splice_direct_to_actor+0x387/0x980 [ 3260.562946] ? pipe_to_sendpage+0x380/0x380 [ 3260.563906] ? do_splice_to+0x160/0x160 [ 3260.564764] ? security_file_permission+0xb1/0xe0 [ 3260.565804] do_splice_direct+0x1c4/0x290 [ 3260.566731] ? splice_direct_to_actor+0x980/0x980 [ 3260.567792] ? avc_policy_seqno+0x9/0x70 [ 3260.568671] ? security_file_permission+0xb1/0xe0 [ 3260.569712] do_sendfile+0x553/0x11e0 [ 3260.570565] ? do_pwritev+0x270/0x270 [ 3260.571391] ? wait_for_completion_io+0x270/0x270 [ 3260.572449] ? rcu_read_lock_any_held+0x75/0xa0 [ 3260.573456] ? vfs_write+0x354/0xb10 [ 3260.574252] __x64_sys_sendfile64+0x1d1/0x210 [ 3260.575250] ? __ia32_sys_sendfile+0x220/0x220 [ 3260.576243] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3260.577389] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3260.578512] do_syscall_64+0x33/0x40 [ 3260.579306] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3260.580452] RIP: 0033:0x7f8c0677ab19 [ 3260.581246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3260.585236] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3260.586861] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3260.588363] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3260.589877] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3260.591416] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3260.592928] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:35:03 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000000c00210c000000000000000002"], 0x28}}, 0x0) 18:35:03 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="c00000001400210c000000000000000002"], 0x28}}, 0x0) [ 3260.614679] loop5: detected capacity change from 0 to 32256 [ 3260.712651] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=16617 comm=syz-executor.6 18:35:03 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="c00e00001400210c000000000000000002"], 0x28}}, 0x0) 18:35:03 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x74000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:35:03 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x36a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:35:03 executing program 2: mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:35:03 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002500210c000000000000000002"], 0x28}}, 0x0) 18:35:03 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000000f00210c000000000000000002"], 0x28}}, 0x0) [ 3260.888702] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3260.915743] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3260.938557] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15 sclass=netlink_route_socket pid=16633 comm=syz-executor.6 [ 3260.958019] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 18:35:15 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x7a000000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:35:15 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="e03f03001400210c000000000000000002"], 0x28}}, 0x0) 18:35:15 executing program 5: fsync(0xffffffffffffffff) syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f00000000c0)='./file0\x00', 0x2, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x2b102ef, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) symlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') 18:35:15 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x37a70100, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:35:15 executing program 2: mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:35:15 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 21) 18:35:15 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000006000210c000000000000000002"], 0x28}}, 0x0) 18:35:15 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001000210c000000000000000002"], 0x28}}, 0x0) [ 3273.266526] FAULT_INJECTION: forcing a failure. [ 3273.266526] name failslab, interval 1, probability 0, space 0, times 0 [ 3273.267851] CPU: 0 PID: 16646 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3273.268632] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3273.269571] Call Trace: [ 3273.269884] dump_stack+0x107/0x167 [ 3273.270302] should_fail.cold+0x5/0xa [ 3273.270749] ? jbd2__journal_start+0x190/0x7e0 [ 3273.271274] should_failslab+0x5/0x20 [ 3273.271714] kmem_cache_alloc+0x5b/0x310 [ 3273.272185] jbd2__journal_start+0x190/0x7e0 [ 3273.272691] __ext4_journal_start_sb+0x214/0x390 [ 3273.273232] ext4_iomap_begin+0x485/0x700 [ 3273.273721] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3273.274287] ? iomap_dio_actor+0x377/0x560 [ 3273.274809] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3273.275339] ? do_syscall_64+0x33/0x40 [ 3273.275782] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3273.276401] iomap_apply+0x164/0x810 [ 3273.276831] ? iomap_dio_rw+0x90/0x90 [ 3273.277270] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3273.277943] ? mark_held_locks+0x9e/0xe0 [ 3273.278418] ? filemap_check_errors+0xa5/0x150 [ 3273.278954] __iomap_dio_rw+0x6cd/0x1110 [ 3273.279421] ? iomap_dio_rw+0x90/0x90 [ 3273.279864] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3273.280380] ? ext4_orphan_add+0x253/0x9e0 [ 3273.280867] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3273.281420] ? ext4_empty_dir+0xae0/0xae0 [ 3273.281887] ? jbd2__journal_start+0xf3/0x7e0 [ 3273.282414] iomap_dio_rw+0x31/0x90 [ 3273.282834] ext4_file_write_iter+0xe0e/0x1530 [ 3273.283363] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3273.283877] ? kasan_save_stack+0x32/0x40 [ 3273.284348] ? kasan_save_stack+0x1b/0x40 [ 3273.284826] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3273.285401] ? iter_file_splice_write+0x165/0xc90 [ 3273.285950] ? direct_splice_actor+0x10f/0x170 [ 3273.286467] ? splice_direct_to_actor+0x387/0x980 [ 3273.287039] ? do_splice_direct+0x1c4/0x290 [ 3273.287533] ? do_sendfile+0x553/0x11e0 [ 3273.287987] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3273.288511] ? do_syscall_64+0x33/0x40 [ 3273.288959] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3273.289585] do_iter_readv_writev+0x476/0x750 [ 3273.290094] ? _cond_resched+0x10/0x30 [ 3273.290533] ? new_sync_write+0x660/0x660 [ 3273.291016] ? avc_policy_seqno+0x9/0x70 [ 3273.291472] ? selinux_file_permission+0x92/0x520 [ 3273.292029] ? security_file_permission+0xb1/0xe0 [ 3273.292584] do_iter_write+0x191/0x700 [ 3273.293027] ? trace_hardirqs_on+0x5b/0x180 [ 3273.293528] vfs_iter_write+0x70/0xa0 [ 3273.293968] iter_file_splice_write+0x726/0xc90 [ 3273.294509] ? generic_splice_sendpage+0x140/0x140 [ 3273.295091] ? security_file_permission+0xb1/0xe0 [ 3273.295642] ? generic_splice_sendpage+0x140/0x140 [ 3273.296214] direct_splice_actor+0x10f/0x170 [ 3273.296716] splice_direct_to_actor+0x387/0x980 [ 3273.297253] ? pipe_to_sendpage+0x380/0x380 [ 3273.297741] ? do_splice_to+0x160/0x160 [ 3273.298190] ? security_file_permission+0xb1/0xe0 [ 3273.298755] do_splice_direct+0x1c4/0x290 [ 3273.299236] ? splice_direct_to_actor+0x980/0x980 [ 3273.299789] ? avc_policy_seqno+0x9/0x70 [ 3273.300252] ? security_file_permission+0xb1/0xe0 [ 3273.300808] do_sendfile+0x553/0x11e0 [ 3273.301253] ? do_pwritev+0x270/0x270 [ 3273.301692] ? wait_for_completion_io+0x270/0x270 [ 3273.302250] ? rcu_read_lock_any_held+0x75/0xa0 [ 3273.302790] ? vfs_write+0x354/0xb10 [ 3273.303216] __x64_sys_sendfile64+0x1d1/0x210 [ 3273.303739] ? __ia32_sys_sendfile+0x220/0x220 [ 3273.304263] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3273.304864] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3273.305458] do_syscall_64+0x33/0x40 [ 3273.305888] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3273.306475] RIP: 0033:0x7f8c0677ab19 [ 3273.306931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3273.309028] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3273.309903] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3273.310724] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3273.311536] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3273.312348] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3273.313161] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3273.313851] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.6'. 18:35:15 executing program 2: mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) [ 3273.342418] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:35:15 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 22) 18:35:16 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x3f000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:35:16 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001100210c000000000000000002"], 0x28}}, 0x0) 18:35:16 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000007300210c000000000000000002"], 0x28}}, 0x0) 18:35:16 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x9effffff, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3273.450723] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pid=16677 comm=syz-executor.0 18:35:16 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="680100201400210c000000000000000002"], 0x28}}, 0x0) 18:35:16 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x422a82, 0x162) [ 3273.468135] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3273.472454] FAULT_INJECTION: forcing a failure. [ 3273.472454] name failslab, interval 1, probability 0, space 0, times 0 [ 3273.474809] CPU: 1 PID: 16672 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3273.476314] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3273.478101] Call Trace: [ 3273.478675] dump_stack+0x107/0x167 [ 3273.479419] should_fail.cold+0x5/0xa [ 3273.480227] ? create_object.isra.0+0x3a/0xa30 [ 3273.481148] should_failslab+0x5/0x20 [ 3273.481953] kmem_cache_alloc+0x5b/0x310 [ 3273.482819] ? blk_queue_enter+0xc30/0xc30 [ 3273.483730] create_object.isra.0+0x3a/0xa30 [ 3273.484679] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3273.485754] kmem_cache_alloc+0x159/0x310 [ 3273.486652] jbd2__journal_start+0x190/0x7e0 [ 3273.487596] __ext4_journal_start_sb+0x214/0x390 [ 3273.488615] ext4_iomap_begin+0x485/0x700 18:35:16 executing program 2: syz_mount_image$vfat(0x0, &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) [ 3273.489541] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3273.490798] ? iomap_dio_actor+0x377/0x560 [ 3273.491690] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3273.492685] ? do_syscall_64+0x33/0x40 [ 3273.493503] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3273.494640] iomap_apply+0x164/0x810 [ 3273.495400] ? iomap_dio_rw+0x90/0x90 [ 3273.496211] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3273.497461] ? mark_held_locks+0x9e/0xe0 [ 3273.498305] ? filemap_check_errors+0xa5/0x150 [ 3273.498504] loop5: detected capacity change from 0 to 32256 [ 3273.499282] __iomap_dio_rw+0x6cd/0x1110 [ 3273.499300] ? iomap_dio_rw+0x90/0x90 [ 3273.499338] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3273.502566] ? ext4_orphan_add+0x253/0x9e0 [ 3273.503506] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3273.504586] ? ext4_empty_dir+0xae0/0xae0 [ 3273.505472] ? jbd2__journal_start+0xf3/0x7e0 [ 3273.506405] iomap_dio_rw+0x31/0x90 [ 3273.507161] ext4_file_write_iter+0xe0e/0x1530 [ 3273.508154] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3273.509146] ? kasan_save_stack+0x32/0x40 [ 3273.510034] ? kasan_save_stack+0x1b/0x40 [ 3273.510924] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3273.511992] ? iter_file_splice_write+0x165/0xc90 [ 3273.513029] ? direct_splice_actor+0x10f/0x170 [ 3273.513975] ? splice_direct_to_actor+0x387/0x980 [ 3273.514967] ? do_splice_direct+0x1c4/0x290 [ 3273.515842] ? do_sendfile+0x553/0x11e0 [ 3273.516672] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3273.517215] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pid=16688 comm=syz-executor.0 [ 3273.517670] ? do_syscall_64+0x33/0x40 [ 3273.517689] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3273.517716] do_iter_readv_writev+0x476/0x750 [ 3273.521909] ? _cond_resched+0x10/0x30 [ 3273.522751] ? new_sync_write+0x660/0x660 [ 3273.523607] ? avc_policy_seqno+0x9/0x70 [ 3273.524445] ? selinux_file_permission+0x92/0x520 [ 3273.525436] ? security_file_permission+0xb1/0xe0 [ 3273.526441] do_iter_write+0x191/0x700 [ 3273.527242] ? trace_hardirqs_on+0x5b/0x180 [ 3273.528123] vfs_iter_write+0x70/0xa0 18:35:16 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="00f0ff7f1400210c000000000000000002"], 0x28}}, 0x0) [ 3273.528918] iter_file_splice_write+0x726/0xc90 [ 3273.530045] ? generic_splice_sendpage+0x140/0x140 [ 3273.531127] ? security_file_permission+0xb1/0xe0 [ 3273.532111] ? generic_splice_sendpage+0x140/0x140 [ 3273.533143] direct_splice_actor+0x10f/0x170 18:35:16 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002002210c000000000000000002"], 0x28}}, 0x0) [ 3273.534038] splice_direct_to_actor+0x387/0x980 [ 3273.535124] ? pipe_to_sendpage+0x380/0x380 [ 3273.536056] ? do_splice_to+0x160/0x160 [ 3273.536913] ? security_file_permission+0xb1/0xe0 [ 3273.537930] do_splice_direct+0x1c4/0x290 [ 3273.538826] ? splice_direct_to_actor+0x980/0x980 [ 3273.539859] ? avc_policy_seqno+0x9/0x70 [ 3273.540721] ? security_file_permission+0xb1/0xe0 [ 3273.541766] do_sendfile+0x553/0x11e0 [ 3273.542594] ? do_pwritev+0x270/0x270 [ 3273.543422] ? wait_for_completion_io+0x270/0x270 [ 3273.544434] ? rcu_read_lock_any_held+0x75/0xa0 [ 3273.545446] ? vfs_write+0x354/0xb10 [ 3273.546246] __x64_sys_sendfile64+0x1d1/0x210 [ 3273.547204] ? __ia32_sys_sendfile+0x220/0x220 [ 3273.548186] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3273.549317] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3273.550425] do_syscall_64+0x33/0x40 [ 3273.551155] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3273.551228] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3273.553299] RIP: 0033:0x7f8c0677ab19 [ 3273.554079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3273.558008] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3273.559563] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3273.561006] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3273.562525] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3273.564074] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3273.565593] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3273.593324] loop2: detected capacity change from 0 to 32256 [ 3273.829434] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=544 sclass=netlink_route_socket pid=16701 comm=syz-executor.0 [ 3273.854292] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=544 sclass=netlink_route_socket pid=16704 comm=syz-executor.0 18:35:30 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002003210c000000000000000002"], 0x28}}, 0x0) 18:35:30 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x40000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:35:30 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 23) 18:35:30 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xd1040000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:35:30 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001200210c000000000000000002"], 0x28}}, 0x0) 18:35:30 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="effdffff1400210c000000000000000002"], 0x28}}, 0x0) 18:35:30 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x4007fff, 0x3, &(0x7f0000001380)=[{&(0x7f0000000140)="123c647253b9bb66989a40eec0d0fdd4056e2e5894641a8f8c00f344fae335d653521327a87907aed27ed37c86251855263e41ac47b545fcfb4bf974b43eb3e323da6aa8859e34f39bd4718d41c430a4ed8ad7ce088c98a151e92f2e2cc60a2c3a918e53338fb9e3d6cf6cbc57cf32", 0x6f, 0x9cc}, {&(0x7f00000002c0)="710bd052dc672407dbe2e325458034554599aaa14ff156f5c4af8b15fa75cdf83ebc750816932e2479cd94cfc347d8851e6a94e9a8d7721e1553082c044224755f61d06c3e99600ad5ad92bfc2600d23acc1fbf12b710b95ba26b833947695ac743c483ef416f3e8dabbc63ef7f1be576cddf5012a9cfa2d4e372b792f8eaadad3d92a7a4dccf961f5b292164c699aa146865f05732873e844e5b8577cd7678a2cd3", 0xa2, 0x6}, {&(0x7f0000000380)="0e3218a5276ff975bcdbf2221f0b540c253af4159a054b58e15f5bbb840b678a12d5c5f5794947599f276158f46fd116ddf02ba6cbb5bd5e80a0232252ac8b7038a35d3f4947607be65fc68709e7a0918816f3621d5b85447cc5d8a0af3af8f478feb8d93871c2674b2759dac21a5f5cdba72b0b44e907a20a011c549a79cf1306fea1e659c5da676479be2d3ea1a78f653664e4a69db83629c9e455bc9fecd386ee7fb5c13eca9865257b7c83b74215660697de12730f14286b3b67a3d4e532498b36f595c829e3921e4b4817a196e71dc7fde2ce5a6bf3002c38ee72c155f6bc70210aca7859fa38b0e98c19ac88e8ef61d8408ce520ea8a5e86ebb84f1abc24369df5912fd8953408e84880c6e2bd4646d0be7a2c407ebd775893e30e387f34d9736f6ef3db90cf2487d3ec8da8f148551a8eb6ac07992e953b72c806ab358830aae60c644ffe4d417021f6571bb9c8cc0778cfd54753c0e042fc5e5d39b4b9308ffb11f0da58c103ebf1f6d6793aa1c0b3fdd534bdbbdb00660cbee6f5c904614560fee0be78304bc64cf98704a7e20f8b3a87aaaf0995913fc95a783235e398c61ec77d6c25f2819817e78bfbbe4506d6b27d64b0d668b801e3a08a9224f88b4b181268b9a8bfcabb2cbe999894be5e86abc28e07e5599a34df763b1b647ced8a45bb5479d687ead5106090d6a9fee874642f40d7bbcaa4ee83ed2481367baf23394eaf92e1e67c89f7f74d0a407557ca138a3da315de72fcff3b69a09e84843dc27dd2991d74bfa1f58e105c6faaae09011a49c6b4bb497154cc4d825a835fa1842957f38df9340963e5b04b91eedfad814d9790236a1a69da23647529ebe0722fe7c94b032fb2036107b36a5feead4529015c48bbb81cbf70fd5e608c0f66b62c471d8d5ce23c595a7c90fcd3ba30071115bb3e3e18536e18f984f83c4a404fd481e72695685c1849b0fa0aba4bd7fbe4794dc1e9eacb224751df8074bcfee00f243fcbfbfec293c3fd00e76ecb24978f01190ac3aadb1e56a68eac9f936045df719cf56b5e18c873801dcb809ae0d131e3738ba39f6c4091af4d645d977d9d35a2f9d83de04621713a2f39e83c138e36ac5dc4ba4d22e42dcbdc8053ccab4c60dcb321363329ba14a0d251bd6581670c1ce9c59a49adae14b6e30719dfccb8d3797344fe65a4d68a00543672bc5c9f2e6949427eec7f20c1b3006d6fc88cd43eb1262cc52b5263eaa00622bc70bc9fed5c2747087b8745e6703f329e39611db41ddced18e040f0abfda64fa9e129f56cd94eb7bbf11eaf216128c584046416147664b98b7f8975656f143ec10952b81eaac93be676aa5876a6eaaec4ebdad20cd454a582edd6bd181dcb1922346ffbb543e1faa7fb64cf51a9f3c9eccf11849570c0923a0f702818deab358faf1e9acc8a20a58afc9ee123ecb252af1961fe99ae50987e243883271dab0ca9646e301a9952cf41f6e229c1fccc543174872ba09e65068384084ea2c664703fb252570fefe3997bd168093050bb36cdabf0c7226195c04d851ebd0ea48d8c05015330e714512e0fa35327c3ae828ab121df95eeddfc2b28fa7677170fbe40e2c7939f5f7b543b0a3728529f5440a4a640ae7e1dbff545bcc81d7cd4f7cdafdd4c426337fee391a8615294bcf98000d30883ad1ec4cddbb0f0fa8194d1acb9b464b1e664ab078824a6e96399c9e43e2aa17b819fe7f5cc6a99790c5f29104a9c723004d4691d105e9fad46bb767e572889ea9c42d3d13ddde355be4be1a6c6841cd7239950aefeaa8e7e88229dd6e77fcffef21cb4b0b60de715e7921df76d9d86144578e6703983494680d5079d1fc8a8457e545a654ecd0389a627c2e43b20550b172dbaa829b05fa35ef5307304049ff832c9abe44ff7939adb8a4e1c3cd1ae7c21aa96ec385fb9c5af6d5c08eb24839f89d2e1ed8f0f56c4c461f3e86ac7c5af15414ba1b6784adea342f390110d8e14f37c139d8b6f34f23df371a5fe0a27a8ba9b0685908e6a763133b7fee68ea90516ddaa42e2f64d37dd94112ff2bc2fa8b11768074bc72f10bc35943e1c814039ef978ad8ccb4770ad4039feba0afe64168ddc72ffd48f2df607c9f5baf83fe8fe521b05636f09e8f594361c62839527e5776918a8c2ffb93761f73a72acbe933eb99fe0a3a7e3403e3f736db97f1d2881d9ce5f0972db83f8b8e7dccbb587859201acd8cf3275a075e9ea021c05438a3fac136540c4a31d2db4f1b8cd00a32daa087ed4ce2392088bb3ca06502b3223ac4bcea516f4c9675bdc83da0cb5533ad16d0fa2f6a5c973dedcc1868b25093b4b92325b02f85f28086c12e4819de4ef050b3a751253b8199816aa764cfc45fe523e360ac185cd73d238eafa873a9faefcb1c31c6d215ad2785d6c14404e7e2d9ec2a2ed952864975fb8c169ce1139cc4968f13942f453da627cbf3d521e414e0986becc6e304ddc9a929444491e15d655e28d30cecc6656eb3574a4e39fcc561c6e30542ff9742324c52c3629931bcff9d1c436c3a7d2a7c2748cc2d5c8f7ccf9797a0862ee068979cacdc7506396d53280591b25a30a7c49fb59fc7682d897d2d8938ddea92d5a0c3d51df749493fd5e6cd927431f09ff01ebdf6e210ede25574f135ecf770b7a8aa581388e5d2b21557796da05f56617e07dabfaa3e526a7925fd4034b3b4a31812f46a38315a9511091488737e320e98a749a569686fea661d0b5cd00184dfdf8eb1ddab686fbc92afcfc7afa4abf6b3c871aaeb7a21261c9a610869268cda5d94e2dfac6888866caccd18bde9a84b0ed7ef748163a6c3b205e230ca0c7a24e1e91a5b05e2aff8085cab08783517f61abc1bce424eb989180065ad649b563d97a26a5530dde201dc3e7126e8384dcf1fc65d82b61fc8d96e1706238f34698de6b1bc86e9ae9cc86c67226f6c3aa5eb3d9b3c987d24ec7ad631ef348ffb4c1007413e114e4a67bd6f9edee06ece88222ee4249b45309cc8964b78581fa32d831510916421adf920ceee72fc706a2c749aa0e034ab7ab75ad0b13d6904ce1795ec0d84a67b03b7ac8a93f38a335c0dbc01b6b2152a8c69fe90d23f6894bdb005e9e7c3d575749a498aed0a573f0a210c9b1c2f17e05f8ba9814e992036fb3a21b47b05127641adce3cec949173c6becac82aad4b92fdfb3c408fd27e4742db28d2d005378d5fb2971365ad3455068d13a54b917e2bca42941cebbc5821d50c551aa86bc441eb49a95534312c8079487ec26e63af5a18c0bced076d4a786e82c2cbabddf964cabb8c70fd2a9a53d57210b5b2a592a8cdc37d60d753e85270176f9466df802a5f8252d9fe05fb215660bbc35e8b8c4a4b10c98352a420df0610ba6e80a8863476ed9b65b38fe4929dcdaaab5ddcbec0b029c9b8658ff92b51d3c311477d563ae5e70b82d543efc43575dc34a1ac4c0fa88d34d914ccd074c631ae7fd6d3aa5f73cb3fe55e65b39a845da124a7dea5e56257f0be7c23f64fb0c1cab6f430b7fcb212a000fbbc3a7f8c5cb9288e3baf51c8ab26f43a2dc9442869d6dcbc94e57ced920c45541846fd7a5173d01b756f9ffd4918b41ec27e36dae56da257283ce79a86d443ebb36cfccccbc01d8c53573e63126543b63d9b530d54a613a54d1017e29e2c69bb1f2b3421b99199ba1f5e5c0a8d6d92522ef4a7cdf953fad00eaa7557c6ccd90ce0cc1e6a67322bb03521cfe4e99a523eac69967793f85d2eb4bc6a2c4cec07f4798c582cd63081cb035ea6fd4f5cb36cd61e19fc2ab45c67e4c56d5d789530dad5fc34d03c115e4ddffa7b275fbe3c720ad2ea10457d1e73b2fb977665fcd3b8f43b9efde85f92a47218dafb3c628a5db68557c70773b1b50bff52df8325df307893617c245c6a9728db31b40de2513d65c108972249c6ad35b6b3097535bae7c4612552e46b8d8fd2bf72e6eb22df84bdac04ae803b5b93f0ebe43a47d405bf76018858e7818ad26e099c72430823dd0be96737ee803b229ec998ec314f52d847b06211d71cd0c0f0df0d131edfbc3b3a676e0f4a8c619ff1adbe0fa2a1d33f8784fa34e19f9f8b4f3974b7ebe2b8966501a12bc082db9774770d198d3ecf846a2de3dff55666c1dd0fd42ae93af4753ff2fadbefa1dc5fc567286289c059dd0629f38c0de06701fa8c9331dad96d84c2276d4c40d0783ece0a5afd7938bd426d2b284bcc09dcaa00fd46a740e94f77d8d441afb857e03b2ba78fc797a115194248222471b2d08d74ccaf7ca83b8a6e2aa3e4353f35a3e7ee63c119bf90b8952d29f67e7457eb72fa455e403d4f4a87b8382857006442603931333e25d18044385831614fa4e23938d64d3b2a055028b5c6b14a229e75ba896bbcaf124404df178b76c4f1160e76d2f0924313268980a18cd9cbe8b4d965a66ccca0206434d48137e1bf831aa7d60f90ab072756c095bdbd5fe0a284f6c8c836d4fb8c2fcd6b0261ce6debdd0e2eeeb3da1f7ed0f50c1fbd3b388508fbb3d1f5f1735652f513a07413b46c885bfcbd2272b6cf1c1388d1aef7ecdf07b075ab6fe459fdb4e54d50e192d47e6b81ad5f9eee4398cc776aab04a3bc442a3791666a29929448dec803310117e03923e399d1a4df234a0eec385c454dd9ce1ab553e22a2712d8155f6a5e7420469e8383e2698a20d7fc02c267183a3cfb92ca9e6e91bcc43d10073fc2573610b69308b479142d6fa0b02f37c98f1f39d4005aee388bb5d1610936c9bc1742d6a68d369e96bb1fca91648269a02022980eb7c4442d85f90779ce0e4de1c7debd377544ab241853b8c2ffe9f18185e561fbdead98c1f3caf2dc2c153797461546612c5664d164a81804b00dd9546a99bced2700adf7879f0c6fd1a83dbd81cf135556c9eb93df081053138e2f7a0e845e40cd274daa7b311457a35c9a0ccce2d88c7f92ffaf1f27d03cb54b4b4ef10c52565a02f5246db77b826750e1978fe49812aaeb15a03b9413cc89bd1ebbfe0cf0b9bc98e84bc2332e9f7d2815152be8522d40cf1542e71305007f5cd887d7aab4f1bedc528d3c670459953e70ed90640646d83cca9bb439fcae8c88df130406ee6797ce335b08dcc511b6ca7280ecb491eba58ecfbbe7085d0ceb77606da04c820c4975240157d5de5a4af9b093979e97eff92abe8a8bc63756c455c686091ede2179d67ddd5856798a43442149b2e73406dd18e66e0f2ff5f82d55cbfd499037e5d6e7e0cf8d13bb5c088f2464cb2e8ad3fc9ed29d8acab332f8514ac9964db7c72ebb6f58607f297487e710665cce0778e8a437dd5583586a18391a576bac855d82475a35831bb3ff09204dad1c5ef7306588f1a8fe8d364b77736f9fd3c76aa10d5ebd0a92afeb66c29c5d92ceb3797915b9560abd78034ab206fac30d18c859ddb67a84264111b9e6cdadb91aac2920726c3cf07b8000d0d0ffea75914ca8307d69a334c547ce448c558c11151ce7288a7b6704ffe700101fa202cec5398e60065ae2b1e50e1a36224be2bee2c1932090cd588e8c78adda5d0c61c8cdd49a29b9979850465003485d03171dbd1ad5722a2d4f910ac7f729ba7a0eb169ebbb3560cc507123e090fe2ff711e2401f36c51b747d9cef57a520df72304587643d419740cb589791448140463311a854842d0bdae088ac1842285e7968964cbdc9e52680662ba8486085804fd0606cb20db1b3e718bede9b1f640de275b846d84c1e30128078480bfc07f4b431f06ee61cc06af9f29c13a202fef4f1176c162cf447a16264d13bd1d0a6", 0x1000, 0x62}], 0x2000, &(0x7f0000000240)=ANY=[]) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_WRITE_FIXED={0x5, 0x0, 0x4, @fd_index=0x2, 0x623, 0x0, 0xffff, 0x4, 0x1, {0x3}}, 0x8) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) setxattr$security_selinux(&(0x7f0000000200)='./file1\x00', &(0x7f0000000240), &(0x7f0000000280)='system_u:object_r:gpg_agent_exec_t:s0\x00', 0x26, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x22) umount2(&(0x7f0000000040)='./file0\x00', 0xa) 18:35:30 executing program 2: syz_mount_image$vfat(0x0, &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) [ 3288.293693] FAULT_INJECTION: forcing a failure. [ 3288.293693] name failslab, interval 1, probability 0, space 0, times 0 [ 3288.296233] CPU: 1 PID: 16717 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3288.297701] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3288.299453] Call Trace: [ 3288.300013] dump_stack+0x107/0x167 [ 3288.300783] should_fail.cold+0x5/0xa [ 3288.301594] ? create_object.isra.0+0x3a/0xa30 [ 3288.302551] should_failslab+0x5/0x20 [ 3288.303365] kmem_cache_alloc+0x5b/0x310 [ 3288.304224] ? quarantine_put+0x8b/0x1a0 [ 3288.305085] ? trace_hardirqs_on+0x5b/0x180 [ 3288.306001] create_object.isra.0+0x3a/0xa30 [ 3288.306928] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3288.308010] kmem_cache_alloc+0x159/0x310 [ 3288.308887] ? mempool_free_pages+0x20/0x20 [ 3288.309793] mempool_alloc+0x148/0x360 [ 3288.310126] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3288.310623] ? mempool_resize+0x7d0/0x7d0 [ 3288.310644] ? lock_downgrade+0x6d0/0x6d0 [ 3288.310675] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3288.315202] bio_alloc_bioset+0x36e/0x600 [ 3288.316083] ? bvec_alloc+0x2f0/0x2f0 [ 3288.316885] ? iov_iter_npages+0x1fd/0xa70 [ 3288.317792] iomap_dio_bio_actor+0x518/0xef0 [ 3288.318731] iomap_dio_actor+0x36f/0x560 [ 3288.319599] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3288.320578] ? do_syscall_64+0x33/0x40 [ 3288.321399] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3288.322534] iomap_apply+0x289/0x810 [ 3288.323339] ? iomap_dio_rw+0x90/0x90 [ 3288.324144] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3288.325364] ? mark_held_locks+0x9e/0xe0 [ 3288.326240] ? filemap_check_errors+0xa5/0x150 [ 3288.327218] __iomap_dio_rw+0x6cd/0x1110 [ 3288.328071] ? iomap_dio_rw+0x90/0x90 [ 3288.328886] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3288.329863] ? ext4_orphan_add+0x253/0x9e0 [ 3288.330752] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3288.331804] ? ext4_empty_dir+0xae0/0xae0 [ 3288.332675] ? jbd2__journal_start+0xf3/0x7e0 [ 3288.333630] iomap_dio_rw+0x31/0x90 [ 3288.334400] ext4_file_write_iter+0xe0e/0x1530 [ 3288.335379] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3288.336338] ? kasan_save_stack+0x32/0x40 [ 3288.337211] ? kasan_save_stack+0x1b/0x40 [ 3288.338082] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3288.339158] ? iter_file_splice_write+0x165/0xc90 [ 3288.340169] ? direct_splice_actor+0x10f/0x170 [ 3288.341128] ? splice_direct_to_actor+0x387/0x980 [ 3288.342138] ? do_splice_direct+0x1c4/0x290 [ 3288.343051] ? do_sendfile+0x553/0x11e0 [ 3288.343883] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3288.344853] ? do_syscall_64+0x33/0x40 [ 3288.345673] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3288.346810] do_iter_readv_writev+0x476/0x750 [ 3288.347755] ? _cond_resched+0x10/0x30 [ 3288.348584] ? new_sync_write+0x660/0x660 [ 3288.349462] ? avc_policy_seqno+0x9/0x70 [ 3288.350314] ? selinux_file_permission+0x92/0x520 [ 3288.351335] ? security_file_permission+0xb1/0xe0 [ 3288.352384] do_iter_write+0x191/0x700 [ 3288.353208] ? trace_hardirqs_on+0x5b/0x180 [ 3288.354121] vfs_iter_write+0x70/0xa0 [ 3288.354934] iter_file_splice_write+0x726/0xc90 [ 3288.355933] ? generic_splice_sendpage+0x140/0x140 [ 3288.356979] ? security_file_permission+0xb1/0xe0 [ 3288.358003] ? generic_splice_sendpage+0x140/0x140 [ 3288.359045] direct_splice_actor+0x10f/0x170 [ 3288.359975] splice_direct_to_actor+0x387/0x980 [ 3288.360957] ? pipe_to_sendpage+0x380/0x380 [ 3288.361866] ? do_splice_to+0x160/0x160 [ 3288.362703] ? security_file_permission+0xb1/0xe0 [ 3288.363730] do_splice_direct+0x1c4/0x290 [ 3288.364607] ? splice_direct_to_actor+0x980/0x980 [ 3288.365624] ? avc_policy_seqno+0x9/0x70 [ 3288.366484] ? security_file_permission+0xb1/0xe0 [ 3288.367514] do_sendfile+0x553/0x11e0 [ 3288.368331] ? do_pwritev+0x270/0x270 [ 3288.369134] ? wait_for_completion_io+0x270/0x270 [ 3288.370154] ? rcu_read_lock_any_held+0x75/0xa0 [ 3288.371134] ? vfs_write+0x354/0xb10 [ 3288.371930] __x64_sys_sendfile64+0x1d1/0x210 [ 3288.372875] ? __ia32_sys_sendfile+0x220/0x220 [ 3288.373842] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3288.374964] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3288.376059] do_syscall_64+0x33/0x40 [ 3288.376848] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3288.377924] RIP: 0033:0x7f8c0677ab19 [ 3288.378709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3288.382598] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3288.384209] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3288.385710] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3288.387216] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3288.388714] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3288.390213] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3288.396862] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=800 sclass=netlink_route_socket pid=16728 comm=syz-executor.0 18:35:31 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001300210c000000000000000002"], 0x28}}, 0x0) [ 3288.403285] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:35:31 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x48000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3288.424520] loop2: detected capacity change from 0 to 32256 18:35:31 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000000f00210c000000000000000002"], 0x28}}, 0x0) [ 3288.455585] loop5: detected capacity change from 0 to 67141120 [ 3288.464787] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15 sclass=netlink_route_socket pid=16736 comm=syz-executor.1 [ 3288.501523] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3288.507520] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=800 sclass=netlink_route_socket pid=16728 comm=syz-executor.0 [ 3288.527279] loop5: detected capacity change from 0 to 67141120 18:35:46 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 24) 18:35:46 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x4c000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:35:46 executing program 2: syz_mount_image$vfat(0x0, &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:35:46 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001000210c000000000000000002"], 0x28}}, 0x0) 18:35:46 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:35:46 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002004210c000000000000000002"], 0x28}}, 0x0) 18:35:46 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xf0ffffff, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:35:46 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x2200, 0x160) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, 0x0}}, './file1\x00'}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) getgroups(0x8, &(0x7f0000000380)=[0x0, 0x0, r2, r1, r2, r1, r2, r2]) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, 0x0}}, './file1\x00'}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) ioctl$BTRFS_IOC_SPACE_INFO(r3, 0xc0109414, &(0x7f00000003c0)={0x51a, 0x6, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) getgroups(0x8, &(0x7f0000000380)=[0x0, 0x0, r5, r4, r5, r4, r5, r5]) getresgid(&(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300)=0x0) lsetxattr$system_posix_acl(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='system.posix_acl_default\x00', &(0x7f0000000340)={{}, {}, [{}, {0x2, 0x3, 0xee01}, {0x2, 0x4, 0xffffffffffffffff}, {0x2, 0x5, 0xee00}], {0x4, 0x2}, [{0x8, 0x5, r2}, {0x8, 0x6, r5}, {0x8, 0x0, r6}], {0x10, 0x1}, {0x20, 0x7}}, 0x5c, 0x1) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x498}}, './file0/file0\x00'}) [ 3303.707865] FAULT_INJECTION: forcing a failure. [ 3303.707865] name failslab, interval 1, probability 0, space 0, times 0 [ 3303.710607] CPU: 1 PID: 16756 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3303.712262] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3303.712999] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3303.714240] Call Trace: [ 3303.714271] dump_stack+0x107/0x167 [ 3303.714298] should_fail.cold+0x5/0xa [ 3303.717709] ? create_object.isra.0+0x3a/0xa30 [ 3303.718784] should_failslab+0x5/0x20 [ 3303.719696] kmem_cache_alloc+0x5b/0x310 [ 3303.720659] ? lock_chain_count+0x20/0x20 [ 3303.721642] create_object.isra.0+0x3a/0xa30 [ 3303.722682] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3303.723904] __kmalloc+0x16e/0x390 [ 3303.724761] ext4_find_extent+0xa77/0xd70 [ 3303.725759] ext4_ext_map_blocks+0x1c8/0x5880 [ 3303.726846] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3303.728102] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3303.728148] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3303.729346] ? ext4_ext_release+0x10/0x10 [ 3303.729374] ? ext4_map_blocks+0x5cd/0x1910 [ 3303.732372] ? lock_release+0x680/0x680 [ 3303.733303] ? ext4_es_lookup_extent+0x485/0xa80 [ 3303.734421] ? lock_downgrade+0x6d0/0x6d0 [ 3303.734499] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3303.735412] ? down_write+0xe0/0x160 [ 3303.735434] ? down_write_killable+0x180/0x180 [ 3303.735471] ext4_map_blocks+0x63f/0x1910 [ 3303.739378] ? kmem_cache_alloc+0x2a6/0x310 [ 3303.740404] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 3303.741449] ? jbd2__journal_start+0xf3/0x7e0 [ 3303.742497] ? __ext4_journal_start_sb+0x214/0x390 [ 3303.743649] ? __ext4_journal_start_sb+0x1db/0x390 [ 3303.744813] ext4_iomap_begin+0x3ad/0x700 [ 3303.745783] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3303.746922] ? iomap_dio_actor+0x377/0x560 [ 3303.747896] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3303.748970] ? do_syscall_64+0x33/0x40 [ 3303.749879] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3303.751116] iomap_apply+0x164/0x810 [ 3303.751974] ? iomap_dio_rw+0x90/0x90 [ 3303.752857] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3303.754189] ? mark_held_locks+0x9e/0xe0 [ 3303.754620] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3303.755144] ? filemap_check_errors+0xa5/0x150 [ 3303.755174] __iomap_dio_rw+0x6cd/0x1110 [ 3303.757268] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3303.758151] ? iomap_dio_rw+0x90/0x90 [ 3303.758198] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3303.761102] ? ext4_orphan_add+0x253/0x9e0 [ 3303.762068] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3303.763204] ? ext4_empty_dir+0xae0/0xae0 [ 3303.764143] ? jbd2__journal_start+0xf3/0x7e0 [ 3303.765174] iomap_dio_rw+0x31/0x90 [ 3303.766004] ext4_file_write_iter+0xe0e/0x1530 [ 3303.767066] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3303.768106] ? kasan_save_stack+0x32/0x40 [ 3303.769041] ? kasan_save_stack+0x1b/0x40 [ 3303.769984] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3303.771153] ? iter_file_splice_write+0x165/0xc90 [ 3303.772253] ? direct_splice_actor+0x10f/0x170 [ 3303.773285] ? splice_direct_to_actor+0x387/0x980 [ 3303.774375] ? do_splice_direct+0x1c4/0x290 [ 3303.775352] ? do_sendfile+0x553/0x11e0 [ 3303.776242] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3303.776487] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3303.777284] ? do_syscall_64+0x33/0x40 [ 3303.777305] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3303.777335] do_iter_readv_writev+0x476/0x750 [ 3303.779417] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3303.780396] ? _cond_resched+0x10/0x30 [ 3303.780419] ? new_sync_write+0x660/0x660 [ 3303.780443] ? avc_policy_seqno+0x9/0x70 [ 3303.785495] ? selinux_file_permission+0x92/0x520 [ 3303.786583] ? security_file_permission+0xb1/0xe0 [ 3303.787678] do_iter_write+0x191/0x700 [ 3303.788553] ? trace_hardirqs_on+0x5b/0x180 [ 3303.789532] vfs_iter_write+0x70/0xa0 [ 3303.790381] iter_file_splice_write+0x726/0xc90 [ 3303.791445] ? generic_splice_sendpage+0x140/0x140 [ 3303.792555] ? security_file_permission+0xb1/0xe0 [ 3303.793632] ? generic_splice_sendpage+0x140/0x140 [ 3303.794733] direct_splice_actor+0x10f/0x170 [ 3303.795728] splice_direct_to_actor+0x387/0x980 [ 3303.796770] ? pipe_to_sendpage+0x380/0x380 [ 3303.797736] ? do_splice_to+0x160/0x160 [ 3303.798618] ? security_file_permission+0xb1/0xe0 [ 3303.799713] do_splice_direct+0x1c4/0x290 [ 3303.800622] ? splice_direct_to_actor+0x980/0x980 [ 3303.801682] ? avc_policy_seqno+0x9/0x70 [ 3303.802585] ? security_file_permission+0xb1/0xe0 [ 3303.803667] do_sendfile+0x553/0x11e0 [ 3303.804521] ? do_pwritev+0x270/0x270 [ 3303.805363] ? wait_for_completion_io+0x270/0x270 [ 3303.806430] ? rcu_read_lock_any_held+0x75/0xa0 [ 3303.807463] ? vfs_write+0x354/0xb10 [ 3303.807590] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3303.808287] __x64_sys_sendfile64+0x1d1/0x210 [ 3303.808308] ? __ia32_sys_sendfile+0x220/0x220 [ 3303.810519] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3303.811289] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3303.811314] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3303.814564] do_syscall_64+0x33/0x40 [ 3303.815390] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3303.816507] RIP: 0033:0x7f8c0677ab19 [ 3303.817317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3303.819421] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1056 sclass=netlink_route_socket pid=16784 comm=syz-executor.0 [ 3303.821320] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3303.821343] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3303.821355] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3303.821367] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3303.821379] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3303.821391] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3303.829646] loop2: detected capacity change from 0 to 32256 [ 3303.831473] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:35:46 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001500210c000000000000000002"], 0x28}}, 0x0) 18:35:46 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001100210c000000000000000002"], 0x28}}, 0x0) 18:35:46 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001200210c000000000000000002"], 0x28}}, 0x0) 18:35:46 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001300210c000000000000000002"], 0x28}}, 0x0) 18:35:46 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280200001400210c000000000000000002"], 0x28}}, 0x0) [ 3303.854165] loop5: detected capacity change from 0 to 32256 18:35:46 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x58000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3303.926602] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1056 sclass=netlink_route_socket pid=16784 comm=syz-executor.0 18:36:00 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280300001400210c000000000000000002"], 0x28}}, 0x0) 18:36:00 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x68000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:36:00 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r1, 0x0) fchownat(r0, &(0x7f0000000040)='./file0\x00', r1, 0xee01, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x4000) semctl$IPC_SET(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000280)={{0x0, r1, r2, r3, r2, 0x106, 0xfff}, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2b3}) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1020864, 0x0) recvmmsg$unix(r0, &(0x7f00000034c0)=[{{&(0x7f0000000300)=@abs, 0x6e, &(0x7f00000005c0)=[{&(0x7f0000000380)=""/170, 0xaa}, {&(0x7f0000000440)=""/212, 0xd4}, {&(0x7f0000000540)=""/51, 0x33}, {&(0x7f0000000580)}], 0x4, &(0x7f0000000600)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x20}}, {{&(0x7f0000000640), 0x6e, &(0x7f0000001880)=[{&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/145, 0x91}, {&(0x7f0000001780)=""/43, 0x2b}, {&(0x7f00000017c0)=""/129, 0x81}], 0x4, &(0x7f00000018c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0xb0}}, {{&(0x7f0000001980), 0x6e, &(0x7f0000001bc0)=[{&(0x7f0000001a00)=""/40, 0x28}, {&(0x7f0000001a40)=""/192, 0xc0}, {&(0x7f0000001b00)=""/138, 0x8a}, {&(0x7f0000001d00)=""/183, 0xb7}], 0x4, &(0x7f0000001c80)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}}, {{&(0x7f0000001dc0)=@abs, 0x6e, &(0x7f0000002080)=[{&(0x7f0000001e40)=""/203, 0xcb}, {&(0x7f0000001f40)=""/255, 0xff}, {&(0x7f0000002040)}], 0x3, &(0x7f00000020c0)=[@cred={{0x1c}}], 0x20}}, {{0x0, 0x0, &(0x7f00000021c0)=[{&(0x7f0000002100)=""/187, 0xbb}], 0x1}}, {{&(0x7f0000002200), 0x6e, &(0x7f0000002740)=[{&(0x7f0000002280)=""/144, 0x90}, {&(0x7f0000002340)=""/166, 0xa6}, {&(0x7f0000002400)=""/104, 0x68}, {&(0x7f0000002480)=""/37, 0x25}, {&(0x7f00000024c0)=""/250, 0xfa}, {&(0x7f00000025c0)=""/24, 0x18}, {&(0x7f0000002600)=""/199, 0xc7}, {&(0x7f0000002700)}], 0x8, &(0x7f00000027c0)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xc8}}, {{0x0, 0x0, &(0x7f0000002ac0)=[{&(0x7f00000028c0)=""/129, 0x81}, {&(0x7f0000002980)=""/121, 0x79}, {&(0x7f0000002a00)=""/35, 0x23}, {&(0x7f0000002a40)=""/65, 0x41}], 0x4, &(0x7f0000002b00)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x108}}, {{&(0x7f0000002c40), 0x6e, &(0x7f0000003200)=[{&(0x7f0000002cc0)=""/216, 0xd8}, {&(0x7f0000002dc0)=""/34, 0x22}, {&(0x7f0000002e00)=""/230, 0xe6}, {&(0x7f0000002f00)=""/81, 0x51}, {&(0x7f0000002f80)=""/151, 0x97}, {&(0x7f0000003040)=""/140, 0x8c}, {&(0x7f0000003100)=""/228, 0xe4}], 0x7, &(0x7f0000003280)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}}, {{0x0, 0x0, &(0x7f0000003440)=[{&(0x7f0000003340)=""/141, 0x8d}, {&(0x7f0000003400)=""/43, 0x2b}], 0x2, &(0x7f0000003480)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}}], 0x9, 0x0, &(0x7f0000003700)) r5 = getegid() ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000003740)={{0x1, 0x1, 0x18, r4, {r3, r5}}, './file0\x00'}) 18:36:00 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002005210c000000000000000002"], 0x28}}, 0x0) 18:36:00 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001600210c000000000000000002"], 0x28}}, 0x0) 18:36:00 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:36:00 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xffffe000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:36:00 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 25) [ 3317.910707] __nla_validate_parse: 1 callbacks suppressed [ 3317.910719] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3317.911076] FAULT_INJECTION: forcing a failure. [ 3317.911076] name failslab, interval 1, probability 0, space 0, times 0 [ 3317.916175] CPU: 0 PID: 16814 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3317.917684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3317.919512] Call Trace: [ 3317.920091] dump_stack+0x107/0x167 [ 3317.920891] should_fail.cold+0x5/0xa [ 3317.921721] ? ext4_find_extent+0xa77/0xd70 [ 3317.922655] should_failslab+0x5/0x20 [ 3317.923493] __kmalloc+0x72/0x390 [ 3317.924251] ext4_find_extent+0xa77/0xd70 [ 3317.925163] ext4_ext_map_blocks+0x1c8/0x5880 [ 3317.926152] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 18:36:00 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280400001400210c000000000000000002"], 0x28}}, 0x0) [ 3317.927294] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3317.928554] ? ext4_ext_release+0x10/0x10 [ 3317.929463] ? ext4_map_blocks+0x5cd/0x1910 [ 3317.930405] ? lock_release+0x680/0x680 [ 3317.931280] ? ext4_es_lookup_extent+0x485/0xa80 [ 3317.932310] ? lock_downgrade+0x6d0/0x6d0 [ 3317.933227] ? down_write+0xe0/0x160 [ 3317.934040] ? down_write_killable+0x180/0x180 [ 3317.935044] ext4_map_blocks+0x63f/0x1910 [ 3317.935958] ? kmem_cache_alloc+0x2a6/0x310 [ 3317.936903] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 3317.937876] ? jbd2__journal_start+0xf3/0x7e0 [ 3317.938854] ? __ext4_journal_start_sb+0x214/0x390 [ 3317.939923] ? __ext4_journal_start_sb+0x1db/0x390 [ 3317.940994] ext4_iomap_begin+0x3ad/0x700 [ 3317.941906] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3317.942983] ? iomap_dio_actor+0x377/0x560 [ 3317.943910] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3317.944918] ? do_syscall_64+0x33/0x40 [ 3317.945768] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3317.946923] iomap_apply+0x164/0x810 [ 3317.947738] ? iomap_dio_rw+0x90/0x90 [ 3317.948565] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3317.949820] ? mark_held_locks+0x9e/0xe0 [ 3317.950714] ? filemap_check_errors+0xa5/0x150 [ 3317.951715] __iomap_dio_rw+0x6cd/0x1110 [ 3317.952590] ? iomap_dio_rw+0x90/0x90 [ 3317.953432] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3317.954420] ? ext4_orphan_add+0x253/0x9e0 [ 3317.955339] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3317.956405] ? ext4_empty_dir+0xae0/0xae0 [ 3317.957298] ? jbd2__journal_start+0xf3/0x7e0 [ 3317.958279] iomap_dio_rw+0x31/0x90 [ 3317.959074] ext4_file_write_iter+0xe0e/0x1530 [ 3317.960086] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3317.961067] ? kasan_save_stack+0x32/0x40 [ 3317.961964] ? kasan_save_stack+0x1b/0x40 [ 3317.962864] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3317.963978] ? iter_file_splice_write+0x165/0xc90 [ 3317.965020] ? direct_splice_actor+0x10f/0x170 [ 3317.966003] ? splice_direct_to_actor+0x387/0x980 [ 3317.967041] ? do_splice_direct+0x1c4/0x290 [ 3317.967994] ? do_sendfile+0x553/0x11e0 [ 3317.968851] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3317.969855] ? do_syscall_64+0x33/0x40 [ 3317.970700] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3317.971872] do_iter_readv_writev+0x476/0x750 [ 3317.972848] ? _cond_resched+0x10/0x30 [ 3317.973692] ? new_sync_write+0x660/0x660 [ 3317.974594] ? avc_policy_seqno+0x9/0x70 [ 3317.975481] ? selinux_file_permission+0x92/0x520 [ 3317.976527] ? security_file_permission+0xb1/0xe0 [ 3317.977584] do_iter_write+0x191/0x700 [ 3317.978430] ? trace_hardirqs_on+0x5b/0x180 [ 3317.978727] loop5: detected capacity change from 0 to 32256 [ 3317.979387] vfs_iter_write+0x70/0xa0 [ 3317.979411] iter_file_splice_write+0x726/0xc90 [ 3317.979448] ? generic_splice_sendpage+0x140/0x140 [ 3317.979488] ? security_file_permission+0xb1/0xe0 [ 3317.984424] ? generic_splice_sendpage+0x140/0x140 [ 3317.985490] direct_splice_actor+0x10f/0x170 [ 3317.986459] splice_direct_to_actor+0x387/0x980 [ 3317.987499] ? pipe_to_sendpage+0x380/0x380 [ 3317.988451] ? do_splice_to+0x160/0x160 [ 3317.989313] ? security_file_permission+0xb1/0xe0 [ 3317.990368] do_splice_direct+0x1c4/0x290 [ 3317.991274] ? splice_direct_to_actor+0x980/0x980 [ 3317.992315] ? avc_policy_seqno+0x9/0x70 [ 3317.993201] ? security_file_permission+0xb1/0xe0 [ 3317.994256] do_sendfile+0x553/0x11e0 [ 3317.995095] ? do_pwritev+0x270/0x270 [ 3317.995929] ? wait_for_completion_io+0x270/0x270 [ 3317.996976] ? rcu_read_lock_any_held+0x75/0xa0 [ 3317.997981] ? vfs_write+0x354/0xb10 [ 3317.998791] __x64_sys_sendfile64+0x1d1/0x210 [ 3317.999767] ? __ia32_sys_sendfile+0x220/0x220 [ 3318.000760] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3318.001894] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3318.003012] do_syscall_64+0x33/0x40 [ 3318.003825] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3318.004934] RIP: 0033:0x7f8c0677ab19 [ 3318.005741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3318.009733] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3318.011388] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3318.012935] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3318.014484] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3318.016037] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3318.017583] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:36:00 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280200001800210c000000000000000002"], 0x28}}, 0x0) [ 3318.031174] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1312 sclass=netlink_route_socket pid=16834 comm=syz-executor.0 18:36:00 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280500001400210c000000000000000002"], 0x28}}, 0x0) [ 3318.062164] loop2: detected capacity change from 0 to 32256 18:36:00 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x692ddbb2, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:36:00 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 26) [ 3318.084251] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:36:00 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280300001800210c000000000000000002"], 0x28}}, 0x0) [ 3318.148156] FAULT_INJECTION: forcing a failure. [ 3318.148156] name failslab, interval 1, probability 0, space 0, times 0 [ 3318.150926] CPU: 0 PID: 16849 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3318.152614] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3318.154806] Call Trace: [ 3318.155439] dump_stack+0x107/0x167 [ 3318.156236] should_fail.cold+0x5/0xa [ 3318.157068] ? create_object.isra.0+0x3a/0xa30 [ 3318.158208] should_failslab+0x5/0x20 [ 3318.159237] kmem_cache_alloc+0x5b/0x310 18:36:00 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xfffff000, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:36:00 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) [ 3318.160287] create_object.isra.0+0x3a/0xa30 [ 3318.161428] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3318.162544] kmem_cache_alloc+0x159/0x310 [ 3318.163511] ext4_mb_new_blocks+0x698/0x45c0 [ 3318.164707] ? trace_hardirqs_on+0x5b/0x180 [ 3318.165724] ? ext4_cache_extents+0x148/0x2d0 [ 3318.166703] ? ext4_discard_preallocations+0xd80/0xd80 [ 3318.167948] ? ext4_ext_search_right+0x2e8/0xbd0 [ 3318.169219] ext4_ext_map_blocks+0x1a55/0x5880 [ 3318.170371] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3318.171720] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3318.172877] ? ext4_ext_release+0x10/0x10 [ 3318.173786] ? ext4_map_blocks+0x5cd/0x1910 [ 3318.174727] ? lock_release+0x680/0x680 [ 3318.175776] ? ext4_es_lookup_extent+0x485/0xa80 [ 3318.176872] ? lock_downgrade+0x6d0/0x6d0 [ 3318.177792] ? down_write_killable+0x180/0x180 [ 3318.178801] ext4_map_blocks+0x63f/0x1910 [ 3318.179736] ? kmem_cache_alloc+0x2a6/0x310 [ 3318.180892] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 3318.181947] ? jbd2__journal_start+0xf3/0x7e0 [ 3318.182927] ? __ext4_journal_start_sb+0x214/0x390 [ 3318.184132] ? __ext4_journal_start_sb+0x1db/0x390 [ 3318.185347] ext4_iomap_begin+0x3ad/0x700 [ 3318.186423] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3318.187718] ? iomap_dio_actor+0x377/0x560 [ 3318.188796] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3318.189850] ? do_syscall_64+0x33/0x40 [ 3318.190699] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3318.192119] iomap_apply+0x164/0x810 [ 3318.193111] ? iomap_dio_rw+0x90/0x90 [ 3318.194130] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3318.195668] ? mark_held_locks+0x9e/0xe0 [ 3318.196608] ? filemap_check_errors+0xa5/0x150 [ 3318.197611] __iomap_dio_rw+0x6cd/0x1110 [ 3318.198495] ? iomap_dio_rw+0x90/0x90 [ 3318.199358] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3318.200354] ? ext4_orphan_add+0x253/0x9e0 [ 3318.201273] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3318.202342] ? ext4_empty_dir+0xae0/0xae0 [ 3318.203250] ? jbd2__journal_start+0xf3/0x7e0 [ 3318.204236] iomap_dio_rw+0x31/0x90 [ 3318.205032] ext4_file_write_iter+0xe0e/0x1530 [ 3318.206040] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3318.207021] ? kasan_save_stack+0x32/0x40 [ 3318.207893] ? kasan_save_stack+0x1b/0x40 [ 3318.208757] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3318.209825] ? iter_file_splice_write+0x165/0xc90 [ 3318.210843] ? direct_splice_actor+0x10f/0x170 [ 3318.211811] ? splice_direct_to_actor+0x387/0x980 [ 3318.212828] ? do_splice_direct+0x1c4/0x290 [ 3318.213736] ? do_sendfile+0x553/0x11e0 [ 3318.214583] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3318.215569] ? do_syscall_64+0x33/0x40 [ 3318.216397] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3318.217540] do_iter_readv_writev+0x476/0x750 [ 3318.218490] ? _cond_resched+0x10/0x30 [ 3318.219333] ? new_sync_write+0x660/0x660 [ 3318.220217] ? avc_policy_seqno+0x9/0x70 [ 3318.221079] ? selinux_file_permission+0x92/0x520 [ 3318.222114] ? security_file_permission+0xb1/0xe0 [ 3318.223166] do_iter_write+0x191/0x700 [ 3318.223997] ? trace_hardirqs_on+0x5b/0x180 [ 3318.224924] vfs_iter_write+0x70/0xa0 [ 3318.225741] iter_file_splice_write+0x726/0xc90 [ 3318.226742] ? generic_splice_sendpage+0x140/0x140 [ 3318.227806] ? security_file_permission+0xb1/0xe0 [ 3318.228832] ? generic_splice_sendpage+0x140/0x140 [ 3318.229878] direct_splice_actor+0x10f/0x170 [ 3318.230816] splice_direct_to_actor+0x387/0x980 [ 3318.231815] ? pipe_to_sendpage+0x380/0x380 [ 3318.232937] ? do_splice_to+0x160/0x160 [ 3318.233965] ? security_file_permission+0xb1/0xe0 [ 3318.235001] do_splice_direct+0x1c4/0x290 [ 3318.235886] ? splice_direct_to_actor+0x980/0x980 [ 3318.237007] ? avc_policy_seqno+0x9/0x70 [ 3318.238002] ? security_file_permission+0xb1/0xe0 [ 3318.239038] do_sendfile+0x553/0x11e0 [ 3318.239868] ? do_pwritev+0x270/0x270 [ 3318.240727] ? wait_for_completion_io+0x270/0x270 [ 3318.241820] ? rcu_read_lock_any_held+0x75/0xa0 [ 3318.242800] ? vfs_write+0x354/0xb10 [ 3318.243605] __x64_sys_sendfile64+0x1d1/0x210 [ 3318.244553] ? __ia32_sys_sendfile+0x220/0x220 [ 3318.245518] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3318.246633] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3318.247739] do_syscall_64+0x33/0x40 [ 3318.248527] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3318.249789] RIP: 0033:0x7f8c0677ab19 [ 3318.250703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3318.254780] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3318.256407] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3318.258145] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3318.259897] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3318.261407] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3318.262921] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:36:00 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280600001400210c000000000000000002"], 0x28}}, 0x0) 18:36:00 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280400001800210c000000000000000002"], 0x28}}, 0x0) 18:36:00 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002006210c000000000000000002"], 0x28}}, 0x0) 18:36:00 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x50040, 0x108) r0 = syz_open_dev$vcsu(&(0x7f0000000040), 0x7, 0x2) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, &(0x7f00000001c0)) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x861, 0x0) [ 3318.306698] loop2: detected capacity change from 0 to 32256 18:36:00 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280700001400210c000000000000000002"], 0x28}}, 0x0) [ 3318.341706] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1568 sclass=netlink_route_socket pid=16863 comm=syz-executor.0 18:36:00 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x6c000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3318.356592] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:36:01 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280500001800210c000000000000000002"], 0x28}}, 0x0) [ 3318.399818] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:36:01 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), 0x0, 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:36:01 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x74000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:36:01 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280800001400210c000000000000000002"], 0x28}}, 0x0) 18:36:01 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002007210c000000000000000002"], 0x28}}, 0x0) 18:36:01 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$TIOCCONS(r1, 0x541d) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) [ 3318.495209] loop2: detected capacity change from 0 to 32256 [ 3318.559553] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1824 sclass=netlink_route_socket pid=16894 comm=syz-executor.0 [ 3318.584831] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1824 sclass=netlink_route_socket pid=16899 comm=syz-executor.0 [ 3318.615674] loop5: detected capacity change from 0 to 32256 18:36:13 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280900001400210c000000000000000002"], 0x28}}, 0x0) 18:36:13 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xffffff7f, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:36:13 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) r1 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1f, 0x6, &(0x7f0000000780)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17, 0x80000}, {0x0, 0x0, 0x1001000a00}, {&(0x7f00000004c0)="2940c45bb65504c634bb03b1e6bf881c106fa567a29b369dfdbe3a805a00463b8b35c439889cb2c7de92f43a6a4b4c46ce3575e58120f33bb0130efe9c9f0282a0203b1f3366a53fa6e50a8d14e82a15ec6a6e7a12a2d1e4277f111b731ec5499172a3c98e25324dbd3d4d288dadac390b4feb2a6f2066970f0d7b2bdbfd563b05266cc197bd0379ec2f4f1b6a9be38bce6c000a8764385f9955f4d9268ff975fbc28df134e88423831de2a9aa1ceb7ab398d6b611550a9d2d10e8abf48324a98a13b8ed336a570a38ace7c09c07f595fc94d09f934f22fecc9d359b0108c4b8459d", 0xe2, 0x4}, {&(0x7f00000005c0)="a96eac9bd54d402117bdc723f0b6b9928f3726b74a176eebfbff3209c83e", 0x1e, 0x3ffc0}, {&(0x7f0000000600)="81c4bfa3c2bbc94065c3b87ef37e4eb8c44b9f3bfc7006d6d9c338bdd66a5e368419eba9c370b13280ab5f0530e5a56a135d399dec1521aaf58146fcc3101f90cf77d1c954c170a290fa605b9c3d95f3caf7eccb0d1fd8511ed0299510740e161325c21dec6b1360027be741eaf0a2591bca0c61af1563ece1be9e81eaf878037111c42d69ec61750c33b1e3a26ba5e10b7136a813cbc835cd2efc175aec700fe3acf8c9cb5bde8c133a4faa2fc3758474817847329e3c7ab9e825b151188da65b05107530f76ec7015753263efa88053c7552c0ac2e22e6b87a3640f1ee6efffc9fc761dde0d7589ca596963a074d0da2281a1f976f", 0xf6, 0x400}, {&(0x7f0000000700)="d29b2ee241a1073004c34b7ec1f4b1113aaecc337609b50d55a1bd36bb805a7413a2c905d5b8fead6c7985948a9344b435848d168fa26d6e4e598967c3a2f853775ab77bb259cf753269e65d1bdfed51e4eb86ccd58f897c745376b9e8", 0x5d, 0x200}], 0x0, &(0x7f0000000240)=ANY=[]) mkdirat(r1, &(0x7f0000000180)='./file0\x00', 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000880)={{0x1, 0x1, 0x18, r0, {0x9}}, './file1\x00'}) r3 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) mkdirat(r3, &(0x7f0000000180)='./file0\x00', 0x0) faccessat2(r3, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f0000000940)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r3, @ANYBLOB="1f000000000000002a2f66696c653100528150e3e783459a8ea86996ab427bf270062b66fb0f995ff3f32aa003f3969ac8c041bf72c315f8c825d49d16e1a7eeae0000000000000000000000000000000000000000d0d092d13e435533"]) faccessat2(r1, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f0000000400)={{}, {0x800}, 0x126, 0x0, 0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)="97670d00dfbf85323b49cfc00b4a5d361298d737d55a99542d33146fb7e5017e4edec9ca85ebb6a08756878b45fa4a275fefc905933ba6d25fe3a5b4febb6b66d869d7dbda03b44666aae30ea0af51b443361a17a8823cd3a1a73146f7287cee4caa73f0d5e8b81499e5398990405c0a4e339160182420763c43a0e2d5dfaa4393cc40ff64ed6db7030ca9bf069733f632a755a6", 0x94, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000f2000000000000000c1a00000088b762d52322ab4e54b12127bde854edb7249be4985f9bdde754cb00000021e6fae2734860240e9defaf3bb295ee1b31fbaaefd247b4127f065f8872b96b4ef42a9fe8768e2aaec585a082f98fc638c6a2c42dbeb33c44694dcbdfe1f18eaecbdcd34373a5eda13cfd4aa40396abe9e889dde49678078819139e712c20ae93689b783922f0caf2fb13211e0795e3d7ba09f558a60013d8fbd0dcabc23639fb19f9a9ff79bccdf3e31b474d2242c5a0638f5570938a3705f209a79f3ee92ab5b95e8eebcf55e9cd39f236eafb65ba0deb8b6a53fca6b9611fae89da812b24efe72e000000b038d8c8420b9d4b8a2e232bf9c4b84b6eb765f2528c605873030000f6c4e904ba367c023c66a3acd152d56d49d6000000000000000000"], 0x12c}) chdir(&(0x7f0000000480)='./file2\x00') mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x2) openat(r1, &(0x7f0000000840)='\x00', 0x10200, 0x100) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) 18:36:13 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 27) 18:36:13 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x7a000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:36:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:36:13 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002009210c000000000000000002"], 0x28}}, 0x0) 18:36:13 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280600001800210c000000000000000002"], 0x28}}, 0x0) [ 3331.119352] loop5: detected capacity change from 0 to 32256 [ 3331.141881] FAULT_INJECTION: forcing a failure. [ 3331.141881] name failslab, interval 1, probability 0, space 0, times 0 [ 3331.144409] CPU: 1 PID: 16921 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3331.145580] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3331.145955] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3331.145963] Call Trace: [ 3331.145993] dump_stack+0x107/0x167 [ 3331.150277] should_fail.cold+0x5/0xa [ 3331.151130] ? ext4_mb_new_blocks+0x698/0x45c0 [ 3331.152163] should_failslab+0x5/0x20 [ 3331.153013] kmem_cache_alloc+0x5b/0x310 [ 3331.153927] ext4_mb_new_blocks+0x698/0x45c0 [ 3331.154925] ? trace_hardirqs_on+0x5b/0x180 [ 3331.155900] ? ext4_cache_extents+0x148/0x2d0 [ 3331.156902] ? ext4_discard_preallocations+0xd80/0xd80 [ 3331.158068] ? ext4_ext_search_right+0x2e8/0xbd0 [ 3331.159131] ext4_ext_map_blocks+0x1a55/0x5880 [ 3331.160168] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3331.161332] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3331.162502] ? ext4_ext_release+0x10/0x10 [ 3331.163429] ? ext4_map_blocks+0x5cd/0x1910 [ 3331.164383] ? lock_release+0x680/0x680 [ 3331.165260] ? ext4_es_lookup_extent+0x485/0xa80 [ 3331.166302] ? lock_downgrade+0x6d0/0x6d0 [ 3331.167235] ? down_write_killable+0x180/0x180 [ 3331.168264] ext4_map_blocks+0x63f/0x1910 [ 3331.169185] ? kmem_cache_alloc+0x2a6/0x310 [ 3331.170139] ? ext4_issue_zeroout+0x1c0/0x1c0 18:36:13 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280700001800210c000000000000000002"], 0x28}}, 0x0) 18:36:13 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280f00001400210c000000000000000002"], 0x28}}, 0x0) [ 3331.171128] ? jbd2__journal_start+0xf3/0x7e0 [ 3331.172306] ? __ext4_journal_start_sb+0x214/0x390 [ 3331.173385] ? __ext4_journal_start_sb+0x1db/0x390 [ 3331.174475] ext4_iomap_begin+0x3ad/0x700 [ 3331.175412] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3331.176503] ? iomap_dio_actor+0x377/0x560 [ 3331.177427] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3331.178448] ? do_syscall_64+0x33/0x40 [ 3331.179303] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3331.180474] iomap_apply+0x164/0x810 [ 3331.181291] ? iomap_dio_rw+0x90/0x90 [ 3331.182127] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3331.183404] ? mark_held_locks+0x9e/0xe0 [ 3331.184307] ? filemap_check_errors+0xa5/0x150 [ 3331.185314] __iomap_dio_rw+0x6cd/0x1110 [ 3331.186199] ? iomap_dio_rw+0x90/0x90 [ 3331.187054] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3331.188060] ? ext4_orphan_add+0x253/0x9e0 [ 3331.188984] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3331.190061] ? ext4_empty_dir+0xae0/0xae0 [ 3331.190962] ? jbd2__journal_start+0xf3/0x7e0 [ 3331.191958] iomap_dio_rw+0x31/0x90 [ 3331.192757] ext4_file_write_iter+0xe0e/0x1530 [ 3331.193770] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3331.194760] ? kasan_save_stack+0x32/0x40 [ 3331.195666] ? kasan_save_stack+0x1b/0x40 [ 3331.196567] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3331.197673] ? iter_file_splice_write+0x165/0xc90 [ 3331.198723] ? direct_splice_actor+0x10f/0x170 [ 3331.199729] ? splice_direct_to_actor+0x387/0x980 [ 3331.200768] ? do_splice_direct+0x1c4/0x290 [ 3331.201702] ? do_sendfile+0x553/0x11e0 [ 3331.202564] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3331.203577] ? do_syscall_64+0x33/0x40 [ 3331.204418] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3331.205578] do_iter_readv_writev+0x476/0x750 [ 3331.206546] ? _cond_resched+0x10/0x30 [ 3331.207399] ? new_sync_write+0x660/0x660 [ 3331.208302] ? avc_policy_seqno+0x9/0x70 [ 3331.209186] ? selinux_file_permission+0x92/0x520 [ 3331.210234] ? security_file_permission+0xb1/0xe0 [ 3331.211307] do_iter_write+0x191/0x700 [ 3331.212156] ? trace_hardirqs_on+0x5b/0x180 [ 3331.213100] vfs_iter_write+0x70/0xa0 [ 3331.213930] iter_file_splice_write+0x726/0xc90 [ 3331.214956] ? generic_splice_sendpage+0x140/0x140 [ 3331.216051] ? security_file_permission+0xb1/0xe0 [ 3331.217098] ? generic_splice_sendpage+0x140/0x140 [ 3331.218157] direct_splice_actor+0x10f/0x170 [ 3331.219107] splice_direct_to_actor+0x387/0x980 [ 3331.220122] ? pipe_to_sendpage+0x380/0x380 [ 3331.221056] ? do_splice_to+0x160/0x160 [ 3331.221909] ? security_file_permission+0xb1/0xe0 [ 3331.222954] do_splice_direct+0x1c4/0x290 [ 3331.223851] ? splice_direct_to_actor+0x980/0x980 [ 3331.224889] ? avc_policy_seqno+0x9/0x70 [ 3331.225768] ? security_file_permission+0xb1/0xe0 [ 3331.226816] do_sendfile+0x553/0x11e0 [ 3331.227644] ? do_pwritev+0x270/0x270 [ 3331.228445] ? wait_for_completion_io+0x270/0x270 [ 3331.229456] ? rcu_read_lock_any_held+0x75/0xa0 [ 3331.230442] ? vfs_write+0x354/0xb10 [ 3331.231230] __x64_sys_sendfile64+0x1d1/0x210 [ 3331.232173] ? __ia32_sys_sendfile+0x220/0x220 [ 3331.233134] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3331.234227] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3331.235320] do_syscall_64+0x33/0x40 [ 3331.236103] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3331.237265] RIP: 0033:0x7f8c0677ab19 [ 3331.238149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3331.242569] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3331.244407] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3331.246109] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3331.247810] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3331.249517] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3331.251223] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3331.258326] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2336 sclass=netlink_route_socket pid=16935 comm=syz-executor.0 [ 3331.287356] FAT-fs (loop2): bogus number of reserved sectors [ 3331.288249] FAT-fs (loop2): Can't find a valid FAT filesystem 18:36:13 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="284800001400210c000000000000000002"], 0x28}}, 0x0) 18:36:13 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280800001800210c000000000000000002"], 0x28}}, 0x0) [ 3331.311461] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:36:13 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 28) 18:36:13 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x84400000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:36:14 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xffffff9e, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:36:14 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:36:14 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="284c00001400210c000000000000000002"], 0x28}}, 0x0) 18:36:14 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280900001800210c000000000000000002"], 0x28}}, 0x0) [ 3331.406569] FAULT_INJECTION: forcing a failure. [ 3331.406569] name failslab, interval 1, probability 0, space 0, times 0 [ 3331.409158] CPU: 1 PID: 16951 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3331.410642] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3331.412422] Call Trace: [ 3331.413002] dump_stack+0x107/0x167 [ 3331.413792] should_fail.cold+0x5/0xa [ 3331.414621] ? create_object.isra.0+0x3a/0xa30 [ 3331.415615] should_failslab+0x5/0x20 [ 3331.416439] kmem_cache_alloc+0x5b/0x310 [ 3331.417323] create_object.isra.0+0x3a/0xa30 [ 3331.418269] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3331.419378] kmem_cache_alloc+0x159/0x310 [ 3331.420284] ext4_mb_new_blocks+0x698/0x45c0 [ 3331.421261] ? trace_hardirqs_on+0x5b/0x180 [ 3331.422206] ? ext4_cache_extents+0x148/0x2d0 [ 3331.423191] ? ext4_discard_preallocations+0xd80/0xd80 [ 3331.424347] ? ext4_ext_search_right+0x2e8/0xbd0 [ 3331.425394] ext4_ext_map_blocks+0x1a55/0x5880 [ 3331.426405] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3331.427555] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3331.428722] ? ext4_ext_release+0x10/0x10 [ 3331.429637] ? ext4_map_blocks+0x5cd/0x1910 [ 3331.430589] ? lock_release+0x680/0x680 [ 3331.431471] ? ext4_es_lookup_extent+0x485/0xa80 [ 3331.432516] ? lock_downgrade+0x6d0/0x6d0 [ 3331.433442] ? down_write_killable+0x180/0x180 [ 3331.434457] ext4_map_blocks+0x63f/0x1910 [ 3331.435380] ? kmem_cache_alloc+0x2a6/0x310 [ 3331.436340] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 3331.437336] ? jbd2__journal_start+0xf3/0x7e0 [ 3331.438332] ? __ext4_journal_start_sb+0x214/0x390 [ 3331.439419] ? __ext4_journal_start_sb+0x1db/0x390 [ 3331.440515] ext4_iomap_begin+0x3ad/0x700 [ 3331.441449] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3331.442553] ? iomap_dio_actor+0x377/0x560 [ 3331.443507] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3331.444543] ? do_syscall_64+0x33/0x40 [ 3331.445412] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3331.446610] iomap_apply+0x164/0x810 [ 3331.447464] ? iomap_dio_rw+0x90/0x90 [ 3331.448322] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3331.449628] ? mark_held_locks+0x9e/0xe0 [ 3331.450567] ? filemap_check_errors+0xa5/0x150 [ 3331.451625] __iomap_dio_rw+0x6cd/0x1110 [ 3331.452546] ? iomap_dio_rw+0x90/0x90 [ 3331.453425] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3331.454463] ? ext4_orphan_add+0x253/0x9e0 [ 3331.455428] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3331.456539] ? ext4_empty_dir+0xae0/0xae0 [ 3331.457482] ? jbd2__journal_start+0xf3/0x7e0 [ 3331.458513] iomap_dio_rw+0x31/0x90 [ 3331.459374] ext4_file_write_iter+0xe0e/0x1530 [ 3331.460436] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3331.461475] ? kasan_save_stack+0x32/0x40 [ 3331.462411] ? kasan_save_stack+0x1b/0x40 [ 3331.463362] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3331.464527] ? iter_file_splice_write+0x165/0xc90 [ 3331.465635] ? direct_splice_actor+0x10f/0x170 [ 3331.466678] ? splice_direct_to_actor+0x387/0x980 [ 3331.467794] ? do_splice_direct+0x1c4/0x290 [ 3331.468788] ? do_sendfile+0x553/0x11e0 [ 3331.469705] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3331.470783] ? do_syscall_64+0x33/0x40 [ 3331.471701] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3331.472957] do_iter_readv_writev+0x476/0x750 [ 3331.473994] ? _cond_resched+0x10/0x30 [ 3331.474905] ? new_sync_write+0x660/0x660 [ 3331.475884] ? avc_policy_seqno+0x9/0x70 [ 3331.476839] ? selinux_file_permission+0x92/0x520 [ 3331.477995] ? security_file_permission+0xb1/0xe0 [ 3331.479141] do_iter_write+0x191/0x700 [ 3331.480064] ? trace_hardirqs_on+0x5b/0x180 [ 3331.481095] vfs_iter_write+0x70/0xa0 [ 3331.482002] iter_file_splice_write+0x726/0xc90 [ 3331.483121] ? generic_splice_sendpage+0x140/0x140 [ 3331.484317] ? security_file_permission+0xb1/0xe0 [ 3331.485492] ? generic_splice_sendpage+0x140/0x140 [ 3331.486670] direct_splice_actor+0x10f/0x170 [ 3331.487660] splice_direct_to_actor+0x387/0x980 [ 3331.488736] ? pipe_to_sendpage+0x380/0x380 [ 3331.489781] ? do_splice_to+0x160/0x160 [ 3331.490657] ? security_file_permission+0xb1/0xe0 [ 3331.491795] do_splice_direct+0x1c4/0x290 [ 3331.492794] ? splice_direct_to_actor+0x980/0x980 [ 3331.493847] ? avc_policy_seqno+0x9/0x70 [ 3331.494808] ? security_file_permission+0xb1/0xe0 [ 3331.495988] do_sendfile+0x553/0x11e0 [ 3331.496926] ? do_pwritev+0x270/0x270 [ 3331.497757] ? wait_for_completion_io+0x270/0x270 [ 3331.498898] ? rcu_read_lock_any_held+0x75/0xa0 [ 3331.500028] ? vfs_write+0x354/0xb10 [ 3331.500930] __x64_sys_sendfile64+0x1d1/0x210 [ 3331.502032] ? __ia32_sys_sendfile+0x220/0x220 [ 3331.503003] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3331.504286] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3331.505480] do_syscall_64+0x33/0x40 [ 3331.506309] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3331.507559] RIP: 0033:0x7f8c0677ab19 [ 3331.508408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3331.512288] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3331.513886] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3331.515410] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3331.516925] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3331.518445] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3331.519977] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3331.576468] FAT-fs (loop2): bogus number of reserved sectors [ 3331.577381] FAT-fs (loop2): Can't find a valid FAT filesystem [ 3331.589024] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:36:28 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 29) 18:36:28 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xfffffff0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) [ 3345.631170] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:36:28 executing program 5: syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x40) 18:36:28 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x8cffffff, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:36:28 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28000000200a210c000000000000000002"], 0x28}}, 0x0) 18:36:28 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="286800001400210c000000000000000002"], 0x28}}, 0x0) 18:36:28 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280b00001800210c000000000000000002"], 0x28}}, 0x0) 18:36:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) [ 3345.649822] loop5: detected capacity change from 0 to 32256 [ 3345.654860] FAULT_INJECTION: forcing a failure. [ 3345.654860] name failslab, interval 1, probability 0, space 0, times 0 [ 3345.656418] CPU: 1 PID: 16977 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3345.657353] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3345.658485] Call Trace: [ 3345.658875] dump_stack+0x107/0x167 [ 3345.659373] should_fail.cold+0x5/0xa [ 3345.659915] ? mempool_alloc+0x148/0x360 [ 3345.660465] ? mempool_free_pages+0x20/0x20 [ 3345.661057] should_failslab+0x5/0x20 [ 3345.661578] kmem_cache_alloc+0x5b/0x310 [ 3345.662137] ? mempool_free_pages+0x20/0x20 [ 3345.662722] mempool_alloc+0x148/0x360 [ 3345.663255] ? mempool_resize+0x7d0/0x7d0 [ 3345.663840] ? lock_downgrade+0x6d0/0x6d0 [ 3345.664415] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3345.665095] bio_alloc_bioset+0x36e/0x600 [ 3345.665660] ? bvec_alloc+0x2f0/0x2f0 [ 3345.666186] ? iov_iter_npages+0x1fd/0xa70 [ 3345.666768] iomap_dio_bio_actor+0x518/0xef0 [ 3345.667386] iomap_dio_actor+0x36f/0x560 [ 3345.667944] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3345.668574] ? do_syscall_64+0x33/0x40 [ 3345.669106] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3345.669832] iomap_apply+0x289/0x810 [ 3345.670345] ? iomap_dio_rw+0x90/0x90 [ 3345.670863] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3345.671665] ? mark_held_locks+0x9e/0xe0 [ 3345.672222] ? filemap_check_errors+0xa5/0x150 [ 3345.672848] __iomap_dio_rw+0x6cd/0x1110 [ 3345.673404] ? iomap_dio_rw+0x90/0x90 [ 3345.673933] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3345.674560] ? ext4_orphan_add+0x253/0x9e0 [ 3345.675132] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3345.675810] ? ext4_empty_dir+0xae0/0xae0 [ 3345.676381] ? jbd2__journal_start+0xf3/0x7e0 [ 3345.677003] iomap_dio_rw+0x31/0x90 [ 3345.677503] ext4_file_write_iter+0xe0e/0x1530 [ 3345.678130] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3345.678743] ? kasan_save_stack+0x32/0x40 [ 3345.679300] ? kasan_save_stack+0x1b/0x40 [ 3345.679867] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3345.680545] ? iter_file_splice_write+0x165/0xc90 [ 3345.681195] ? direct_splice_actor+0x10f/0x170 [ 3345.681818] ? splice_direct_to_actor+0x387/0x980 [ 3345.682480] ? do_splice_direct+0x1c4/0x290 [ 3345.683074] ? do_sendfile+0x553/0x11e0 [ 3345.683624] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3345.684249] ? do_syscall_64+0x33/0x40 [ 3345.684789] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3345.685510] do_iter_readv_writev+0x476/0x750 [ 3345.686114] ? _cond_resched+0x10/0x30 [ 3345.686647] ? new_sync_write+0x660/0x660 [ 3345.687204] ? avc_policy_seqno+0x9/0x70 [ 3345.687767] ? selinux_file_permission+0x92/0x520 [ 3345.688428] ? security_file_permission+0xb1/0xe0 [ 3345.689087] do_iter_write+0x191/0x700 [ 3345.689615] ? trace_hardirqs_on+0x5b/0x180 [ 3345.690205] vfs_iter_write+0x70/0xa0 [ 3345.690720] iter_file_splice_write+0x726/0xc90 [ 3345.691349] ? generic_splice_sendpage+0x140/0x140 [ 3345.692034] ? security_file_permission+0xb1/0xe0 [ 3345.692689] ? generic_splice_sendpage+0x140/0x140 [ 3345.693360] direct_splice_actor+0x10f/0x170 [ 3345.693962] splice_direct_to_actor+0x387/0x980 [ 3345.694595] ? pipe_to_sendpage+0x380/0x380 [ 3345.695175] ? do_splice_to+0x160/0x160 [ 3345.695718] ? security_file_permission+0xb1/0xe0 [ 3345.696377] do_splice_direct+0x1c4/0x290 [ 3345.696942] ? splice_direct_to_actor+0x980/0x980 [ 3345.697593] ? avc_policy_seqno+0x9/0x70 [ 3345.698146] ? security_file_permission+0xb1/0xe0 [ 3345.698804] do_sendfile+0x553/0x11e0 [ 3345.699327] ? do_pwritev+0x270/0x270 [ 3345.699848] ? wait_for_completion_io+0x270/0x270 [ 3345.700504] ? rcu_read_lock_any_held+0x75/0xa0 [ 3345.701130] ? vfs_write+0x354/0xb10 [ 3345.701637] __x64_sys_sendfile64+0x1d1/0x210 [ 3345.702250] ? __ia32_sys_sendfile+0x220/0x220 [ 3345.702874] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3345.703593] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3345.704290] do_syscall_64+0x33/0x40 [ 3345.704801] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3345.705494] RIP: 0033:0x7f8c0677ab19 [ 3345.705999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3345.708486] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3345.709531] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3345.710501] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3345.711465] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3345.712435] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3345.713399] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3345.737898] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2592 sclass=netlink_route_socket pid=16992 comm=syz-executor.0 [ 3345.742878] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:36:28 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x97ffffff, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3345.785364] FAT-fs (loop2): bogus number of reserved sectors [ 3345.786258] FAT-fs (loop2): Can't find a valid FAT filesystem 18:36:28 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280f00001800210c000000000000000002"], 0x28}}, 0x0) 18:36:28 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0xffffffff, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800210c000000000000000002"], 0x28}}, 0x0) 18:36:28 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="286c00001400210c000000000000000002"], 0x28}}, 0x0) 18:36:28 executing program 5: openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/seq/timer\x00', 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x800007fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000040)="6d6b667300020801000470008400f8011d0cfc47ae55724efd", 0x19}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1000860, 0x0) [ 3345.866204] loop5: detected capacity change from 0 to 135266304 [ 3345.896093] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:36:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:36:28 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28000000200f210c000000000000000002"], 0x28}}, 0x0) [ 3345.913103] FAT-fs (loop5): invalid media value (0x55) [ 3345.914365] FAT-fs (loop5): Can't find a valid FAT filesystem [ 3345.927414] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. 18:36:28 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="284800001800210c000000000000000002"], 0x28}}, 0x0) [ 3346.037842] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3872 sclass=netlink_route_socket pid=17026 comm=syz-executor.0 [ 3346.076050] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3872 sclass=netlink_route_socket pid=17031 comm=syz-executor.0 18:36:41 executing program 5: r0 = epoll_create1(0x0) r1 = epoll_create(0x3ff) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000200)) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) r2 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x4) unlinkat(r2, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) 18:36:41 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 30) 18:36:41 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002048210c000000000000000002"], 0x28}}, 0x0) 18:36:41 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="284c00001800210c000000000000000002"], 0x28}}, 0x0) 18:36:41 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x99030000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:36:41 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="287400001400210c000000000000000002"], 0x28}}, 0x0) 18:36:41 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:36:41 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="0f0000001800210c000000000000000002"], 0x28}}, 0x0) 18:36:41 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) [ 3358.660283] FAULT_INJECTION: forcing a failure. [ 3358.660283] name failslab, interval 1, probability 0, space 0, times 0 [ 3358.661918] CPU: 0 PID: 17046 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3358.662818] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3358.663874] Call Trace: [ 3358.664229] dump_stack+0x107/0x167 [ 3358.664702] should_fail.cold+0x5/0xa [ 3358.665197] ? kmem_cache_alloc+0x2a6/0x310 [ 3358.665751] ? create_object.isra.0+0x3a/0xa30 [ 3358.666336] should_failslab+0x5/0x20 [ 3358.666827] kmem_cache_alloc+0x5b/0x310 [ 3358.667348] ? mempool_alloc+0x155/0x360 [ 3358.667881] create_object.isra.0+0x3a/0xa30 [ 3358.668426] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3358.669082] kmem_cache_alloc+0x159/0x310 [ 3358.669603] bvec_alloc+0x148/0x2f0 [ 3358.670075] bio_alloc_bioset+0x40a/0x600 [ 3358.670607] ? bvec_alloc+0x2f0/0x2f0 [ 3358.671099] ? iov_iter_npages+0x1fd/0xa70 [ 3358.671656] iomap_dio_bio_actor+0x518/0xef0 [ 3358.672232] iomap_dio_actor+0x36f/0x560 [ 3358.672754] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3358.673360] ? do_syscall_64+0x33/0x40 [ 3358.673861] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3358.674552] iomap_apply+0x289/0x810 [ 3358.675032] ? iomap_dio_rw+0x90/0x90 [ 3358.675508] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3358.676240] ? mark_held_locks+0x9e/0xe0 [ 3358.676773] ? filemap_check_errors+0xa5/0x150 [ 3358.677368] __iomap_dio_rw+0x6cd/0x1110 [ 3358.677887] ? iomap_dio_rw+0x90/0x90 [ 3358.678387] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3358.678971] ? ext4_orphan_add+0x253/0x9e0 [ 3358.679512] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3358.680157] ? ext4_empty_dir+0xae0/0xae0 [ 3358.680683] ? jbd2__journal_start+0xf3/0x7e0 [ 3358.681264] iomap_dio_rw+0x31/0x90 [ 3358.681730] ext4_file_write_iter+0xe0e/0x1530 [ 3358.682324] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3358.682904] ? kasan_save_stack+0x32/0x40 [ 3358.683431] ? kasan_save_stack+0x1b/0x40 [ 3358.683967] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3358.684615] ? iter_file_splice_write+0x165/0xc90 [ 3358.685231] ? direct_splice_actor+0x10f/0x170 [ 3358.685817] ? splice_direct_to_actor+0x387/0x980 [ 3358.686432] ? do_splice_direct+0x1c4/0x290 [ 3358.686964] ? do_sendfile+0x553/0x11e0 [ 3358.687466] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3358.688071] ? do_syscall_64+0x33/0x40 [ 3358.688565] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3358.689251] do_iter_readv_writev+0x476/0x750 [ 3358.689821] ? _cond_resched+0x10/0x30 [ 3358.690318] ? new_sync_write+0x660/0x660 [ 3358.690844] ? avc_policy_seqno+0x9/0x70 [ 3358.691360] ? selinux_file_permission+0x92/0x520 [ 3358.691985] ? security_file_permission+0xb1/0xe0 [ 3358.692604] do_iter_write+0x191/0x700 [ 3358.693102] ? trace_hardirqs_on+0x5b/0x180 [ 3358.693656] vfs_iter_write+0x70/0xa0 [ 3358.694142] iter_file_splice_write+0x726/0xc90 [ 3358.694742] ? generic_splice_sendpage+0x140/0x140 [ 3358.695377] ? security_file_permission+0xb1/0xe0 [ 3358.696014] ? generic_splice_sendpage+0x140/0x140 [ 3358.696661] direct_splice_actor+0x10f/0x170 [ 3358.697249] splice_direct_to_actor+0x387/0x980 [ 3358.697866] ? pipe_to_sendpage+0x380/0x380 [ 3358.698436] ? do_splice_to+0x160/0x160 [ 3358.698962] ? security_file_permission+0xb1/0xe0 [ 3358.699611] do_splice_direct+0x1c4/0x290 [ 3358.700156] ? splice_direct_to_actor+0x980/0x980 [ 3358.700794] ? avc_policy_seqno+0x9/0x70 [ 3358.701335] ? security_file_permission+0xb1/0xe0 [ 3358.701975] do_sendfile+0x553/0x11e0 [ 3358.702483] ? do_pwritev+0x270/0x270 [ 3358.702987] ? wait_for_completion_io+0x270/0x270 [ 3358.703638] ? rcu_read_lock_any_held+0x75/0xa0 [ 3358.704247] ? vfs_write+0x354/0xb10 [ 3358.704738] __x64_sys_sendfile64+0x1d1/0x210 [ 3358.705327] ? __ia32_sys_sendfile+0x220/0x220 [ 3358.705893] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3358.706580] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3358.707262] do_syscall_64+0x33/0x40 [ 3358.707758] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3358.708437] RIP: 0033:0x7f8c0677ab19 [ 3358.708921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3358.711325] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3358.712327] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3358.713254] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3358.714129] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3358.715063] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3358.715944] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3358.723395] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=18464 sclass=netlink_route_socket pid=17041 comm=syz-executor.0 18:36:41 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="287a00001400210c000000000000000002"], 0x28}}, 0x0) [ 3358.752255] loop5: detected capacity change from 0 to 32256 18:36:41 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="286800001800210c000000000000000002"], 0x28}}, 0x0) [ 3358.785462] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=18464 sclass=netlink_route_socket pid=17066 comm=syz-executor.0 18:36:41 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="100000001800210c000000000000000002"], 0x28}}, 0x0) 18:36:41 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x9b9f1fc7, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:36:41 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:36:41 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xb2db2d69, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:36:41 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xbc020000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3358.965234] loop2: detected capacity change from 0 to 32256 [ 3358.990167] FAT-fs (loop2): bogus number of reserved sectors [ 3358.991823] FAT-fs (loop2): Can't find a valid FAT filesystem 18:36:53 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:36:53 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x0) openat(r0, &(0x7f0000000300)='./file0\x00', 0x180000, 0x80) faccessat2(r0, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000) r1 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) mkdirat(r1, &(0x7f0000000180)='./file0\x00', 0x0) faccessat2(r1, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="1b9306da020801000470008400f8010000000000000000", 0x17}], 0x820060, &(0x7f0000000240)=ANY=[@ANYRES16, @ANYRESOCT=r0, @ANYRESHEX=r0, @ANYRESOCT, @ANYBLOB="099e7bc9bc08bd463efb18d8d9e391d51c684289a1c4827880064b4076309e37fe65dc8e5009e6f5", @ANYRESDEC=r0, @ANYRESHEX=r1, @ANYRES16=r0]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x11b2c37, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0xa800, 0x10) 18:36:53 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 31) 18:36:53 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="286c00001800210c000000000000000002"], 0x28}}, 0x0) 18:36:53 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28f000001400210c000000000000000002"], 0x28}}, 0x0) 18:36:53 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28000000204c210c000000000000000002"], 0x28}}, 0x0) 18:36:53 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="1b0000001800210c000000000000000002"], 0x28}}, 0x0) 18:36:53 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xc0ed0000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3370.804371] FAULT_INJECTION: forcing a failure. [ 3370.804371] name failslab, interval 1, probability 0, space 0, times 0 [ 3370.805929] CPU: 0 PID: 17105 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3370.806720] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3370.807616] Call Trace: [ 3370.807915] dump_stack+0x107/0x167 [ 3370.808309] should_fail.cold+0x5/0xa [ 3370.808719] ? mempool_alloc+0x148/0x360 [ 3370.809157] ? mempool_free_pages+0x20/0x20 [ 3370.809618] should_failslab+0x5/0x20 [ 3370.810025] kmem_cache_alloc+0x5b/0x310 [ 3370.810464] ? mempool_free_pages+0x20/0x20 [ 3370.810926] mempool_alloc+0x148/0x360 [ 3370.811349] ? mempool_resize+0x7d0/0x7d0 [ 3370.811803] ? mark_lock+0xf5/0x2df0 [ 3370.812205] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3370.812771] __sg_alloc_table+0x24e/0x390 [ 3370.813221] sg_alloc_table_chained+0x9b/0x1f0 [ 3370.813709] ? sg_alloc_table_chained+0x1f0/0x1f0 [ 3370.814227] scsi_alloc_sgtables+0x236/0xaf0 [ 3370.814701] ? scsi_cmd_runtime_exceeced+0x1d0/0x1d0 [ 3370.815244] ? lockdep_init_map_type+0x2c7/0x780 [ 3370.815759] sd_init_command+0x2f6/0x30b0 [ 3370.816203] ? scsi_init_command+0x4ee/0x750 [ 3370.816678] scsi_queue_rq+0xe5e/0x27f0 [ 3370.817113] blk_mq_dispatch_rq_list+0x372/0x1c40 [ 3370.817638] ? elv_rb_del+0x50/0xa0 [ 3370.818030] ? elv_rqhash_del+0x119/0x160 [ 3370.818473] ? blk_mq_dequeue_from_ctx+0x7f0/0x7f0 [ 3370.819000] ? dd_dispatch_request+0x1c0/0x990 [ 3370.819493] blk_mq_do_dispatch_sched+0x7f4/0xa00 [ 3370.820021] ? blk_mq_sched_mark_restart_hctx+0x80/0x80 [ 3370.820594] ? lock_acquire+0x197/0x470 [ 3370.821016] ? hctx_lock+0x7f/0x200 [ 3370.821411] __blk_mq_sched_dispatch_requests+0x2d7/0x450 [ 3370.821997] ? blk_mq_do_dispatch_sched+0xa00/0xa00 [ 3370.822538] blk_mq_sched_dispatch_requests+0xfd/0x1e0 [ 3370.823098] __blk_mq_run_hw_queue+0x12c/0x290 [ 3370.823583] ? blk_mq_start_request+0x3f0/0x3f0 [ 3370.824088] ? do_raw_spin_lock+0x121/0x260 [ 3370.824551] __blk_mq_delay_run_hw_queue+0x53f/0x5a0 [ 3370.825095] blk_mq_run_hw_queue+0x170/0x2f0 [ 3370.825564] ? blk_mq_delay_run_hw_queues+0x1f0/0x1f0 [ 3370.826121] ? dd_dispatch_request+0x990/0x990 [ 3370.826610] blk_mq_sched_insert_requests+0x247/0x720 [ 3370.827163] blk_mq_flush_plug_list+0x415/0x6c0 [ 3370.827663] ? blk_mq_insert_requests+0x450/0x450 [ 3370.828190] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3370.828808] blk_flush_plug_list+0x26c/0x3c0 [ 3370.829278] ? mark_held_locks+0x9e/0xe0 [ 3370.829715] ? blk_insert_cloned_request+0x450/0x450 [ 3370.830263] blk_finish_plug+0x50/0xa0 [ 3370.830680] __iomap_dio_rw+0xca0/0x1110 [ 3370.831125] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3370.831619] ? ext4_orphan_add+0x253/0x9e0 [ 3370.832079] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3370.832605] ? ext4_empty_dir+0xae0/0xae0 [ 3370.833046] ? jbd2__journal_start+0xf3/0x7e0 [ 3370.833532] iomap_dio_rw+0x31/0x90 [ 3370.833926] ext4_file_write_iter+0xe0e/0x1530 [ 3370.834422] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3370.834908] ? kasan_save_stack+0x32/0x40 [ 3370.835349] ? kasan_save_stack+0x1b/0x40 [ 3370.835797] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3370.836338] ? iter_file_splice_write+0x165/0xc90 [ 3370.836851] ? direct_splice_actor+0x10f/0x170 [ 3370.837339] ? splice_direct_to_actor+0x387/0x980 [ 3370.837852] ? do_splice_direct+0x1c4/0x290 [ 3370.838318] ? do_sendfile+0x553/0x11e0 [ 3370.838741] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3370.839237] ? do_syscall_64+0x33/0x40 [ 3370.839653] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3370.840232] do_iter_readv_writev+0x476/0x750 [ 3370.840712] ? _cond_resched+0x10/0x30 [ 3370.841129] ? new_sync_write+0x660/0x660 [ 3370.841578] ? avc_policy_seqno+0x9/0x70 [ 3370.842012] ? selinux_file_permission+0x92/0x520 [ 3370.842529] ? security_file_permission+0xb1/0xe0 [ 3370.843051] do_iter_write+0x191/0x700 [ 3370.843469] ? trace_hardirqs_on+0x5b/0x180 [ 3370.843941] vfs_iter_write+0x70/0xa0 [ 3370.844349] iter_file_splice_write+0x726/0xc90 [ 3370.844854] ? generic_splice_sendpage+0x140/0x140 [ 3370.845388] ? security_file_permission+0xb1/0xe0 [ 3370.845907] ? generic_splice_sendpage+0x140/0x140 [ 3370.846430] direct_splice_actor+0x10f/0x170 [ 3370.846901] splice_direct_to_actor+0x387/0x980 [ 3370.847400] ? pipe_to_sendpage+0x380/0x380 [ 3370.847874] ? do_splice_to+0x160/0x160 [ 3370.848300] ? security_file_permission+0xb1/0xe0 [ 3370.848821] do_splice_direct+0x1c4/0x290 [ 3370.849266] ? splice_direct_to_actor+0x980/0x980 [ 3370.849779] ? avc_policy_seqno+0x9/0x70 [ 3370.850217] ? security_file_permission+0xb1/0xe0 [ 3370.850737] do_sendfile+0x553/0x11e0 [ 3370.851151] ? do_pwritev+0x270/0x270 [ 3370.851559] ? wait_for_completion_io+0x270/0x270 [ 3370.852083] ? rcu_read_lock_any_held+0x75/0xa0 [ 3370.852578] ? vfs_write+0x354/0xb10 [ 3370.852979] __x64_sys_sendfile64+0x1d1/0x210 [ 3370.853458] ? __ia32_sys_sendfile+0x220/0x220 [ 3370.853949] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3370.854509] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3370.855063] do_syscall_64+0x33/0x40 [ 3370.855462] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3370.856016] RIP: 0033:0x7f8c0677ab19 [ 3370.856416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3370.858377] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3370.859190] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3370.859957] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3370.860720] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3370.861481] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3370.862240] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:36:53 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xc71f9f9b, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:36:53 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="287400001800210c000000000000000002"], 0x28}}, 0x0) [ 3370.883021] loop5: detected capacity change from 0 to 41948160 18:36:53 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280003001400210c000000000000000002"], 0x28}}, 0x0) [ 3370.888012] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=19488 sclass=netlink_route_socket pid=17112 comm=syz-executor.0 [ 3370.910156] loop2: detected capacity change from 0 to 32256 18:36:53 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="287a00001800210c000000000000000002"], 0x28}}, 0x0) [ 3370.930284] FAT-fs (loop2): bogus number of reserved sectors [ 3370.931120] FAT-fs (loop2): Can't find a valid FAT filesystem 18:36:53 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28b103001400210c000000000000000002"], 0x28}}, 0x0) 18:36:53 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000001800210c000000000000000002"], 0x28}}, 0x0) 18:36:53 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002068210c000000000000000002"], 0x28}}, 0x0) 18:36:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000000)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) [ 3371.083794] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26656 sclass=netlink_route_socket pid=17142 comm=syz-executor.0 [ 3371.087373] loop5: detected capacity change from 0 to 32256 [ 3371.112637] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26656 sclass=netlink_route_socket pid=17149 comm=syz-executor.0 [ 3383.011097] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27680 sclass=netlink_route_socket pid=17162 comm=syz-executor.0 18:37:05 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 32) 18:37:05 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:37:05 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xd0010000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:37:05 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000640)=[{&(0x7f0000000600)="cf283da30e520a4005b7e756f258999413044de8a7d476349ebee53d1e3b8a938ce9247e0f9b2e414b357f4d97eb454a2fe44059bc7cca315e0f3b947361540c", 0x40, 0x9}], 0x0, &(0x7f0000000240)=ANY=[]) openat(r0, &(0x7f0000000440)='./file0\x00', 0x1a9040, 0x105) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file2\x00', 0x0, 0x5) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x80200, 0x0) r3 = accept$inet6(r1, 0x0, &(0x7f0000000480)) setsockopt$inet6_group_source_req(r3, 0x29, 0x2b, &(0x7f00000004c0)={0x80000001, {{0xa, 0x4e22, 0x6, @remote, 0xbc93}}, {{0xa, 0x4e23, 0x6, @empty, 0xdaf}}}, 0x108) mkdirat(r2, &(0x7f0000000040)='./file0\x00', 0x40) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000001880)={{{@in6=@remote, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@loopback}}, &(0x7f0000001980)=0xe8) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, 0x0}}, './file1\x00'}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) getgroups(0x8, &(0x7f0000000380)=[0x0, 0x0, r6, r5, r6, r5, r6, r6]) r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r8 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) mkdirat(r8, &(0x7f0000000180)='./file0\x00', 0x0) faccessat2(r8, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r9, 0x0) sendmsg$unix(r1, &(0x7f0000001a40)={&(0x7f0000000680)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001840)=[{&(0x7f0000000700)="00a3ea11352d1ed0f396c71881c6daf06a1e502e7f01b17ec43888999237ad6c2a883ba178a32e2626da679ffdf2691cf7f43df8f316aaf5a28c890cd3bfa70e7a126ea219fdaa951df6fd97", 0x4c}, {&(0x7f0000000780)="b380d711163530bd45e7af0d76b3e3ca2a84aa9c0240719b36f6e04022f3b5d9b39e8627a4e3c8b05cef62e743df8d5f009c265a35b8237c9fb568cf8ac89562ead23fe20a4232ed02a12823a66f66043a4ad9bdc006bed296f207fd0481205c92a9aa973d83e1131605ede9f83470e0eb6c0203a6c60fc5b477520d6e95f9ba25427d7d199e03", 0x87}, {&(0x7f0000000840)="cd6559c5607ecd540e2836d6b2e4d264882d527b841f584337c1a19888bb9fc3eb97c9fcbfdd83ef77156536bd89d3bf98342835c378f667733e94cb9d95135132f34a71c281f1b548fc646bae01125afdb39716053e01cde437657649d6ff0163bb87b6632d9c33e87da9522278507d20d18c37eabcbf41fc2a2de3902fb45eda2883fa5d996ce96065f04c1eb5fa6850aedf8e3eb452c92e4115c2bc709356979afc6dafd9b39fc7f46891cb1d6d795ab566a19d29da9c3d642d49a06898195128631ef90dd16da51145a45b085c68c735a2971d2ca6d5334eb8d35b17bb43e5ef589016e92e6e65e8c259c34a3f18d28fa10bd15fae8a36ba790d782acb4286f8699e00d91667526afdecf313be7acde7d0f56343cde34934ac77a5db227573da3792813c07af368f5b35ac8d09876ac00dfd9b7ec3c10eb3a0f8c2a7ad52cf34636980f9f843ff5f83defa82d56c0dafbd7cd0d1bc8629a95170e786ff7cb13d87bc77c0982c5366381638b244b89424980230380bb7f6f3a71149c45310bcc1b0bfe636bd622b0e605a0260234a25f3a949d54e048b3a8ee5f2fd9c7932f0e940163babdeda04cfbab9f1e2976ebd3698eed7ccd1a8ddbfe77e3cc1bff90266892548aca3ed0be07d2bf336858e16e98291a5ad8da87fbb467562a0ef0b753de9856148b15071368f296f920d9c8408e20d69c987b5950acc8a0a203aa100156f2e6bd2fcd4e56b739c8918df341211c0ff01ebab564a5cad2fd9f5b4e79d745736f99d8da7a0093b6b4a3cce2a73775c58ef14e6b24674133c48c292f77163f47dde86eac5c4b479b0be761e005f3dca5d24a63b76c118fd868ebf97a3d166751efb9d26cbae607f0455baea87aa03b90bdbcf04cfeef4ffc0d1d775304f5e2158e0b42782cc5c29659b1d84ec45e4f67338dc9e30a1bfd9fdf015b1563e70646ccbc7044c879efa93f40ff676e5880046553d78c31169460490f0e4fb2a45edfb1c7300ba25861209f68d3ee0cb8e9e73e208eda01738c40d5ba79460b799e4e02b1296ed0e6f08652b5d083fba55cc283ab411df9287f84c9a03e8a536807692e71d694ea9fe9c98a77799955766b60d58456e393813b414052231315c762fba0cd25850678f010837355d7c1d400b7463a073c1f658dd9782067fb419cb0773411e824c9a08cdd78788db6487136ec5dd8c1120803dc2f1da8ab9a5f8c9dccb363a0e8de1be04f09a4d39658aa15bd861c8806fff5ad824e077305d62e2963a48e27f3b5f4a2aac4ddb5fe0f05c5bbdd6a47536366d54eb0c48705321a84d776c30209d8f249ed480c682bf05fcec343e884d2df5d90ee119f38ca7b36c447707ed69cc2a4a7f7eb6d5a87920c2481e33272af6adcc975cce4a9dfaa17b4e84aa9f6b19ae7793c66e7ef2ba5361e3b92e2f9dd07cf3620502a490f929fb6b07d3198e16af4c40e92e3271a6dcce6f4d5fb8c5460e907cd85967719cfce08bffbafc33791ab63ea84a8bb1471bdf08d567997bd80cae0564a82641d3b906c56dbc14f0e4f785824c2990a204bcfcd8713dc8d317566793d8f7c229db7af642da98da60f78bf3da4b0ababeccb7b9c8ddb6e29058ea8eeddee54f34d7d9e1d85576ef7021793bc62260aea1a3d5bf3b854e2f94c5af7286736ee0d2d043e5da3a44c16a39eaaf1d13612b49d091eb05711da8a7e1b58cab2c93176954267b1ae7d26453fb8e75de639c047b37ab6c781f470bbd58c12a0a51552c05f8d7421b29d25baaf752d63133795237e2df98ef866149d00cd8887583dc20d4312ab8cdae80337c256f76865615f81b75812941c1444cdda07ff551d0da132e9becc9ca8cc15f72eacc2099736597473c2b9a546e07a89c4ab2dec4994fdfec68e1ffbf33e7fe868947141330c1b166fc28852f0021cdf3836bf0d21d4f1235d985328ec08fa6177c16f3ff3a509157814130039a200714990a4008e06d3bec1b42e673d4af0f32f8e7eb97251443cb5217e5563bf5e9b0677a56d24928e062ba6edd327ca3d07b2fce7d490efb4a445ae3b2abb8c655e2ea77ada1f89d1bd141996db63cac2b3588a0ba7d457acd7df4f682547cb052d45356669abedbcc62dd1941a7c102c6471ca2ebd6582db50cf65433fff1cd4791e064a7c13e7ce9a5588a2c0f5cb781e65f31765df5495ee0da2d17ec0b36ce6072fe7d58a049a2a0cfe2c5a048afae1907eaff7307a5838c4e5e34e7fdb3ec551fb7647c67bd0292e8b8791ffe0e72c14bc245a5331742993fc9c4b8ed6384ce037da91a15d551aa8ff7948d0319b0e3a2cfacda014fc1b912a7f580ed7854ed260c92cb58a1c12d5362cd30be9653802e4f49e8536b1e8307fa4abcda6d2be73fa6ec50404c56178459dd521250e6cea8edfca2fcd9cbe51eb7474e6f4576e8d296615541d02525be50258c4392274d6ede52f8abb35be788fa614b6c1e3d8320168e986394afa556d6cfd8ca6b21734d8e1d89fb6c7c70379c54c7f6f0978cf78f295f4538008550dc2f6d43b237817c9082bb2369c5b93743909e2c045e629cecdca3f00db2b2075648febf7089caefe7dde1f4a5c4d94c3c5be5e7546c07da31f551c934ab7b6490795dba595ee3a8f6e998f6baf4e57181a7ff8047de7e99d438c88153ec73c4f896723920dfa93e7904002f0ef1c72cb83856d24ff7516397207db4147d5ca5dc7181414ceb3fba47a60531f0e8fe58eeb63b3766339e330c13e2383358866406b97ea4d8f4b52e54b91d11f1b2523f0a88dd74e043693a98bf19f20e0fa46b514507de165df3ffc5969ba5d228a766ef54c0ac4aa6c058aee63366e79f772a6e6e36fb7b51356a0caeb3aca66001bc3b2c0bceb41c88eda36166b1dccf37de15cfd16bc76cc65a74d9385b8f7d5a690287e733999422f929327a583f3a0753a4f9cc4a573ae6025669221ebe8aa6a989aac4af1144dd2055829bbcc107a2f38ee41de8ae9c89aac6084e7e7e40a2cf97906a2b02ea3f4850b82714e0604d6f9e9003b6012e3db010312e11e034c7a0dbe5a2a9078151a8bbd2a549d1afc0aaf25981058168fe3b630b282337a1ccbbd9c36f352da20af61fc40ec33382d1b6d10db54aaa277f6178b146fa7acc974f29bfa7e128a7f732d86ecff2639c4249d4988bf724c4e539e672c069b3c8224b60d13380320383009191ee3d67007b09341f125700cbd510a1963a9f846aa671752b49a3266290db575ceeff02bde55a998e3f5bb582c475ea455d407dc1eeee26633f17e1b03e5dbbc91a0881b43cab8e8fcb795be602004c22de2db427c202b4f066ea88db5afd90efccb7cd63e17c78627430d085916b3dde7d0839313f3f4755da0e7f3a9318d3254e877f03917efe04d31d638467d0ca0bdc90d99a9790003cbd081464cb2a8cb3223cc4933b1de9daa41333d17139859dc74a0eaafbfd06d741d67288433031b5d45cceb2055d34377ec894114b01dfb7bac8b818f4535dd18dfc2829c0549941339ae6ee918fe69cf8c8c1d2e57137d89ddde42ac8fb812a6adbee75287d5a6327d5e70f6dfebde212806b72becaa697c2df2665586abf7057798a9efee22483cf6df70bcfad2af3cf2198db91e495746ee0b255fdefe377021f9e1ebc5d3404386c4f212c3f342e425574d5af04f3576fed31281b2cff4f3c15201b3fb1e77f88c6cd2b513170eaebe23bbd4667ab449c7317cf201ca98330284c597335cda4905ad77010540f19c0a27a469407f20b80dd04d96d9306e6386cb2857d910245631bcbe0ed3c8acc871542fb672293afd1e1c76b3cc5c7ad8ab55710f2c7bb215a8852b19e8ae123c0ef72fb3209397f34529d71829ded9f6380b3d35a9bb907cb9a29058892e361888f2b66d9d085c85213cfad8f6d758945ff49127ba143dc226e8da5d5ba550330ec44edb18b8883865f76b4ca47c12d1740237669dd8eb55bf661f81c2a7774ba01a00aff77936b7e4a3a8e5bf86cd2d4f8c9900e6a536467d17df59ed2876e6f26e48458a3cff56eeb34716d8d1067ae7459f8d54195e295d6edad324f4c12a63ce1f52ce048211e0c31739cc65db98e1145cc999dc39a449f31fc2abaaae8dee5ab11ce5d7b2ae40d1cc65f37b84e30a252b9a450d10d1402924184fc23d1609353b486c9b3e17318428ee2a22cf1b60ff09df8f81160669f45a8e8b4283cde5a3be97b30a6392993ba92f1e5dfbc313f2a0614062e8706b3562ef081a2c1bcc6041ba325a79598a435c09688cea16a9df4f6906684a80417a60bca7847199c78d1bb4c013f0b27311988a2db9296daa274871ee2405ce055117c12ff7f40f6ab526e774994497e130f564b79fc0571e22b615e99b8c7066438cb1e4194649a95cbaf014543f0424bfc45f020fdf2495e9c0c01b306f7ca55fba16f2a6f23e719e617c37cd858c1bc3c4617f1bfa38c31dae0d75064178e15170021c7b92cdb27edd6b12e12317bf6f42fec0d32ad087c04676e0361b397342f49059365faa4a47801be98a840fa452aae6d844b5fe680af93656d483ba7404394bf528d18d3f2cd3704a43caed37e6e65c5913758652bb3ae1f48d436940104cbe600ffa05eac86be0e0712af640b8cc3c2f667da2e6e4c82aca66a0ab1638522fc215556b6ac985b1824155689cc82e2d19226d2cff488c3820722999479e2b71284fe52864d9ea790576174ae7ec6941aff9ee2c1a97fad0a305060e4a71997e82fdb84959d480432e4610bdad512c83894cbda64e4a846514522655fcff0d10045242dde8e4c4d9889378d56410ac6e9315887630b8f4ff55231344e23b458718f6679a52c3bda576bbbe261c8a473f98d998e24a5b7fb4104937a03f8ec9201747ba1d3ec015d0a3ef8cf9ecba69cd616fb136ffd9d4d43537a3e17e8f25cfdba97f19bc876db74ad8e6748d8b4e05a1c0b1c2918be66d5c83f814d057a981f707a163e103c820b9a73b844b0c864029f4f2f43b0652a0fdf1426b1f74c11bfe6c7c76d8223d24b5f87de22f4f167c429120b66a74a91542a847cf5ce746b97f9ce042d0ade04f428414c2d4e0cd49df2403092b053b3adbfdf682805adb615bcc15ba9c5c522d2b1c6e8051967b020b7d045218993d96ab68c662280e1dd4080ad6752369ff44890504997795893ad93dcfecf53156a30d8e617e268bd1cc568724e33b67907998a9baf475d7900d26d94d85cd08e9a730f33c2479a94c3b48df23324f054b94184f4d6c6ff3edcb3fe66c50070f802111135c225996d16c74539e32d561560c91cab3cfa532f0a4ebd5d232276a84e2bd8c51d7c60d9d5a71449e74317ef7095e8f9ba77423467a5511d82934278aa856d4d0aec73f9cdf8679af3d4bbb223c2b8200f6cdca5ba960a45ae481d158940949b2f1e6688b1ba5141e5fe33de4f3591d858fa63343afccf51332fe1b8fd4cc85fd54e3219f3d49d939edc186f61bac06e4473b5c870ad7d96f0caf54871c83dbc774b8a3c64d1750d87f2bae5acfd800c1632a563b26f66537c5cdaf921fc6a2ae4c37a316a17abe5624b6efaa5c2924d9595a9fdd81c644a33f8b2638438e9ea805661f5612fadf22a75a4d5c07ed51b0d975962cd5780675617cd36a6ff64ea54a5b7d13f22d72c45534cbd908c489e8c032f5f56471fcd9ceebda60ab2fb50fa5faeaba099b53703505e50ffbae7bb27e621d3d26241a36e8cfb1330742862fcb363d536db21f3f16e949f83e87d3decd6920fd0e4f37b09f17109f5773df638f75f39a3752e", 0x1000}], 0x3, &(0x7f00000019c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, r4, r6}}}, @rights={{0x20, 0x1, 0x1, [r1, r2, r7, r8]}}, @cred={{0x1c, 0x1, 0x2, {0x0, r9, 0xee00}}}], 0x78, 0x804}, 0x20008810) syz_mount_image$ext4(&(0x7f0000000140)='ext2\x00', &(0x7f0000000180)='./file1\x00', 0x9, 0x1, &(0x7f00000002c0)=[{&(0x7f00000001c0)="6ca17f414950dd97d202db2b96add7da83fa999af38209698e4364cd232c1141a750a663d97cbf080119cc7688e19df7932f0b5a4d1ed6b34ce8a59d941c8635e5763dd44d63ad58bb6b00ad16ed9a62417b233a337ff2e3a0fa55b21bad911a6def55fb689d688aa7cbe03a92c7caca59f52e161b8cf2c2404a2b477e0200a000515ffaac4dae1cc6888a8432288d2e8e5ffacb79da0cfe3082b2bd6595318d0b9c49954d6e45d293c3755ed8568b8ac3fb3cb1fbf788de961a16880add5a7ede363be2620a1a99faa22b9321dc1d", 0xcf, 0xfff}], 0x1e00a, &(0x7f0000000300)={[{@errors_remount}, {@dioread_lock}, {@dax}, {@jqfmt_vfsv1}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}, {@discard}, {@barrier_val={'barrier', 0x3d, 0xbd}}, {@debug}], [{@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}, {@hash}, {@rootcontext={'rootcontext', 0x3d, 'root'}}, {@uid_gt={'uid>', 0xee00}}]}) 18:37:05 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="c00000001800210c000000000000000002"], 0x28}}, 0x0) 18:37:05 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28f000001800210c000000000000000002"], 0x28}}, 0x0) 18:37:05 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280005001400210c000000000000000002"], 0x28}}, 0x0) 18:37:05 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28000000206c210c000000000000000002"], 0x28}}, 0x0) [ 3383.018047] loop2: detected capacity change from 0 to 32256 18:37:05 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280006001400210c000000000000000002"], 0x28}}, 0x0) [ 3383.055577] FAT-fs (loop2): bogus number of reserved sectors [ 3383.056350] FAT-fs (loop2): Can't find a valid FAT filesystem 18:37:05 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28fc02001800210c000000000000000002"], 0x28}}, 0x0) [ 3383.061346] FAULT_INJECTION: forcing a failure. [ 3383.061346] name failslab, interval 1, probability 0, space 0, times 0 [ 3383.063946] CPU: 0 PID: 17176 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3383.065417] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3383.067181] Call Trace: [ 3383.067750] dump_stack+0x107/0x167 [ 3383.068539] should_fail.cold+0x5/0xa [ 3383.069353] ? create_object.isra.0+0x3a/0xa30 [ 3383.070315] should_failslab+0x5/0x20 [ 3383.071119] kmem_cache_alloc+0x5b/0x310 [ 3383.072001] create_object.isra.0+0x3a/0xa30 18:37:05 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280007001400210c000000000000000002"], 0x28}}, 0x0) [ 3383.072930] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3383.074096] kmem_cache_alloc+0x159/0x310 [ 3383.074979] ? mempool_free_pages+0x20/0x20 [ 3383.075918] mempool_alloc+0x148/0x360 [ 3383.076761] ? mempool_resize+0x7d0/0x7d0 [ 3383.077661] ? mark_lock+0xf5/0x2df0 [ 3383.078468] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3383.079605] __sg_alloc_table+0x24e/0x390 [ 3383.080518] sg_alloc_table_chained+0x9b/0x1f0 18:37:05 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xd5020000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3383.081500] ? sg_alloc_table_chained+0x1f0/0x1f0 [ 3383.082579] scsi_alloc_sgtables+0x236/0xaf0 [ 3383.083531] ? scsi_cmd_runtime_exceeced+0x1d0/0x1d0 [ 3383.084631] ? lockdep_init_map_type+0x2c7/0x780 [ 3383.085654] sd_init_command+0x2f6/0x30b0 [ 3383.086541] ? scsi_init_command+0x4ee/0x750 [ 3383.087496] scsi_queue_rq+0xe5e/0x27f0 [ 3383.088373] blk_mq_dispatch_rq_list+0x372/0x1c40 [ 3383.089423] ? elv_rb_del+0x50/0xa0 [ 3383.090203] ? elv_rqhash_del+0x119/0x160 [ 3383.091089] ? blk_mq_dequeue_from_ctx+0x7f0/0x7f0 [ 3383.092154] ? dd_dispatch_request+0x1c0/0x990 [ 3383.093143] blk_mq_do_dispatch_sched+0x7f4/0xa00 [ 3383.094195] ? blk_mq_sched_mark_restart_hctx+0x80/0x80 [ 3383.095342] ? lock_acquire+0x197/0x470 [ 3383.096199] ? hctx_lock+0x7f/0x200 [ 3383.096989] __blk_mq_sched_dispatch_requests+0x2d7/0x450 [ 3383.098164] ? blk_mq_do_dispatch_sched+0xa00/0xa00 [ 3383.099245] blk_mq_sched_dispatch_requests+0xfd/0x1e0 [ 3383.100383] __blk_mq_run_hw_queue+0x12c/0x290 [ 3383.101362] ? blk_mq_start_request+0x3f0/0x3f0 [ 3383.102361] ? do_raw_spin_lock+0x121/0x260 [ 3383.103293] __blk_mq_delay_run_hw_queue+0x53f/0x5a0 [ 3383.104394] blk_mq_run_hw_queue+0x170/0x2f0 [ 3383.105338] ? blk_mq_delay_run_hw_queues+0x1f0/0x1f0 [ 3383.106454] ? dd_dispatch_request+0x990/0x990 [ 3383.107436] blk_mq_sched_insert_requests+0x247/0x720 [ 3383.108556] blk_mq_flush_plug_list+0x415/0x6c0 [ 3383.109561] ? blk_mq_insert_requests+0x450/0x450 [ 3383.110608] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3383.111859] blk_flush_plug_list+0x26c/0x3c0 [ 3383.112803] ? mark_held_locks+0x9e/0xe0 [ 3383.113676] ? blk_insert_cloned_request+0x450/0x450 [ 3383.114771] blk_finish_plug+0x50/0xa0 [ 3383.115607] __iomap_dio_rw+0xca0/0x1110 [ 3383.116509] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3383.117488] ? ext4_orphan_add+0x253/0x9e0 [ 3383.118394] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3383.119445] ? ext4_empty_dir+0xae0/0xae0 [ 3383.120338] ? jbd2__journal_start+0xf3/0x7e0 [ 3383.121307] iomap_dio_rw+0x31/0x90 [ 3383.122091] ext4_file_write_iter+0xe0e/0x1530 [ 3383.123082] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3383.124063] ? kasan_save_stack+0x32/0x40 [ 3383.124945] ? kasan_save_stack+0x1b/0x40 [ 3383.125825] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3383.126906] ? iter_file_splice_write+0x165/0xc90 [ 3383.127942] ? direct_splice_actor+0x10f/0x170 [ 3383.128914] ? splice_direct_to_actor+0x387/0x980 [ 3383.129941] ? do_splice_direct+0x1c4/0x290 [ 3383.130860] ? do_sendfile+0x553/0x11e0 [ 3383.131706] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3383.132706] ? do_syscall_64+0x33/0x40 [ 3383.133538] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3383.134688] do_iter_readv_writev+0x476/0x750 [ 3383.135651] ? _cond_resched+0x10/0x30 [ 3383.136495] ? new_sync_write+0x660/0x660 [ 3383.137388] ? avc_policy_seqno+0x9/0x70 [ 3383.138258] ? selinux_file_permission+0x92/0x520 [ 3383.139295] ? security_file_permission+0xb1/0xe0 [ 3383.140344] do_iter_write+0x191/0x700 [ 3383.141179] ? trace_hardirqs_on+0x5b/0x180 [ 3383.142109] vfs_iter_write+0x70/0xa0 [ 3383.142927] iter_file_splice_write+0x726/0xc90 [ 3383.143945] ? generic_splice_sendpage+0x140/0x140 [ 3383.144826] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27680 sclass=netlink_route_socket pid=17193 comm=syz-executor.0 [ 3383.145011] ? security_file_permission+0xb1/0xe0 [ 3383.147519] ? generic_splice_sendpage+0x140/0x140 [ 3383.148580] direct_splice_actor+0x10f/0x170 [ 3383.149526] splice_direct_to_actor+0x387/0x980 [ 3383.150532] ? pipe_to_sendpage+0x380/0x380 [ 3383.151460] ? do_splice_to+0x160/0x160 [ 3383.152324] ? security_file_permission+0xb1/0xe0 [ 3383.153366] do_splice_direct+0x1c4/0x290 [ 3383.154253] ? splice_direct_to_actor+0x980/0x980 [ 3383.155284] ? avc_policy_seqno+0x9/0x70 [ 3383.156172] ? security_file_permission+0xb1/0xe0 [ 3383.157223] do_sendfile+0x553/0x11e0 [ 3383.158058] ? do_pwritev+0x270/0x270 [ 3383.158876] ? wait_for_completion_io+0x270/0x270 [ 3383.159934] ? rcu_read_lock_any_held+0x75/0xa0 [ 3383.160933] ? vfs_write+0x354/0xb10 [ 3383.161740] __x64_sys_sendfile64+0x1d1/0x210 [ 3383.162707] ? __ia32_sys_sendfile+0x220/0x220 [ 3383.163700] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3383.164844] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3383.165958] do_syscall_64+0x33/0x40 [ 3383.166760] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3383.167868] RIP: 0033:0x7f8c0677ab19 [ 3383.168666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3383.172624] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3383.174258] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3383.175794] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3383.177334] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3383.178864] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3383.180410] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:37:05 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280009001400210c000000000000000002"], 0x28}}, 0x0) 18:37:05 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28000f001400210c000000000000000002"], 0x28}}, 0x0) 18:37:05 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28f616001400210c000000000000000002"], 0x28}}, 0x0) 18:37:05 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280048001400210c000000000000000002"], 0x28}}, 0x0) [ 3383.186656] loop5: detected capacity change from 0 to 32256 [ 3383.232745] FAT-fs (loop5): invalid media value (0xf2) [ 3383.234029] FAT-fs (loop5): Can't find a valid FAT filesystem [ 3383.276726] loop5: detected capacity change from 0 to 32256 [ 3383.306845] FAT-fs (loop5): invalid media value (0xf2) [ 3383.308192] FAT-fs (loop5): Can't find a valid FAT filesystem 18:37:17 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 33) 18:37:17 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="c00e00001800210c000000000000000002"], 0x28}}, 0x0) 18:37:17 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002074210c000000000000000002"], 0x28}}, 0x0) 18:37:17 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{0x0}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:37:17 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28004c001400210c000000000000000002"], 0x28}}, 0x0) [ 3395.317080] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=29728 sclass=netlink_route_socket pid=17221 comm=syz-executor.0 18:37:17 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280003001800210c000000000000000002"], 0x28}}, 0x0) 18:37:17 executing program 5: ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000001740)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x8, &(0x7f0000001580)=[{&(0x7f0000000000)="30f0092ec032846c9e17f82b87422f69ef6323ecf05697d2cbb067412174d8181173d6fa78db7a9e9210ea8d8b7ba5ab479755a115c6694f729ccfe4d76473dcf21077c7e0", 0x45, 0x1}, {&(0x7f0000000140)="ed07451119635b6d17a89067fd10d5670d6c0158112264627e32e93f0b3fe2123a453069ebe2e63c09ea7f0068e14de1fbf068bd95b31a86ab5e2e64ab0fbf18817574a877416eac49b041d9f210ec38810645024e607cbe9b569ff0f1c5fbdc838bf21f15ec857b96886dc8e6ed25f7541b54b57191a3b7bc7fe665a2e2892bf58556a3beb0c3960bd41b86af", 0x8d, 0x200000004}, {&(0x7f0000000200)="18e683acb5d3e97b863ac0a6d22818d918638892947d36bb92", 0xffffffffffffff17, 0x6}, {&(0x7f0000000240)="d68717", 0x3, 0xc7}, {&(0x7f0000000280)="d1a4be3498272a56264f667b1204eb334ea827f61a2cfc311f51334644647f7c6b5a57a3e7fd0238f322d89a3f283e4bb8f17fd9bad2bee64278ade614146cb0bbbce3f58a400244bdca12a4f4bd795468ac86a0a8e8668a3337314fb1b871bc16665604a4b340027fd9fa8b4f4a1fc4da4ee4420246eba2e4a7a0db6a2fb2f145a07d8b7fa8e7cf672c95f2d8d08c6c4f975fcb7b63fcc7e9f3434d7736194a2adb511b58f039ff8cd935b987c43c49ab37519fe767c9783cbeab88401cd674ab6e38eb5ce79ab6950efc461b055cab06bba0d07afb334787a0634228160f2f014382e2661d97b4e3df020eecd435f996", 0xf1, 0x3}, {&(0x7f0000000380)="ddc60f54dc162242431185be343ac121b0b7256539b67dc725e9751043e4f16d969c14227146d2c52b06ff9139fbfa15178d198d79e5305df3096fe2764a539b092ea89fa20efd2d6b11fc7d6927f0caf769907c53fb0d9e6a7c0113e6946ec2764137b1bbece9019697167603ccd557e0cb0afc0018fa9330ef7f67777aadb8defa778d9c39d8aa4080f92cd957e801694ef6127839148a55b87c6f9cf76fc8e106946214a95e797494a9782ed7d113707a5a405d4c9e27b62b34623ebd53b832751841f969d7778fdba13d82cea3d263bcbe146a8dfed164142ccd9e766e46", 0xe0, 0x1}, {&(0x7f0000000480)="dd217b641811e9a87df7c8795552144f91364645d143e3db320a83cff4d3e7b0b8858846a0ee855fc3684a8ff641010e765e97c7f750d8f17da1971dc848c2e1734d7c8c33c0067bfc42b123c3196e48124b4f201878bda7afe80109a0c83a8b02860be38845ffdde71840e93bc9823b4fcad915d2058012f2a3f9ebeab595ecdf4229b09a3b10eb9412ddbd49b5a71f37a9be8d30a200fef4a914124e61809565ee879266657ab2a0dbb794b6b5da85919cbf5ab4fe973e2b7916340b26e5eacf4639ae07b09e3b2d92f4ab88208efdc626fb3451619561054ba1ca0cf9cf09b58d0c30d8157ec0d2922d01678b182eb1c5741ea4836d708879039829431d7e4372e2a0ac768645d673aab64c78e2476c758046df7c0eb192713a16f18b6c5f7a6d87619ec17de3670c403c56b910315cefd7282e07b7fd9c8214d2cf121776b9e5968223dfeb8e878c9ede38cda46ee72fed4c062ff44e029ca5f44bda289d4955cd3186350f718a8eeb0ff575fd332129110de36c72dfbaae2894c552ebc57e615098490cc7a2c3aac95f25a0335c11c9b73af47f2d7e813127002f8f876c4b3da94fc72b9d161682c3a28c3391dd886f5e6909b1b815bccf845737c5b308f1a3983dc3dcef6236950a9287063483544b484d949c1e61b26ecaa56675098f945d3c72381e36ec41d1559dcb25f36339a40c74a753c2379ecc09ba9da164c36e31bfa0f8fc6c6ed9d67016106257a7d4fbef523ca3e54e27dc070dcbf6d65cbc011ef975b64d21210dcc7b733e2a9315a6a1e9a05b143515dd248135bf9087c1389114aafcaa8a615941283d5c10e9dbce116421994e32a34b00463413eb82906293065ef0d77245ca16fa46602abad4909b9f746911427c0e5de0e3dd26b6b9aa6fb2fc68cb3648053d1ed6c7606123152848e921fd45435ac792a8e781a6a98e55ebfbfbfa29c03354eb199dd79ab79a5ec1c784d34cff178b636ac6bf93639353e7af088ea02efdb8bf20b90103d3cbb86a4343eee2063081f4481df313c67efce389a587b374902c135b0e94403852eb6c14391c2b9556e3a4fe4bba5952c13773d9220563135661c0707827f55f2e8b739f8f3a97e8f00a7b3cf54d27ee0daaf602dbdf12e11b878f2d59f39c82b736705b0b17536dc2d8d8754347df2122d679fe1e1be7c742de8c0d4eed424d35563597186c330365f16a6c5ada535cbd6fbedba8df24a54e024dbe165b58f710a973826ca16ae480e00886b3bfa4275bf23960f24c794ebc4ab39af40f82a690d29db9b36668b95cd70d30ee3e1a46ba984c27d4b085d1e23900604c5669d697da5c1af049fcc66528a0c5423a21ef85cce5f6d7f55edaeb2781d868fae1bc75a1365322e8494f56927e120c7f7f64236301770ae5b28cd090a6947b7905dd7eb9f062b62309e49b905ba3e37be07ee1a1b398b24f32ad58f86fd8902842c9b12a41249137c23297ae998623811898f86c4f508ff2712cf38292827179a272365b3f92213d9181abc1ee0437e888fabe296f8e91f75924c260a3fd68a780842e967eccc156bab4d1fd7c2d71115c740cd64e3104864609747b01cdc401ae4f4b0fab61c0f60601ac5bcd4394721759160a1f29cf8ec377b0fb5446b047d54bc945929575276256733e80732b7bd0ba37a47c99643dc7c1fa85156941d819e8581fbae6760653d0d1286d134bcee6cc6a9d384df2638ec7dc5f6f00effc0fb18a24414e0819726c38cb0a5eff1eb38b2c279d9e1e59304e8c756846726da2958d6c4c237550290c5462388e152222933269b4eb5ce0e43d3986aaf87a7d337bdda369376cfe4e4a39bc633597238cd61c98da4ab33166bfeb57ce52872654e35062af923e72f9a2aee7cbaf75843f206f1ae4e41ad4b122aebe1cfd997821dae62b3ea8aabd8daf07665feeb8c2fa41bca16fa0d225691115926df55566718a008075de6c9c6f3614efb7f71aebefbcfa42128740d3d722883b89263730f5cf9086652a4123fb854f8970988e9068f7214244b0b15cefa534ff4bcf616dc905116c3c940697412cb265f16f449434d75716fa62c59baca2d21fe6836fa3c6f775dd1fa4ee5c470fa8e4e622c094246aa3c485339b81682fb7eb66fe6d81c4445ec9e1510586128d269aa557848cb45d2ed99421d3fa210b4654c384e47ff8ba6d8f84a43559a64a65d94bec339c6db848c29a402dcad93971ba95cb2f79df017852ebfc32fc80bc516a69dbd2078a784751daba78f1ffc932547c46287a62bdd95f7c9b0823b94db30962ff787af6037c99c3f0f8dd6be6a8773fef17fb8bab6cfdc600d8955801bfae1891766dfe69f64fd005d0dec963b9a6712870bc5e261839d533c5d25583e47740c00fbf2bb3f9ff14f7229b47bee6f287d9400f15978ea00f06066c10c0a2b12dbce1bde1d5db5f9e411b4ca1b6a8b432b571f3e480e60378bb59cc9c58fda0627af686fcdc019507ef32b1d3f70bfd2b966995dfedaf365afb5bfed7db6d375e917a3d3cfce9db63468fcc480d123b04e72f9e750d7de9bf0a2827caf333b3680e53ca4b6257a6dc7707c32083a9d4da3be9424df8dd8911a25a9f3711057c1894eae3050c2915f10a55634a0d32bab0dc48759d18e494744f0aa1fd532c6ae292684b0d94278e4bd97bed60f2d35d02dd7dabf5d3a6e5d030ef4727a5a30bacd612a3d1a843474879323e5443588e01a0b7cb514ecca6e10f77ca80774a8456e6adafddcd40fc1eef0877f403410074d938319911de38a7bfb5b04b4f2545e03f9b3a51d139fd41e22b707d265310a682235248e255513d0add8b82b5a55fab4da160b0dec2f98bb88f31ef259487c699abeb568d6267c048122e3723807c96b927d28d0030f3e60b574aa30cdab806bfff43434d68256f69ded1f9fa7203ab487b6475cc24774c85a5d4c99d121937d7b119c1c13f764acbd34ed3c96890f69acf0dadf1bc63bcad23c2ceeefc6b7b8616af2763d60b67f69168f171a7d8123568fdd2ccf178b6484a2cac44a8efefc71160057b24ab3280322137c5cc1f4a3579ea643d964026fefac881995f38d7dc4ff2a54afb2f437a75b2fba6adc269d3a8424498a0a7615a007794b2cbc6ca7f610f6cb72dbd982713c1c4a80da400ec542f3415aaa228a09d2197f3c66435f83a27e5becffffe197783713dd56ba11df021bc3e3125570ee9a6ee3b5c17881b0aff87c817982c508be5b4d39dd448d659d69f4f8c775fe2e45aec1e150855d6c93d691ba140faed77680b46bd0875e77de1191fac07668bb67f87a1aea5b91c3c5fe55cd09c33a551422dc73d74942d5eaef5c35646667d7ca746dec693276030aefb5c27165e18abfa9d3c265bfdf6c452ab113e3951f6c3d97503acabbf41d4dd0b4fb5b183de70151fe0f710fe42915cc35d210122394453a4e199a65a3378c7e242c7a7e3809d32d9861678cdc1c054fecf60ec3999dec0c02d615e9eb248455a292d15f76cfbfecac01dae5832cb6fa494457896131473b4970510817d984903dbfb7ad218e7c4c63afe723a489b0ccf290517783058ccc7caccd70c59e8417088e51334cfd8691d39bfb2fe36cbe7cdc7c5368834c780e9f6d311ae8107f2e77e87343615922fa91164f647f1101a0ea219e222255df58e5e56648a983ac5c36f71ea11441738352c015af35a7cec3ea8555b55c2d64068c14f040e3f19b53b582b168f78acb4cac75a5c4d4e32bdaf2b500e22b6624e0678f52d1bfc3a079f1436aea32fc7bdd4e70757f43aa649aa2fc7013629b339b232f92ee8af5c531e03d46cccf688171c0d7190412a4125b99fa6845406426c20d6f291fee371e8b8d4dac7e3ca01cf326805739407b01b124ba2e35e4198a84273b00c756a92d0eac93f77f8c9354b3980b75046fa68fd87991c2179cde0685e2572d54f8a3a4156ca584992eee35372758c35abb59b2dda1130476d34466c1ce9ff89325f46379ffa855d5d9bf68c28f69ad4fe02b13b089120b0d4d33629226f7599ee8119f5d8dea217fc9aa8cf3364caf8817bbaf604f494c8f9faea057492438a75fd5a03b4554082ace0a88a14059697db6715b804c8cf8bf973d298d2e0cfb032168b9bd9506c4afc991e6e95c4806a1598dd53274c1b9d395aaf4e5f838dc074309a8ba67acbfba7876be001f0a78d5c475e521774493aea499dcef5e3a098f071d83c82e0b6049cff01e0a94732f087c3351df9f60e2bbda7a477d3de14c4b568e4bb6bc8fd25c1ce56b8883984ae4f07c6562e0cca62b13c1cda2cd3271284bec14b3f4f40ffa116ffbaef749e3f970fdf3910b6b791e270aea380d4d32be8f4faf556082727b36832112d399758bcfdceebcce4721b70710eaa232e061b52974cb417040cf3c8bc98fc6421e1b0e18a8de81eddf51a4854667099ff3bd7516abd2b7fe907c997d264073e344541c040e527cb7a8bc8b674609180e8164518e25afc368cfc06a08ca37ca936d616a243319a3ef2338e705a8fadcdec280b034f5da0c298372de15092e47b61dd801af01dd833fcd621be7dc8d4a250f5b6cd75fc9aaa438bd9b396fd68965040eee7222f8768d3efd8baff4e07599e744decc1cbd53230a4b25b8565785eda3608ff5cb28eea33c9334e750809ea82686c5eac5be559027997583a5439e79e63683cc5e47aebe6d39505e4832090e2059d2309f7970eea7d9b5ce440e00b86476832980f0d41f8eb85684b107584de460dc24fceb9b40b5c6be5a6bd472bdb7e4c15bb94d44e332585c1a925f722d7f6313a1ccbe4b3772688092ba7d9e52534e68cec97983daf3074fedd3f80f13ebe77a10778842150d7e963ad0089871abc1548c91e638e573cd1dad6b6c5eb1ed0c598bb390978e10a2f291929c21197e4a987be46619557603028cb560777beeb527d74f4d22e737e83016608dcd938e8d01de22e016279ce854d862ed0486501730473be08d8d41eeb72d96de3ccda0989e5ca15f2224dcdde0c0ad3c4fbec9aaa399ae75909b62f71bbba5509fa920fc4b4bcfe7359a33c63e0f6084a1d873654d91402675ba1ea6f9407c52d67c3d28d605826f18e1c163b43005b13bf204bfdd016537bd53e1ead53bf0399ae088c961589a5fcc57f6e0ea80280ea1b53ed020bd706d4238f33c79cc163146bc0168e411a55dc9a6b0809f9b8cf28aeb8511dda87e2eea064d7e3dd31ee6cba88977a7470f24469946c485b725824b78e350eac957e36679b4b058e73d31ae7cdceb14f26a458e76efb52839089c2c14c6f351444eac64b9c21f8028cd3953bbc00ac93639cc04cba3c35f862f788c4f07e00b378df658d5f806f11f002d8071f7ca3b6360dfdfb0c638f4502863bcff4e50cd9436bd78b597baf2e9eef4e26d86cb59b56721b55e0d7edee848ef75af048dd3ab156a8b6e57ceffade5f9f9b5d761e77099c6b3a4a79a56fe30e1ecbdc10bf4f2b2e582133ce71c0a878baedf6284a5983a53daf9f726d225bc9ee1b1675eb43706efefe3e16c648fc3c67887fbb29c8ef51f1baf62439ac20e1f4f7715e399739b263c6180664ee3999dbaff62183b5ea9424e68be93f2feea6734b01965ac94229a750c60052ee18ba830036db4bca4169cc698d200caeb36af5f1defe09ce1b0a57cf0ef6057d2b696ee8f633fb22abdc27767c1120d5420dc4d3f933a2b30ce7be1023a3a0e2f9eb7fa38105c6cad2dc6dbdca315a46c7b6edf7d7e5145eef3f86de053b8ca86fc498d3b49e6ccb20a5002f", 0x1000, 0xd0000}, {&(0x7f0000001640)="2a9029a18fd363d953f761683042c066bf69b2b922856aca7629afa7049cd17b91361175405936ec7fddc6dbf8d466f689641e50a6ef11da7c936d73a688a162e441dcaff4de102d277865c3812bdb29a741e3c8a13ba2f6bd514759efbfd3953ecb56ad92a566b840724d49b7c9ffbe92be2a4080dd544a64494d58fbfaf3f19a0965696304393dff3387557bd798abe46e3eef26bed4a8546e03d5d7ed39e722d0158d5c9c55bdcd12c8d6b6086c3f2323f7a5c2d717efbd4d54172739130d8205997c8b4d5fef51c4aec84d6b73a712a65151527d6bfe123a1da30ed990b25b4908430808cfbfcd19", 0xea, 0x3}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000001540), 0x80, 0x0) perf_event_open(&(0x7f00000014c0)={0x0, 0x80, 0x5, 0x4d, 0xba, 0x0, 0x0, 0x49, 0x84, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_bp={&(0x7f0000001480), 0x7}, 0x8650, 0x2, 0x61c, 0x0, 0x100000001, 0xb82, 0x3, 0x0, 0x2, 0x0, 0x40}, 0xffffffffffffffff, 0x3, r0, 0x0) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) 18:37:17 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xe4ffffff, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3395.327353] loop2: detected capacity change from 0 to 32256 [ 3395.332721] FAULT_INJECTION: forcing a failure. [ 3395.332721] name failslab, interval 1, probability 0, space 0, times 0 [ 3395.335185] CPU: 1 PID: 17234 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3395.336662] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3395.338414] Call Trace: [ 3395.338980] dump_stack+0x107/0x167 [ 3395.339746] should_fail.cold+0x5/0xa [ 3395.340570] ? mempool_alloc+0x148/0x360 [ 3395.341428] ? mempool_free_pages+0x20/0x20 [ 3395.342336] should_failslab+0x5/0x20 [ 3395.343139] kmem_cache_alloc+0x5b/0x310 [ 3395.344009] ? mempool_free_pages+0x20/0x20 [ 3395.344916] mempool_alloc+0x148/0x360 [ 3395.345751] ? mempool_resize+0x7d0/0x7d0 [ 3395.346638] ? mark_lock+0xf5/0x2df0 [ 3395.347426] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3395.348550] __sg_alloc_table+0x24e/0x390 [ 3395.349434] sg_alloc_table_chained+0x9b/0x1f0 [ 3395.350393] ? sg_alloc_table_chained+0x1f0/0x1f0 [ 3395.351409] scsi_alloc_sgtables+0x236/0xaf0 [ 3395.352351] ? scsi_cmd_runtime_exceeced+0x1d0/0x1d0 [ 3395.353422] ? lockdep_init_map_type+0x2c7/0x780 [ 3395.354428] sd_init_command+0x2f6/0x30b0 [ 3395.355304] ? scsi_init_command+0x4ee/0x750 [ 3395.356250] scsi_queue_rq+0xe5e/0x27f0 [ 3395.357104] blk_mq_dispatch_rq_list+0x372/0x1c40 [ 3395.358136] ? elv_rb_del+0x50/0xa0 [ 3395.358899] ? elv_rqhash_del+0x119/0x160 [ 3395.359778] ? blk_mq_dequeue_from_ctx+0x7f0/0x7f0 [ 3395.360826] ? dd_dispatch_request+0x1c0/0x990 [ 3395.361799] blk_mq_do_dispatch_sched+0x7f4/0xa00 [ 3395.362830] ? blk_mq_sched_mark_restart_hctx+0x80/0x80 [ 3395.363955] ? lock_acquire+0x197/0x470 [ 3395.364798] ? hctx_lock+0x7f/0x200 [ 3395.365572] __blk_mq_sched_dispatch_requests+0x2d7/0x450 [ 3395.366736] ? blk_mq_do_dispatch_sched+0xa00/0xa00 [ 3395.367796] blk_mq_sched_dispatch_requests+0xfd/0x1e0 [ 3395.368905] __blk_mq_run_hw_queue+0x12c/0x290 [ 3395.369862] ? blk_mq_start_request+0x3f0/0x3f0 [ 3395.370843] ? do_raw_spin_lock+0x121/0x260 [ 3395.371753] __blk_mq_delay_run_hw_queue+0x53f/0x5a0 [ 3395.372844] blk_mq_run_hw_queue+0x170/0x2f0 [ 3395.373768] ? blk_mq_delay_run_hw_queues+0x1f0/0x1f0 [ 3395.374864] ? dd_dispatch_request+0x990/0x990 [ 3395.375825] blk_mq_sched_insert_requests+0x247/0x720 [ 3395.376921] blk_mq_flush_plug_list+0x415/0x6c0 [ 3395.377914] ? blk_mq_insert_requests+0x450/0x450 [ 3395.378941] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3395.380171] blk_flush_plug_list+0x26c/0x3c0 [ 3395.381104] ? mark_held_locks+0x9e/0xe0 [ 3395.381965] ? blk_insert_cloned_request+0x450/0x450 [ 3395.383041] blk_finish_plug+0x50/0xa0 [ 3395.383866] __iomap_dio_rw+0xca0/0x1110 [ 3395.384757] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3395.385722] ? ext4_orphan_add+0x253/0x9e0 [ 3395.386612] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3395.387653] ? ext4_empty_dir+0xae0/0xae0 [ 3395.388524] ? jbd2__journal_start+0xf3/0x7e0 [ 3395.389477] iomap_dio_rw+0x31/0x90 [ 3395.390257] ext4_file_write_iter+0xe0e/0x1530 [ 3395.391232] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3395.392195] ? kasan_save_stack+0x32/0x40 [ 3395.393065] ? kasan_save_stack+0x1b/0x40 [ 3395.393932] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3395.395005] ? iter_file_splice_write+0x165/0xc90 [ 3395.396037] ? direct_splice_actor+0x10f/0x170 [ 3395.397001] ? splice_direct_to_actor+0x387/0x980 [ 3395.398014] ? do_splice_direct+0x1c4/0x290 [ 3395.398923] ? do_sendfile+0x553/0x11e0 [ 3395.399769] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3395.400753] ? do_syscall_64+0x33/0x40 [ 3395.401575] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3395.402704] do_iter_readv_writev+0x476/0x750 [ 3395.403647] ? _cond_resched+0x10/0x30 [ 3395.404482] ? new_sync_write+0x660/0x660 [ 3395.405363] ? avc_policy_seqno+0x9/0x70 [ 3395.406217] ? selinux_file_permission+0x92/0x520 [ 3395.407240] ? security_file_permission+0xb1/0xe0 [ 3395.408275] do_iter_write+0x191/0x700 [ 3395.409108] ? trace_hardirqs_on+0x5b/0x180 [ 3395.410024] vfs_iter_write+0x70/0xa0 [ 3395.410830] iter_file_splice_write+0x726/0xc90 [ 3395.411826] ? generic_splice_sendpage+0x140/0x140 [ 3395.412886] ? security_file_permission+0xb1/0xe0 [ 3395.413908] ? generic_splice_sendpage+0x140/0x140 [ 3395.414941] direct_splice_actor+0x10f/0x170 [ 3395.415878] splice_direct_to_actor+0x387/0x980 [ 3395.416869] ? pipe_to_sendpage+0x380/0x380 [ 3395.417874] ? do_splice_to+0x160/0x160 [ 3395.418717] ? security_file_permission+0xb1/0xe0 [ 3395.419742] do_splice_direct+0x1c4/0x290 [ 3395.420635] ? splice_direct_to_actor+0x980/0x980 [ 3395.421649] ? avc_policy_seqno+0x9/0x70 [ 3395.422511] ? security_file_permission+0xb1/0xe0 [ 3395.423533] do_sendfile+0x553/0x11e0 [ 3395.424370] ? do_pwritev+0x270/0x270 [ 3395.425186] ? wait_for_completion_io+0x270/0x270 [ 3395.426212] ? rcu_read_lock_any_held+0x75/0xa0 [ 3395.427198] ? vfs_write+0x354/0xb10 [ 3395.427999] __x64_sys_sendfile64+0x1d1/0x210 [ 3395.428946] ? __ia32_sys_sendfile+0x220/0x220 [ 3395.429915] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3395.431023] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3395.432128] do_syscall_64+0x33/0x40 [ 3395.432911] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3395.433995] RIP: 0033:0x7f8c0677ab19 [ 3395.434789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3395.438671] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3395.440286] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3395.441788] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3395.443290] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3395.444810] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3395.446317] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:37:18 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xf5ffffff, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:37:18 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280005001800210c000000000000000002"], 0x28}}, 0x0) 18:37:18 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280068001400210c000000000000000002"], 0x28}}, 0x0) [ 3395.469583] FAT-fs (loop2): bogus number of reserved sectors [ 3395.470397] FAT-fs (loop2): Can't find a valid FAT filesystem 18:37:18 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28006c001400210c000000000000000002"], 0x28}}, 0x0) [ 3395.517826] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=29728 sclass=netlink_route_socket pid=17252 comm=syz-executor.0 18:37:18 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{0x0}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) [ 3395.535801] loop5: detected capacity change from 0 to 135266304 [ 3395.551628] loop2: detected capacity change from 0 to 32256 [ 3395.556602] FAT-fs (loop2): bogus number of reserved sectors [ 3395.557350] FAT-fs (loop2): Can't find a valid FAT filesystem [ 3395.584685] FAT-fs (loop5): Unrecognized mount option "և" or missing value 18:37:18 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="e03f03001800210c000000000000000002"], 0x28}}, 0x0) 18:37:18 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28000000207a210c000000000000000002"], 0x28}}, 0x0) 18:37:18 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280006001800210c000000000000000002"], 0x28}}, 0x0) [ 3395.641828] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31264 sclass=netlink_route_socket pid=17266 comm=syz-executor.0 [ 3395.696326] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31264 sclass=netlink_route_socket pid=17273 comm=syz-executor.0 18:37:32 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 34) 18:37:32 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xf6ffffff, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:37:32 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="680100201800210c000000000000000002"], 0x28}}, 0x0) 18:37:32 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280007001800210c000000000000000002"], 0x28}}, 0x0) 18:37:32 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002000600c000000000000000002"], 0x28}}, 0x0) 18:37:32 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) fchmod(r0, 0x100) r1 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f00000002c0), &(0x7f0000000300)=0x4) mkdirat(r1, &(0x7f0000000180)='./file0\x00', 0x0) faccessat2(r1, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000) ioctl$FS_IOC_ENABLE_VERITY(r1, 0x40806685, &(0x7f00000005c0)={0x1, 0x2, 0x1000, 0xf7, &(0x7f00000003c0)="cd2e7fad859179f44e9f86f9233d87c154b98dc0fcf53adfd65d087b30ac6262e7753005275fa83f753d5176b6d6ba7ac3bc4a6e058f7e933cb2087f23134333108bdac86ca7655fe0c7414d4eefe506d4129143803c86cce4dc5d76519f5218974e5a03304cb2223a0efa737a5dcaeb33e02437e446427d2b3c4576270ef3bb87d9e33d1ae0a396479518020606b0c520d1f1e622fbc4ce3620da84a0b886a291663213c5feaa167caa2b6bc60a9ca67c0f897df877133de01e97a8af846e6b14753040219940e84004db022d960792d8eb78e37bcca7e833b582116da5bf177b2f321edfb6f7910c723db2f2dea6943030726b935333", 0xd7, 0x0, &(0x7f00000004c0)="e5ecd5dfa4037f015a45d21b64f5e2da98a579695ad657f1e8983bde3d675c708e664bed2cff149c20c82c04d15209396da5d5325635a772e2325d0bb99345a789991d7bb01c22646bec97e67a304c5d536b4cbee0391439e97f838d7512fd3a80fbef0dd84a04e9af4294882809bb4726d22b3a84f6f9a72ff9f00b7076c96d986ab6276d71130e8037311c9f2170d3849d5d8a7bab26e79d479358d78c9df5bfdb2142ea1a2cfd7d78428e22f02ea9ec7983a408a532d18ee21e9dd80f41106cdab376cf1adecc38f4a9be7fc5fa9d09fe4c264aa117"}) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x24000, 0x10a) openat(r2, &(0x7f0000000240)='./file0\x00', 0x410281, 0x148) fsetxattr$trusted_overlay_upper(r2, &(0x7f0000000280), &(0x7f0000000640)=ANY=[@ANYBLOB="00fbfa04e162f79e4b55e408b9a4953dacfd18665a09a0b59ea6f6282214a7bbedd8d6f2e428c49298fc55db1eed72c80306aae62a5304f34b42ac10115a1dd83b7813dd385b7bbbb678d0451e8ce8ff66be9e2aae2764000090a4c2209203956dbfcf3fa9587d0263fa8ada8d6f3217fbd64d07cc3f68d46337b69c6b417f8a3ea53c402d3390357bccdc4baed50382b47ef05323faa3073599e1d4c4522fc973d9d71aad4ed91380bfc9390c5c878335c6d0904a64969a6fb64468b37b2cd8fd5948eea5f289c3097b9916bd6afb227ad68871abde0ec86ee6bfb59c9edb822115bae31344338e24544c290b99f3778079aa485b8a73388f8da5bdf8"], 0xfa, 0x0) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x42082, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x102c020, 0x0) 18:37:32 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280074001400210c000000000000000002"], 0x28}}, 0x0) 18:37:32 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{0x0}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) [ 3410.140689] loop5: detected capacity change from 0 to 32256 [ 3410.165422] loop2: detected capacity change from 0 to 32256 [ 3410.169021] FAULT_INJECTION: forcing a failure. [ 3410.169021] name failslab, interval 1, probability 0, space 0, times 0 [ 3410.170741] CPU: 1 PID: 17295 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3410.171741] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3410.172981] Call Trace: [ 3410.173368] dump_stack+0x107/0x167 [ 3410.173890] should_fail.cold+0x5/0xa [ 3410.174438] ? create_object.isra.0+0x3a/0xa30 [ 3410.175091] should_failslab+0x5/0x20 [ 3410.175639] kmem_cache_alloc+0x5b/0x310 [ 3410.176232] create_object.isra.0+0x3a/0xa30 [ 3410.176864] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3410.177592] kmem_cache_alloc+0x159/0x310 [ 3410.178195] jbd2__journal_start+0x190/0x7e0 [ 3410.178825] __ext4_journal_start_sb+0x214/0x390 [ 3410.179523] ext4_dio_write_end_io+0x22b/0x600 [ 3410.180205] iomap_dio_complete+0x1a1/0x790 [ 3410.180824] ? ext4_es_delayed_clu+0x3d0/0x3d0 [ 3410.181484] iomap_dio_rw+0x63/0x90 [ 3410.182009] ext4_file_write_iter+0xe0e/0x1530 [ 3410.182670] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3410.183333] ? kasan_save_stack+0x32/0x40 [ 3410.183921] ? kasan_save_stack+0x1b/0x40 [ 3410.184518] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3410.185240] ? iter_file_splice_write+0x165/0xc90 [ 3410.185925] ? direct_splice_actor+0x10f/0x170 [ 3410.186576] ? splice_direct_to_actor+0x387/0x980 [ 3410.187262] ? do_splice_direct+0x1c4/0x290 [ 3410.187876] ? do_sendfile+0x553/0x11e0 [ 3410.188447] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3410.189109] ? do_syscall_64+0x33/0x40 [ 3410.189665] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3410.190430] do_iter_readv_writev+0x476/0x750 [ 3410.191072] ? _cond_resched+0x10/0x30 [ 3410.191626] ? new_sync_write+0x660/0x660 [ 3410.192226] ? avc_policy_seqno+0x9/0x70 [ 3410.192806] ? selinux_file_permission+0x92/0x520 [ 3410.193495] ? security_file_permission+0xb1/0xe0 [ 3410.194188] do_iter_write+0x191/0x700 [ 3410.194749] ? trace_hardirqs_on+0x5b/0x180 [ 3410.195368] vfs_iter_write+0x70/0xa0 [ 3410.195916] iter_file_splice_write+0x726/0xc90 [ 3410.196598] ? generic_splice_sendpage+0x140/0x140 [ 3410.197307] ? security_file_permission+0xb1/0xe0 [ 3410.197997] ? generic_splice_sendpage+0x140/0x140 [ 3410.198699] direct_splice_actor+0x10f/0x170 [ 3410.199328] splice_direct_to_actor+0x387/0x980 [ 3410.200005] ? pipe_to_sendpage+0x380/0x380 [ 3410.200631] ? do_splice_to+0x160/0x160 [ 3410.201197] ? security_file_permission+0xb1/0xe0 [ 3410.201883] do_splice_direct+0x1c4/0x290 [ 3410.202468] ? splice_direct_to_actor+0x980/0x980 [ 3410.203148] ? avc_policy_seqno+0x9/0x70 [ 3410.203725] ? security_file_permission+0xb1/0xe0 [ 3410.204429] do_sendfile+0x553/0x11e0 [ 3410.204977] ? do_pwritev+0x270/0x270 [ 3410.205516] ? wait_for_completion_io+0x270/0x270 [ 3410.206198] ? rcu_read_lock_any_held+0x75/0xa0 [ 3410.206852] ? vfs_write+0x354/0xb10 [ 3410.207381] __x64_sys_sendfile64+0x1d1/0x210 [ 3410.208023] ? __ia32_sys_sendfile+0x220/0x220 [ 3410.208680] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3410.209420] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3410.210150] do_syscall_64+0x33/0x40 [ 3410.210690] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3410.211413] RIP: 0033:0x7f8c0677ab19 [ 3410.211942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3410.214557] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3410.215631] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3410.216645] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3410.217657] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3410.218663] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3410.219668] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:37:32 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280009001800210c000000000000000002"], 0x28}}, 0x0) 18:37:32 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28007a001400210c000000000000000002"], 0x28}}, 0x0) [ 3410.251174] FAT-fs (loop2): bogus number of reserved sectors [ 3410.252079] FAT-fs (loop2): Can't find a valid FAT filesystem 18:37:32 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2803b1001400210c000000000000000002"], 0x28}}, 0x0) 18:37:32 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xfdffffff, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:37:32 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002000600c000000000000000002"], 0x28}}, 0x0) 18:37:32 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) 18:37:32 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) [ 3410.335163] loop5: detected capacity change from 0 to 32256 18:37:32 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28000b001800210c000000000000000002"], 0x28}}, 0x0) [ 3410.366155] loop2: detected capacity change from 0 to 32256 [ 3410.383084] FAT-fs (loop2): bogus number of reserved sectors [ 3410.384507] FAT-fs (loop2): Can't find a valid FAT filesystem 18:37:46 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 35) 18:37:46 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800f0001400210c000000000000000002"], 0x28}}, 0x0) 18:37:46 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800000020002103000000000000000002"], 0x28}}, 0x0) 18:37:46 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x5, &(0x7f0000002300)=[{&(0x7f0000000140)="9c2ba6d68a4e170f27bf4ac84fa3c6f8fb55c70504f8cddf12739920b09d5889f894dd915832eef05dc5f11773ab1515a36414c393083a39dd63d6eb837a4643163b737b705ac7366ab6ad6794e76e11fc82c4b18433a33976ce2d0392aaab38cf68ff66c4c2567e8e9c6c6c2aac5759994be6b31ae44f4070a1312e5e7d85c6afb0dbd47953a8b0a1bd8b3600b00aeef9b7b754df430dcb0649bf2cbd41feb4c95b06cc8c1f3d19d5bd9ff38cd4bf2ed0c0121d3c83e6377d6203fa02031d3bec3caa023f13310d3fe1d27afbd4d04b23843828bebffeab8b0091551e1b169ad6d0701320aadf009f2557bb41fa5a1a1e2fdfc5d432c8c2efdafde78451b2f0d17ae6c0d3c576d37e2519069c27bd2ead856babb28d7cad17b9983640321f92a0e4897d871665739e2aefc852ce7c0f818aa150ce0a25cc97f1f52189de3f6849e105eba97fdd19dde1e3d746c84d62a80b1d4e1315d43091410d9f4f2c224d4e64de3440ea7f906676e3ca245ad6b00a217139d3699889d5c344de4f5d0962122c908d3db301caf18dc495994a146c41e0fd3927e49f6791dad2c520803398640bb5f1d4da321ba3504ea9dc00d587ddd2164ef25e4b789eccb7462385c4cb9f47897fb6a6390da5ef75117b3a353ada0eac7e87dc71bb88eb07ba1842672922af222ee79ae04195a62c8fd3965ea5bcc7ff19ff9a2e83084457284a2318f7f22e71ef31aee63e9209b9c92079fb7070967484c9d2129c1e203cafbc06a7ab1f3f2a28a35768b71e9be6cd2adf4421cc932aafbccf2fe839f438d55e6e4295729c326852865d594d6feccadb039c7b6fea1c22b2f78f971e6f4cca73db34e98e4ee1a89d2b25fbf0db095c4315251ea31569e32c0ec99104ff9693677de4cf44e7b2c96bc25af54ec6dab7896572adc627ef239677eddf2dc7784710e08e2aa7b55b6d94ee1b091d3f4166ac8e92301a29bd39257813a9ead154e0538838a5efdc39da1149ddda140a39e1f37adf5d1685fba36305e7aaafd61dd48e0100e4eab6e225d12f8d12791322086a223161e1da040172f565e78b54d3ead1d14b2701c3938b383db40340a737e3fd0a52e9b8044bad7318e663a09504bbcd3db4e7ad1a99b398fadf527df09b38848d51ca305867e8e8a202f4b7b0f005e841791bf13da64b5a9bcfce0e91b079cfb88861c55162079b1a494c334b57701b8ef36df656aaf0e828cb0ebc3775e8f13109e16ef9f9943519d83cb588124a8f62a8c5022c93f1fa928168bcf3c8e862e48c6559e63880d4918ef1e744e86495c8cebb8ecc1399a27391cbc0119ebe105d433635c5036f83681fac4a2ade9092cfdce094f95dfd23a409791fcd9b793b2a3842c660150c43aad2b29d59e9893efddcf289a612385765d0d937736cb71fa36d42c4e7f0090a71961fec4cd942899dbb966c96ccd8dca4100938d9fdafeba75828fa171186e984b552d0f7ee5a69c2d5f13041840254ac268c5316a77ff502778ff55999209009b6673d85aab47aebb7747953864f83c8e3989ae43fc49c46e736e2f056a5e6881fd81265bafa9de7b07b8f374094b58159db56ec1477e917ff63046ada74c2fac5e92ff9e732ef98dd292199229deb9dd0f6d79c553c29d48375582ddc4fc02a7abb5cf4c92657a57afe028c4e8a0731eadc60d40ec46732443da6abeec690320ab03a0ddb12994546d185176da09aa9640f88548722a6b8ed7ff6fedd8a0bed360d79b56102f61ff97d2a792981cf9da02179781073eeb1aba31a79c9a9b04544fea0b0bb7c97adce15f7205584f8267bb35e2db285d11bced6bf2acff150f04efbda8dba5138234c480433f222d0c65eca5d0ad9e2d4491feb762ce4e7073c57d56371eb3680f6e76245d87f6b501e1b307b5f8e15d7ac4d984e7e55f844e8b06eec6dcf1096e76ee8f9767b8ee29a8c60804a49b705efd06880dbe4b4ad9ce5f9705aa8e1b59efeac7e9e1e736fa14c42d9ca316bc040620e8188820a3fee9287a7c8a13e7da3ef75b2fe7837ea90f9894c0c6e98dee0063f506493eaa4507e1d27b7452a535ba03a93519bd7ef5c41c7e8b0f6cc43a327b5ca7faca2b972e519989a9e16854f7defac89f0d81c8c56f201419ec3e68384536362f9fd125e8e876561dda63bbd6d396f2d126c1c4210050f3f6fcbdadbe404dafb8fd8ed18d2c6de3dbd4554adfc63cf1d27f396596a6dc87506f57c716612a81a4035cca279fb23469318dfb13ca99289653c4dd8158f48cf280ad9ee39ac4a36e18adde63d077c54a217b39243ba2e1a56319d55f1e848ea1dbab8ef1068ff0bfd651398ed5d576ea4b379dae101a904dd3961d328381017da9ee42d2df40618beaf7c26088ac8847eac5777b5dc6108d705d323862c6ce68d3e8564dad26508a45ec00a680cee06070c808f5b967690f9496bfd2cd40a3c2e2f4153bfa4a56ec55dd1b44570c0cfe2e56520cc484eed1d98408a69bdb6edd6c8ea08c4d61c89d9b0029748b3e7ca67f568618186dfb2ec012ffc3aef5c742645d980fa13e55ef3a39f27f24b13ea51091120ac6a1c489c298251285b1a655f64fd422df362ada733e1cc67e3232978fc1476ee908cd29b0fd36cc3f27434b982c98a5556235c32158191d6b63f034cc0b8a70431cc9fbadab0589a9c352fda7333816803e4fe0ca722ec50cb75023c56de0437159cf12ecd2c71624a67315079fd99c6572d8eece575b8a88baafb4d5b95cb8f73cc85830ecd985684e9569a5559a40f035ab7011ced8392739a3bf72326f34cd349e19787f94c6ae85638bd0cfb51f8dc715b44a6e550f79c2fb31ee4cd40003e42c3e134ff1ef71f3bf13ba326c72f4ed1d0f75c86d2121086582c546bda7e77d595c0c441fb2094c0556346d56fa0d1eb729c9152ad1a62a6a19f7aa179bb8d648135e3ffe0eedafb0ab794ac38d677e9c8ea569c686bc0f5b97ce4b37b32da7d5285c4c038be6924c1ed5f8099c952f286d0ad6d62f4295452daf53f37c4c58335c84f589297e5f5aecf269b9cacdf2d5b78a7f2831e78daf3752f2130e537200cf1a2018c5919417cf8b8c74417df2fdc27fa6fa66d8591fb49302b394259e192cb39bd8a47f15bd206274acf78d9aaae1060f50ba0d3d88c6e4de79c5f3e1eb1e89f72df6cdb5eb8f6af12365c4bdf4647aa1fe6a9c257fbec37e7dd52a2e14f94a67a0e8908b409520311fb35065601725d5a07a9bfa4b99e921adba49056a9d5ca800dff7ef71396b1b845ade47f79f480cea9070f9ac861e4d631061762e5bb088f7e82259fd5d0e1cd601d60fc2adf07974551afaadeef1cb57981246406602be0052521aecc8167ed78514f635603875c08eba6338cb756c00220a805df87ffaaa851509e7a97b476394baa2377d968774bddaad046b7e0474707c827c985faf91ade39de395773714f2447e4c83fd36f696f7c43ba790d2eb5d4a3b2caecfb673398e1b94b7d13bb818f65b514a84ccb944187f5a793becf4e0044796489c0b98fa8d503b2ffa2cf509f433c2b580a8bc3abe1de9a0ed4b4494cf83d0d13741b813111f3a774e9d0ae358030cd350a5e239a33040265e7cea06f018cda1040f6b18c93163e0ff73729dffe4758c6c34e13819abaee37bca50419f6c51701edcd38925e4858d45d35ce0e7873a78ca158861bb1d8beb99d21cd9e6023dd5fde268e648ca1e58116e4e4c752f55b63e7fdf215ac7ada20ed426bef26e4231b44837d9cabfb97d38dc661d40c1aa270d9adc40bf8f13df4382d31c7b02b585ad9486626d9b487db64181dbff1901220216264dbd3f35a1e0aeea329a199698dff0b2ed2943e301af9a6f708c7298378595e5c5dec339440bd4b8046139b7d6401de627a3635c4ce2e5b7b2d2ea0f10c7b43d80882c878e121d2b488c04f2ecd5a97e4dced5ed652d519cb297bd56508831a8807c30c3cd8a02313071613fb07f395a614f5060a29afb7467a19b09c3a064c9684641f848bf7939668fdb030f738a3baeee052b19e49f30250f93c0dc120d477fae9593490bc3a8870efc7074d06afe28fd0bb2ac1ca9957d3f562963abae6cf4e08463f789cf188751efbcb26e4f5fc710dc0108cd833ef506ea0d9a4e9ed8a8d37735d7baabfcc7936f1d6aaff582fe9abcdc21ec2994b91c3da0a60f21e9a15d0b7a4a490dd9a4223f7f03d0027888689a075c10c833ff38cf89cf1ea07f7d40621f586dbfbc7a00da6b1832202b0adfb67cb48b6f7962a698b75e6db4cbb0d4a7ceda51576624355f725ec06962111e6bc20eb5370f6fb6c888f013cc306611fa7d7e3818bed6edc46c16070b7b26ac00e8a509321b378bc2bbb48d387d62d0a9d99c9f8feb78bf37e395df495f46c87171e265a4733daa428093b82fb4e9ccc7a618552933ffb8e065082dda20588ee91ce1e606b6f09a1bdfd11ac294a1593d220128f6b085960cf73d6316b726364465636afc5d087bd76c28e75f777962cfcf7cd31dd4de51586a1c6712280e8d69048bbb078cd44ecde7e77028674e0c269875f408f37acb5a13ae986808226b6b639ba8875a4ec377f5bd83af33d350064c06304787266d8af13e07468a4a2d09df5834d3dcfd3baaf178b30e70ea89e395c0375e8be4655c2e64e2e427394c2d25851be333554d36718474e6a71f50541da2bd9f7999894d6168e0d6b959ba04fc2d08a7894b5985fbe1bbecc149f9e554f479b1367c6143a8fbc2636020c63cf6bc825742ce62be58bb5a0cc9e763500f940f90fcff329d3f663d267d83bfaa2cc379e1ebdbbd0f30fd39c66a9c8952b696e417372861c9dc5f0a7533e401c9efcd0c9d6e52209fc0a7922c7f0d782e9d24dc9462dce37ee6dfa312fe557e9dd9a41c1342e46222348c29ae81c69420a2005f539e9bc0cf42c8427e415449ced2a51f997632d0e4bdcf4cf56ce8b6df62ed5ac10ebc2e802a63fcd37644af511f09996f3c8e107b153fdcefff5dc162d189f4219b606c5905916e35fd0b97660581e9dc17982216023d86cc958444c6677e92e5875594bc4a4186ed7f1fb957a03e7ae19ea259131c80096043f9bbc96d69dcb5119a15b49e2e11e6e791006699d063e313ed15289206b09e2434d895174813f88b781dd51d1914cc2de843255eb4db0f00a3c7cb8d53326d9c8f7e3d1864ec28c8c9a0292547f8a4fd16ad71f7bfd90f4ec2fb2d7e598787d8149ddb667f4cf8162d9a04359fe0f173377eea1102d95fd20d2f7402aeff680ccb1d14a63edd5012fbc4d72a52564a0700bfa1029817065428b790a06d9ae71faa816bdffbabd01f0c3fc82220d5f42b933d2c32cde9b7d97a939aa911b3744ce9046eddf2276e4d9de67a877c51f4ee8cb6d5fe8c9180f5ea3e543085c9d57409322fdc098aed46d2f245b4aa958eff00ffa8621ff5ed344add8a79cdf0bab0cf25f56dd075f2080c2d5a5123c683ba70f39b11923da9b24d35173d413c82c17184a636d13eefd78949438d74fae7c770520e1a232b474dc8be9f6981ffcbeb8e3c50d80c54449889f139347e29ebc746947a6a210c7564125fac1ad124b9fef6fbf26671711f8bb016942940cce7a89e418497e8c69fb678dbe2bf8facaad8d6877e7e1093c65f14aa5eda3fd56cebbc6549e81010b93bcffb05c45428c0d680636647f6bf5e3ec5e283efaad2cedb11746128dc991a323fabf06fb45d44f193b1ca411f624c94ccf97a6a5c34b1c9bb86de12fa056a52bfb01af6b12ad3cb72ad68e65de0301cc6b97", 0x1000, 0xc47f}, {&(0x7f0000001140)="3011017c7a004f1900277a5d05285bcd104a962db07fe76a1770f5020450ef74fa2701877429a2e03b5e18be3c52515c3d91a1e964ab89b87299e58d79a2810ad4688099f4b710441806c0c46c97cad18a2ace28508e0e07f7edb94e5ec8f42fde2f6e1ad0db94dee7dd5831ff1e446e62e0f89d6fdca2cc81c5b0f6d95c2ca5494fc90d8a8aad9eef12c713368ccabe14207d45df8fbc44bda831c0be633491fa47a16d027a21cad61fc69f98daec448e982dbf9204dbd0925e", 0xba, 0x7}, {&(0x7f0000001200)="e2129f360ed7732aad368ecdae075c4bf37cc43d19040a5c08c707dd2cd2a6f3449b430fc1959b4317ce6c03d0ce04a28562796da7d5cfb21e47b23b000fd544458c46759eeb76a03c5ab39980060cbb21d4fefe9d0daf5bb95b4c213107f64ba8f3cfd8419a1eaee6003bf0e3736659d3056930ebeec22f232a851e251c696c9b34862c6c082610b32c078a3a3b2fdf4297a4f53e6169330815bb4a8d9629a5cfd8a7cfed6d1ab204e019a43cd0544f5ff244bfe218fc198eed91e318421f0987b3491043f06bf899ddfa5947701aa3c1e35e4662da5b1b6717e8f4d8bf7f33f0ac663b78afb802758bf7ce3f2879da82e6b5014a5cbf864b880e453bebb39bd0bd27804017276f81cd37668dc873071be37ce1cb1ba5eeb4924fd84c3b7058b2813aef3513ceb8ea713eefbe360e0ce48e4031b3bfec6afede230b84d2da985f8512d5b3ea61dd1a247e17ba6b05b931a4b584704b17635153a1c6274997afdf1b9404f9e2e2fe74f577f132272bbf97778b767d04e53b4a9e6e1d1f84ca0b84cf07189bfd9cffe74e001383041f6a3807cc98f49b49d9ac90ac54d9f46b40e1be12a444586291ae661ae4a55ba6733cfc8826b757858aa806e46a93b1ca7c51e6666d62c3545b314c2ae435757fb0ab7018f59afc6304dd26569cda524583235bd81656a7f362db2b847fbfaa4aa90119fcf44a7fa6a6bbc3eac0c36e07a9499db6919528439dde7d882c89a94d93936d2c04220c99ec2077a794933312c2d1296e078e690bb7b6c7c8dca20a5091d5f860caac79d177e9ab30a224503055ad5291bb527d950c309e77fef7c96172c51e1717b1837cbf555b4b2f78cacbe7cbd0dac45ce376c59ae02050ce84948b2ba458ae09043eebc57cd2a4c3d91b705bda864c0c1948fc0ab7a13feb24264f6efd3cafed6bafba4799890023594965f77e7c6a836a3c86345f292c5ae6af8c15e0bcafb2f3b41becfb874ceb9ca64e670bd4cac0d6066b8be4f6c8ddfa0a9e82ba16525b24f27785b76a4f009ee11be5329d85fdc10d1631e5b190d80a32871ac8501778c0dafc7797761115e9501982a8e8ea626431aa86d568269018be669b8d5c99a99142d28a7061a06ea8b3d547dd7e70f48e0432ca1ad0ef04add6d3a62f70d0e1ea8472cf9ebca19b223d413e3b33d879647c4603e17a6fca9d2bb33c6353dc181104e1953ee3b2e9ab643130ed9e572ed9f3fd8d8cc1d8f8ecd2e7ca47b1a5df01d12b58e9b86d8b3edc470c66938ec2d8bc295d046b91dad2e500ff9c0c3a0cf88346db2dc22612c6bc85d580d3f0994f48cadfc5b0446c28127a09ad03ecb69bcd8ed9d5265176f2958fa8aae4b69294f2291163ecba74165c3ec6f28152cfa511500afa01164da7068f6d89d2b250f824d9c686caee5420091922b1ca9221469abaa6dd398b84444b14452c6c956fda518962927b1c6cbc5d8c160acea042e8efdab16b3ffbd75b940f4d02fbbe5cfded741fb4549616ee595e455fd2186d5792e25821b7ab414931fa2f7e45c677d44c609e531d7b4be5cc3f5a3b307d57200b380aeda23dddd2467450f3f4e8045cafe35f1d6b6d5c373ef89e5df1c164c7c614753520540c0aaea311384f400eeab987f320c55b77dbd0b23f6c303f08934fa6d48da690e10a28935290575eb8a105b4e5522bbaf0733982a4ed978574160f9e252af5290e380fdd4be3715fd02d61686efa26f4d50a7dc1330158eebbd180b8a5e307b0938f86b7194c3f8d6b17a21c08ac39ec3b74f7748caa39c01d00b26b735086ed479d8500989e1c4efc5dcdce1ad00a947134d060f401dc1f8923f63d84eadf66b8130bc497ebd58e7648547bbea8341cf6e1f916ca645457e34e75722b8a045534f70a3e90e3e5cfd97a6dc3c70ab290b573d14bc28095be8752d0c4f7146533659bff4ee7422593e289cb920d721433559b39e202ac8c9d7a472e3954c0beda160f0c86d61dcee64f68f9902e45242502e3de54d38109302b935d8925afc2607eb51d0eee7344aaa484d953884efc712d0cbd64f6a56c6f70bc839af3c805156555a4696f4245c55f67139d2be703ed15e020da25fd895161a258b9512768b233b2518a27c78f1ac677faddbc1174e182788f865325874b86ef5e7e49cad34bb3f7f9cdf4609ad31066cb91302494f31559188eae9c8bd2eacaeba7a44021818606c4790bd8b86eb37b4c07a170a4537d1551d1b6193da53487995e76bfbe82c4fc7067a09d16a44f07283bf8f67859753d112cef5b750616733414a1009537d4018716782f150498d8db33577230d2f0c2281559b6e2677bd2637cfe4d6eeb8eeaab86e4fd6be99b67bb4eeea957d4c96f6e52e6a9353b3de24b52b2e6f0666f33dd0dd31948810478f3fbdd432b0d464af477491ef19ccbafbce4402a8cda4374800d57ea8e71cc1fa0e2b75f36614da34e43c76104a98d257c88d34c3c0ff8c4843113743e983b1b294cda1683e08d036491f6580797ad161ecf6a63a156ecab0be217ab833fed8ba343d17584c3bfec7a9dba8ce60ee92005f0bc254ea32b253664721ffc5c004b325aa2ca34f68c04c8f87a63c773403433f2eba92137e303cc6b1ef5a7a9bcd7a4a10bb0acf9f6bb71fd11d95d34a401729c8b7fe3bff6fa3ea9cb0ca97264e3424ee4ac94076ca5617b18554e9f288e16601d37d8e9e6fb86bf002e4559b0cf4e2124326a64cd880075ea38544f3810dae7d8f2fe8bcbd3adff36cb790fb6aba6125c6476a6da407fa08d68d7cfd4d53dea10427690a94598dcba6fb1d3259641ca56545de2767d5683bae48808b9fa59f5a375394c715a2924609547531286b6aacef7723ef2d61957b31da4692b98a44ffb9c770195aa1252043b03ab1c8769a61d67d5cf62a9100288841af3fc7126970cd68be9196355eae0ff524576fdbd30d8bf1364834bff5c61fc705efe590484820a7c67a9de8eefc0097d8dea3a11f0035f8ba3b0738a2090a5412e981b56ed6cdefc5ff1f088665eacad6e9a6f93a3c02073f9180f89ed4657df943c508ae68e052d1b0e301e6d54d0c4021a7595b7d0c18a55fe38cd3dd93ed379e04a2ec4e1e3b42e613eefa01301dda356604cd2dd504b74c9dcff9d5aacd18f83ebc04813f19b4aa76257f7d0a36d6fa8b008945d41146652d15bf2929cd62da688123f17c540eccc21033b8026cd23707548479efa4902bcdfad0fce96d185365dd86891bf5ee172d0e4ec70fc9ea9e11e94819327aabe4c8a225b71f5d7ce5bd86ba9d1aa411943e3b768ed16f5e6139c53ddf64237d88d67a61d4be4a9df6af286907d14ce0b28087d12d19f94ac7928a5de9a06ea0a6a0d6f8548c7a12ba309097c54a5b5774fbc55a1cb13e52eb93c5e2763f1a2bb4b6c8d43f245ba968e9f6050c80ec39e1e4f73fc0c42b3dfdf6faa2db0c3fcb920d62998d01c4304364e688061f1f96e59cba3ec3380e7905185ec39748dddaaead23c017a713582a5c9fcd852c10f426f0886cba9041e3673c53aa4f4a7f908ef09de6f4c1f4295fdbe1025cb352afa62d9915b20d7f687fcf4aa3772822a0e74cc97ee74d57505344a5c213a9c8615d56adee3db47a58831dc7035cd08653822f171725448cc737e1e09a4c409b85404e567dcca23c9fc649ca3c2fe2f8cb7969a66724c751eaee16c91f7532f8fa932b78c07b39338bb66219d5488ef53c1e2425f312f7609c0451e78a17b120880b57c6073c04b73bdb20db027e3297418215fbedd25e607e19fdfd36bfdeedabb1ea1566e43458a31944bd0390fdb7247ea1dacd5f97da0b138e4f32d372d2aa697afc5e9a24ea92e3f483f6ce0ec95a9e2e3ec339274af7faba773591870eccf9a73389bad28dfcff2396cbdf8c5ba2852f9f5cc2288985b86feacc9aa22c307390e76323f10215d0b9376e1e7568b293330166b99f451d7d22ab88b1b27b08b4d646dabef5279cb66801d3a71861050f1d507398fadd72973f124832769520d9a79e94116c1b7752487b366e5d9700a255fd7f979a1506f8577dcbb873f1b58d999d6e7981a998f242ab430f29c324b88e0c75a9d84186e193f8a2e14e6d0c591c72ed02ece1feadeda9f0bc825d1540ad7d8d2689819ce961eb682d12442b8fbd8c7abf41acd1b7ef3bdc9ae35c76822c5bea153ec25f5231adc4d4edee79b4f682f7d748d2a19d9dec38e33213795b407340db144794d3749c493119664e5653785b74777a368bb0acfd64abb2b383b28b62be068be6d6f538934cbbb64d877c5f5020ed56878cb312b5c8ca7dce3dd62a6474e821558ac7314d7d3e1c5e5f5d61d49ec8185a35cbe642d18f8d19b5e8966e81c24d41f95635870fb81c9805977a0b13daee34befae95192b2071421678e836605957b53335ad7f9c10d3d2e4b7baf8d16f294d6330ae4e3db14d902571874abc0e20ced9804beecc79b108b567c3a2a2430d494b897457377a1ef3b7023a8318fa429e09e87e64148079d53972b3a3f631957d6b39e0b5b15edcd953614b142112c9ae8710eb10f93ddefa1fafcd71348ba88b16c16f643da19fcaddaf995ff37d4d7037527f3ea13ca2ec12147af55924012c5ae770a7bc85ae85442415aa9d4f5943488f75ccc524764ad99197f9706a9952b9408c98103e034ff5249aee80af87a15cbe5e6289b74d7492a34c4995f8b154a1ebdff4c4698ba7c9e109b0bd9b00304bcf177c9d05c76c0e96251410fbf4c75801205135b5a91b794f43c33ad60969499b77403cee27aa508dab274682b66349aa1695d6283a0603fa2354ec2346fb781cbbc975ee3d9af5931c779c36da874ef7babd75ddc9a3debda0534f796d813a6f0c9bc18a87b86ca0445045d06f6626bc4f643d848b9f34106c2c4447a11bf547f568f4cdb6b6722948e32fbaa1edd93b40ddad2b8967dae6096bf64dfac1cba0ef834a0e6630910c7fc82d13682c4ad75d47637290adc4eae7e38e72f2974a116a42ccff3ea95e0ccf09c56a6ad736065823028c8d99109833eae69560bd6d968eda77f8d952b725a10f7caac8617f1f4d9284c14c017bc7b1fd8d0f46e89d657ef08b284ef1df4e9951286104bc3b1aa56138c93e0395c5c2057dcf69631ae136eb0c9a8d21e06e515299a34ed49a75f804e718d2050df7d4faaa5bdb62d65d82ea769b0e2fdd20440fd571c7a2b9dc49d4c247899b245c7c389b71556feaa767b53e3e5e231b7f6fde0133c55c2fd08938bc32cc9e3154d6a4a99d85a39bd33cec7411576f57ef083d9c6e94054ba3963319425edc27fa7405f24f887b6e242a0d565f343fce9e89abaf0397454a3ff827fe69011e33cb8f98c26fb27115c93b71c8dd47ca1f778dde1523f05dd12bc61ba0a8d8920ba921f01c8f19f2e821175161e086ac48dd0968768f21767edcfacb7c16c2b7015184948cca1b00b3fe5eefcf26ae5e16f6bd0a228f3ba0d00d0d3b7639ad9315f4f936a081a44d4bb0e76b86ae1417952cbf3270162223a3a77a472a0fe983457b5dd2012044aa93f9d881bb348d65a85a416af25baf7c4eb65246540242d711e6d002aad6a21271d159e7da8ab4983249708d348f38ad700af89d6be859d7725f42aab40b9c0ff7a610c527e3dd1d2cdc7c1d266000cf4eb2681214ae185b697a43f561e2690c21066d0c2156dd54704472103bccd6d77229e19feb200312fc6ff1d9251c84d2b557dbb9b185226dbe771cd56832d6d82e642d78f6537c7cdb8ba4d225b63ee5a5c793bbe8575f4bbb548d50", 0x1000, 0x1}, {&(0x7f0000002200)="c47dea486193524900b57150ec176e6045d9e34754c38119b2a7f5f765d81046c2615fd37249feda4b7c142786b13a50da3bb5e30ca0e5febea10a59da53a4d4e9f7134825afc817a5c8d0d48fb93282f23f0362a0a8e78ada7dca82c3cae18c5d430736092d5958cf7939444de1cca7dd6ea2f32226aa38f963af93de2d173391b1188d495df44fed5c9ef3538fa7f60537f80a3946c4b1db4d02e03784f0aaf8def9e8eb1501d7277902c3d72cd09cdfad22def57cad891967288423e96bdb2f53abf201b0ec7d0d82903bc17ed9df20dd49431e916c4df30cea79b4a23f8f97ec7e2453c2951cc572eed671ab6b50a1894ec2d36be4c84041babb89893c", 0xff, 0x8}, {&(0x7f0000000000)="30597fa03439eb1758365624b22916ff1cfef8034cb79b2c10955eafda017b1f5319dc2259670c2e13820e9fa92af3ead7dcef6f6d72f8b17856f0821447eeb5c1d61a4dbbfd", 0x46, 0xf80}], 0x0, &(0x7f0000000240)=ANY=[]) syz_mount_image$ext4(&(0x7f0000002380)='ext2\x00', &(0x7f00000023c0)='./file0\x00', 0x80000000, 0x8, &(0x7f0000002980)=[{&(0x7f0000002400)="36c128d05b84f1664cffea637a5eb4d9155aef081e161c3609161fe0d87a07fcdf8e1482ba40c62f23761c27bf047fc197fa0aee2015207b50b4a396b3fc92ac74315d71662d6b5f9146576bc983297e118d7f16f0e2f0faefdc4daf34ef0a3af6f54253b5ba0843244b2179b29dba3eaccc77764a083620b67dd41701fea9f9715bb304b67bca9b50303eb3432572bd2423147d6550a1a92c4dafd92a23aac7dd90f7481c04db9ba4cbb940954c770cac14f9f8217627c42685f0f62315881e6df207ca46e4d147c0f2", 0xca, 0x6}, {&(0x7f0000002500)="715b8c79611b25057e8faa01a6ad5218c044343f48e2600342431281d9caad2b6afc2f741f12e054e34cb9e6ff85d65fc1ccfad6e150557ee50be0230c9bfda34707ea32bb5863b04bd936e08e853a8b50abc944d3fa28d7ee15de82e3d4e24f8363fd7acd88ebdfeb8ec2f090d90f7bc97dfc2d2477c124373f7d147d7f557755bebab56d63748cea9e26e403c87660de355c8493d5", 0x96, 0x200}, {&(0x7f00000025c0)="670d28d405ce4752a1199a0fd650910dcd53c27cae421370667a2faf6503dfe17e6106abe3b063b6b15207662c45e84aeaf4c0f42b882e9626dad7c84152a7ceb0496c279cc7f6dd4c9048c6c32587388b86f41ad66bba465693d3e4020e8e3cc1ac829eb7c509250a550f019a70e469de01c1fd16c724ef90e947cfebbc6237dc54baf232867c68a7339cc3b3b613b6c583a15253264929df70e144bd33b6200270562ba9b1e3cb75d1ffe7027d73a72cb7c9168adbe64b4d8727c9a54d017eec04a69c4c581be9dd99c4302c3de016dfba7a98c7f98e19ee991c1df6d9d82c7b2fc67b052fdfdb", 0xe8, 0x2e}, {&(0x7f00000026c0)="9f251a3ea6d4b074774e188499dcddd14fe65373a0cadf", 0x17, 0xffff}, {&(0x7f0000002700)="7b90e214ccfd6bc9bd415a1456122808d841e392cfbe63250a11e2acf7b05312dbd36cd94e0ff5fc08bdd1e956c3fad8690ab1d61b821e73738a0cb84c8c9ec3f39d21e1a40b1b286d0afb647d63340502fc3e220c8c70c32aaad4e3ab08ff9774b1391a82615956480852270d2e098df37e274eb87150", 0x77, 0x4}, {&(0x7f0000002780)="40c8d39cd6f60d2120346074310f2ac2bfcbbf7cc2c97beb6fafd066055945522413093a9d0f7bf9a3beb1f981f6fab00a1887434277a501ebc9dc322970529f193e3138e5e42eb81e2b20ab4609f7eb0b80dbeaeeb8dad9e2fc3a52031c7caf37ed48299d5d55855dc1bf32d763bdaaebfc1f8a58d6970a85fb4ead2ea60ad4682d7c", 0x83, 0x5}, {&(0x7f0000002840)="3e1ffdd094fd30e5da790ab09cb7dd56577f31ebed658df186d56f080990e29a658825602b4d28a8d19688da3cc39bdf9a2fa1d4b1cc24d80dc68f45ac2ea4b787b99df03b34f4abecc7a2f029f6ac35c37de04bf58b3187c77faa80367df3ebf3da0fd8c28c87619d2094ea7d3812ac5dae3598105719fd4de7a9af7c4f972a140805c39a65338934fa389eecea6eb07d27375796634d45bfd9522e83c1410382b46913e78213d096a8f16218a003f8cdb293f2da648e0bda855a0a9b9592d511ac1ee5d28a7c6df9236a6b61", 0xcd, 0xfffffffffffffff8}, {&(0x7f0000002940)="adb18f212e3e140103b853de7f0f36d39cb1a74474d24e4021fa2fc0", 0x1c, 0xfff}], 0x2000, &(0x7f0000002a40)={[{@mblk_io_submit}, {@max_batch_time={'max_batch_time', 0x3d, 0x5}}], [{@dont_measure}]}) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) 18:37:46 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:37:46 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="00f0ff7f1800210c000000000000000002"], 0x28}}, 0x0) 18:37:46 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xfeff0000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:37:46 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28000f001800210c000000000000000002"], 0x28}}, 0x0) [ 3423.938285] loop2: detected capacity change from 0 to 32256 [ 3423.946615] FAULT_INJECTION: forcing a failure. [ 3423.946615] name failslab, interval 1, probability 0, space 0, times 0 [ 3423.947977] CPU: 0 PID: 17353 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3423.948778] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3423.949739] Call Trace: [ 3423.950051] dump_stack+0x107/0x167 [ 3423.950469] should_fail.cold+0x5/0xa [ 3423.950911] ? jbd2__journal_start+0x190/0x7e0 [ 3423.951439] should_failslab+0x5/0x20 [ 3423.951881] kmem_cache_alloc+0x5b/0x310 [ 3423.952363] jbd2__journal_start+0x190/0x7e0 [ 3423.952871] __ext4_journal_start_sb+0x214/0x390 [ 3423.953418] ext4_dio_write_end_io+0x22b/0x600 [ 3423.953977] iomap_dio_complete+0x1a1/0x790 [ 3423.954496] ? ext4_es_delayed_clu+0x3d0/0x3d0 [ 3423.955049] iomap_dio_rw+0x63/0x90 [ 3423.955489] ext4_file_write_iter+0xe0e/0x1530 [ 3423.956053] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3423.956610] ? kasan_save_stack+0x32/0x40 [ 3423.957116] ? kasan_save_stack+0x1b/0x40 [ 3423.957600] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3423.958216] ? iter_file_splice_write+0x165/0xc90 [ 3423.958769] ? direct_splice_actor+0x10f/0x170 [ 3423.959322] ? splice_direct_to_actor+0x387/0x980 [ 3423.959876] ? do_splice_direct+0x1c4/0x290 [ 3423.960422] ? do_sendfile+0x553/0x11e0 [ 3423.960900] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3423.961469] ? do_syscall_64+0x33/0x40 [ 3423.961917] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3423.962566] do_iter_readv_writev+0x476/0x750 [ 3423.963078] ? _cond_resched+0x10/0x30 [ 3423.963544] ? new_sync_write+0x660/0x660 [ 3423.964021] ? avc_policy_seqno+0x9/0x70 [ 3423.964516] ? selinux_file_permission+0x92/0x520 [ 3423.965091] ? security_file_permission+0xb1/0xe0 [ 3423.965673] do_iter_write+0x191/0x700 [ 3423.966140] ? trace_hardirqs_on+0x5b/0x180 [ 3423.966637] vfs_iter_write+0x70/0xa0 [ 3423.967071] iter_file_splice_write+0x726/0xc90 [ 3423.967636] ? generic_splice_sendpage+0x140/0x140 [ 3423.968209] ? security_file_permission+0xb1/0xe0 [ 3423.968796] ? generic_splice_sendpage+0x140/0x140 [ 3423.969356] direct_splice_actor+0x10f/0x170 [ 3423.969883] splice_direct_to_actor+0x387/0x980 [ 3423.970415] ? pipe_to_sendpage+0x380/0x380 [ 3423.970935] ? do_splice_to+0x160/0x160 [ 3423.971388] ? security_file_permission+0xb1/0xe0 [ 3423.971971] do_splice_direct+0x1c4/0x290 [ 3423.972451] ? splice_direct_to_actor+0x980/0x980 [ 3423.972994] ? avc_policy_seqno+0x9/0x70 [ 3423.973458] ? security_file_permission+0xb1/0xe0 [ 3423.974042] do_sendfile+0x553/0x11e0 [ 3423.974482] ? do_pwritev+0x270/0x270 [ 3423.974914] ? wait_for_completion_io+0x270/0x270 [ 3423.975462] ? rcu_read_lock_any_held+0x75/0xa0 [ 3423.975987] ? vfs_write+0x354/0xb10 [ 3423.976419] __x64_sys_sendfile64+0x1d1/0x210 [ 3423.976927] ? __ia32_sys_sendfile+0x220/0x220 [ 3423.977448] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3423.978041] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3423.978626] do_syscall_64+0x33/0x40 [ 3423.979072] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3423.979651] RIP: 0033:0x7f8c0677ab19 [ 3423.980097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3423.982183] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3423.983035] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3423.983834] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3423.984643] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3423.985442] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3423.986241] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3423.989178] loop5: detected capacity change from 0 to 100352 18:37:46 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="281613001800210c000000000000000002"], 0x28}}, 0x0) 18:37:46 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2816f6001400210c000000000000000002"], 0x28}}, 0x0) [ 3423.997016] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3424.003301] FAT-fs (loop5): Unrecognized mount option "zv~%'.k|6@2}es*R|P [ 3424.003301] %̗!?hIFMb N0AO" or missing value [ 3424.005146] FAT-fs (loop2): bogus number of reserved sectors [ 3424.006646] FAT-fs (loop2): Can't find a valid FAT filesystem [ 3424.079428] loop5: detected capacity change from 0 to 100352 [ 3424.097631] FAT-fs (loop5): Unrecognized mount option "zv~%'.k|6@2}es*R|P [ 3424.097631] %̗!?hIFMb N0AO" or missing value 18:37:59 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 36) 18:37:59 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800000020002109000000000000000002"], 0x28}}, 0x0) 18:37:59 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xfeffffff, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:37:59 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) creat(&(0x7f0000000640)='./file0/../file0\x00', 0x4) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000780)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@ipv4={""/10, ""/2, @loopback}}}, &(0x7f0000000880)=0xe8) r1 = syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x100000001, 0x6, &(0x7f0000000580)=[{&(0x7f00000001c0)="e1bdb802da9ee7e544344ebbabd2a9e064c8ceebd52faeed37", 0x19, 0x3}, {&(0x7f0000000200)="9d73be6139300f8b57e532747ab8d09dac703ccfdb6eee94bf69761e91375d1d940ac9ab11793f99a3fdfdd6860789159f63340af9e3f973341b692f988b5b0a2f8307ffbec5319bc20ab521c051503829262656dcdca90813dcbb788bb5baca685042fdfc5fbaf4856cad5697141ce71a8882cfc273c472f74b0120d9a121e3f2818901d3127becd2d198829fb5", 0x8e, 0xfffffffffffffff7}, {&(0x7f00000002c0)="8d81cbc0c6f9f38abfdc79700be4f7b9ff71b288bae3d85588f7b0bbe2e2844e47e4dfab28429c2f05e17e5ee609adba35a7ac353f4c88a51bc1c7f1a4b9fd943c6182c7e7d8774326bc2bb8d44d2b1bdd22b3e1c97691f2bafb062ae6565f302345a70366251f687c94dd845226c16c3933e985c05c59be", 0x78, 0x1}, {&(0x7f0000000340)="a7f8b15996052f440fb5008286ea47807826cbeb17e9a7097f9ceb0f1adf38b31b0a223408862336b254b1be70f9bde436a69552cf4b0b04495880e23c4997446bf4d65249c45211fb8645e416eec94605d3553dd6599bc38141ec5230d0ed7e32dcade07847bd2f5aa1a448b8a817b940acd61e55fa37b8eaf83ae1406933b050611317e7da9e46", 0x88, 0x9}, {&(0x7f0000000400)="6e0662fb3249e8fe5189ed0d2138495d137b7b4174343d23f7c0d89cc84663d4459dee4bdcad5ebc34779493ec59e441134850c77cbde25e325b2f982fc0150f245e", 0x42, 0x2}, {&(0x7f0000000480)="94f0d74b4de613622c1f96759160d9ac658f6ca34b9eb9a4a0511e7467aa9b7af6ce5337a4b9675a7d4e91410c9d13d80246d0859033f36ccbfd9feceb04516af4ba91eae2f92b4bbf2ecd425e8c5fb2cd987ea8c81cb9d69b014f5782c431f5df93b9798c5bceec9323dda88182ff46b5d8f6f4a19d82c753f64bbc85bd3e0ae19832b620e5c938349a93beb3f4ebd3219fd5f61bdce267becc80abdd4fcdc5b87040077dc2a2fab3b3e1f2888493c214f427bde93f28f9e2eb231ecc089aef977344c3c3dc271f170e76d7edc173b30b54565d64", 0xd5, 0xfffffffffffffff9}], 0x20000, &(0x7f00000008c0)={[{@huge_within_size}, {@size={'size', 0x3d, [0x32, 0x65, 0x6b, 0x30, 0x36]}}, {@uid={'uid', 0x3d, 0xee01}}, {@huge_always}, {@nr_blocks={'nr_blocks', 0x3d, [0x36, 0x36, 0x2d, 0x37, 0x34, 0x67, 0x78]}}, {@mode}, {@uid={'uid', 0x3d, r0}}], [{@mask={'mask', 0x3d, 'MAY_READ'}}, {@pcr={'pcr', 0x3d, 0x1d}}, {@hash}, {@measure}, {@smackfsroot={'smackfsroot', 0x3d, '^\xff\x85\xaa\xa8[\xd5S\x8f\xfeq\xe0\x00\x881\x01\x86\x80\x1ai.\xfe'}}, {@obj_type={'obj_type', 0x3d, 'v\x85at0'}}, {@measure}, {@fsname={'fsname', 0x3d, '('}}]}) mkdirat(r1, &(0x7f0000000740)='./file0/../file0\x00', 0x20) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) 18:37:59 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:37:59 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000006000210c000000000000000002"], 0x28}}, 0x0) 18:37:59 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="effdffff1800210c000000000000000002"], 0x28}}, 0x0) 18:37:59 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="281316001800210c000000000000000002"], 0x28}}, 0x0) [ 3436.563139] loop5: detected capacity change from 0 to 32256 [ 3436.590016] loop2: detected capacity change from 0 to 32256 18:37:59 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x60, &(0x7f0000000180), 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) r0 = geteuid() chdir(&(0x7f0000000400)='./file0\x00') ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000002c0)) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x800, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in6=@local, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@local}}, &(0x7f0000000480)=0xe8) r3 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) mkdirat(r3, &(0x7f0000000180)='./file0\x00', 0x0) faccessat2(r3, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000) openat(r3, &(0x7f0000000140)='./file0\x00', 0x100, 0x20) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x2000408, &(0x7f00000004c0)=ANY=[@ANYBLOB="6e725f696e6f6465733dc6076d322c687567653d616c776179732c6d706f6c3d6c6f63616c3d72656c61746976653a38342c687567653d6164766973652c687567653d6e657665722c6d61736b3d4d41595f57524954452c666f776e65723c", @ANYRESDEC=0xee00, @ANYBLOB="1e003aca2eea6d2f3702c3642f4b6bb38a9efde647c0be00"/36, @ANYRESDEC=r0, @ANYBLOB=',audit,euid<', @ANYRESDEC=0xee01, @ANYBLOB=',uid<', @ANYRESDEC=r2, @ANYBLOB=',smackfstransmute=.,uid<', @ANYRESDEC=0xee01, @ANYBLOB=',\x00']) [ 3436.610244] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3436.623050] FAULT_INJECTION: forcing a failure. [ 3436.623050] name failslab, interval 1, probability 0, space 0, times 0 [ 3436.625644] CPU: 0 PID: 17392 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3436.627129] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3436.628893] Call Trace: [ 3436.629455] dump_stack+0x107/0x167 [ 3436.630224] should_fail.cold+0x5/0xa [ 3436.631028] ? create_object.isra.0+0x3a/0xa30 [ 3436.631995] should_failslab+0x5/0x20 [ 3436.632811] kmem_cache_alloc+0x5b/0x310 [ 3436.633675] create_object.isra.0+0x3a/0xa30 [ 3436.634596] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3436.635671] kmem_cache_alloc+0x159/0x310 [ 3436.636555] jbd2__journal_start+0x190/0x7e0 [ 3436.637489] __ext4_journal_start_sb+0x214/0x390 [ 3436.638493] ext4_dio_write_end_io+0x22b/0x600 [ 3436.639467] iomap_dio_complete+0x1a1/0x790 [ 3436.640376] ? ext4_es_delayed_clu+0x3d0/0x3d0 [ 3436.641353] iomap_dio_rw+0x63/0x90 [ 3436.642123] ext4_file_write_iter+0xe0e/0x1530 [ 3436.643100] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3436.644068] ? kasan_save_stack+0x32/0x40 [ 3436.644939] ? kasan_save_stack+0x1b/0x40 [ 3436.645808] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3436.646880] ? iter_file_splice_write+0x165/0xc90 [ 3436.647899] ? direct_splice_actor+0x10f/0x170 [ 3436.648870] ? splice_direct_to_actor+0x387/0x980 [ 3436.649879] ? do_splice_direct+0x1c4/0x290 [ 3436.650786] ? do_sendfile+0x553/0x11e0 [ 3436.651618] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3436.652605] ? do_syscall_64+0x33/0x40 [ 3436.653429] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3436.654551] do_iter_readv_writev+0x476/0x750 [ 3436.655490] ? _cond_resched+0x10/0x30 [ 3436.656316] ? new_sync_write+0x660/0x660 [ 3436.656897] FAT-fs (loop2): bogus number of reserved sectors [ 3436.657194] ? avc_policy_seqno+0x9/0x70 [ 3436.657219] ? selinux_file_permission+0x92/0x520 [ 3436.657916] FAT-fs (loop2): Can't find a valid FAT filesystem [ 3436.658744] ? security_file_permission+0xb1/0xe0 [ 3436.661494] do_iter_write+0x191/0x700 [ 3436.662315] ? trace_hardirqs_on+0x5b/0x180 [ 3436.663228] vfs_iter_write+0x70/0xa0 [ 3436.664034] iter_file_splice_write+0x726/0xc90 [ 3436.665028] ? generic_splice_sendpage+0x140/0x140 [ 3436.666073] ? security_file_permission+0xb1/0xe0 [ 3436.667098] ? generic_splice_sendpage+0x140/0x140 [ 3436.668132] direct_splice_actor+0x10f/0x170 [ 3436.669065] splice_direct_to_actor+0x387/0x980 [ 3436.670054] ? pipe_to_sendpage+0x380/0x380 [ 3436.670970] ? do_splice_to+0x160/0x160 [ 3436.671804] ? security_file_permission+0xb1/0xe0 [ 3436.672836] do_splice_direct+0x1c4/0x290 [ 3436.673705] ? splice_direct_to_actor+0x980/0x980 [ 3436.674711] ? avc_policy_seqno+0x9/0x70 [ 3436.675573] ? security_file_permission+0xb1/0xe0 [ 3436.676602] do_sendfile+0x553/0x11e0 [ 3436.677416] ? do_pwritev+0x270/0x270 [ 3436.678216] ? wait_for_completion_io+0x270/0x270 [ 3436.679231] ? rcu_read_lock_any_held+0x75/0xa0 [ 3436.680208] ? vfs_write+0x354/0xb10 [ 3436.681003] __x64_sys_sendfile64+0x1d1/0x210 [ 3436.681944] ? __ia32_sys_sendfile+0x220/0x220 [ 3436.682905] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3436.684006] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3436.685094] do_syscall_64+0x33/0x40 [ 3436.685873] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3436.686949] RIP: 0033:0x7f8c0677ab19 [ 3436.687728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3436.691586] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3436.693204] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3436.694694] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3436.696187] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3436.697689] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3436.699184] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:37:59 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000007300210c000000000000000002"], 0x28}}, 0x0) 18:37:59 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280020001800210c000000000000000002"], 0x28}}, 0x0) 18:37:59 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xff030000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3436.719422] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pid=17405 comm=syz-executor.1 [ 3436.725695] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pid=17406 comm=syz-executor.1 [ 3436.749792] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3436.784410] loop5: detected capacity change from 0 to 32256 18:37:59 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400", 0xc}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:37:59 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002000210a000000000000000002"], 0x28}}, 0x0) [ 3436.804335] FAT-fs (loop5): bogus number of reserved sectors [ 3436.805063] FAT-fs (loop5): Can't find a valid FAT filesystem 18:37:59 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280002001400210c000000000000000002"], 0x28}}, 0x0) [ 3436.874773] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 18:38:13 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800000020002128000000000000000002"], 0x28}}, 0x0) 18:38:13 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000000c00210c000000000000000002"], 0x28}}, 0x0) 18:38:13 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 37) 18:38:13 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280003001400210c000000000000000002"], 0x28}}, 0x0) 18:38:13 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280048001800210c000000000000000002"], 0x28}}, 0x0) 18:38:13 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xffff0000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:38:13 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x7ff7, 0x6, &(0x7f0000000540)=[{&(0x7f0000000140)="58041b3250557ea039aaad807d9287854a0bd41804655e8de40de5ec319406cd73aa50f904d821efaeeb40ba32d5cdb480494e5e8514ee1e333910c11d212d61a92ea04ab5717102e3f160aaa8eb6e794c7ba0888bb155a8cb1b068e2ecdaa1e8c66d88dfb4ae5e0b1f129d31bdc4cee2d434d1b1fa50ee2d3556f76f4c22c63a4ae71d092a3b2f13349145412d6489bc922c3f51447b6", 0x97, 0x31ab27d6}, {&(0x7f0000000600)="5dcbd0c4caab08f449710121b64dd8f8d8d4e77d8747635fc06b4a857e7be770c27390bde8b7076b13481394ad183beed703771f7c052b48e4f07e3640eef9054b621b10d67e6bf3cc1e9e0e209f77030821268a52b3c8660d6743378027f577138d972b0900029b718e63c8d40f49", 0x6f, 0x20}, {&(0x7f0000000680)="81cb1deb191968b940250757f0496b4686cee1e50c4e74362f05447d13c6c685e5fccd97a7d95f34c7e9e165fcb5db5567dbe908e4d6fb7cd5213f4fbf74194680eb3357ca286dc62080f49d3713d70e09244c76bf6ccc787d5d2e17a4ccc7dfbaf0efc47d0496eb5a61c878ce03713a222158330873bb1b387bfe333ea5c7cec527f2eb0a36004f2dc04d315a1b2dd2c1adb0c14e91c7e36e0e17275fe096c75b5302412b2405b44ce729b798b3ac3850b94256c95fd32b675dadbc32eee47c0f97fb37379382e70ede7ff75664395c6db261660812a943", 0xd8, 0x7}, {&(0x7f0000000380)="c3e51aaf16cf526471e1887945cd53a0cee9345f0a8d085d0a4149fc5131fc9265f54192ca04e6cedf3823149c28c661e01cfb763721e5cbd780cae7cad45ace418a68299597875ffcdaa390b87498098a5041bb47df6a3e137e2a5d546ab2e6d00408fc6ccd43fcd3411f69f46e890c02dd5c32f349eeb5a76d104fdb6651346e", 0x81, 0x4}, {&(0x7f0000000440)="6cb1270baf9537534d2ac6c507c9e36223cf6847b5aa63093eadcd715137e094aaca23bbb96613727c4e0f7650701e241f8366d10e4f7c488f7bef4dfa76bf03cac7606fc1d04b4f0f13d6f38acddc79ad8068eeb8e5655ecac5b692d0521445b4dc588780d80e3bd2aa53e41656dca265bb634df5ec18909d011c2331f9abc49b7605b91348177a1d8d07dea42a1609317b90ddeea5c400e7d13e912bdb51d2091335936e5352b3df3ded1a67b2826d154398e380e6ae45ddc88cbde9c7dece82deecdd2fde6908e62d3cf267fe3bde9aeab2a707d8f09d35d334313a7e20583819ca8c7864403051c3d1", 0xeb}, {&(0x7f0000000000)="a4103480c3618ecefb484c0db1a8f6cd74674025d297ba3c47f34ccd3b4b1b72f5a41e755bbc3949f85d6de128182a0db1cd436a85b9", 0x36, 0x1}], 0x0, &(0x7f0000000240)=ANY=[]) faccessat2(r0, &(0x7f0000000080)='./file1\x00', 0x160, 0x1000) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) 18:38:13 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400", 0xc}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) [ 3451.018690] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=17445 comm=syz-executor.4 [ 3451.022626] FAULT_INJECTION: forcing a failure. [ 3451.022626] name failslab, interval 1, probability 0, space 0, times 0 [ 3451.025535] CPU: 1 PID: 17438 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3451.027301] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3451.029456] Call Trace: [ 3451.030138] dump_stack+0x107/0x167 [ 3451.031086] should_fail.cold+0x5/0xa [ 3451.032074] ? iter_file_splice_write+0x165/0xc90 [ 3451.033324] should_failslab+0x5/0x20 [ 3451.034300] __kmalloc+0x72/0x390 [ 3451.035219] iter_file_splice_write+0x165/0xc90 [ 3451.036430] ? __fsnotify_parent+0x47a/0xb10 [ 3451.037594] ? generic_splice_sendpage+0x140/0x140 [ 3451.038840] ? pipe_to_user+0x170/0x170 [ 3451.039880] ? security_file_permission+0xb1/0xe0 [ 3451.041141] ? generic_splice_sendpage+0x140/0x140 [ 3451.042410] direct_splice_actor+0x10f/0x170 [ 3451.043531] splice_direct_to_actor+0x387/0x980 [ 3451.044755] ? pipe_to_sendpage+0x380/0x380 [ 3451.045866] ? do_splice_to+0x160/0x160 [ 3451.046886] ? security_file_permission+0xb1/0xe0 [ 3451.048142] do_splice_direct+0x1c4/0x290 [ 3451.049086] ? splice_direct_to_actor+0x980/0x980 [ 3451.050312] ? avc_policy_seqno+0x9/0x70 [ 3451.051389] ? security_file_permission+0xb1/0xe0 [ 3451.052648] do_sendfile+0x553/0x11e0 [ 3451.053632] ? do_pwritev+0x270/0x270 [ 3451.054604] ? wait_for_completion_io+0x270/0x270 [ 3451.055858] ? rcu_read_lock_any_held+0x75/0xa0 [ 3451.057041] ? vfs_write+0x354/0xb10 [ 3451.058004] __x64_sys_sendfile64+0x1d1/0x210 [ 3451.059151] ? __ia32_sys_sendfile+0x220/0x220 [ 3451.060355] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3451.061492] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3451.062834] do_syscall_64+0x33/0x40 [ 3451.063792] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3451.065130] RIP: 0033:0x7f8c0677ab19 [ 3451.066087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3451.070823] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3451.072765] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3451.074596] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3451.076439] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3451.078310] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3451.080164] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3451.086663] loop5: detected capacity change from 0 to 43404800 [ 3451.094338] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3451.096786] FAT-fs (loop5): invalid media value (0xd2) [ 3451.098031] FAT-fs (loop5): Can't find a valid FAT filesystem [ 3451.102345] loop2: detected capacity change from 0 to 32256 18:38:13 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 38) [ 3451.127688] FAT-fs (loop2): bogus number of reserved sectors [ 3451.129048] FAT-fs (loop2): Can't find a valid FAT filesystem 18:38:13 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280004001400210c000000000000000002"], 0x28}}, 0x0) 18:38:13 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28004c001800210c000000000000000002"], 0x28}}, 0x0) [ 3451.161022] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3451.178499] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=17467 comm=syz-executor.4 [ 3451.184607] loop5: detected capacity change from 0 to 43404800 [ 3451.197483] FAULT_INJECTION: forcing a failure. [ 3451.197483] name failslab, interval 1, probability 0, space 0, times 0 [ 3451.200016] CPU: 0 PID: 17464 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3451.201509] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3451.203281] Call Trace: [ 3451.203848] dump_stack+0x107/0x167 [ 3451.204633] should_fail.cold+0x5/0xa [ 3451.205458] ? create_object.isra.0+0x3a/0xa30 [ 3451.206434] should_failslab+0x5/0x20 [ 3451.207245] kmem_cache_alloc+0x5b/0x310 [ 3451.208110] create_object.isra.0+0x3a/0xa30 [ 3451.209045] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3451.210119] __kmalloc+0x16e/0x390 [ 3451.210881] iter_file_splice_write+0x165/0xc90 [ 3451.211870] ? __fsnotify_parent+0x47a/0xb10 [ 3451.212820] ? generic_splice_sendpage+0x140/0x140 [ 3451.213854] ? pipe_to_user+0x170/0x170 [ 3451.214714] ? security_file_permission+0xb1/0xe0 [ 3451.215739] ? generic_splice_sendpage+0x140/0x140 [ 3451.216782] direct_splice_actor+0x10f/0x170 [ 3451.217718] splice_direct_to_actor+0x387/0x980 [ 3451.218705] ? pipe_to_sendpage+0x380/0x380 [ 3451.219623] ? do_splice_to+0x160/0x160 [ 3451.220462] ? security_file_permission+0xb1/0xe0 [ 3451.221505] do_splice_direct+0x1c4/0x290 [ 3451.222379] ? splice_direct_to_actor+0x980/0x980 [ 3451.223388] ? avc_policy_seqno+0x9/0x70 [ 3451.224250] ? security_file_permission+0xb1/0xe0 [ 3451.225276] do_sendfile+0x553/0x11e0 [ 3451.226091] ? do_pwritev+0x270/0x270 [ 3451.226896] ? wait_for_completion_io+0x270/0x270 [ 3451.227914] ? rcu_read_lock_any_held+0x75/0xa0 [ 3451.228899] ? vfs_write+0x354/0xb10 [ 3451.229690] __x64_sys_sendfile64+0x1d1/0x210 [ 3451.230811] ? __ia32_sys_sendfile+0x220/0x220 [ 3451.231783] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3451.232885] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3451.233965] do_syscall_64+0x33/0x40 [ 3451.234748] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3451.235825] RIP: 0033:0x7f8c0677ab19 [ 3451.236611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3451.240469] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3451.242083] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3451.243579] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3451.245071] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3451.246563] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3451.248050] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3451.251454] FAT-fs (loop5): invalid media value (0xd2) [ 3451.252661] FAT-fs (loop5): Can't find a valid FAT filesystem 18:38:26 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400", 0xc}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:38:26 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280005001400210c000000000000000002"], 0x28}}, 0x0) 18:38:26 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280068001800210c000000000000000002"], 0x28}}, 0x0) 18:38:26 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 39) 18:38:26 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002000213d000000000000000002"], 0x28}}, 0x0) 18:38:26 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xffffff7f, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:38:26 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000000f00210c000000000000000002"], 0x28}}, 0x0) 18:38:26 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x0) faccessat2(r0, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000180), 0x68, &(0x7f0000000600)=ANY=[@ANYRESOCT, @ANYRESHEX=0x0, @ANYRESDEC, @ANYBLOB="55f187973d57fe8a20c5954c4f5d6f227bd7b8f9a2eb94f2d9981c2b0f6fecaf0d7175af35f616e4245aa8674298ac5431c78a5693194ffd6443eef2ad631a16e643dd4bbf065d2dda011cc20833e3e76fcf635992ee41cad4980979175b4f7a2e9c9a25", @ANYBLOB="7c5375bd0bcfb45bec72c10c9890e1b16c37dc7cbaf5df817dd7c494285000529e395b608fc6fb5e1b1015e43dd015836e0f28d6e313acbc4dadee5e1119b7ca27e740bf6d0a462efa48005b68159ee31da5a2d9415f15cedcc7b1c722d8660a870953b4b841ab3fbe5c30585561e1e26a7827a1198fa0b17e92e0d53d43996a7da665c8503298e78261d72553c7bd2f773df110d239543f14696d6e21df4c511a68071a2f4e2d32eb8c6e1c94490a9b690fda35afe325b3", @ANYRESHEX=r0, @ANYRESOCT=0x0, @ANYBLOB="b6152639ff380baead5c30a8a613976948b24c0b2ddd95904ceef448d5a97aae17ed959fc318837a8208e0f2ce27f59e4d92351eb4676bb1980316564a9cd15a6cc02d74ebca963ec807bcad261fac01f4b627befaa54b16b2ec4a3fe94bada31aadce9776f5ef37ac01a35b55e9c98d4f4bfdc2dbe0a5dfeb4d1c37feb782186a53d4aaf1af47f1f34f97fd0c2a6b6a8b820639be447cd290db1eb2d688407571ea85d1db65ffc7db1eeb816a829a87cada6b7d9f57611e4d346f2acb32c76161a88784d265604ae452956502195bea00e50706f9ca6b5113333916e01341a1932d248e6507994d1594358e6a0a0bc90670ff"]) openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x80, 0x144) execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000340)=[&(0x7f00000001c0)='.$\'%\x00', &(0x7f0000000400)='&\'*\x00', &(0x7f0000000240)='vfat\x00', &(0x7f0000000280)='vfat\x00', &(0x7f00000002c0)='+:&\x00', &(0x7f0000000300)='vfat\x00'], &(0x7f0000000380)) creat(&(0x7f0000000000)='./file0\x00', 0x8a) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) r1 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder-control\x00', 0x800, 0x0) lseek(r1, 0x2, 0x3) [ 3463.825330] loop5: detected capacity change from 0 to 41948160 18:38:26 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28006c001800210c000000000000000002"], 0x28}}, 0x0) [ 3463.848613] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3463.859788] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15 sclass=netlink_route_socket pid=17499 comm=syz-executor.4 [ 3463.864362] loop2: detected capacity change from 0 to 32256 [ 3463.864751] FAULT_INJECTION: forcing a failure. [ 3463.864751] name failslab, interval 1, probability 0, space 0, times 0 [ 3463.868124] CPU: 0 PID: 17492 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3463.869639] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3463.871444] Call Trace: [ 3463.872022] dump_stack+0x107/0x167 [ 3463.872824] should_fail.cold+0x5/0xa [ 3463.873648] ? jbd2__journal_start+0x190/0x7e0 [ 3463.874638] should_failslab+0x5/0x20 [ 3463.875464] kmem_cache_alloc+0x5b/0x310 [ 3463.876348] jbd2__journal_start+0x190/0x7e0 [ 3463.877312] __ext4_journal_start_sb+0x214/0x390 [ 3463.878344] ext4_file_write_iter+0xee9/0x1530 [ 3463.879345] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3463.880328] ? kasan_save_stack+0x32/0x40 [ 3463.881227] ? kasan_save_stack+0x1b/0x40 [ 3463.882119] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3463.883215] ? iter_file_splice_write+0x165/0xc90 [ 3463.884253] ? direct_splice_actor+0x10f/0x170 [ 3463.885245] ? splice_direct_to_actor+0x387/0x980 [ 3463.886283] ? do_splice_direct+0x1c4/0x290 [ 3463.887213] ? do_sendfile+0x553/0x11e0 [ 3463.888070] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3463.889081] ? do_syscall_64+0x33/0x40 [ 3463.889921] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3463.891080] do_iter_readv_writev+0x476/0x750 [ 3463.892046] ? _cond_resched+0x10/0x30 [ 3463.892900] ? new_sync_write+0x660/0x660 [ 3463.893798] ? avc_policy_seqno+0x9/0x70 [ 3463.894676] ? selinux_file_permission+0x92/0x520 [ 3463.895721] ? security_file_permission+0xb1/0xe0 [ 3463.896781] do_iter_write+0x191/0x700 [ 3463.897624] ? trace_hardirqs_on+0x5b/0x180 [ 3463.898562] vfs_iter_write+0x70/0xa0 [ 3463.899384] iter_file_splice_write+0x726/0xc90 [ 3463.900407] ? generic_splice_sendpage+0x140/0x140 [ 3463.901494] ? security_file_permission+0xb1/0xe0 [ 3463.902537] ? generic_splice_sendpage+0x140/0x140 [ 3463.903599] direct_splice_actor+0x10f/0x170 [ 3463.904553] splice_direct_to_actor+0x387/0x980 [ 3463.905565] ? pipe_to_sendpage+0x380/0x380 [ 3463.906497] ? do_splice_to+0x160/0x160 [ 3463.907356] ? security_file_permission+0xb1/0xe0 [ 3463.908403] do_splice_direct+0x1c4/0x290 [ 3463.909305] ? splice_direct_to_actor+0x980/0x980 [ 3463.910341] ? avc_policy_seqno+0x9/0x70 [ 3463.911222] ? security_file_permission+0xb1/0xe0 [ 3463.912272] do_sendfile+0x553/0x11e0 [ 3463.913116] ? do_pwritev+0x270/0x270 [ 3463.913937] ? wait_for_completion_io+0x270/0x270 [ 3463.914984] ? rcu_read_lock_any_held+0x75/0xa0 [ 3463.915984] ? vfs_write+0x354/0xb10 [ 3463.916801] __x64_sys_sendfile64+0x1d1/0x210 [ 3463.917767] ? __ia32_sys_sendfile+0x220/0x220 [ 3463.918765] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3463.919896] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3463.921023] do_syscall_64+0x33/0x40 [ 3463.921831] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3463.922942] RIP: 0033:0x7f8c0677ab19 [ 3463.923752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3463.927726] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3463.929381] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3463.930921] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3463.932463] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3463.934014] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3463.935554] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:38:26 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xffffff8c, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:38:26 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280074001800210c000000000000000002"], 0x28}}, 0x0) 18:38:26 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280006001400210c000000000000000002"], 0x28}}, 0x0) [ 3463.956989] FAT-fs (loop2): bogus number of reserved sectors [ 3463.958346] FAT-fs (loop2): Can't find a valid FAT filesystem [ 3463.987852] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15 sclass=netlink_route_socket pid=17515 comm=syz-executor.4 [ 3464.010614] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 18:38:26 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280007001400210c000000000000000002"], 0x28}}, 0x0) 18:38:26 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 40) 18:38:26 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:38:26 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28007a001800210c000000000000000002"], 0x28}}, 0x0) [ 3464.113195] FAULT_INJECTION: forcing a failure. [ 3464.113195] name failslab, interval 1, probability 0, space 0, times 0 [ 3464.115301] loop2: detected capacity change from 0 to 32256 [ 3464.115790] CPU: 0 PID: 17522 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3464.118366] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3464.120184] Call Trace: [ 3464.120772] dump_stack+0x107/0x167 [ 3464.121571] should_fail.cold+0x5/0xa [ 3464.122406] ? create_object.isra.0+0x3a/0xa30 [ 3464.123402] should_failslab+0x5/0x20 [ 3464.124233] kmem_cache_alloc+0x5b/0x310 [ 3464.125134] create_object.isra.0+0x3a/0xa30 [ 3464.126090] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3464.127202] kmem_cache_alloc+0x159/0x310 [ 3464.128112] jbd2__journal_start+0x190/0x7e0 [ 3464.129084] __ext4_journal_start_sb+0x214/0x390 [ 3464.130128] ext4_dirty_inode+0xbc/0x130 [ 3464.131013] ? ext4_setattr+0x21b0/0x21b0 [ 3464.131918] __mark_inode_dirty+0x492/0xd40 [ 3464.132868] ? current_time+0xac/0x120 [ 3464.133724] generic_update_time+0x21c/0x370 [ 3464.134678] ? igrab+0xc0/0xc0 [ 3464.135383] file_update_time+0x43a/0x520 [ 3464.136286] ? evict_inodes+0x470/0x470 [ 3464.137167] ? down_write_killable+0x180/0x180 [ 3464.138166] file_modified+0x7d/0xa0 [ 3464.138977] ext4_file_write_iter+0x8f8/0x1530 [ 3464.139985] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3464.140987] ? kasan_save_stack+0x32/0x40 [ 3464.141884] ? kasan_save_stack+0x1b/0x40 [ 3464.142783] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3464.143354] FAT-fs (loop2): invalid media value (0x00) [ 3464.143877] ? iter_file_splice_write+0x165/0xc90 [ 3464.143894] ? direct_splice_actor+0x10f/0x170 [ 3464.143912] ? splice_direct_to_actor+0x387/0x980 [ 3464.143928] ? do_splice_direct+0x1c4/0x290 [ 3464.143955] ? do_sendfile+0x553/0x11e0 [ 3464.145135] FAT-fs (loop2): Can't find a valid FAT filesystem [ 3464.146126] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3464.146143] ? do_syscall_64+0x33/0x40 [ 3464.146169] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3464.154144] do_iter_readv_writev+0x476/0x750 [ 3464.155117] ? _cond_resched+0x10/0x30 [ 3464.155962] ? new_sync_write+0x660/0x660 [ 3464.156869] ? avc_policy_seqno+0x9/0x70 [ 3464.157753] ? selinux_file_permission+0x92/0x520 [ 3464.158805] ? security_file_permission+0xb1/0xe0 [ 3464.159862] do_iter_write+0x191/0x700 [ 3464.160711] ? trace_hardirqs_on+0x5b/0x180 [ 3464.161667] vfs_iter_write+0x70/0xa0 [ 3464.162499] iter_file_splice_write+0x726/0xc90 [ 3464.163525] ? generic_splice_sendpage+0x140/0x140 [ 3464.164608] ? security_file_permission+0xb1/0xe0 [ 3464.165667] ? generic_splice_sendpage+0x140/0x140 [ 3464.166737] direct_splice_actor+0x10f/0x170 [ 3464.167694] splice_direct_to_actor+0x387/0x980 [ 3464.168711] ? pipe_to_sendpage+0x380/0x380 [ 3464.169662] ? do_splice_to+0x160/0x160 [ 3464.170525] ? security_file_permission+0xb1/0xe0 [ 3464.171580] do_splice_direct+0x1c4/0x290 [ 3464.172485] ? splice_direct_to_actor+0x980/0x980 [ 3464.173537] ? avc_policy_seqno+0x9/0x70 [ 3464.174425] ? security_file_permission+0xb1/0xe0 [ 3464.175481] do_sendfile+0x553/0x11e0 [ 3464.176320] ? do_pwritev+0x270/0x270 [ 3464.177154] ? wait_for_completion_io+0x270/0x270 [ 3464.178203] ? rcu_read_lock_any_held+0x75/0xa0 [ 3464.179210] ? vfs_write+0x354/0xb10 [ 3464.180023] __x64_sys_sendfile64+0x1d1/0x210 [ 3464.181003] ? __ia32_sys_sendfile+0x220/0x220 [ 3464.182005] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3464.183144] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3464.184270] do_syscall_64+0x33/0x40 [ 3464.185086] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3464.186198] RIP: 0033:0x7f8c0677ab19 [ 3464.187005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3464.191020] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3464.192677] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3464.194242] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3464.195790] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3464.197346] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3464.198896] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:38:26 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001000210c000000000000000002"], 0x28}}, 0x0) 18:38:26 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0xa72a, 0x0, &(0x7f0000000040), 0x80c027, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x141) 18:38:26 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xffffff97, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:38:26 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800000020002160000000000000000002"], 0x28}}, 0x0) [ 3464.276495] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3464.303627] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3464.327615] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3464.352136] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 18:38:39 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 41) 18:38:39 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280008001400210c000000000000000002"], 0x28}}, 0x0) 18:38:39 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800000020002163000000000000000002"], 0x28}}, 0x0) 18:38:39 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800f0001800210c000000000000000002"], 0x28}}, 0x0) 18:38:39 executing program 5: r0 = openat$sr(0xffffffffffffff9c, &(0x7f00000000c0), 0x101200, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5310, &(0x7f0000000400)={@lba=0x4, 0x0, 0x1}) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f00000000c0)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x4800, 0xa8, 0xb}, 0x18) epoll_pwait(r0, &(0x7f0000000440)=[{}, {}], 0x2, 0x2, &(0x7f0000000480)={[0x1]}, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_RECVMSG={0xa, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f00000000c0), 0x0, &(0x7f0000000280)=""/220, 0xdc}, 0x0, 0x62, 0x0, {0x2}}, 0x45) 18:38:39 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:38:39 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001100210c000000000000000002"], 0x28}}, 0x0) 18:38:39 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xffffffe4, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3477.256224] loop2: detected capacity change from 0 to 32256 [ 3477.269776] FAT-fs (loop2): invalid media value (0x00) [ 3477.270527] FAT-fs (loop2): Can't find a valid FAT filesystem [ 3477.290675] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3477.296819] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3477.301316] FAULT_INJECTION: forcing a failure. [ 3477.301316] name failslab, interval 1, probability 0, space 0, times 0 [ 3477.303949] CPU: 1 PID: 17565 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3477.305451] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3477.307238] Call Trace: [ 3477.307806] dump_stack+0x107/0x167 [ 3477.308596] should_fail.cold+0x5/0xa [ 3477.309424] ? jbd2__journal_start+0x190/0x7e0 [ 3477.310403] should_failslab+0x5/0x20 [ 3477.311222] kmem_cache_alloc+0x5b/0x310 [ 3477.312097] jbd2__journal_start+0x190/0x7e0 [ 3477.313056] __ext4_journal_start_sb+0x214/0x390 [ 3477.314082] ext4_file_write_iter+0xee9/0x1530 [ 3477.315079] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3477.316055] ? kasan_save_stack+0x32/0x40 [ 3477.316949] ? kasan_save_stack+0x1b/0x40 [ 3477.317827] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3477.318913] ? iter_file_splice_write+0x165/0xc90 [ 3477.319943] ? direct_splice_actor+0x10f/0x170 [ 3477.320931] ? splice_direct_to_actor+0x387/0x980 [ 3477.321964] ? do_splice_direct+0x1c4/0x290 [ 3477.322889] ? do_sendfile+0x553/0x11e0 [ 3477.323736] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3477.324731] ? do_syscall_64+0x33/0x40 [ 3477.325581] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3477.326738] do_iter_readv_writev+0x476/0x750 [ 3477.327704] ? _cond_resched+0x10/0x30 [ 3477.328545] ? new_sync_write+0x660/0x660 [ 3477.329449] ? avc_policy_seqno+0x9/0x70 [ 3477.330327] ? selinux_file_permission+0x92/0x520 [ 3477.331372] ? security_file_permission+0xb1/0xe0 [ 3477.332423] do_iter_write+0x191/0x700 [ 3477.333280] ? trace_hardirqs_on+0x5b/0x180 [ 3477.334220] vfs_iter_write+0x70/0xa0 [ 3477.335046] iter_file_splice_write+0x726/0xc90 [ 3477.336071] ? generic_splice_sendpage+0x140/0x140 [ 3477.337155] ? security_file_permission+0xb1/0xe0 [ 3477.338199] ? generic_splice_sendpage+0x140/0x140 [ 3477.339258] direct_splice_actor+0x10f/0x170 [ 3477.340210] splice_direct_to_actor+0x387/0x980 [ 3477.341231] ? pipe_to_sendpage+0x380/0x380 [ 3477.342172] ? do_splice_to+0x160/0x160 [ 3477.343032] ? security_file_permission+0xb1/0xe0 [ 3477.344080] do_splice_direct+0x1c4/0x290 [ 3477.344992] ? splice_direct_to_actor+0x980/0x980 [ 3477.346036] ? avc_policy_seqno+0x9/0x70 [ 3477.346919] ? security_file_permission+0xb1/0xe0 [ 3477.347970] do_sendfile+0x553/0x11e0 [ 3477.348806] ? do_pwritev+0x270/0x270 [ 3477.349641] ? wait_for_completion_io+0x270/0x270 [ 3477.350685] ? rcu_read_lock_any_held+0x75/0xa0 [ 3477.351687] ? vfs_write+0x354/0xb10 [ 3477.352495] __x64_sys_sendfile64+0x1d1/0x210 [ 3477.353476] ? __ia32_sys_sendfile+0x220/0x220 [ 3477.354471] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3477.355605] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3477.356721] do_syscall_64+0x33/0x40 [ 3477.357531] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3477.358634] RIP: 0033:0x7f8c0677ab19 [ 3477.359434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3477.363403] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3477.365049] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3477.366585] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3477.368126] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3477.369670] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3477.371211] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:38:40 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2802fc001800210c000000000000000002"], 0x28}}, 0x0) 18:38:40 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280009001400210c000000000000000002"], 0x28}}, 0x0) [ 3477.379393] loop5: detected capacity change from 0 to 32256 [ 3477.385746] FAT-fs (loop5): Unrecognized mount option "/dev/sr0" or missing value 18:38:40 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28000f001400210c000000000000000002"], 0x28}}, 0x0) [ 3477.401652] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 18:38:40 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xfffffff5, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:38:40 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:38:40 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001200210c000000000000000002"], 0x28}}, 0x0) [ 3477.463491] loop5: detected capacity change from 0 to 32256 [ 3477.468100] FAT-fs (loop5): Unrecognized mount option "/dev/sr0" or missing value [ 3477.478388] loop2: detected capacity change from 0 to 32256 [ 3477.494812] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3477.501169] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3477.545134] FAT-fs (loop2): invalid media value (0x00) [ 3477.546574] FAT-fs (loop2): Can't find a valid FAT filesystem [ 3490.547356] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=17614 comm=syz-executor.6 18:38:53 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400", 0x15}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:38:53 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002f00210c000000000000000002"], 0x28}}, 0x0) 18:38:53 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28000000200021ffe0f505000000000002"], 0x28}}, 0x0) 18:38:53 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001300210c000000000000000002"], 0x28}}, 0x0) 18:38:53 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280048001400210c000000000000000002"], 0x28}}, 0x0) 18:38:53 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 42) 18:38:53 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xfffffff6, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:38:53 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x0) faccessat2(r0, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000) r1 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) mkdirat(r1, &(0x7f0000000180)='./file0\x00', 0x0) faccessat2(r1, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000) r2 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) mkdirat(r2, &(0x7f0000000180)='./file0\x00', 0x0) faccessat2(r2, &(0x7f0000000200)='./file0\x00', 0x78, 0x1000) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="88df8888df5efb8071c41eb3151d56753a70c6bae04d84116711646e7d523e1ac9c1592844dfc9b1e5505b06f01f6a551769a0", @ANYRESOCT=r0, @ANYRES16=r1, @ANYBLOB="3ebafc985a211bd9766c0879bfb2645f361a2d489b14aafecd5d4500b92c1863be35089032766f7de57eaa42c8dc800f3cf1e77ddcbe97e3639a04ca41fbed8607afd652120336ed343249da519ea693cccb63c3d2d27c13563edebc92f2", @ANYRESOCT=r2, @ANYRES64=r2, @ANYRES32]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x9bc068, 0x0) 18:38:53 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28004c001400210c000000000000000002"], 0x28}}, 0x0) [ 3490.582014] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3490.587138] loop2: detected capacity change from 0 to 32256 18:38:53 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000006000210c000000000000000002"], 0x28}}, 0x0) [ 3490.594970] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3490.602314] FAT-fs (loop2): invalid media value (0x00) [ 3490.602982] FAT-fs (loop2): Can't find a valid FAT filesystem [ 3490.603982] loop5: detected capacity change from 0 to 41948160 [ 3490.612277] FAULT_INJECTION: forcing a failure. 18:38:53 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280068001400210c000000000000000002"], 0x28}}, 0x0) [ 3490.612277] name failslab, interval 1, probability 0, space 0, times 0 [ 3490.615240] CPU: 0 PID: 17631 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3490.616886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3490.618855] Call Trace: [ 3490.619477] dump_stack+0x107/0x167 [ 3490.620339] should_fail.cold+0x5/0xa [ 3490.621262] ? jbd2__journal_start+0x190/0x7e0 [ 3490.622345] should_failslab+0x5/0x20 [ 3490.623240] kmem_cache_alloc+0x5b/0x310 [ 3490.624210] jbd2__journal_start+0x190/0x7e0 [ 3490.625261] __ext4_journal_start_sb+0x214/0x390 [ 3490.626388] ext4_file_write_iter+0xee9/0x1530 [ 3490.627474] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3490.628543] ? kasan_save_stack+0x32/0x40 [ 3490.629530] ? kasan_save_stack+0x1b/0x40 [ 3490.630505] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3490.631698] ? iter_file_splice_write+0x165/0xc90 [ 3490.632833] ? direct_splice_actor+0x10f/0x170 [ 3490.633916] ? splice_direct_to_actor+0x387/0x980 [ 3490.635052] ? do_splice_direct+0x1c4/0x290 [ 3490.636053] ? do_sendfile+0x553/0x11e0 [ 3490.636984] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3490.638074] ? do_syscall_64+0x33/0x40 [ 3490.638987] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3490.640244] do_iter_readv_writev+0x476/0x750 [ 3490.641318] ? _cond_resched+0x10/0x30 [ 3490.642238] ? new_sync_write+0x660/0x660 18:38:53 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xfffffffd, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3490.643211] ? avc_policy_seqno+0x9/0x70 [ 3490.644255] ? selinux_file_permission+0x92/0x520 [ 3490.645406] ? security_file_permission+0xb1/0xe0 [ 3490.646545] do_iter_write+0x191/0x700 [ 3490.647457] ? trace_hardirqs_on+0x5b/0x180 [ 3490.648473] vfs_iter_write+0x70/0xa0 [ 3490.649383] iter_file_splice_write+0x726/0xc90 [ 3490.650487] ? generic_splice_sendpage+0x140/0x140 [ 3490.651654] ? security_file_permission+0xb1/0xe0 [ 3490.652793] ? generic_splice_sendpage+0x140/0x140 [ 3490.653942] direct_splice_actor+0x10f/0x170 [ 3490.654971] splice_direct_to_actor+0x387/0x980 [ 3490.656067] ? pipe_to_sendpage+0x380/0x380 [ 3490.657095] ? do_splice_to+0x160/0x160 [ 3490.658030] ? security_file_permission+0xb1/0xe0 [ 3490.659170] do_splice_direct+0x1c4/0x290 [ 3490.660143] ? splice_direct_to_actor+0x980/0x980 [ 3490.661283] ? avc_policy_seqno+0x9/0x70 [ 3490.662238] ? security_file_permission+0xb1/0xe0 [ 3490.663376] do_sendfile+0x553/0x11e0 [ 3490.664291] ? do_pwritev+0x270/0x270 [ 3490.665201] ? wait_for_completion_io+0x270/0x270 [ 3490.666337] ? rcu_read_lock_any_held+0x75/0xa0 [ 3490.667422] ? vfs_write+0x354/0xb10 [ 3490.668300] __x64_sys_sendfile64+0x1d1/0x210 [ 3490.669373] ? __ia32_sys_sendfile+0x220/0x220 [ 3490.670462] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3490.671696] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3490.672912] do_syscall_64+0x33/0x40 [ 3490.673800] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3490.675007] RIP: 0033:0x7f8c0677ab19 [ 3490.675885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3490.680231] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3490.682041] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3490.683769] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3490.685485] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3490.687192] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3490.688893] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3490.744680] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 18:39:08 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xfffffffe, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:39:08 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28006c001400210c000000000000000002"], 0x28}}, 0x0) 18:39:08 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001400210c000000000000000002"], 0x28}}, 0x0) 18:39:08 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000007300210c000000000000000002"], 0x28}}, 0x0) 18:39:08 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400", 0x15}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:39:08 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 43) 18:39:08 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002000210c020000000000000002"], 0x28}}, 0x0) 18:39:08 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x8000, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x4000, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) openat(r0, &(0x7f0000000240)='./file0\x00', 0x0, 0xd8) r1 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) mkdirat(r1, &(0x7f0000000180)='./file0\x00', 0x0) faccessat2(r1, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000) openat(r1, &(0x7f00000001c0)='./file0\x00', 0xc00, 0x99) chdir(&(0x7f0000000040)='./file0\x00') [ 3505.679346] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pid=17669 comm=syz-executor.6 [ 3505.689311] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3505.703673] loop2: detected capacity change from 0 to 32256 [ 3505.715737] FAULT_INJECTION: forcing a failure. [ 3505.715737] name failslab, interval 1, probability 0, space 0, times 0 [ 3505.718177] CPU: 1 PID: 17676 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3505.719636] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3505.721422] Call Trace: [ 3505.721989] dump_stack+0x107/0x167 [ 3505.722765] should_fail.cold+0x5/0xa [ 3505.723580] ? create_object.isra.0+0x3a/0xa30 [ 3505.724545] should_failslab+0x5/0x20 [ 3505.725425] kmem_cache_alloc+0x5b/0x310 [ 3505.726289] ? ext4_dirty_inode+0x107/0x130 [ 3505.727222] create_object.isra.0+0x3a/0xa30 [ 3505.728156] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3505.729248] kmem_cache_alloc+0x159/0x310 [ 3505.730147] jbd2__journal_start+0x190/0x7e0 [ 3505.731085] __ext4_journal_start_sb+0x214/0x390 [ 3505.732101] ext4_file_write_iter+0xee9/0x1530 [ 3505.733083] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3505.734073] ? kasan_save_stack+0x32/0x40 [ 3505.734950] ? kasan_save_stack+0x1b/0x40 [ 3505.735823] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3505.736895] ? iter_file_splice_write+0x165/0xc90 [ 3505.737941] ? direct_splice_actor+0x10f/0x170 [ 3505.738902] ? splice_direct_to_actor+0x387/0x980 [ 3505.739912] ? do_splice_direct+0x1c4/0x290 [ 3505.740816] ? do_sendfile+0x553/0x11e0 [ 3505.741679] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3505.742656] ? do_syscall_64+0x33/0x40 [ 3505.743471] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3505.744596] do_iter_readv_writev+0x476/0x750 [ 3505.745571] ? _cond_resched+0x10/0x30 [ 3505.746403] ? new_sync_write+0x660/0x660 [ 3505.747280] ? avc_policy_seqno+0x9/0x70 [ 3505.748141] ? selinux_file_permission+0x92/0x520 [ 3505.749156] ? security_file_permission+0xb1/0xe0 [ 3505.750209] do_iter_write+0x191/0x700 [ 3505.751031] ? trace_hardirqs_on+0x5b/0x180 [ 3505.751959] vfs_iter_write+0x70/0xa0 [ 3505.752768] iter_file_splice_write+0x726/0xc90 [ 3505.753805] ? generic_splice_sendpage+0x140/0x140 [ 3505.754854] ? security_file_permission+0xb1/0xe0 [ 3505.755876] ? generic_splice_sendpage+0x140/0x140 [ 3505.756910] direct_splice_actor+0x10f/0x170 [ 3505.757866] splice_direct_to_actor+0x387/0x980 [ 3505.758849] ? pipe_to_sendpage+0x380/0x380 [ 3505.759755] ? do_splice_to+0x160/0x160 [ 3505.760591] ? security_file_permission+0xb1/0xe0 [ 3505.761650] do_splice_direct+0x1c4/0x290 [ 3505.762540] ? splice_direct_to_actor+0x980/0x980 [ 3505.763555] ? avc_policy_seqno+0x9/0x70 [ 3505.764429] ? security_file_permission+0xb1/0xe0 [ 3505.765483] do_sendfile+0x553/0x11e0 [ 3505.766296] ? do_pwritev+0x270/0x270 [ 3505.767102] ? wait_for_completion_io+0x270/0x270 [ 3505.768131] ? rcu_read_lock_any_held+0x75/0xa0 [ 3505.769112] ? vfs_write+0x354/0xb10 [ 3505.769934] __x64_sys_sendfile64+0x1d1/0x210 [ 3505.770888] ? __ia32_sys_sendfile+0x220/0x220 [ 3505.771862] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3505.772979] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3505.774116] do_syscall_64+0x33/0x40 [ 3505.774908] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3505.775996] RIP: 0033:0x7f8c0677ab19 [ 3505.776777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3505.780740] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3505.782366] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3505.783868] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3505.785408] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3505.786912] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3505.788416] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:39:08 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280074001400210c000000000000000002"], 0x28}}, 0x0) 18:39:08 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280002001800210c000000000000000002"], 0x28}}, 0x0) 18:39:08 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x80000000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:39:08 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28007a001400210c000000000000000002"], 0x28}}, 0x0) [ 3505.800361] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3505.813881] loop5: detected capacity change from 0 to 32768 [ 3505.816354] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3505.857999] FAT-fs (loop2): invalid media value (0x00) [ 3505.859203] FAT-fs (loop2): Can't find a valid FAT filesystem [ 3505.877708] FAT-fs (loop5): Unrecognized mount option "./file0" or missing value [ 3505.887092] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 18:39:08 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800f0001400210c000000000000000002"], 0x28}}, 0x0) 18:39:08 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400", 0x15}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:39:08 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001500210c000000000000000002"], 0x28}}, 0x0) [ 3505.976067] loop5: detected capacity change from 0 to 32768 [ 3505.986250] FAT-fs (loop5): Unrecognized mount option "./file0" or missing value 18:39:08 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002000210c030000000000000002"], 0x28}}, 0x0) 18:39:08 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280003001800210c000000000000000002"], 0x28}}, 0x0) [ 3506.026673] loop2: detected capacity change from 0 to 32256 [ 3506.031726] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 18:39:08 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000031400210c000000000000000002"], 0x28}}, 0x0) [ 3506.055323] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3506.080800] FAT-fs (loop2): invalid media value (0x00) [ 3506.082190] FAT-fs (loop2): Can't find a valid FAT filesystem [ 3506.130546] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 18:39:08 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 44) 18:39:08 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280004001800210c000000000000000002"], 0x28}}, 0x0) [ 3506.167831] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3506.267842] FAULT_INJECTION: forcing a failure. [ 3506.267842] name failslab, interval 1, probability 0, space 0, times 0 [ 3506.270250] CPU: 0 PID: 17722 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3506.271692] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3506.273430] Call Trace: [ 3506.273987] dump_stack+0x107/0x167 [ 3506.274756] should_fail.cold+0x5/0xa [ 3506.275571] ? jbd2__journal_start+0x190/0x7e0 [ 3506.276529] should_failslab+0x5/0x20 [ 3506.277342] kmem_cache_alloc+0x5b/0x310 [ 3506.278184] ? __kernel_text_address+0x9/0x40 [ 3506.279128] jbd2__journal_start+0x190/0x7e0 [ 3506.280050] __ext4_journal_start_sb+0x214/0x390 [ 3506.281045] ext4_iomap_begin+0x485/0x700 [ 3506.281937] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3506.282973] ? kasan_save_stack+0x1b/0x40 [ 3506.283831] ? ext4_file_write_iter+0xe0e/0x1530 [ 3506.284834] ? truncate_exceptional_pvec_entries.part.0+0x510/0x510 [ 3506.286177] ? splice_direct_to_actor+0x387/0x980 [ 3506.287204] ? do_splice_direct+0x1c4/0x290 [ 3506.288128] ? do_sendfile+0x553/0x11e0 [ 3506.288976] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3506.289967] ? do_syscall_64+0x33/0x40 [ 3506.290802] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3506.291946] iomap_apply+0x164/0x810 [ 3506.292731] ? iomap_dio_rw+0x90/0x90 [ 3506.293541] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3506.294764] ? mark_held_locks+0x9e/0xe0 [ 3506.295629] ? filemap_check_errors+0xa5/0x150 [ 3506.296585] __iomap_dio_rw+0x6cd/0x1110 [ 3506.297444] ? iomap_dio_rw+0x90/0x90 [ 3506.298263] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3506.299240] ? ext4_orphan_add+0x253/0x9e0 [ 3506.300135] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3506.301166] ? ext4_empty_dir+0xae0/0xae0 [ 3506.302036] ? jbd2__journal_start+0xf3/0x7e0 [ 3506.302991] iomap_dio_rw+0x31/0x90 [ 3506.303769] ext4_file_write_iter+0xe0e/0x1530 [ 3506.304757] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3506.305711] ? kasan_save_stack+0x32/0x40 [ 3506.306591] ? kasan_save_stack+0x1b/0x40 [ 3506.307468] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3506.308526] ? iter_file_splice_write+0x165/0xc90 [ 3506.309561] ? direct_splice_actor+0x10f/0x170 [ 3506.310523] ? splice_direct_to_actor+0x387/0x980 [ 3506.311549] ? do_splice_direct+0x1c4/0x290 [ 3506.312469] ? do_sendfile+0x553/0x11e0 [ 3506.313320] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3506.314310] ? do_syscall_64+0x33/0x40 [ 3506.315132] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3506.316272] do_iter_readv_writev+0x476/0x750 [ 3506.317233] ? _cond_resched+0x10/0x30 [ 3506.318067] ? new_sync_write+0x660/0x660 [ 3506.318949] ? avc_policy_seqno+0x9/0x70 [ 3506.319815] ? selinux_file_permission+0x92/0x520 [ 3506.320843] ? security_file_permission+0xb1/0xe0 [ 3506.321895] do_iter_write+0x191/0x700 [ 3506.322730] ? trace_hardirqs_on+0x5b/0x180 [ 3506.323648] vfs_iter_write+0x70/0xa0 [ 3506.324462] iter_file_splice_write+0x726/0xc90 [ 3506.325480] ? generic_splice_sendpage+0x140/0x140 [ 3506.326542] ? security_file_permission+0xb1/0xe0 [ 3506.327562] ? generic_splice_sendpage+0x140/0x140 [ 3506.328595] direct_splice_actor+0x10f/0x170 [ 3506.329524] splice_direct_to_actor+0x387/0x980 [ 3506.330505] ? pipe_to_sendpage+0x380/0x380 [ 3506.331418] ? do_splice_to+0x160/0x160 [ 3506.332245] ? security_file_permission+0xb1/0xe0 [ 3506.333278] do_splice_direct+0x1c4/0x290 [ 3506.334158] ? splice_direct_to_actor+0x980/0x980 [ 3506.335164] ? avc_policy_seqno+0x9/0x70 [ 3506.336029] ? security_file_permission+0xb1/0xe0 [ 3506.337040] do_sendfile+0x553/0x11e0 [ 3506.337868] ? do_pwritev+0x270/0x270 [ 3506.338671] ? wait_for_completion_io+0x270/0x270 [ 3506.339688] ? rcu_read_lock_any_held+0x75/0xa0 [ 3506.340659] ? vfs_write+0x354/0xb10 [ 3506.341448] __x64_sys_sendfile64+0x1d1/0x210 [ 3506.342392] ? __ia32_sys_sendfile+0x220/0x220 [ 3506.343367] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3506.344467] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3506.345550] do_syscall_64+0x33/0x40 [ 3506.346327] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3506.347401] RIP: 0033:0x7f8c0677ab19 [ 3506.348177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3506.352049] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3506.353636] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3506.355118] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3506.356601] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3506.358101] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3506.359592] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:39:21 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 45) 18:39:21 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280005001800210c000000000000000002"], 0x28}}, 0x0) 18:39:21 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001600210c000000000000000002"], 0x28}}, 0x0) 18:39:21 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) r1 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r2, r3, 0x0, 0x100000001) ioctl$AUTOFS_DEV_IOCTL_VERSION(r2, 0xc0189371, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) mkdirat(r1, &(0x7f0000000180)='./file0\x00', 0x0) faccessat2(r1, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000) mkdirat(r1, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) 18:39:21 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800b1031400210c000000000000000002"], 0x28}}, 0x0) 18:39:21 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x4084ffffffff, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:39:21 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:39:21 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002000210c040000000000000002"], 0x28}}, 0x0) 18:39:21 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280006001800210c000000000000000002"], 0x28}}, 0x0) [ 3518.989342] loop5: detected capacity change from 0 to 32256 [ 3518.993801] FAULT_INJECTION: forcing a failure. [ 3518.993801] name failslab, interval 1, probability 0, space 0, times 0 [ 3518.995256] CPU: 0 PID: 17733 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3518.996112] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3518.997131] Call Trace: [ 3518.997473] dump_stack+0x107/0x167 [ 3518.997928] should_fail.cold+0x5/0xa [ 3518.998396] ? jbd2__journal_start+0x190/0x7e0 [ 3518.998963] should_failslab+0x5/0x20 [ 3518.999432] kmem_cache_alloc+0x5b/0x310 [ 3518.999927] ? __kernel_text_address+0x9/0x40 [ 3519.000480] jbd2__journal_start+0x190/0x7e0 [ 3519.001026] __ext4_journal_start_sb+0x214/0x390 [ 3519.001621] ext4_iomap_begin+0x485/0x700 [ 3519.002131] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3519.002728] ? kasan_save_stack+0x1b/0x40 [ 3519.003248] ? ext4_file_write_iter+0xe0e/0x1530 [ 3519.003830] ? truncate_exceptional_pvec_entries.part.0+0x510/0x510 [ 3519.004609] ? splice_direct_to_actor+0x387/0x980 [ 3519.005211] ? do_splice_direct+0x1c4/0x290 [ 3519.005753] ? do_sendfile+0x553/0x11e0 [ 3519.006241] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3519.006807] ? do_syscall_64+0x33/0x40 [ 3519.007283] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3519.007936] iomap_apply+0x164/0x810 [ 3519.008391] ? iomap_dio_rw+0x90/0x90 [ 3519.008857] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3519.009598] ? mark_held_locks+0x9e/0xe0 [ 3519.010100] ? filemap_check_errors+0xa5/0x150 [ 3519.010664] __iomap_dio_rw+0x6cd/0x1110 [ 3519.011158] ? iomap_dio_rw+0x90/0x90 [ 3519.011628] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3519.012181] ? ext4_orphan_add+0x253/0x9e0 [ 3519.012698] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3519.013292] ? ext4_empty_dir+0xae0/0xae0 [ 3519.013801] ? jbd2__journal_start+0xf3/0x7e0 [ 3519.014348] iomap_dio_rw+0x31/0x90 [ 3519.014786] ext4_file_write_iter+0xe0e/0x1530 [ 3519.015352] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3519.015903] ? kasan_save_stack+0x32/0x40 [ 3519.016403] ? kasan_save_stack+0x1b/0x40 [ 3519.016905] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3519.017528] ? iter_file_splice_write+0x165/0xc90 [ 3519.018109] ? direct_splice_actor+0x10f/0x170 [ 3519.018660] ? splice_direct_to_actor+0x387/0x980 [ 3519.019246] ? do_splice_direct+0x1c4/0x290 [ 3519.019767] ? do_sendfile+0x553/0x11e0 [ 3519.020247] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3519.020807] ? do_syscall_64+0x33/0x40 [ 3519.021279] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3519.021935] do_iter_readv_writev+0x476/0x750 [ 3519.022474] ? _cond_resched+0x10/0x30 [ 3519.022952] ? new_sync_write+0x660/0x660 [ 3519.023454] ? avc_policy_seqno+0x9/0x70 [ 3519.023942] ? selinux_file_permission+0x92/0x520 [ 3519.024525] ? security_file_permission+0xb1/0xe0 [ 3519.025112] do_iter_write+0x191/0x700 [ 3519.025592] ? trace_hardirqs_on+0x5b/0x180 [ 3519.026116] vfs_iter_write+0x70/0xa0 [ 3519.026579] iter_file_splice_write+0x726/0xc90 [ 3519.027150] ? generic_splice_sendpage+0x140/0x140 [ 3519.027750] ? security_file_permission+0xb1/0xe0 [ 3519.028331] ? generic_splice_sendpage+0x140/0x140 [ 3519.028924] direct_splice_actor+0x10f/0x170 [ 3519.029461] splice_direct_to_actor+0x387/0x980 [ 3519.030022] ? pipe_to_sendpage+0x380/0x380 [ 3519.030540] ? do_splice_to+0x160/0x160 [ 3519.031018] ? security_file_permission+0xb1/0xe0 [ 3519.031605] do_splice_direct+0x1c4/0x290 [ 3519.032102] ? splice_direct_to_actor+0x980/0x980 [ 3519.032684] ? avc_policy_seqno+0x9/0x70 [ 3519.033174] ? security_file_permission+0xb1/0xe0 [ 3519.033768] do_sendfile+0x553/0x11e0 [ 3519.034235] ? do_pwritev+0x270/0x270 [ 3519.034697] ? wait_for_completion_io+0x270/0x270 [ 3519.035278] ? rcu_read_lock_any_held+0x75/0xa0 [ 3519.035838] ? vfs_write+0x354/0xb10 [ 3519.036286] __x64_sys_sendfile64+0x1d1/0x210 [ 3519.036824] ? __ia32_sys_sendfile+0x220/0x220 [ 3519.037380] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3519.038005] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3519.038625] do_syscall_64+0x33/0x40 [ 3519.039070] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3519.039682] RIP: 0033:0x7f8c0677ab19 [ 3519.040135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3519.042338] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3519.043251] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3519.044104] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3519.044956] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3519.045815] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3519.046672] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3519.047783] loop2: detected capacity change from 0 to 32256 18:39:21 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000051400210c000000000000000002"], 0x28}}, 0x0) 18:39:21 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000061400210c000000000000000002"], 0x28}}, 0x0) [ 3519.071672] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3519.088145] FAT-fs (loop2): bogus number of FAT sectors [ 3519.089446] FAT-fs (loop2): Can't find a valid FAT filesystem 18:39:21 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0xedc000000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3519.102836] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 18:39:36 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000071400210c000000000000000002"], 0x28}}, 0x0) 18:39:36 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002000210c050000000000000002"], 0x28}}, 0x0) 18:39:36 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file0/file0\x00', 0x80000001, 0x7, &(0x7f00000007c0)=[{&(0x7f0000000200)="a0116091ee1ae5ddb8dfb627c12ebdf9a937114397f28b43ab1205cdf28d19ca6ab0f0710917e7530b33aa283660e7ed562055043f53af70e786e10ba182f19db74d49cd8bbf78d44d0f3af73df8eb73aaa115787a6559a96526b290d802d2cc7b331e5713573c4ee95bc5840a3dbf88c0e6ced2", 0x74, 0x400}, {&(0x7f0000000280)="fbe7fe35a75c29acc09185cbc6e162d034438d058ad597641677274d4b46668a70f3a7ca33d010333f6eb93265d32dd1dae1d931463975f03dbf5e953bef2c6f92de125e06c6e4b115d97e54b8dad7d4178810dfdc7440b63981e1cd95639d34fc427aa7909346efe38a2e9ce12e7407859476f28bf4fdf1d4b5ded2897f924b99279c5febfe333bcaf4c47041477507017a7159c90baddefc3d38733822f6a2635354f64d636753fb1a4763b7aad6cd1568e11ea7eeb45615387a013516748ba30d2d0c7d2382cf721d19d5cdc21c401e7cd87cd0012a79177a", 0xda, 0x6}, {&(0x7f0000000380)="d036427766d28eab518222a5bd83d068aa3d8592fa69733415d4de1ca8e61a873d892400", 0x24, 0xfffffffffffffffe}, {&(0x7f00000003c0)="4a6e5f09fb52645a1e7e4c29d44ca9bcaf6870a0b526df571de78347ffb2f9a372fff19cc62f228aaffbca01f5b463585cf0f92754eeb3b2cdb22b6856913fa5c52e3c6454059c389d5cb224893dca17152287f260c496f89e2f9d4167dd3951a9e03863e7def47d9ca4718b97bf06ea2e8da030bd85c22dc5f2326013f675d45c496b36d616b505a33aecfa23e40a1263b8a106f7a8ff6720f1a8102a065d6ff708d4a85a0ce8cf79cb43bd4ded58dbc006835345fb4c5ebcf683e0afe9e842ff41c9e5a43af966dbb15ba0", 0xcc, 0x2e3a70f}, {&(0x7f00000004c0)="dc61f0455ef4334776374aa70e1e7a6e53bbfec51aeffd942772af11e93314ed760404805b8820088945df46017593aa79057ae24aa822a00bd8ebf050a6b39fad28aa3ec4fd215be3b4ec605c145fc7f4d0984dddf164d9ab344b02c369416240e1c3520750df0f29dc672eb9af15d4818590718e18b82e5c699f2a236289adf961491d44aa5504ab79e656cb80654f6b9003451469b5287fb833502c0bb111c48dcfe4e045ca25d918ff68810aeeccfba3b530f1bfa9316500ccdc4949351c7be9554fc679779ce5ea37d02917d78474a7d72b29f2f89cc00c2c051723029c7b1668aecdebeacf8750", 0xea, 0xadd}, {&(0x7f00000005c0)="39bf817268d54bdaf1820326f899177c4f64964424823988b489ede6f5893fec8297676b6a6ddaaefa6315c8d2ba0ef9df6253b53efd40c47aca52bcdc2a5a19b9d689551efdd082542e8111cdfcd5edff637df06328190a6d282283a1d8a1c1b92cbe32e45c0511319256d72ec75e449f5f130a962f04b4ac00efd45caa55f767db2efbb80ff6ef6b43d4160f1020c9aca8428578cac8a82576c6e4cb77ad73f1905312b314ea860bf15fbc6d53144b44c762599b7fa9d0175b2d3bc0bf58d1d994a82281ca1127bd6f", 0xca, 0xc4c}, {&(0x7f00000006c0)="943c31304ee56db9d89c79d903448fb107712930eeadcf23a3451992072b4945a14490ecf51780391f87f3468df2d4fd15f0f8499d8c654c338e0ede2f3455cfb24081b1083708ca3286119f346fa8a7dc2340805d885407e631501788f5d66372428208074be5419dfecc47cdba2e754581930a7516b178d2ae3ac8a2becc5560c7b5278f28e8ed7e57751202408a23ea62309e8912fee5911dffb5ed74346a2e041330ac01a9922c8c79349cf43b7d4640ede8c1ed65d8602bb07f87e3b7409756f764ffed4d1c89f26a71cf484d5d64bb184fd815740c75b6727113ec37c6a074469a6bb9538c06a0f13da9a00d8de6816c3958bd6e", 0xf7, 0x1000}], 0x1000080, &(0x7f0000000880)={[{@debug_want_extra_isize}, {@lazytime}], [{@subj_role={'subj_role', 0x3d, '{'}}, {@subj_role={'subj_role', 0x3d, 'vfat\x00'}}, {@uid_gt={'uid>', 0xee00}}, {@smackfsfloor}, {@smackfstransmute}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}]}) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) chdir(&(0x7f0000000000)='./file0\x00') 18:39:36 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x1000000000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:39:36 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280200001800210c000000000000000002"], 0x28}}, 0x0) 18:39:36 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280007001800210c000000000000000002"], 0x28}}, 0x0) 18:39:36 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:39:36 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 46) 18:39:36 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280008001800210c000000000000000002"], 0x28}}, 0x0) [ 3533.414111] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3533.421155] loop2: detected capacity change from 0 to 32256 [ 3533.429310] FAULT_INJECTION: forcing a failure. [ 3533.429310] name failslab, interval 1, probability 0, space 0, times 0 [ 3533.431751] CPU: 0 PID: 17790 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3533.433247] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3533.435015] Call Trace: [ 3533.435574] dump_stack+0x107/0x167 [ 3533.436341] should_fail.cold+0x5/0xa [ 3533.437152] ? create_object.isra.0+0x3a/0xa30 [ 3533.438129] should_failslab+0x5/0x20 [ 3533.438935] kmem_cache_alloc+0x5b/0x310 [ 3533.439803] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3533.440933] create_object.isra.0+0x3a/0xa30 [ 3533.441868] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3533.442945] kmem_cache_alloc+0x159/0x310 [ 3533.443825] ? __kernel_text_address+0x9/0x40 [ 3533.444778] jbd2__journal_start+0x190/0x7e0 [ 3533.445726] __ext4_journal_start_sb+0x214/0x390 [ 3533.446746] ext4_iomap_begin+0x485/0x700 [ 3533.447637] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3533.448674] ? kasan_save_stack+0x1b/0x40 [ 3533.449565] ? ext4_file_write_iter+0xe0e/0x1530 [ 3533.450572] ? truncate_exceptional_pvec_entries.part.0+0x510/0x510 [ 3533.451912] ? splice_direct_to_actor+0x387/0x980 [ 3533.452932] ? do_splice_direct+0x1c4/0x290 [ 3533.453856] ? do_sendfile+0x553/0x11e0 [ 3533.454692] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3533.455673] ? do_syscall_64+0x33/0x40 [ 3533.456494] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3533.457640] iomap_apply+0x164/0x810 [ 3533.458435] ? iomap_dio_rw+0x90/0x90 [ 3533.459240] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3533.460423] ? mark_held_locks+0x9e/0xe0 [ 3533.461268] ? filemap_check_errors+0xa5/0x150 [ 3533.462255] __iomap_dio_rw+0x6cd/0x1110 [ 3533.463112] ? iomap_dio_rw+0x90/0x90 [ 3533.463929] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3533.464899] ? ext4_orphan_add+0x253/0x9e0 [ 3533.465814] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3533.466857] ? ext4_empty_dir+0xae0/0xae0 [ 3533.467733] ? jbd2__journal_start+0xf3/0x7e0 [ 3533.468689] iomap_dio_rw+0x31/0x90 [ 3533.469461] ext4_file_write_iter+0xe0e/0x1530 [ 3533.470458] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3533.471425] ? kasan_save_stack+0x32/0x40 [ 3533.472292] ? kasan_save_stack+0x1b/0x40 [ 3533.473166] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3533.474292] ? iter_file_splice_write+0x165/0xc90 [ 3533.475333] ? direct_splice_actor+0x10f/0x170 [ 3533.476300] ? splice_direct_to_actor+0x387/0x980 [ 3533.477324] ? do_splice_direct+0x1c4/0x290 [ 3533.478238] ? do_sendfile+0x553/0x11e0 [ 3533.479089] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3533.480068] ? do_syscall_64+0x33/0x40 [ 3533.480886] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3533.482035] do_iter_readv_writev+0x476/0x750 [ 3533.482989] ? _cond_resched+0x10/0x30 [ 3533.483816] ? new_sync_write+0x660/0x660 [ 3533.484696] ? avc_policy_seqno+0x9/0x70 [ 3533.485560] ? selinux_file_permission+0x92/0x520 [ 3533.486582] ? security_file_permission+0xb1/0xe0 [ 3533.487613] do_iter_write+0x191/0x700 [ 3533.488445] ? trace_hardirqs_on+0x5b/0x180 [ 3533.489369] vfs_iter_write+0x70/0xa0 [ 3533.490184] iter_file_splice_write+0x726/0xc90 [ 3533.491177] ? generic_splice_sendpage+0x140/0x140 [ 3533.492235] ? security_file_permission+0xb1/0xe0 [ 3533.493254] ? generic_splice_sendpage+0x140/0x140 [ 3533.494309] direct_splice_actor+0x10f/0x170 [ 3533.495255] splice_direct_to_actor+0x387/0x980 [ 3533.496239] ? pipe_to_sendpage+0x380/0x380 [ 3533.497152] ? do_splice_to+0x160/0x160 [ 3533.497999] ? security_file_permission+0xb1/0xe0 [ 3533.499035] do_splice_direct+0x1c4/0x290 [ 3533.499918] ? splice_direct_to_actor+0x980/0x980 [ 3533.500938] ? avc_policy_seqno+0x9/0x70 [ 3533.501811] ? security_file_permission+0xb1/0xe0 [ 3533.502841] do_sendfile+0x553/0x11e0 [ 3533.503660] ? do_pwritev+0x270/0x270 [ 3533.504473] ? wait_for_completion_io+0x270/0x270 [ 3533.505501] ? rcu_read_lock_any_held+0x75/0xa0 [ 3533.506496] ? vfs_write+0x354/0xb10 [ 3533.507297] __x64_sys_sendfile64+0x1d1/0x210 [ 3533.508255] ? __ia32_sys_sendfile+0x220/0x220 [ 3533.509231] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3533.510355] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3533.511465] do_syscall_64+0x33/0x40 [ 3533.512262] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3533.513350] RIP: 0033:0x7f8c0677ab19 [ 3533.514152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3533.518056] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3533.519676] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3533.521179] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3533.522706] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3533.524216] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3533.525731] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 18:39:36 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000091400210c000000000000000002"], 0x28}}, 0x0) 18:39:36 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x4000000000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 3533.540241] loop5: detected capacity change from 0 to 32256 [ 3533.559717] FAT-fs (loop2): bogus number of FAT sectors [ 3533.560579] FAT-fs (loop2): Can't find a valid FAT filesystem [ 3533.574348] FAT-fs (loop5): Unrecognized mount option "MI͋xM:=sxzeYe&{3WW0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x8000000000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:39:36 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002000210c060000000000000002"], 0x28}}, 0x0) [ 3533.707694] loop2: detected capacity change from 0 to 32256 18:39:36 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800f6161400210c000000000000000002"], 0x28}}, 0x0) 18:39:36 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, &(0x7f0000000240)=ANY=[]) openat$cdrom(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) 18:39:36 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28000b001800210c000000000000000002"], 0x28}}, 0x0) [ 3533.775432] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3533.799174] FAT-fs (loop2): bogus number of FAT sectors [ 3533.800368] FAT-fs (loop2): Can't find a valid FAT filesystem 18:39:36 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 47) 18:39:36 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280400001800210c000000000000000002"], 0x28}}, 0x0) [ 3533.876688] loop5: detected capacity change from 0 to 32256 [ 3533.912231] FAULT_INJECTION: forcing a failure. [ 3533.912231] name failslab, interval 1, probability 0, space 0, times 0 [ 3533.915127] CPU: 1 PID: 17844 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3533.915993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3533.917015] Call Trace: [ 3533.917353] dump_stack+0x107/0x167 [ 3533.917828] should_fail.cold+0x5/0xa [ 3533.918305] ? ext4_mb_new_blocks+0x698/0x45c0 [ 3533.918864] should_failslab+0x5/0x20 [ 3533.919348] kmem_cache_alloc+0x5b/0x310 [ 3533.919851] ext4_mb_new_blocks+0x698/0x45c0 [ 3533.920403] ? trace_hardirqs_on+0x5b/0x180 [ 3533.920945] ? ext4_cache_extents+0x148/0x2d0 [ 3533.921506] ? ext4_discard_preallocations+0xd80/0xd80 [ 3533.922165] ? ext4_ext_search_right+0x2e8/0xbd0 [ 3533.922760] ext4_ext_map_blocks+0x1a55/0x5880 [ 3533.923338] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3533.923982] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3533.924638] ? ext4_ext_release+0x10/0x10 [ 3533.925148] ? ext4_map_blocks+0x5cd/0x1910 [ 3533.925696] ? lock_release+0x680/0x680 [ 3533.926193] ? ext4_es_lookup_extent+0x485/0xa80 [ 3533.926791] ? lock_downgrade+0x6d0/0x6d0 [ 3533.927327] ? down_write_killable+0x180/0x180 [ 3533.927901] ext4_map_blocks+0x63f/0x1910 [ 3533.928413] ? kmem_cache_alloc+0x2a6/0x310 [ 3533.928944] ? __kernel_text_address+0x9/0x40 [ 3533.929500] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 3533.930065] ? jbd2__journal_start+0xf3/0x7e0 [ 3533.930620] ? __ext4_journal_start_sb+0x214/0x390 [ 3533.931222] ? __ext4_journal_start_sb+0x1db/0x390 [ 3533.931827] ext4_iomap_begin+0x3ad/0x700 [ 3533.932349] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3533.932972] ? kasan_save_stack+0x1b/0x40 [ 3533.933489] ? ext4_file_write_iter+0xe0e/0x1530 [ 3533.934101] ? truncate_exceptional_pvec_entries.part.0+0x510/0x510 18:39:36 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000481400210c000000000000000002"], 0x28}}, 0x0) 18:39:36 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28000f001800210c000000000000000002"], 0x28}}, 0x0) 18:39:36 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002000210c070000000000000002"], 0x28}}, 0x0) [ 3533.934881] ? splice_direct_to_actor+0x387/0x980 [ 3533.935667] ? do_splice_direct+0x1c4/0x290 [ 3533.936202] ? do_sendfile+0x553/0x11e0 [ 3533.936687] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3533.937246] ? do_syscall_64+0x33/0x40 [ 3533.937735] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3533.938387] iomap_apply+0x164/0x810 [ 3533.938842] ? iomap_dio_rw+0x90/0x90 [ 3533.939315] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3533.940032] ? mark_held_locks+0x9e/0xe0 [ 3533.940534] ? filemap_check_errors+0xa5/0x150 [ 3533.941091] __iomap_dio_rw+0x6cd/0x1110 [ 3533.941592] ? iomap_dio_rw+0x90/0x90 [ 3533.942071] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3533.942621] ? ext4_orphan_add+0x253/0x9e0 [ 3533.943137] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3533.943734] ? ext4_empty_dir+0xae0/0xae0 [ 3533.944231] ? jbd2__journal_start+0xf3/0x7e0 [ 3533.944774] iomap_dio_rw+0x31/0x90 [ 3533.945217] ext4_file_write_iter+0xe0e/0x1530 [ 3533.945803] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3533.946366] ? kasan_save_stack+0x32/0x40 [ 3533.946879] ? kasan_save_stack+0x1b/0x40 [ 3533.947383] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3533.947998] ? iter_file_splice_write+0x165/0xc90 [ 3533.948590] ? direct_splice_actor+0x10f/0x170 [ 3533.949141] ? splice_direct_to_actor+0x387/0x980 [ 3533.949736] ? do_splice_direct+0x1c4/0x290 [ 3533.950267] ? do_sendfile+0x553/0x11e0 [ 3533.950753] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3533.951323] ? do_syscall_64+0x33/0x40 [ 3533.951794] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3533.952450] do_iter_readv_writev+0x476/0x750 [ 3533.953000] ? _cond_resched+0x10/0x30 [ 3533.953471] ? new_sync_write+0x660/0x660 [ 3533.953990] ? avc_policy_seqno+0x9/0x70 [ 3533.954478] ? selinux_file_permission+0x92/0x520 [ 3533.955060] ? security_file_permission+0xb1/0xe0 [ 3533.955659] do_iter_write+0x191/0x700 [ 3533.956130] ? trace_hardirqs_on+0x5b/0x180 [ 3533.956672] vfs_iter_write+0x70/0xa0 [ 3533.957137] iter_file_splice_write+0x726/0xc90 [ 3533.957724] ? generic_splice_sendpage+0x140/0x140 [ 3533.958339] ? security_file_permission+0xb1/0xe0 [ 3533.958939] ? generic_splice_sendpage+0x140/0x140 [ 3533.959533] direct_splice_actor+0x10f/0x170 [ 3533.960070] splice_direct_to_actor+0x387/0x980 [ 3533.960653] ? pipe_to_sendpage+0x380/0x380 [ 3533.961185] ? do_splice_to+0x160/0x160 [ 3533.961671] ? security_file_permission+0xb1/0xe0 [ 3533.962257] do_splice_direct+0x1c4/0x290 [ 3533.962761] ? splice_direct_to_actor+0x980/0x980 [ 3533.963344] ? avc_policy_seqno+0x9/0x70 [ 3533.963845] ? security_file_permission+0xb1/0xe0 [ 3533.964448] do_sendfile+0x553/0x11e0 [ 3533.964926] ? do_pwritev+0x270/0x270 [ 3533.965389] ? wait_for_completion_io+0x270/0x270 [ 3533.965980] ? rcu_read_lock_any_held+0x75/0xa0 [ 3533.966543] ? vfs_write+0x354/0xb10 [ 3533.966997] __x64_sys_sendfile64+0x1d1/0x210 [ 3533.967530] ? __ia32_sys_sendfile+0x220/0x220 [ 3533.968091] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3533.968731] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3533.969356] do_syscall_64+0x33/0x40 [ 3533.969812] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3533.970429] RIP: 0033:0x7f8c0677ab19 [ 3533.970883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3533.973099] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3533.974027] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3533.974884] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3533.975745] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3533.976604] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3533.977461] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3534.051416] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3534.074827] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 18:39:48 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800004c1400210c000000000000000002"], 0x28}}, 0x0) 18:39:48 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x100000000000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:39:48 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000240)=ANY=[]) r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x0) faccessat2(r0, &(0x7f0000000200)='./file0\x00', 0x0, 0x1000) openat(r0, &(0x7f0000000000)='./file0\x00', 0x2a000, 0x3e) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) 18:39:48 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002000210c080000000000000002"], 0x28}}, 0x0) 18:39:48 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 48) 18:39:48 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280048001800210c000000000000000002"], 0x28}}, 0x0) 18:39:48 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280500001800210c000000000000000002"], 0x28}}, 0x0) 18:39:48 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, 0x0) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) [ 3546.336618] loop2: detected capacity change from 0 to 32256 [ 3546.345122] FAULT_INJECTION: forcing a failure. [ 3546.345122] name failslab, interval 1, probability 0, space 0, times 0 [ 3546.346519] CPU: 0 PID: 17878 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3546.347358] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3546.348357] Call Trace: [ 3546.348686] dump_stack+0x107/0x167 [ 3546.349138] should_fail.cold+0x5/0xa [ 3546.349600] ? ext4_mb_new_blocks+0x698/0x45c0 [ 3546.350162] should_failslab+0x5/0x20 [ 3546.350623] kmem_cache_alloc+0x5b/0x310 [ 3546.351116] ext4_mb_new_blocks+0x698/0x45c0 [ 3546.351654] ? trace_hardirqs_on+0x5b/0x180 [ 3546.352180] ? ext4_cache_extents+0x148/0x2d0 [ 3546.352719] ? ext4_discard_preallocations+0xd80/0xd80 [ 3546.353366] ? ext4_ext_search_right+0x2e8/0xbd0 [ 3546.353948] ext4_ext_map_blocks+0x1a55/0x5880 [ 3546.354506] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3546.355139] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3546.355788] ? ext4_ext_release+0x10/0x10 [ 3546.356302] ? ext4_map_blocks+0x5cd/0x1910 [ 3546.356829] ? lock_release+0x680/0x680 [ 3546.357318] ? ext4_es_lookup_extent+0x485/0xa80 [ 3546.357903] ? lock_downgrade+0x6d0/0x6d0 [ 3546.358417] ? down_write_killable+0x180/0x180 [ 3546.358983] ext4_map_blocks+0x63f/0x1910 [ 3546.359484] ? kmem_cache_alloc+0x2a6/0x310 [ 3546.360002] ? __kernel_text_address+0x9/0x40 [ 3546.360543] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 3546.361081] ? jbd2__journal_start+0xf3/0x7e0 [ 3546.361632] ? __ext4_journal_start_sb+0x214/0x390 [ 3546.362239] ? __ext4_journal_start_sb+0x1db/0x390 [ 3546.362845] ext4_iomap_begin+0x3ad/0x700 [ 3546.363355] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3546.363954] ? kasan_save_stack+0x1b/0x40 [ 3546.364460] ? ext4_file_write_iter+0xe0e/0x1530 [ 3546.365049] ? truncate_exceptional_pvec_entries.part.0+0x510/0x510 [ 3546.365825] ? splice_direct_to_actor+0x387/0x980 [ 3546.366403] ? do_splice_direct+0x1c4/0x290 [ 3546.366927] ? do_sendfile+0x553/0x11e0 [ 3546.367401] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3546.367953] ? do_syscall_64+0x33/0x40 [ 3546.368417] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3546.369056] iomap_apply+0x164/0x810 [ 3546.369501] ? iomap_dio_rw+0x90/0x90 [ 3546.369978] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3546.370673] ? mark_held_locks+0x9e/0xe0 [ 3546.371164] ? filemap_check_errors+0xa5/0x150 [ 3546.371722] __iomap_dio_rw+0x6cd/0x1110 [ 3546.372206] ? iomap_dio_rw+0x90/0x90 [ 3546.372680] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3546.373226] ? ext4_orphan_add+0x253/0x9e0 [ 3546.373746] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3546.374335] ? ext4_empty_dir+0xae0/0xae0 [ 3546.374842] ? jbd2__journal_start+0xf3/0x7e0 [ 3546.375388] iomap_dio_rw+0x31/0x90 [ 3546.375834] ext4_file_write_iter+0xe0e/0x1530 [ 3546.376391] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3546.376942] ? kasan_save_stack+0x32/0x40 [ 3546.377436] ? kasan_save_stack+0x1b/0x40 [ 3546.377945] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3546.378561] ? iter_file_splice_write+0x165/0xc90 [ 3546.379150] ? direct_splice_actor+0x10f/0x170 [ 3546.379695] ? splice_direct_to_actor+0x387/0x980 [ 3546.380269] ? do_splice_direct+0x1c4/0x290 [ 3546.380784] ? do_sendfile+0x553/0x11e0 [ 3546.381254] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3546.381816] ? do_syscall_64+0x33/0x40 [ 3546.382282] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3546.382923] do_iter_readv_writev+0x476/0x750 [ 3546.383458] ? _cond_resched+0x10/0x30 [ 3546.383925] ? new_sync_write+0x660/0x660 [ 3546.384419] ? avc_policy_seqno+0x9/0x70 [ 3546.384905] ? selinux_file_permission+0x92/0x520 [ 3546.385484] ? security_file_permission+0xb1/0xe0 [ 3546.386088] do_iter_write+0x191/0x700 [ 3546.386553] ? trace_hardirqs_on+0x5b/0x180 [ 3546.387068] vfs_iter_write+0x70/0xa0 [ 3546.387521] iter_file_splice_write+0x726/0xc90 [ 3546.388086] ? generic_splice_sendpage+0x140/0x140 [ 3546.388687] ? security_file_permission+0xb1/0xe0 [ 3546.389261] ? generic_splice_sendpage+0x140/0x140 [ 3546.389853] direct_splice_actor+0x10f/0x170 [ 3546.390397] splice_direct_to_actor+0x387/0x980 [ 3546.390961] ? pipe_to_sendpage+0x380/0x380 [ 3546.391487] ? do_splice_to+0x160/0x160 [ 3546.391974] ? security_file_permission+0xb1/0xe0 [ 3546.392554] do_splice_direct+0x1c4/0x290 [ 3546.393045] ? splice_direct_to_actor+0x980/0x980 [ 3546.393613] ? avc_policy_seqno+0x9/0x70 [ 3546.394107] ? security_file_permission+0xb1/0xe0 [ 3546.394686] do_sendfile+0x553/0x11e0 [ 3546.395146] ? do_pwritev+0x270/0x270 [ 3546.395597] ? wait_for_completion_io+0x270/0x270 [ 3546.396170] ? rcu_read_lock_any_held+0x75/0xa0 [ 3546.396725] ? vfs_write+0x354/0xb10 [ 3546.397173] __x64_sys_sendfile64+0x1d1/0x210 [ 3546.397709] ? __ia32_sys_sendfile+0x220/0x220 [ 3546.398253] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3546.398876] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3546.399494] do_syscall_64+0x33/0x40 [ 3546.399938] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3546.400547] RIP: 0033:0x7f8c0677ab19 [ 3546.400988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3546.403342] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3546.404263] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3546.405111] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3546.405969] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3546.406808] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3546.407647] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3546.433144] loop5: detected capacity change from 0 to 32256 [ 3546.440179] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3546.463200] FAT-fs (loop5): bogus number of reserved sectors [ 3546.464498] FAT-fs (loop5): Can't find a valid FAT filesystem [ 3546.485174] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3546.503763] loop5: detected capacity change from 0 to 32256 [ 3546.515624] FAT-fs (loop5): bogus number of reserved sectors [ 3546.516919] FAT-fs (loop5): Can't find a valid FAT filesystem 18:40:00 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="28004c001800210c000000000000000002"], 0x28}}, 0x0) [ 3557.811714] loop5: detected capacity change from 0 to 8388096 18:40:00 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000681400210c000000000000000002"], 0x28}}, 0x0) 18:40:00 executing program 5: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17, 0xfffffffffffffffc}], 0x0, &(0x7f0000000240)=ANY=[]) fchmodat(r0, &(0x7f0000000000)='./file0\x00', 0x10) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1000860, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0) sendfile(r1, r2, 0x0, 0x100000001) setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x2d, &(0x7f00000001c0)={0xfffffffe, {{0x2, 0x4e23, @rand_addr=0x64010102}}}, 0x88) 18:40:00 executing program 4: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280600001800210c000000000000000002"], 0x28}}, 0x0) 18:40:00 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 49) 18:40:00 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x200000000000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:40:00 executing program 0: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000002000210c090000000000000002"], 0x28}}, 0x0) 18:40:00 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, 0x0) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) [ 3557.840573] loop2: detected capacity change from 0 to 32256 18:40:00 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280068001800210c000000000000000002"], 0x28}}, 0x0) [ 3557.852621] FAULT_INJECTION: forcing a failure. [ 3557.852621] name failslab, interval 1, probability 0, space 0, times 0 [ 3557.855478] CPU: 1 PID: 17917 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3557.857249] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3557.859336] Call Trace: [ 3557.860001] dump_stack+0x107/0x167 [ 3557.860914] should_fail.cold+0x5/0xa [ 3557.861873] ? ext4_mb_new_blocks+0x698/0x45c0 [ 3557.863015] should_failslab+0x5/0x20 [ 3557.863964] kmem_cache_alloc+0x5b/0x310 [ 3557.864991] ext4_mb_new_blocks+0x698/0x45c0 [ 3557.866105] ? trace_hardirqs_on+0x5b/0x180 [ 3557.867177] ? ext4_cache_extents+0x148/0x2d0 [ 3557.868290] ? ext4_discard_preallocations+0xd80/0xd80 [ 3557.869591] ? ext4_ext_search_right+0x2e8/0xbd0 [ 3557.870771] ext4_ext_map_blocks+0x1a55/0x5880 [ 3557.871924] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3557.873219] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3557.874534] ? ext4_ext_release+0x10/0x10 [ 3557.875576] ? ext4_map_blocks+0x5cd/0x1910 [ 3557.876645] ? lock_release+0x680/0x680 [ 3557.877631] ? ext4_es_lookup_extent+0x485/0xa80 [ 3557.878825] ? lock_downgrade+0x6d0/0x6d0 [ 3557.879881] ? down_write_killable+0x180/0x180 [ 3557.881051] ext4_map_blocks+0x63f/0x1910 [ 3557.882093] ? kmem_cache_alloc+0x2a6/0x310 [ 3557.883154] ? __kernel_text_address+0x9/0x40 [ 3557.884288] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 3557.885401] ? jbd2__journal_start+0xf3/0x7e0 [ 3557.886523] ? __ext4_journal_start_sb+0x214/0x390 [ 3557.887729] ? __ext4_journal_start_sb+0x1db/0x390 [ 3557.888953] ext4_iomap_begin+0x3ad/0x700 [ 3557.890005] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3557.891223] ? kasan_save_stack+0x1b/0x40 [ 3557.892248] ? ext4_file_write_iter+0xe0e/0x1530 [ 3557.893427] ? truncate_exceptional_pvec_entries.part.0+0x510/0x510 [ 3557.895014] ? splice_direct_to_actor+0x387/0x980 [ 3557.896196] ? do_splice_direct+0x1c4/0x290 [ 3557.897254] ? do_sendfile+0x553/0x11e0 [ 3557.898235] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3557.899377] ? do_syscall_64+0x33/0x40 [ 3557.900339] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3557.901643] iomap_apply+0x164/0x810 [ 3557.902556] ? iomap_dio_rw+0x90/0x90 [ 3557.903490] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3557.904911] ? mark_held_locks+0x9e/0xe0 [ 3557.905931] ? filemap_check_errors+0xa5/0x150 [ 3557.907062] __iomap_dio_rw+0x6cd/0x1110 [ 3557.908058] ? iomap_dio_rw+0x90/0x90 [ 3557.909016] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3557.910146] ? ext4_orphan_add+0x253/0x9e0 [ 3557.911184] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3557.912386] ? ext4_empty_dir+0xae0/0xae0 [ 3557.913431] ? jbd2__journal_start+0xf3/0x7e0 [ 3557.914546] iomap_dio_rw+0x31/0x90 [ 3557.915444] ext4_file_write_iter+0xe0e/0x1530 [ 3557.916584] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3557.917682] ? kasan_save_stack+0x32/0x40 [ 3557.918696] ? kasan_save_stack+0x1b/0x40 [ 3557.919710] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3557.920943] ? iter_file_splice_write+0x165/0xc90 [ 3557.922130] ? direct_splice_actor+0x10f/0x170 [ 3557.923249] ? splice_direct_to_actor+0x387/0x980 [ 3557.924426] ? do_splice_direct+0x1c4/0x290 [ 3557.925477] ? do_sendfile+0x553/0x11e0 [ 3557.926452] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3557.927571] ? do_syscall_64+0x33/0x40 [ 3557.928513] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3557.929821] do_iter_readv_writev+0x476/0x750 [ 3557.930901] ? _cond_resched+0x10/0x30 [ 3557.931839] ? new_sync_write+0x660/0x660 [ 3557.932829] ? avc_policy_seqno+0x9/0x70 [ 3557.933822] ? selinux_file_permission+0x92/0x520 [ 3557.934983] ? security_file_permission+0xb1/0xe0 [ 3557.936152] do_iter_write+0x191/0x700 [ 3557.937090] ? trace_hardirqs_on+0x5b/0x180 [ 3557.938152] vfs_iter_write+0x70/0xa0 [ 3557.939068] iter_file_splice_write+0x726/0xc90 [ 3557.940201] ? generic_splice_sendpage+0x140/0x140 [ 3557.941405] ? security_file_permission+0xb1/0xe0 [ 3557.942575] ? generic_splice_sendpage+0x140/0x140 [ 3557.943758] direct_splice_actor+0x10f/0x170 [ 3557.944818] splice_direct_to_actor+0x387/0x980 [ 3557.945963] ? pipe_to_sendpage+0x380/0x380 [ 3557.947008] ? do_splice_to+0x160/0x160 [ 3557.947975] ? security_file_permission+0xb1/0xe0 [ 3557.949152] do_splice_direct+0x1c4/0x290 [ 3557.950157] ? splice_direct_to_actor+0x980/0x980 [ 3557.951317] ? avc_policy_seqno+0x9/0x70 [ 3557.952311] ? security_file_permission+0xb1/0xe0 [ 3557.953485] do_sendfile+0x553/0x11e0 [ 3557.954423] ? do_pwritev+0x270/0x270 [ 3557.955327] ? wait_for_completion_io+0x270/0x270 [ 3557.956477] ? rcu_read_lock_any_held+0x75/0xa0 [ 3557.957580] ? vfs_write+0x354/0xb10 [ 3557.958479] __x64_sys_sendfile64+0x1d1/0x210 [ 3557.959546] ? __ia32_sys_sendfile+0x220/0x220 [ 3557.960645] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3557.961921] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3557.963162] do_syscall_64+0x33/0x40 [ 3557.964064] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3557.965293] RIP: 0033:0x7f8c0677ab19 [ 3557.966169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3557.970390] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3557.972153] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3557.973748] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3557.975452] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3557.977195] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3557.978794] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3557.984688] FAT-fs (loop5): bogus number of reserved sectors [ 3557.985430] FAT-fs (loop5): Can't find a valid FAT filesystem 18:40:00 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c46010400010000000000e500c0038203008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000100000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52daca00009f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/665], 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae2, 0xa51c, 0x3, &(0x7f00000002c0)={[0x7]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000680)) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) r5 = timerfd_create(0x8, 0x0) signalfd4(r5, &(0x7f0000000a40)={[0x7fff]}, 0x8, 0x0) pipe(&(0x7f0000000000)) mount$9p_fd(0x300000000000000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 18:40:00 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800006c1400210c000000000000000002"], 0x28}}, 0x0) 18:40:00 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x7}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) (fail_nth: 50) 18:40:00 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}], 0x0, 0x0) mount$9p_unix(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x39c62, 0x0) 18:40:00 executing program 1: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470", 0x12}], 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000741400210c000000000000000002"], 0x28}}, 0x0) [ 3558.125655] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3558.137444] loop2: detected capacity change from 0 to 32256 [ 3558.142486] FAULT_INJECTION: forcing a failure. [ 3558.142486] name failslab, interval 1, probability 0, space 0, times 0 [ 3558.144037] CPU: 0 PID: 17944 Comm: syz-executor.7 Not tainted 5.10.246 #1 [ 3558.144923] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3558.145888] Call Trace: [ 3558.146197] dump_stack+0x107/0x167 [ 3558.146614] should_fail.cold+0x5/0xa [ 3558.147052] ? create_object.isra.0+0x3a/0xa30 [ 3558.147579] should_failslab+0x5/0x20 [ 3558.148012] kmem_cache_alloc+0x5b/0x310 [ 3558.148481] create_object.isra.0+0x3a/0xa30 [ 3558.148981] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3558.149567] kmem_cache_alloc+0x159/0x310 [ 3558.150052] ext4_mb_new_blocks+0x698/0x45c0 [ 3558.150565] ? trace_hardirqs_on+0x5b/0x180 [ 3558.151058] ? ext4_cache_extents+0x148/0x2d0 [ 3558.151572] ? ext4_discard_preallocations+0xd80/0xd80 [ 3558.152172] ? ext4_ext_search_right+0x2e8/0xbd0 [ 3558.152717] ext4_ext_map_blocks+0x1a55/0x5880 [ 3558.153245] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3558.153860] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3558.154461] ? ext4_ext_release+0x10/0x10 [ 3558.154943] ? ext4_map_blocks+0x5cd/0x1910 [ 3558.155437] ? lock_release+0x680/0x680 [ 3558.155896] ? ext4_es_lookup_extent+0x485/0xa80 [ 3558.156443] ? lock_downgrade+0x6d0/0x6d0 [ 3558.156926] ? down_write_killable+0x180/0x180 [ 3558.157455] ext4_map_blocks+0x63f/0x1910 [ 3558.157941] ? kmem_cache_alloc+0x2a6/0x310 [ 3558.158433] ? __kernel_text_address+0x9/0x40 [ 3558.158944] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 3558.159459] ? jbd2__journal_start+0xf3/0x7e0 [ 3558.159973] ? __ext4_journal_start_sb+0x214/0x390 [ 3558.160529] ? __ext4_journal_start_sb+0x1db/0x390 [ 3558.161092] ext4_iomap_begin+0x3ad/0x700 [ 3558.161572] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 3558.162137] ? kasan_save_stack+0x1b/0x40 [ 3558.162614] ? ext4_file_write_iter+0xe0e/0x1530 [ 3558.163156] ? truncate_exceptional_pvec_entries.part.0+0x510/0x510 [ 3558.163883] ? splice_direct_to_actor+0x387/0x980 [ 3558.164431] ? do_splice_direct+0x1c4/0x290 [ 3558.164919] ? do_sendfile+0x553/0x11e0 [ 3558.165370] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3558.165910] ? do_syscall_64+0x33/0x40 [ 3558.166359] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3558.166969] iomap_apply+0x164/0x810 [ 3558.167401] ? iomap_dio_rw+0x90/0x90 [ 3558.167835] ? trace_event_raw_event_iomap_class+0x560/0x560 [ 3558.168500] ? mark_held_locks+0x9e/0xe0 [ 3558.168974] ? filemap_check_errors+0xa5/0x150 [ 3558.169500] __iomap_dio_rw+0x6cd/0x1110 [ 3558.169975] ? iomap_dio_rw+0x90/0x90 [ 3558.170419] ? iomap_dio_bio_actor+0xef0/0xef0 [ 3558.170938] ? ext4_orphan_add+0x253/0x9e0 [ 3558.171415] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 3558.171976] ? ext4_empty_dir+0xae0/0xae0 [ 3558.172445] ? jbd2__journal_start+0xf3/0x7e0 [ 3558.172962] iomap_dio_rw+0x31/0x90 [ 3558.173380] ext4_file_write_iter+0xe0e/0x1530 [ 3558.173923] ? ext4_file_read_iter+0x4c0/0x4c0 [ 3558.174438] ? kasan_save_stack+0x32/0x40 [ 3558.174906] ? kasan_save_stack+0x1b/0x40 [ 3558.175377] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3558.175951] ? iter_file_splice_write+0x165/0xc90 [ 3558.176504] ? direct_splice_actor+0x10f/0x170 [ 3558.177022] ? splice_direct_to_actor+0x387/0x980 [ 3558.177571] ? do_splice_direct+0x1c4/0x290 [ 3558.178070] ? do_sendfile+0x553/0x11e0 [ 3558.178521] ? __x64_sys_sendfile64+0x1d1/0x210 [ 3558.179046] ? do_syscall_64+0x33/0x40 [ 3558.179489] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3558.180103] do_iter_readv_writev+0x476/0x750 [ 3558.180614] ? _cond_resched+0x10/0x30 [ 3558.181060] ? new_sync_write+0x660/0x660 [ 3558.181536] ? avc_policy_seqno+0x9/0x70 [ 3558.182007] ? selinux_file_permission+0x92/0x520 [ 3558.182563] ? security_file_permission+0xb1/0xe0 [ 3558.183120] do_iter_write+0x191/0x700 [ 3558.183567] ? trace_hardirqs_on+0x5b/0x180 [ 3558.184064] vfs_iter_write+0x70/0xa0 [ 3558.184497] iter_file_splice_write+0x726/0xc90 [ 3558.185044] ? generic_splice_sendpage+0x140/0x140 [ 3558.185616] ? security_file_permission+0xb1/0xe0 [ 3558.186185] ? generic_splice_sendpage+0x140/0x140 [ 3558.186744] direct_splice_actor+0x10f/0x170 [ 3558.187250] splice_direct_to_actor+0x387/0x980 [ 3558.187789] ? pipe_to_sendpage+0x380/0x380 [ 3558.188288] ? do_splice_to+0x160/0x160 [ 3558.188748] ? security_file_permission+0xb1/0xe0 [ 3558.189316] do_splice_direct+0x1c4/0x290 [ 3558.189801] ? splice_direct_to_actor+0x980/0x980 [ 3558.190355] ? avc_policy_seqno+0x9/0x70 [ 3558.190821] ? security_file_permission+0xb1/0xe0 [ 3558.191380] do_sendfile+0x553/0x11e0 [ 3558.191824] ? do_pwritev+0x270/0x270 [ 3558.192262] ? wait_for_completion_io+0x270/0x270 [ 3558.192823] ? rcu_read_lock_any_held+0x75/0xa0 [ 3558.193356] ? vfs_write+0x354/0xb10 [ 3558.193789] __x64_sys_sendfile64+0x1d1/0x210 [ 3558.194304] ? __ia32_sys_sendfile+0x220/0x220 [ 3558.194831] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3558.195434] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3558.196024] do_syscall_64+0x33/0x40 [ 3558.196452] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3558.197038] RIP: 0033:0x7f8c0677ab19 [ 3558.197462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3558.199581] RSP: 002b:00007f8c03cf0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 3558.200449] RAX: ffffffffffffffda RBX: 00007f8c0688df60 RCX: 00007f8c0677ab19 [ 3558.201263] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 3558.202087] RBP: 00007f8c03cf01d0 R08: 0000000000000000 R09: 0000000000000000 [ 3558.202908] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 3558.203719] R13: 00007ffe8b6312ef R14: 00007f8c03cf0300 R15: 0000000000022000 [ 3558.330797] loop5: detected capacity change from 0 to 8388096 [ 3558.341724] FAT-fs (loop5): bogus number of reserved sectors [ 3558.343014] FAT-fs (loop5): Can't find a valid FAT filesystem BUG: leak checking failed VM DIAGNOSIS: 18:40:01 Registers: info registers vcpu 0 RAX=0000090c5c834cbc RBX=0000000000000000 RCX=00000000000006e0 RDX=000000000000090c RSI=ffff88806ce27980 RDI=000000000004c6e7 RBP=ffff88806ce27980 RSP=ffff888040c5fe10 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=000000000004c6e7 R13=0000000000000000 R14=ffff88806ce2eab8 R15=0000000000000000 RIP=ffffffff810e1371 RFL=00000016 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fd9773fe8c0 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffcc9edcdf8 CR3=0000000042d32000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffff0000000000 XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973 XMM04=00000002000000030000563e3e941ca0 XMM05=0000563e3e9525900000563e3e963110 XMM06=0000563e3e94fa200000000000000000 XMM07=00000000000000000000000000000000 XMM08=2064616572206f742064656c69614600 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000014 RBX=ffff88806cf3c098 RCX=dffffc0000000000 RDX=1ffff1100d9e781c RSI=ffff88800cc74280 RDI=ffff88806cf3c0e0 RBP=000000000003c000 RSP=ffff888016ef7e58 R8 =ffffffff85001e00 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffffffff81718430 R13=ffff88806cf3c000 R14=ffff88806cf3c0e0 R15=ffff88806cf3c098 RIP=ffffffff812f2196 RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fd9773fe8c0 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd977816ae0 CR3=000000000dd08000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffff000000000000 XMM02=0000563e3e0e40100000563e3e956ba0 XMM03=000000000000000000006b636f6c622f XMM04=0000563e3e94af000000563e3e971f90 XMM05=00000006000000030000563e3e94f500 XMM06=0000563e3e9504a000000003ffffffff XMM07=00000000000000000000000000000000 XMM08=6e753c007325732575253a5d73255b00 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000