, 0x0, 0xfffffffd}}, 0xe8) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) accept4$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000040)=0x1c, 0x0) 10:56:07 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r0, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x8000, &(0x7f00000001c0)={'trans=unix,', {[{@version_u}, {@dfltuid={'dfltuid', 0x3d, r0}}, {@nodevmap}], [{@smackfsfloor={'smackfsfloor', 0x3d, '/^#!^-{!,)\\%'}}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}]}}) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 10:56:07 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 2) 10:56:07 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 5) 10:56:07 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0x0) 10:56:07 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1197.567871] 9pnet: p9_fd_create_unix (8933): problem connecting socket: ./file0: -111 [ 1197.572958] FAULT_INJECTION: forcing a failure. [ 1197.572958] name failslab, interval 1, probability 0, space 0, times 0 [ 1197.574309] CPU: 0 PID: 8914 Comm: syz-executor.4 Not tainted 5.10.222 #1 [ 1197.575063] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1197.575971] Call Trace: [ 1197.576347] dump_stack+0x107/0x167 [ 1197.576764] should_fail.cold+0x5/0xa [ 1197.577199] ? create_object.isra.0+0x3a/0xa20 [ 1197.577720] should_failslab+0x5/0x20 [ 1197.578252] kmem_cache_alloc+0x5b/0x310 [ 1197.578826] create_object.isra.0+0x3a/0xa20 [ 1197.579455] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1197.580164] kmem_cache_alloc_trace+0x151/0x320 [ 1197.580736] alloc_pipe_info+0x10a/0x590 [ 1197.581300] splice_direct_to_actor+0x774/0x980 [ 1197.581874] ? _cond_resched+0x12/0x80 [ 1197.582413] ? inode_security+0x107/0x140 [ 1197.582988] ? pipe_to_sendpage+0x380/0x380 [ 1197.583591] ? avc_policy_seqno+0x9/0x70 [ 1197.584146] ? selinux_file_permission+0x92/0x520 [ 1197.584810] ? do_splice_to+0x160/0x160 [ 1197.585353] ? security_file_permission+0xb1/0xe0 [ 1197.585943] do_splice_direct+0x1c4/0x290 [ 1197.586501] ? splice_direct_to_actor+0x980/0x980 [ 1197.587031] ? avc_policy_seqno+0x9/0x70 [ 1197.587603] ? security_file_permission+0xb1/0xe0 [ 1197.588284] do_sendfile+0x553/0x11e0 [ 1197.588753] ? do_pwritev+0x270/0x270 [ 1197.589283] ? wait_for_completion_io+0x270/0x270 [ 1197.589969] ? rcu_read_lock_any_held+0x75/0xa0 [ 1197.590598] ? vfs_write+0x354/0xb10 [ 1197.591122] __x64_sys_sendfile64+0x1d1/0x210 [ 1197.591739] ? __ia32_sys_sendfile+0x220/0x220 [ 1197.592375] do_syscall_64+0x33/0x40 [ 1197.592888] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1197.593592] RIP: 0033:0x7f34e6513b19 [ 1197.594054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1197.596552] RSP: 002b:00007f34e3a89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1197.597597] RAX: ffffffffffffffda RBX: 00007f34e6626f60 RCX: 00007f34e6513b19 [ 1197.598577] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1197.599557] RBP: 00007f34e3a891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1197.600550] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1197.601535] R13: 00007ffffc44f47f R14: 00007f34e3a89300 R15: 0000000000022000 [ 1197.637111] FAULT_INJECTION: forcing a failure. [ 1197.637111] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1197.638994] CPU: 0 PID: 8935 Comm: syz-executor.0 Not tainted 5.10.222 #1 [ 1197.639936] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1197.641066] Call Trace: [ 1197.641440] dump_stack+0x107/0x167 [ 1197.641953] should_fail.cold+0x5/0xa [ 1197.642490] __alloc_pages_nodemask+0x182/0x600 [ 1197.643130] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1197.643973] ? find_get_entry+0x2c8/0x740 [ 1197.644557] alloc_pages_current+0x187/0x280 [ 1197.645163] __page_cache_alloc+0x2d2/0x360 [ 1197.645768] pagecache_get_page+0x2c7/0xc80 [ 1197.646366] ? jbd2__journal_start+0xf3/0x7e0 [ 1197.646991] __ext4_block_zero_page_range+0x97/0x940 [ 1197.647598] ? __ext4_journal_start_sb+0x214/0x390 [ 1197.648279] ext4_truncate+0xdbf/0x1160 [ 1197.648818] ? unmap_mapping_pages+0x117/0x2a0 [ 1197.649457] ? ext4_punch_hole+0x1070/0x1070 [ 1197.650092] ext4_setattr+0x1684/0x2160 [ 1197.650642] ? current_time+0x1e6/0x2c0 [ 1197.651202] ? ext4_journalled_write_end+0x1190/0x1190 [ 1197.651924] notify_change+0xc28/0x1160 [ 1197.652489] do_truncate+0x134/0x1f0 [ 1197.653006] ? file_open_root+0x440/0x440 [ 1197.653473] ? lock_release+0x680/0x680 [ 1197.654054] do_sys_ftruncate+0x4e2/0x870 [ 1197.654633] do_syscall_64+0x33/0x40 [ 1197.655149] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1197.655841] RIP: 0033:0x7fdb13aeab19 [ 1197.656350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1197.658849] RSP: 002b:00007fdb1103f188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1197.659908] RAX: ffffffffffffffda RBX: 00007fdb13bfe020 RCX: 00007fdb13aeab19 [ 1197.660877] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1197.661853] RBP: 00007fdb1103f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1197.662822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1197.663792] R13: 00007ffd9e9c2faf R14: 00007fdb1103f300 R15: 0000000000022000 10:56:07 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1197.679991] FAULT_INJECTION: forcing a failure. [ 1197.679991] name failslab, interval 1, probability 0, space 0, times 0 [ 1197.682267] CPU: 1 PID: 8939 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1197.683397] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1197.684763] Call Trace: [ 1197.685213] dump_stack+0x107/0x167 [ 1197.685833] should_fail.cold+0x5/0xa [ 1197.686475] ? xas_alloc+0x336/0x440 [ 1197.687102] should_failslab+0x5/0x20 [ 1197.687744] kmem_cache_alloc+0x5b/0x310 [ 1197.688423] ? SOFTIRQ_verbose+0x10/0x10 [ 1197.689106] xas_alloc+0x336/0x440 [ 1197.689722] xas_create+0x34a/0x10d0 [ 1197.690376] xas_store+0x8c/0x1c40 [ 1197.690986] ? xas_find_conflict+0x4b5/0xa70 [ 1197.691741] __add_to_page_cache_locked+0x708/0xc80 [ 1197.692593] ? file_write_and_wait_range+0x130/0x130 [ 1197.693448] ? memcg_drain_all_list_lrus+0x720/0x720 [ 1197.694315] ? find_get_entry+0x2c8/0x740 [ 1197.695013] ? rwlock_bug.part.0+0x90/0x90 [ 1197.695732] add_to_page_cache_lru+0xe6/0x2e0 [ 1197.696488] ? add_to_page_cache_locked+0x40/0x40 [ 1197.697309] ? __page_cache_alloc+0x10d/0x360 [ 1197.698078] pagecache_get_page+0x38b/0xc80 [ 1197.698821] block_truncate_page+0x199/0xab0 [ 1197.699569] ? fat_add_cluster+0x100/0x100 [ 1197.700287] ? selinux_inode_setattr+0x21c/0x2e0 [ 1197.701088] ? block_write_full_page+0x290/0x290 [ 1197.701888] ? inode_newsize_ok+0x18d/0x210 [ 1197.702623] ? setattr_prepare+0x135/0x7c0 [ 1197.703341] fat_setattr+0xa22/0xf50 [ 1197.703975] ? fat_free.isra.0+0x940/0x940 [ 1197.703997] attempt to access beyond end of device [ 1197.703997] loop6: rw=2049, want=276, limit=128 [ 1197.704688] notify_change+0xc28/0x1160 [ 1197.706476] do_truncate+0x134/0x1f0 [ 1197.707107] ? file_open_root+0x440/0x440 [ 1197.707801] ? lock_release+0x680/0x680 [ 1197.708494] do_sys_ftruncate+0x4e2/0x870 [ 1197.709190] do_syscall_64+0x33/0x40 [ 1197.709827] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1197.710676] RIP: 0033:0x7f6c59516b19 10:56:07 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$CDROMREADMODE1(r1, 0x530d, &(0x7f0000000500)={0x0, 0x7, 0x1, 0x7f, 0x28, 0x8}) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = fork() ptrace(0x10, r2) rt_sigqueueinfo(r2, 0x1d, &(0x7f0000003800)={0x31, 0x8000, 0x80000000}) pipe2$9p(&(0x7f0000000300), 0x0) r3 = perf_event_open$cgroup(&(0x7f00000001c0)={0x4, 0x80, 0xc9, 0x6, 0x4, 0x7, 0x0, 0x9, 0x300, 0x5, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x9, 0xffffffffffffffff}, 0xc000, 0x0, 0x6, 0x7, 0xae9, 0x7ab6, 0x9ca, 0x0, 0x7fff, 0x0, 0x1}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000140)={0x5, 0x80, 0x80, 0x6, 0x80, 0x7, 0x0, 0x80000001, 0x22000, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x4, @perf_bp={&(0x7f0000000000), 0x4}, 0x0, 0x5, 0xffff, 0x3, 0x3, 0x2, 0x3f, 0x0, 0x7995, 0x0, 0x7ff}, r2, 0xf, r3, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x0, 0x40, 0x1f, 0x0, 0x0, 0x3, 0x708c1, 0x4, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x6, 0x4, @perf_config_ext={0x4, 0x5}, 0x40000, 0x5, 0x1, 0x9, 0x8, 0x4, 0x9, 0x0, 0xe2f0, 0x0, 0x1ff}, r2, 0xc, r3, 0x11) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000006, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='fusectl\x00', 0x1841, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1197.711300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1197.714544] RSP: 002b:00007f6c56a6b188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1197.715919] RAX: ffffffffffffffda RBX: 00007f6c5962a020 RCX: 00007f6c59516b19 [ 1197.717366] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1197.718642] RBP: 00007f6c56a6b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1197.720005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1197.721369] R13: 00007ffd8ecf288f R14: 00007f6c56a6b300 R15: 0000000000022000 10:56:07 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x0) [ 1197.802586] attempt to access beyond end of device [ 1197.802586] loop1: rw=0, want=147, limit=128 [ 1197.809631] attempt to access beyond end of device [ 1197.809631] loop4: rw=2049, want=276, limit=128 [ 1197.826138] attempt to access beyond end of device [ 1197.826138] loop1: rw=2049, want=276, limit=128 10:56:07 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000600)=@abs={0x0, 0x0, 0x4e24}, 0x6e) openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) socket$netlink(0x10, 0x3, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000700)=ANY=[@ANYRES16=r1, @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c63616368653d6d6d61702c63616368653d6c6f6f73652c66736e616d653d63616368653d6d6d61702c6673636f6e746578743d73797361646d5f752c6f626a5f726f6c653dee3b6f626a5f747970653d63616368653d6c6f6f73652c00"]) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) 10:56:08 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 1) 10:56:08 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 3) 10:56:08 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 3) 10:56:08 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 6) 10:56:08 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:56:08 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x0) [ 1198.140116] FAULT_INJECTION: forcing a failure. [ 1198.140116] name failslab, interval 1, probability 0, space 0, times 0 [ 1198.141334] CPU: 0 PID: 8962 Comm: syz-executor.4 Not tainted 5.10.222 #1 [ 1198.142084] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1198.142935] Call Trace: [ 1198.143239] dump_stack+0x107/0x167 [ 1198.143625] should_fail.cold+0x5/0xa [ 1198.144025] ? alloc_pipe_info+0x1e5/0x590 [ 1198.144467] should_failslab+0x5/0x20 [ 1198.144866] __kmalloc+0x72/0x390 [ 1198.145227] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1198.145800] alloc_pipe_info+0x1e5/0x590 [ 1198.146272] splice_direct_to_actor+0x774/0x980 [ 1198.146797] ? _cond_resched+0x12/0x80 [ 1198.147235] ? inode_security+0x107/0x140 [ 1198.147691] ? pipe_to_sendpage+0x380/0x380 [ 1198.148185] ? avc_policy_seqno+0x9/0x70 [ 1198.148635] ? selinux_file_permission+0x92/0x520 [ 1198.149174] ? do_splice_to+0x160/0x160 [ 1198.149640] ? security_file_permission+0xb1/0xe0 [ 1198.150189] do_splice_direct+0x1c4/0x290 [ 1198.150653] ? splice_direct_to_actor+0x980/0x980 [ 1198.151178] ? avc_policy_seqno+0x9/0x70 [ 1198.151634] ? security_file_permission+0xb1/0xe0 [ 1198.152185] do_sendfile+0x553/0x11e0 [ 1198.152620] ? do_pwritev+0x270/0x270 [ 1198.153046] ? wait_for_completion_io+0x270/0x270 [ 1198.153580] ? rcu_read_lock_any_held+0x75/0xa0 [ 1198.154095] ? vfs_write+0x354/0xb10 [ 1198.154511] __x64_sys_sendfile64+0x1d1/0x210 [ 1198.155017] ? __ia32_sys_sendfile+0x220/0x220 [ 1198.155538] do_syscall_64+0x33/0x40 [ 1198.155953] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1198.156520] RIP: 0033:0x7f34e6513b19 [ 1198.156956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1198.158993] RSP: 002b:00007f34e3a89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1198.159830] RAX: ffffffffffffffda RBX: 00007f34e6626f60 RCX: 00007f34e6513b19 [ 1198.160631] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 1198.161420] RBP: 00007f34e3a891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1198.162220] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1198.163000] R13: 00007ffffc44f47f R14: 00007f34e3a89300 R15: 0000000000022000 [ 1198.185883] FAULT_INJECTION: forcing a failure. [ 1198.185883] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1198.187797] CPU: 1 PID: 8956 Comm: syz-executor.6 Not tainted 5.10.222 #1 [ 1198.188861] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1198.190147] Call Trace: [ 1198.190574] dump_stack+0x107/0x167 [ 1198.191154] should_fail.cold+0x5/0xa [ 1198.191770] __alloc_pages_nodemask+0x182/0x600 [ 1198.192497] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1198.193436] ? find_get_entry+0x2c8/0x740 [ 1198.194088] ? __lockdep_reset_lock+0x180/0x180 [ 1198.194824] alloc_pages_current+0x187/0x280 [ 1198.195508] __page_cache_alloc+0x2d2/0x360 [ 1198.196188] pagecache_get_page+0x2c7/0xc80 [ 1198.197002] block_truncate_page+0x199/0xab0 [ 1198.197695] ? fat_add_cluster+0x100/0x100 [ 1198.198353] ? selinux_inode_setattr+0x21c/0x2e0 [ 1198.199081] ? block_write_full_page+0x290/0x290 [ 1198.199814] ? inode_newsize_ok+0x18d/0x210 [ 1198.200613] ? setattr_prepare+0x135/0x7c0 [ 1198.201272] fat_setattr+0xa22/0xf50 [ 1198.201865] ? fat_free.isra.0+0x940/0x940 [ 1198.202525] notify_change+0xc28/0x1160 [ 1198.203339] do_truncate+0x134/0x1f0 [ 1198.203917] ? file_open_root+0x440/0x440 [ 1198.204673] ? lock_release+0x680/0x680 [ 1198.205318] do_sys_ftruncate+0x4e2/0x870 [ 1198.206135] do_syscall_64+0x33/0x40 [ 1198.206887] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1198.207803] RIP: 0033:0x7ff082d02b19 [ 1198.208383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1198.211425] RSP: 002b:00007ff080278188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1198.212149] FAULT_INJECTION: forcing a failure. [ 1198.212149] name failslab, interval 1, probability 0, space 0, times 0 [ 1198.212590] RAX: ffffffffffffffda RBX: 00007ff082e15f60 RCX: 00007ff082d02b19 [ 1198.212603] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000006 [ 1198.212614] RBP: 00007ff0802781d0 R08: 0000000000000000 R09: 0000000000000000 [ 1198.212631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1198.212643] R13: 00007ffd09dbd22f R14: 00007ff080278300 R15: 0000000000022000 [ 1198.217780] CPU: 0 PID: 8969 Comm: syz-executor.0 Not tainted 5.10.222 #1 [ 1198.218529] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1198.219437] Call Trace: [ 1198.219732] dump_stack+0x107/0x167 [ 1198.220133] should_fail.cold+0x5/0xa [ 1198.220555] ? xas_alloc+0x336/0x440 [ 1198.220946] should_failslab+0x5/0x20 [ 1198.221365] kmem_cache_alloc+0x5b/0x310 [ 1198.221798] ? SOFTIRQ_verbose+0x10/0x10 [ 1198.222254] xas_alloc+0x336/0x440 [ 1198.222629] xas_create+0x34a/0x10d0 [ 1198.223034] xas_store+0x8c/0x1c40 [ 1198.223430] ? xas_find_conflict+0x4b5/0xa70 [ 1198.223900] __add_to_page_cache_locked+0x708/0xc80 [ 1198.224451] ? file_write_and_wait_range+0x130/0x130 [ 1198.224981] ? memcg_drain_all_list_lrus+0x720/0x720 [ 1198.225544] ? find_get_entry+0x2c8/0x740 [ 1198.225990] add_to_page_cache_lru+0xe6/0x2e0 [ 1198.226472] ? add_to_page_cache_locked+0x40/0x40 [ 1198.227066] ? __page_cache_alloc+0x10d/0x360 [ 1198.227532] pagecache_get_page+0x38b/0xc80 [ 1198.227975] ? jbd2__journal_start+0xf3/0x7e0 [ 1198.228473] __ext4_block_zero_page_range+0x97/0x940 [ 1198.228994] ? __ext4_journal_start_sb+0x214/0x390 [ 1198.229537] ext4_truncate+0xdbf/0x1160 [ 1198.229954] ? unmap_mapping_pages+0x117/0x2a0 [ 1198.230468] ? ext4_punch_hole+0x1070/0x1070 [ 1198.230933] ext4_setattr+0x1684/0x2160 [ 1198.231376] ? current_time+0x1e6/0x2c0 [ 1198.231801] ? ext4_journalled_write_end+0x1190/0x1190 [ 1198.232337] notify_change+0xc28/0x1160 [ 1198.232784] do_truncate+0x134/0x1f0 [ 1198.233168] ? file_open_root+0x440/0x440 [ 1198.233619] ? lock_release+0x680/0x680 [ 1198.234062] do_sys_ftruncate+0x4e2/0x870 [ 1198.234499] do_syscall_64+0x33/0x40 [ 1198.234909] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1198.235437] RIP: 0033:0x7fdb13aeab19 [ 1198.235852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1198.237707] RSP: 002b:00007fdb1103f188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1198.238481] RAX: ffffffffffffffda RBX: 00007fdb13bfe020 RCX: 00007fdb13aeab19 [ 1198.239201] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1198.239923] RBP: 00007fdb1103f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1198.240646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1198.241382] R13: 00007ffd9e9c2faf R14: 00007fdb1103f300 R15: 0000000000022000 [ 1198.259377] FAULT_INJECTION: forcing a failure. [ 1198.259377] name failslab, interval 1, probability 0, space 0, times 0 [ 1198.260537] CPU: 0 PID: 8972 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1198.261314] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1198.262158] Call Trace: [ 1198.262438] dump_stack+0x107/0x167 [ 1198.262815] should_fail.cold+0x5/0xa [ 1198.263209] ? create_object.isra.0+0x3a/0xa20 [ 1198.263680] should_failslab+0x5/0x20 [ 1198.264069] kmem_cache_alloc+0x5b/0x310 [ 1198.264495] create_object.isra.0+0x3a/0xa20 [ 1198.264944] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1198.265478] kmem_cache_alloc+0x159/0x310 [ 1198.265946] xas_alloc+0x336/0x440 [ 1198.266323] xas_create+0x34a/0x10d0 [ 1198.266751] xas_store+0x8c/0x1c40 [ 1198.267120] ? xas_find_conflict+0x4b5/0xa70 [ 1198.267613] __add_to_page_cache_locked+0x708/0xc80 [ 1198.268134] ? file_write_and_wait_range+0x130/0x130 [ 1198.268664] ? memcg_drain_all_list_lrus+0x720/0x720 [ 1198.269184] ? find_get_entry+0x2c8/0x740 [ 1198.269653] add_to_page_cache_lru+0xe6/0x2e0 [ 1198.270120] ? add_to_page_cache_locked+0x40/0x40 [ 1198.270661] ? __page_cache_alloc+0x10d/0x360 [ 1198.271129] pagecache_get_page+0x38b/0xc80 [ 1198.271612] block_truncate_page+0x199/0xab0 [ 1198.272066] ? fat_add_cluster+0x100/0x100 [ 1198.272539] ? selinux_inode_setattr+0x21c/0x2e0 [ 1198.273022] ? block_write_full_page+0x290/0x290 [ 1198.273545] ? inode_newsize_ok+0x18d/0x210 [ 1198.273995] ? setattr_prepare+0x135/0x7c0 [ 1198.274462] fat_setattr+0xa22/0xf50 [ 1198.274851] ? fat_free.isra.0+0x940/0x940 [ 1198.275314] notify_change+0xc28/0x1160 [ 1198.275737] do_truncate+0x134/0x1f0 [ 1198.276119] ? file_open_root+0x440/0x440 [ 1198.276570] ? lock_release+0x680/0x680 [ 1198.277030] do_sys_ftruncate+0x4e2/0x870 [ 1198.277468] do_syscall_64+0x33/0x40 [ 1198.277885] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1198.278443] RIP: 0033:0x7f6c59516b19 [ 1198.278827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1198.280817] RSP: 002b:00007f6c56a6b188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1198.281659] RAX: ffffffffffffffda RBX: 00007f6c5962a020 RCX: 00007f6c59516b19 [ 1198.282432] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1198.283212] RBP: 00007f6c56a6b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1198.283992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1198.284773] R13: 00007ffd8ecf288f R14: 00007f6c56a6b300 R15: 0000000000022000 [ 1198.307572] attempt to access beyond end of device [ 1198.307572] loop6: rw=2049, want=276, limit=128 10:56:08 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x400) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 10:56:08 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 2) [ 1198.452841] attempt to access beyond end of device [ 1198.452841] loop1: rw=0, want=147, limit=128 [ 1198.500099] attempt to access beyond end of device [ 1198.500099] loop1: rw=2049, want=276, limit=128 [ 1198.527749] attempt to access beyond end of device [ 1198.527749] loop6: rw=2049, want=276, limit=128 [ 1198.532345] FAULT_INJECTION: forcing a failure. [ 1198.532345] name failslab, interval 1, probability 0, space 0, times 0 [ 1198.533966] CPU: 1 PID: 8980 Comm: syz-executor.6 Not tainted 5.10.222 #1 [ 1198.534920] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1198.536073] Call Trace: [ 1198.536458] dump_stack+0x107/0x167 [ 1198.536979] should_fail.cold+0x5/0xa [ 1198.537518] ? create_object.isra.0+0x3a/0xa20 [ 1198.538170] ? create_object.isra.0+0x3a/0xa20 [ 1198.538824] should_failslab+0x5/0x20 [ 1198.539365] kmem_cache_alloc+0x5b/0x310 [ 1198.539949] create_object.isra.0+0x3a/0xa20 [ 1198.540568] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1198.541289] kmem_cache_alloc+0x159/0x310 [ 1198.541908] alloc_buffer_head+0x20/0x110 [ 1198.542493] alloc_page_buffers+0x14d/0x700 [ 1198.543125] create_empty_buffers+0x2c/0x640 [ 1198.543754] block_truncate_page+0x76c/0xab0 [ 1198.544397] ? fat_add_cluster+0x100/0x100 [ 1198.544993] ? selinux_inode_setattr+0x21c/0x2e0 [ 1198.545672] ? block_write_full_page+0x290/0x290 [ 1198.546353] ? inode_newsize_ok+0x18d/0x210 [ 1198.546959] ? setattr_prepare+0x135/0x7c0 [ 1198.547572] fat_setattr+0xa22/0xf50 [ 1198.548104] ? fat_free.isra.0+0x940/0x940 [ 1198.548714] notify_change+0xc28/0x1160 [ 1198.549288] do_truncate+0x134/0x1f0 [ 1198.549839] ? file_open_root+0x440/0x440 [ 1198.550428] ? lock_release+0x680/0x680 [ 1198.551028] do_sys_ftruncate+0x4e2/0x870 [ 1198.551627] do_syscall_64+0x33/0x40 [ 1198.552152] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1198.552883] RIP: 0033:0x7ff082d02b19 [ 1198.553414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1198.556031] RSP: 002b:00007ff080278188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1198.557108] RAX: ffffffffffffffda RBX: 00007ff082e15f60 RCX: 00007ff082d02b19 [ 1198.558121] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1198.559121] RBP: 00007ff0802781d0 R08: 0000000000000000 R09: 0000000000000000 [ 1198.560118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1198.561107] R13: 00007ffd09dbd22f R14: 00007ff080278300 R15: 0000000000022000 [ 1198.566394] attempt to access beyond end of device [ 1198.566394] loop6: rw=0, want=147, limit=128 10:56:22 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 3) 10:56:22 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 4) 10:56:22 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20009, 0x0, @perf_config_ext={0x200000000, 0xfffffffffffffffe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r1 = fork() ptrace(0x10, r1) rt_sigqueueinfo(r1, 0x1d, &(0x7f0000003800)={0x31, 0x8000, 0x80000000}) perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x1, 0x81, 0xc4, 0xc0, 0x0, 0x30000, 0x20014, 0x4, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x1}, 0x4, 0x6, 0x5, 0x8, 0x5, 0x80d, 0x40, 0x0, 0x47, 0x0, 0x8001}, r1, 0x9, r0, 0x3) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) r3 = fsopen(&(0x7f0000000000)='ecryptfs\x00', 0x1) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x4000, 0x0) r5 = syz_io_uring_setup(0x2a7b, &(0x7f00000004c0)={0x0, 0x3, 0x8, 0x0, 0x18c}, &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000480)=0x0, &(0x7f0000000140)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x2007, @fd=r5, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, {0x0, r7}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_OPENAT2={0x1c, 0x1, 0x0, r2, &(0x7f0000000380)={0x101000, 0x132, 0xa}, &(0x7f00000003c0)='./file0\x00', 0x18, 0x0, 0x23456, {0x0, r7}}, 0x45c) dup2(r3, r4) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 10:56:22 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:56:22 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x0) 10:56:22 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 7) 10:56:22 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 4) 10:56:22 executing program 2: ftruncate(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x38) statx(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x100, 0x8, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$NS_GET_OWNER_UID(r3, 0xb704, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r3) fsconfig$FSCONFIG_SET_PATH_EMPTY(r3, 0x4, &(0x7f0000000400)='@(!)!}!,:{)\x00', &(0x7f0000000440)='./file1\x00', r0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x100000001) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_test', 0x122902, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/ip_vs\x00') ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r5, 0xc0189379, &(0x7f00000004c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYBLOB="000000000000980200a89c54ea15fc0000000000002c0e1d03ff9e00002e2f66696c653100"]) openat(r5, &(0x7f0000000380)='./file1\x00', 0x101002, 0x0) writev(r4, &(0x7f00000006c0)=[{&(0x7f0000000180)="647732419e007299a0527d51dc496437e692665510d40d35b770fd8d702d121d997dc90d08763cc1ed88ba0f538cb17d600a", 0x32}], 0x1) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x2, &(0x7f0000000500)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r1}}, {@posixacl}, {@loose}, {@version_u}, {@dfltgid={'dfltgid', 0x3d, r2}}, {@version_9p2000}], [{@fowner_eq}, {@dont_hash}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@smackfshat={'smackfshat', 0x3d, '\',\'A'}}, {@seclabel}, {@pcr={'pcr', 0x3d, 0x33}}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@appraise}]}}) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x8, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0xc, 0x0, 0x0, @u32}]}, 0x1c}}, 0x0) [ 1212.887836] FAULT_INJECTION: forcing a failure. [ 1212.887836] name failslab, interval 1, probability 0, space 0, times 0 [ 1212.889700] CPU: 1 PID: 9012 Comm: syz-executor.0 Not tainted 5.10.222 #1 [ 1212.890854] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1212.892219] Call Trace: [ 1212.892667] dump_stack+0x107/0x167 [ 1212.893283] should_fail.cold+0x5/0xa [ 1212.893512] SELinux: duplicate or incompatible mount options [ 1212.893921] ? create_object.isra.0+0x3a/0xa20 [ 1212.893957] should_failslab+0x5/0x20 [ 1212.895860] kmem_cache_alloc+0x5b/0x310 [ 1212.896540] create_object.isra.0+0x3a/0xa20 [ 1212.897270] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1212.898124] kmem_cache_alloc+0x159/0x310 [ 1212.898819] xas_alloc+0x336/0x440 [ 1212.899418] xas_create+0x34a/0x10d0 [ 1212.900055] xas_store+0x8c/0x1c40 [ 1212.900649] ? xas_find_conflict+0x4b5/0xa70 [ 1212.901391] __add_to_page_cache_locked+0x708/0xc80 [ 1212.902229] ? file_write_and_wait_range+0x130/0x130 [ 1212.903073] ? memcg_drain_all_list_lrus+0x720/0x720 [ 1212.903911] ? find_get_entry+0x2c8/0x740 [ 1212.904611] add_to_page_cache_lru+0xe6/0x2e0 [ 1212.905356] ? add_to_page_cache_locked+0x40/0x40 [ 1212.906157] ? __page_cache_alloc+0x10d/0x360 [ 1212.906909] pagecache_get_page+0x38b/0xc80 [ 1212.907624] ? jbd2__journal_start+0xf3/0x7e0 [ 1212.908374] __ext4_block_zero_page_range+0x97/0x940 [ 1212.909210] ? __ext4_journal_start_sb+0x214/0x390 [ 1212.910043] ext4_truncate+0xdbf/0x1160 [ 1212.910700] ? unmap_mapping_pages+0x117/0x2a0 [ 1212.911465] ? ext4_punch_hole+0x1070/0x1070 [ 1212.912213] ext4_setattr+0x1684/0x2160 [ 1212.912869] ? current_time+0x1e6/0x2c0 [ 1212.913553] ? ext4_journalled_write_end+0x1190/0x1190 [ 1212.914422] notify_change+0xc28/0x1160 [ 1212.915093] do_truncate+0x134/0x1f0 [ 1212.915709] ? file_open_root+0x440/0x440 [ 1212.916396] ? lock_release+0x680/0x680 [ 1212.917086] do_sys_ftruncate+0x4e2/0x870 [ 1212.917773] do_syscall_64+0x33/0x40 [ 1212.918392] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1212.919225] RIP: 0033:0x7fdb13aeab19 [ 1212.919831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1212.922834] RSP: 002b:00007fdb1103f188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1212.924065] RAX: ffffffffffffffda RBX: 00007fdb13bfe020 RCX: 00007fdb13aeab19 [ 1212.925215] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1212.926374] RBP: 00007fdb1103f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1212.927527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1212.928676] R13: 00007ffd9e9c2faf R14: 00007fdb1103f300 R15: 0000000000022000 [ 1212.964611] FAULT_INJECTION: forcing a failure. [ 1212.964611] name failslab, interval 1, probability 0, space 0, times 0 [ 1212.965675] CPU: 0 PID: 8993 Comm: syz-executor.4 Not tainted 5.10.222 #1 [ 1212.966310] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1212.966774] SELinux: duplicate or incompatible mount options [ 1212.967072] Call Trace: [ 1212.967096] dump_stack+0x107/0x167 [ 1212.968583] should_fail.cold+0x5/0xa [ 1212.968939] ? create_object.isra.0+0x3a/0xa20 [ 1212.969366] should_failslab+0x5/0x20 [ 1212.969721] kmem_cache_alloc+0x5b/0x310 [ 1212.970115] create_object.isra.0+0x3a/0xa20 [ 1212.970521] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1212.970990] __kmalloc+0x16e/0x390 [ 1212.971324] alloc_pipe_info+0x1e5/0x590 [ 1212.971706] splice_direct_to_actor+0x774/0x980 [ 1212.972141] ? _cond_resched+0x12/0x80 [ 1212.972497] ? inode_security+0x107/0x140 [ 1212.972882] ? pipe_to_sendpage+0x380/0x380 [ 1212.973279] ? avc_policy_seqno+0x9/0x70 [ 1212.973653] ? selinux_file_permission+0x92/0x520 [ 1212.974097] ? do_splice_to+0x160/0x160 [ 1212.974469] ? security_file_permission+0xb1/0xe0 [ 1212.974913] do_splice_direct+0x1c4/0x290 [ 1212.975293] ? splice_direct_to_actor+0x980/0x980 [ 1212.975730] ? avc_policy_seqno+0x9/0x70 [ 1212.976112] ? security_file_permission+0xb1/0xe0 [ 1212.976563] do_sendfile+0x553/0x11e0 [ 1212.976922] ? do_pwritev+0x270/0x270 [ 1212.977275] ? wait_for_completion_io+0x270/0x270 [ 1212.977727] ? rcu_read_lock_any_held+0x75/0xa0 [ 1212.978158] ? vfs_write+0x354/0xb10 [ 1212.978510] __x64_sys_sendfile64+0x1d1/0x210 [ 1212.978925] ? __ia32_sys_sendfile+0x220/0x220 [ 1212.979351] do_syscall_64+0x33/0x40 [ 1212.979695] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1212.980170] RIP: 0033:0x7f34e6513b19 [ 1212.980511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1212.982191] RSP: 002b:00007f34e3a89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1212.982894] RAX: ffffffffffffffda RBX: 00007f34e6626f60 RCX: 00007f34e6513b19 [ 1212.983548] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1212.984199] RBP: 00007f34e3a891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1212.984856] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1212.985503] R13: 00007ffffc44f47f R14: 00007f34e3a89300 R15: 0000000000022000 [ 1213.002457] attempt to access beyond end of device [ 1213.002457] loop1: rw=2049, want=276, limit=128 [ 1213.011598] FAULT_INJECTION: forcing a failure. [ 1213.011598] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.012642] CPU: 0 PID: 9010 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1213.013277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1213.014042] Call Trace: [ 1213.014298] dump_stack+0x107/0x167 [ 1213.014648] should_fail.cold+0x5/0xa [ 1213.015012] ? create_object.isra.0+0x3a/0xa20 [ 1213.015444] should_failslab+0x5/0x20 [ 1213.015808] kmem_cache_alloc+0x5b/0x310 [ 1213.016201] create_object.isra.0+0x3a/0xa20 [ 1213.016616] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1213.017097] kmem_cache_alloc+0x159/0x310 [ 1213.017656] alloc_buffer_head+0x20/0x110 [ 1213.018126] alloc_page_buffers+0x14d/0x700 [ 1213.018549] create_empty_buffers+0x2c/0x640 [ 1213.018974] block_truncate_page+0x76c/0xab0 [ 1213.019400] ? fat_add_cluster+0x100/0x100 [ 1213.019792] ? selinux_inode_setattr+0x21c/0x2e0 [ 1213.020244] ? block_write_full_page+0x290/0x290 [ 1213.020696] ? inode_newsize_ok+0x18d/0x210 [ 1213.021109] ? setattr_prepare+0x135/0x7c0 [ 1213.021524] fat_setattr+0xa22/0xf50 [ 1213.021887] ? fat_free.isra.0+0x940/0x940 [ 1213.022293] notify_change+0xc28/0x1160 [ 1213.022687] do_truncate+0x134/0x1f0 [ 1213.023043] ? file_open_root+0x440/0x440 [ 1213.023441] ? lock_release+0x680/0x680 [ 1213.023839] do_sys_ftruncate+0x4e2/0x870 [ 1213.024239] do_syscall_64+0x33/0x40 [ 1213.024594] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1213.025068] RIP: 0033:0x7f6c59516b19 [ 1213.025425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1213.027156] RSP: 002b:00007f6c56a8c188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1213.027880] RAX: ffffffffffffffda RBX: 00007f6c59629f60 RCX: 00007f6c59516b19 [ 1213.028554] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1213.029228] RBP: 00007f6c56a8c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1213.029901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1213.030589] R13: 00007ffd8ecf288f R14: 00007f6c56a8c300 R15: 0000000000022000 10:56:23 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 1) [ 1213.053807] attempt to access beyond end of device [ 1213.053807] loop6: rw=2049, want=276, limit=128 [ 1213.069193] FAULT_INJECTION: forcing a failure. [ 1213.069193] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.071015] CPU: 1 PID: 9014 Comm: syz-executor.6 Not tainted 5.10.222 #1 [ 1213.072053] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1213.072161] attempt to access beyond end of device [ 1213.072161] loop4: rw=2049, want=276, limit=128 [ 1213.073304] Call Trace: [ 1213.073329] dump_stack+0x107/0x167 [ 1213.073351] should_fail.cold+0x5/0xa [ 1213.073374] ? create_object.isra.0+0x3a/0xa20 [ 1213.076388] should_failslab+0x5/0x20 [ 1213.076972] kmem_cache_alloc+0x5b/0x310 [ 1213.077603] create_object.isra.0+0x3a/0xa20 [ 1213.078284] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1213.078372] attempt to access beyond end of device [ 1213.078372] loop1: rw=0, want=147, limit=128 [ 1213.079062] kmem_cache_alloc+0x159/0x310 [ 1213.079090] alloc_buffer_head+0x20/0x110 [ 1213.081133] alloc_page_buffers+0x14d/0x700 [ 1213.081802] create_empty_buffers+0x2c/0x640 [ 1213.082491] block_truncate_page+0x76c/0xab0 [ 1213.083166] ? fat_add_cluster+0x100/0x100 [ 1213.083814] ? selinux_inode_setattr+0x21c/0x2e0 [ 1213.084538] ? block_write_full_page+0x290/0x290 [ 1213.085262] ? inode_newsize_ok+0x18d/0x210 [ 1213.085922] ? setattr_prepare+0x135/0x7c0 [ 1213.086582] fat_setattr+0xa22/0xf50 [ 1213.087156] ? fat_free.isra.0+0x940/0x940 [ 1213.087804] notify_change+0xc28/0x1160 [ 1213.088429] do_truncate+0x134/0x1f0 [ 1213.089000] ? file_open_root+0x440/0x440 [ 1213.089636] ? lock_release+0x680/0x680 [ 1213.090280] do_sys_ftruncate+0x4e2/0x870 [ 1213.090924] do_syscall_64+0x33/0x40 [ 1213.091507] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1213.092292] RIP: 0033:0x7ff082d02b19 [ 1213.092864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1213.095687] RSP: 002b:00007ff080257188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1213.096844] RAX: ffffffffffffffda RBX: 00007ff082e16020 RCX: 00007ff082d02b19 [ 1213.097924] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1213.099024] RBP: 00007ff0802571d0 R08: 0000000000000000 R09: 0000000000000000 [ 1213.100112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1213.101192] R13: 00007ffd09dbd22f R14: 00007ff080257300 R15: 0000000000022000 10:56:23 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rename(&(0x7f00000000c0)='./file0\x00', 0x0) mount$cgroup(0x0, 0x0, 0x0, 0x1820, &(0x7f0000000440)=ANY=[@ANYBLOB='cpuacct,xattr,xattr,cpuset_v2_mode,uid', @ANYRESDEC=0x0, @ANYBLOB="2c000000000000742c636f6e746578743d73797361645f752c000000000000000000000000000004fd610885ef8d7afbe571e1ca2c4c9ec55e24905b2d5a6514f745b83205e323280f5d34493e2257deb4d238ff2aa6773181379d709cabe114f035f823718e4d113f7795d3a127d1b1389549b240b02fcdca39bc3098b68008b2eb55071024d4f4098a7669636c906b8c7b7d90b1759ee5d2cd90a57569a3965b4a85e6ba"]) stat(0x0, &(0x7f0000000040)) r0 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) ioctl$SG_IO(r0, 0x127f, &(0x7f00000003c0)={0xe00, 0xffffffffffffffff, 0x0, 0x0, @buffer={0x300, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 10:56:23 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1213.129975] attempt to access beyond end of device [ 1213.129975] loop6: rw=0, want=147, limit=128 10:56:23 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 5) 10:56:23 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 4) 10:56:23 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 5) [ 1213.222494] FAULT_INJECTION: forcing a failure. [ 1213.222494] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.224285] CPU: 1 PID: 9027 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1213.225331] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1213.226601] Call Trace: [ 1213.227012] dump_stack+0x107/0x167 [ 1213.227577] should_fail.cold+0x5/0xa [ 1213.228170] ? alloc_pipe_info+0x10a/0x590 [ 1213.228824] should_failslab+0x5/0x20 [ 1213.229410] kmem_cache_alloc_trace+0x55/0x320 [ 1213.230128] alloc_pipe_info+0x10a/0x590 [ 1213.230760] splice_direct_to_actor+0x774/0x980 [ 1213.231479] ? _cond_resched+0x12/0x80 [ 1213.232083] ? inode_security+0x107/0x140 [ 1213.232715] ? pipe_to_sendpage+0x380/0x380 [ 1213.233379] ? avc_policy_seqno+0x9/0x70 [ 1213.234013] ? selinux_file_permission+0x92/0x520 [ 1213.234756] ? do_splice_to+0x160/0x160 [ 1213.235372] ? security_file_permission+0xb1/0xe0 [ 1213.236120] do_splice_direct+0x1c4/0x290 [ 1213.236758] ? splice_direct_to_actor+0x980/0x980 [ 1213.237494] ? avc_policy_seqno+0x9/0x70 [ 1213.238135] ? security_file_permission+0xb1/0xe0 [ 1213.238887] do_sendfile+0x553/0x11e0 [ 1213.239488] ? do_pwritev+0x270/0x270 [ 1213.240076] ? wait_for_completion_io+0x270/0x270 [ 1213.240822] ? rcu_read_lock_any_held+0x75/0xa0 [ 1213.241529] ? vfs_write+0x354/0xb10 [ 1213.242118] __x64_sys_sendfile64+0x1d1/0x210 [ 1213.242809] ? __ia32_sys_sendfile+0x220/0x220 [ 1213.243522] do_syscall_64+0x33/0x40 [ 1213.244092] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1213.244876] RIP: 0033:0x7f24f4026b19 [ 1213.245447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1213.248299] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1213.249463] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1213.250566] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1213.251655] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1213.252745] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1213.253835] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 10:56:23 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 8) 10:56:23 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x107842, 0x1b) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1213.270453] FAULT_INJECTION: forcing a failure. [ 1213.270453] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.271438] CPU: 0 PID: 9034 Comm: syz-executor.4 Not tainted 5.10.222 #1 [ 1213.271996] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1213.272674] Call Trace: [ 1213.272892] dump_stack+0x107/0x167 [ 1213.273193] should_fail.cold+0x5/0xa [ 1213.273511] ? iter_file_splice_write+0x16d/0xc30 [ 1213.273903] should_failslab+0x5/0x20 [ 1213.274217] __kmalloc+0x72/0x390 [ 1213.274508] iter_file_splice_write+0x16d/0xc30 [ 1213.274886] ? atime_needs_update+0x600/0x600 [ 1213.275257] ? generic_splice_sendpage+0x140/0x140 [ 1213.275656] ? pipe_to_user+0x170/0x170 [ 1213.275996] ? security_file_permission+0xb1/0xe0 [ 1213.276391] ? generic_splice_sendpage+0x140/0x140 [ 1213.276787] direct_splice_actor+0x10f/0x170 [ 1213.277160] splice_direct_to_actor+0x387/0x980 [ 1213.277551] ? pipe_to_sendpage+0x380/0x380 [ 1213.277904] ? do_splice_to+0x160/0x160 [ 1213.278236] ? security_file_permission+0xb1/0xe0 [ 1213.278629] do_splice_direct+0x1c4/0x290 [ 1213.278976] ? splice_direct_to_actor+0x980/0x980 [ 1213.279363] ? avc_policy_seqno+0x9/0x70 [ 1213.279700] ? security_file_permission+0xb1/0xe0 [ 1213.280100] do_sendfile+0x553/0x11e0 [ 1213.280425] ? do_pwritev+0x270/0x270 [ 1213.280742] ? wait_for_completion_io+0x270/0x270 [ 1213.281145] ? rcu_read_lock_any_held+0x75/0xa0 [ 1213.281521] ? vfs_write+0x354/0xb10 [ 1213.281842] __x64_sys_sendfile64+0x1d1/0x210 [ 1213.282217] ? __ia32_sys_sendfile+0x220/0x220 [ 1213.282601] do_syscall_64+0x33/0x40 [ 1213.282902] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1213.283319] RIP: 0033:0x7f34e6513b19 [ 1213.283619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1213.285117] RSP: 002b:00007f34e3a89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1213.285742] RAX: ffffffffffffffda RBX: 00007f34e6626f60 RCX: 00007f34e6513b19 [ 1213.286336] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 1213.286912] RBP: 00007f34e3a891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1213.287480] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1213.288061] R13: 00007ffffc44f47f R14: 00007f34e3a89300 R15: 0000000000022000 10:56:23 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 2) [ 1213.338323] attempt to access beyond end of device [ 1213.338323] loop1: rw=2049, want=276, limit=128 [ 1213.346853] FAULT_INJECTION: forcing a failure. [ 1213.346853] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.347963] CPU: 0 PID: 9037 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1213.348559] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1213.349221] Call Trace: [ 1213.349439] dump_stack+0x107/0x167 [ 1213.349729] should_fail.cold+0x5/0xa [ 1213.350045] ? create_object.isra.0+0x3a/0xa20 [ 1213.350412] should_failslab+0x5/0x20 [ 1213.350719] kmem_cache_alloc+0x5b/0x310 [ 1213.351054] create_object.isra.0+0x3a/0xa20 [ 1213.351410] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1213.351825] kmem_cache_alloc+0x159/0x310 [ 1213.352162] alloc_buffer_head+0x20/0x110 [ 1213.352496] alloc_page_buffers+0x14d/0x700 [ 1213.352847] create_empty_buffers+0x2c/0x640 [ 1213.353208] block_truncate_page+0x76c/0xab0 [ 1213.353564] ? fat_add_cluster+0x100/0x100 [ 1213.353924] ? selinux_inode_setattr+0x21c/0x2e0 [ 1213.354307] ? block_write_full_page+0x290/0x290 [ 1213.354690] ? inode_newsize_ok+0x18d/0x210 [ 1213.355042] ? setattr_prepare+0x135/0x7c0 [ 1213.355385] fat_setattr+0xa22/0xf50 [ 1213.355691] ? fat_free.isra.0+0x940/0x940 [ 1213.356027] notify_change+0xc28/0x1160 [ 1213.356366] do_truncate+0x134/0x1f0 [ 1213.356665] ? file_open_root+0x440/0x440 [ 1213.357002] ? lock_release+0x680/0x680 [ 1213.357336] do_sys_ftruncate+0x4e2/0x870 [ 1213.357667] do_syscall_64+0x33/0x40 [ 1213.357975] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1213.358380] RIP: 0033:0x7f6c59516b19 [ 1213.358679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1213.360130] RSP: 002b:00007f6c56a8c188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1213.360736] RAX: ffffffffffffffda RBX: 00007f6c59629f60 RCX: 00007f6c59516b19 [ 1213.361311] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1213.361867] RBP: 00007f6c56a8c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1213.362428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1213.362990] R13: 00007ffd8ecf288f R14: 00007f6c56a8c300 R15: 0000000000022000 [ 1213.364300] FAULT_INJECTION: forcing a failure. [ 1213.364300] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.365468] CPU: 1 PID: 9047 Comm: syz-executor.0 Not tainted 5.10.222 #1 [ 1213.366156] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1213.366779] Call Trace: [ 1213.367057] dump_stack+0x107/0x167 [ 1213.367432] should_fail.cold+0x5/0xa [ 1213.367822] ? create_object.isra.0+0x3a/0xa20 [ 1213.367994] attempt to access beyond end of device [ 1213.367994] loop1: rw=0, want=147, limit=128 [ 1213.368287] should_failslab+0x5/0x20 [ 1213.369421] kmem_cache_alloc+0x5b/0x310 [ 1213.369844] create_object.isra.0+0x3a/0xa20 [ 1213.370295] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1213.370802] kmem_cache_alloc+0x159/0x310 [ 1213.371229] alloc_buffer_head+0x20/0x110 [ 1213.371651] alloc_page_buffers+0x14d/0x700 [ 1213.372089] create_empty_buffers+0x2c/0x640 [ 1213.372537] ? jbd2__journal_start+0xf3/0x7e0 [ 1213.372987] __ext4_block_zero_page_range+0x798/0x940 [ 1213.373512] ext4_truncate+0xdbf/0x1160 [ 1213.373835] ? unmap_mapping_pages+0x117/0x2a0 [ 1213.374610] ? ext4_punch_hole+0x1070/0x1070 [ 1213.375393] ext4_setattr+0x1684/0x2160 [ 1213.376077] ? current_time+0x1e6/0x2c0 [ 1213.376787] ? ext4_journalled_write_end+0x1190/0x1190 [ 1213.377683] notify_change+0xc28/0x1160 [ 1213.378403] do_truncate+0x134/0x1f0 [ 1213.379026] ? file_open_root+0x440/0x440 [ 1213.379663] ? lock_release+0x680/0x680 [ 1213.380305] do_sys_ftruncate+0x4e2/0x870 [ 1213.380950] do_syscall_64+0x33/0x40 [ 1213.381525] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1213.382316] RIP: 0033:0x7fdb13aeab19 [ 1213.382889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1213.385641] RSP: 002b:00007fdb1103f188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1213.385836] FAULT_INJECTION: forcing a failure. [ 1213.385836] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.386802] RAX: ffffffffffffffda RBX: 00007fdb13bfe020 RCX: 00007fdb13aeab19 [ 1213.386820] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1213.389872] RBP: 00007fdb1103f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1213.390956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1213.392033] R13: 00007ffd9e9c2faf R14: 00007fdb1103f300 R15: 0000000000022000 [ 1213.393146] CPU: 0 PID: 9048 Comm: syz-executor.6 Not tainted 5.10.222 #1 [ 1213.393731] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1213.394438] Call Trace: [ 1213.394664] dump_stack+0x107/0x167 [ 1213.394979] should_fail.cold+0x5/0xa [ 1213.395314] ? create_object.isra.0+0x3a/0xa20 [ 1213.395710] should_failslab+0x5/0x20 [ 1213.396072] kmem_cache_alloc+0x5b/0x310 [ 1213.396423] create_object.isra.0+0x3a/0xa20 [ 1213.396798] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1213.397239] kmem_cache_alloc+0x159/0x310 [ 1213.397596] alloc_buffer_head+0x20/0x110 [ 1213.397959] alloc_page_buffers+0x14d/0x700 [ 1213.398332] create_empty_buffers+0x2c/0x640 [ 1213.398715] block_truncate_page+0x76c/0xab0 [ 1213.399089] ? fat_add_cluster+0x100/0x100 [ 1213.399451] ? selinux_inode_setattr+0x21c/0x2e0 [ 1213.399852] ? block_write_full_page+0x290/0x290 [ 1213.400257] ? inode_newsize_ok+0x18d/0x210 [ 1213.400628] ? setattr_prepare+0x135/0x7c0 [ 1213.400995] fat_setattr+0xa22/0xf50 [ 1213.401316] ? fat_free.isra.0+0x940/0x940 [ 1213.401675] notify_change+0xc28/0x1160 [ 1213.402027] do_truncate+0x134/0x1f0 [ 1213.402349] ? file_open_root+0x440/0x440 [ 1213.402705] ? lock_release+0x680/0x680 [ 1213.403056] do_sys_ftruncate+0x4e2/0x870 [ 1213.403412] do_syscall_64+0x33/0x40 [ 1213.403733] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1213.404177] RIP: 0033:0x7ff082d02b19 [ 1213.404494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1213.406056] RSP: 002b:00007ff080257188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1213.406705] RAX: ffffffffffffffda RBX: 00007ff082e16020 RCX: 00007ff082d02b19 [ 1213.407314] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1213.407911] RBP: 00007ff0802571d0 R08: 0000000000000000 R09: 0000000000000000 [ 1213.408517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1213.409120] R13: 00007ffd09dbd22f R14: 00007ff080257300 R15: 0000000000022000 [ 1213.410010] attempt to access beyond end of device [ 1213.410010] loop6: rw=0, want=147, limit=128 10:56:23 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x100000001) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r4, 0xc0189379, &(0x7f0000000140)={{0x1, 0x1, 0x18, r5}, './file1\x00'}) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000000)=0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000080)={{0x1, 0x1, 0x18, r2}, './file1\x00'}) kcmp(r7, 0x0, 0x0, r8, r9) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r10, @ANYBLOB=',wfdno=', @ANYRESHEX=r11, @ANYBLOB="136163636573733d616e792c00cae3a3dd2dee54ead1192bb16b7cd07a17c9f2ddbf67f91475520874529dd67f686257fd243da7a56758bb11edad0e54a6767aa98ca9684fe332227d5e1b3ba373d3e8fe80f59faac886d94a8d659305b54668ce2b629e9670481173658ad6a89849c1de4d547760b0b052b814fc8922fe856fdd89ad514177931ce69a9e521e4b7e34436fce6c0936c220b970b30ccca5a7d48450868eb2b9c1433c21c0163c16a29a7f95a10ca9bfa73979fec25eed96dbe782503a700d03237c4c999f01c6b38c92fc9c0cc355c380e20fa8a71ba578de70a5d169f694ae40dfe5bc8177"]) [ 1213.449745] attempt to access beyond end of device [ 1213.449745] loop6: rw=2049, want=276, limit=128 [ 1213.492936] FAULT_INJECTION: forcing a failure. [ 1213.492936] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.494006] CPU: 0 PID: 9053 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1213.494643] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1213.495409] Call Trace: [ 1213.495623] dump_stack+0x107/0x167 [ 1213.495937] should_fail.cold+0x5/0xa [ 1213.496270] ? create_object.isra.0+0x3a/0xa20 [ 1213.496660] should_failslab+0x5/0x20 [ 1213.496985] kmem_cache_alloc+0x5b/0x310 [ 1213.497341] create_object.isra.0+0x3a/0xa20 [ 1213.497721] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1213.498173] kmem_cache_alloc_trace+0x151/0x320 [ 1213.498578] alloc_pipe_info+0x10a/0x590 [ 1213.498933] splice_direct_to_actor+0x774/0x980 [ 1213.499335] ? _cond_resched+0x12/0x80 [ 1213.499668] ? inode_security+0x107/0x140 [ 1213.500022] ? pipe_to_sendpage+0x380/0x380 [ 1213.500396] ? avc_policy_seqno+0x9/0x70 [ 1213.500741] ? selinux_file_permission+0x92/0x520 [ 1213.501162] ? do_splice_to+0x160/0x160 [ 1213.501507] ? security_file_permission+0xb1/0xe0 [ 1213.501932] do_splice_direct+0x1c4/0x290 [ 1213.502291] ? splice_direct_to_actor+0x980/0x980 [ 1213.502693] ? avc_policy_seqno+0x9/0x70 [ 1213.503056] ? security_file_permission+0xb1/0xe0 [ 1213.503477] do_sendfile+0x553/0x11e0 [ 1213.503819] ? do_pwritev+0x270/0x270 [ 1213.504151] ? wait_for_completion_io+0x270/0x270 [ 1213.504564] ? rcu_read_lock_any_held+0x75/0xa0 [ 1213.504960] ? vfs_write+0x354/0xb10 [ 1213.505287] __x64_sys_sendfile64+0x1d1/0x210 [ 1213.505666] ? __ia32_sys_sendfile+0x220/0x220 [ 1213.506076] do_syscall_64+0x33/0x40 [ 1213.506387] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1213.506795] RIP: 0033:0x7f24f4026b19 [ 1213.507097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1213.508563] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1213.509179] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1213.509746] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1213.510325] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1213.510891] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1213.511464] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1213.598640] attempt to access beyond end of device [ 1213.598640] loop5: rw=2049, want=276, limit=128 [ 1213.614709] 9pnet: Insufficient options for proto=fd [ 1213.778767] 9pnet: Insufficient options for proto=fd 10:56:38 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 6) 10:56:38 executing program 2: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x8000) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYRES64=r2], 0xfdef) dup2(r1, r0) 10:56:38 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 9) 10:56:38 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) r1 = signalfd4(r0, &(0x7f0000000000)={[0x4a44]}, 0x8, 0x80800) unlinkat(r1, &(0x7f0000000140)='./file0\x00', 0x200) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 10:56:38 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 5) 10:56:38 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 3) 10:56:38 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 6) 10:56:38 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, 0x0) [ 1228.148709] FAULT_INJECTION: forcing a failure. [ 1228.148709] name failslab, interval 1, probability 0, space 0, times 0 [ 1228.149810] CPU: 0 PID: 9086 Comm: syz-executor.0 Not tainted 5.10.222 #1 [ 1228.150463] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1228.151236] Call Trace: [ 1228.151493] dump_stack+0x107/0x167 [ 1228.151839] should_fail.cold+0x5/0xa [ 1228.152205] ? mempool_alloc+0x148/0x360 [ 1228.152585] ? mempool_free_pages+0x20/0x20 [ 1228.152996] should_failslab+0x5/0x20 [ 1228.153360] kmem_cache_alloc+0x5b/0x310 [ 1228.153745] ? mempool_free_pages+0x20/0x20 [ 1228.154153] mempool_alloc+0x148/0x360 [ 1228.154538] ? __check_block_validity.constprop.0+0x1ac/0x2f0 [ 1228.155087] ? mempool_resize+0x7d0/0x7d0 [ 1228.155481] ? ext4_map_blocks+0x87c/0x1910 [ 1228.155901] bio_alloc_bioset+0x36e/0x600 [ 1228.156297] ? lock_release+0x680/0x680 [ 1228.156674] ? bvec_alloc+0x2f0/0x2f0 [ 1228.157030] ? ext4_update_bh_state+0x9c/0x110 [ 1228.157473] submit_bh_wbc.constprop.0+0x1b8/0x780 [ 1228.157935] ? block_commit_write+0x30/0x30 [ 1228.158350] ext4_read_bh+0x134/0x330 [ 1228.158714] ext4_read_bh_lock+0x76/0xd0 [ 1228.159099] __ext4_block_zero_page_range+0x530/0x940 [ 1228.159594] ext4_truncate+0xdbf/0x1160 [ 1228.159964] ? unmap_mapping_pages+0x117/0x2a0 [ 1228.160401] ? ext4_punch_hole+0x1070/0x1070 [ 1228.160833] ext4_setattr+0x1684/0x2160 [ 1228.161208] ? current_time+0x1e6/0x2c0 [ 1228.161605] ? ext4_journalled_write_end+0x1190/0x1190 [ 1228.162102] notify_change+0xc28/0x1160 [ 1228.162495] do_truncate+0x134/0x1f0 [ 1228.162846] ? file_open_root+0x440/0x440 [ 1228.163240] ? lock_release+0x680/0x680 [ 1228.163637] do_sys_ftruncate+0x4e2/0x870 [ 1228.164031] do_syscall_64+0x33/0x40 [ 1228.164385] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1228.164863] RIP: 0033:0x7fdb13aeab19 [ 1228.165212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1228.166926] RSP: 002b:00007fdb1103f188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1228.167641] RAX: ffffffffffffffda RBX: 00007fdb13bfe020 RCX: 00007fdb13aeab19 [ 1228.168304] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1228.168964] RBP: 00007fdb1103f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1228.169627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1228.170296] R13: 00007ffd9e9c2faf R14: 00007fdb1103f300 R15: 0000000000022000 [ 1228.199530] FAULT_INJECTION: forcing a failure. [ 1228.199530] name failslab, interval 1, probability 0, space 0, times 0 [ 1228.200657] CPU: 0 PID: 9070 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1228.201286] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1228.202041] Call Trace: [ 1228.202298] dump_stack+0x107/0x167 [ 1228.202637] should_fail.cold+0x5/0xa [ 1228.202992] ? alloc_pipe_info+0x1e5/0x590 [ 1228.203383] should_failslab+0x5/0x20 [ 1228.203734] __kmalloc+0x72/0x390 [ 1228.204061] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1228.204532] alloc_pipe_info+0x1e5/0x590 [ 1228.204909] splice_direct_to_actor+0x774/0x980 [ 1228.205341] ? _cond_resched+0x12/0x80 [ 1228.205701] ? inode_security+0x107/0x140 [ 1228.206080] ? pipe_to_sendpage+0x380/0x380 [ 1228.206486] ? avc_policy_seqno+0x9/0x70 [ 1228.206881] ? selinux_file_permission+0x92/0x520 [ 1228.207411] ? do_splice_to+0x160/0x160 [ 1228.207780] ? security_file_permission+0xb1/0xe0 [ 1228.208232] do_splice_direct+0x1c4/0x290 [ 1228.208616] ? splice_direct_to_actor+0x980/0x980 [ 1228.209056] ? avc_policy_seqno+0x9/0x70 [ 1228.209440] ? security_file_permission+0xb1/0xe0 [ 1228.209889] do_sendfile+0x553/0x11e0 [ 1228.210248] ? do_pwritev+0x270/0x270 [ 1228.210616] ? wait_for_completion_io+0x270/0x270 [ 1228.211063] ? rcu_read_lock_any_held+0x75/0xa0 [ 1228.211492] ? vfs_write+0x354/0xb10 [ 1228.211843] __x64_sys_sendfile64+0x1d1/0x210 [ 1228.212254] ? __ia32_sys_sendfile+0x220/0x220 [ 1228.212749] do_syscall_64+0x33/0x40 [ 1228.213191] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1228.213686] RIP: 0033:0x7f24f4026b19 [ 1228.214077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1228.215849] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1228.216537] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1228.217175] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1228.217829] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1228.218482] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1228.219131] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1228.241290] FAULT_INJECTION: forcing a failure. [ 1228.241290] name failslab, interval 1, probability 0, space 0, times 0 [ 1228.243385] CPU: 1 PID: 9091 Comm: syz-executor.6 Not tainted 5.10.222 #1 [ 1228.244589] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1228.245990] Call Trace: [ 1228.246495] dump_stack+0x107/0x167 [ 1228.247237] should_fail.cold+0x5/0xa [ 1228.247876] ? create_object.isra.0+0x3a/0xa20 [ 1228.248664] should_failslab+0x5/0x20 [ 1228.249415] kmem_cache_alloc+0x5b/0x310 [ 1228.250175] create_object.isra.0+0x3a/0xa20 [ 1228.250953] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1228.251907] kmem_cache_alloc+0x159/0x310 [ 1228.252635] alloc_buffer_head+0x20/0x110 [ 1228.253347] alloc_page_buffers+0x14d/0x700 [ 1228.254099] create_empty_buffers+0x2c/0x640 [ 1228.254981] block_truncate_page+0x76c/0xab0 [ 1228.255756] ? fat_add_cluster+0x100/0x100 [ 1228.256515] ? selinux_inode_setattr+0x21c/0x2e0 [ 1228.257471] ? block_write_full_page+0x290/0x290 [ 1228.258297] ? inode_newsize_ok+0x18d/0x210 [ 1228.259045] ? setattr_prepare+0x135/0x7c0 [ 1228.259880] fat_setattr+0xa22/0xf50 [ 1228.260478] ? fat_free.isra.0+0x940/0x940 [ 1228.261231] notify_change+0xc28/0x1160 [ 1228.262169] do_truncate+0x134/0x1f0 [ 1228.262748] ? file_open_root+0x440/0x440 [ 1228.263439] ? lock_release+0x680/0x680 [ 1228.264189] do_sys_ftruncate+0x4e2/0x870 [ 1228.264846] do_syscall_64+0x33/0x40 [ 1228.265398] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1228.266144] RIP: 0033:0x7ff082d02b19 [ 1228.266710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1228.269419] RSP: 002b:00007ff080257188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1228.270799] RAX: ffffffffffffffda RBX: 00007ff082e16020 RCX: 00007ff082d02b19 [ 1228.271938] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1228.272974] RBP: 00007ff0802571d0 R08: 0000000000000000 R09: 0000000000000000 [ 1228.274011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1228.275169] R13: 00007ffd09dbd22f R14: 00007ff080257300 R15: 0000000000022000 [ 1228.277694] FAULT_INJECTION: forcing a failure. [ 1228.277694] name failslab, interval 1, probability 0, space 0, times 0 [ 1228.279508] CPU: 1 PID: 9079 Comm: syz-executor.4 Not tainted 5.10.222 #1 [ 1228.280744] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1228.282125] Call Trace: [ 1228.282697] dump_stack+0x107/0x167 [ 1228.283280] should_fail.cold+0x5/0xa [ 1228.283949] ? create_object.isra.0+0x3a/0xa20 [ 1228.284802] should_failslab+0x5/0x20 [ 1228.285481] kmem_cache_alloc+0x5b/0x310 [ 1228.286093] create_object.isra.0+0x3a/0xa20 [ 1228.286757] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1228.287675] __kmalloc+0x16e/0x390 [ 1228.288269] iter_file_splice_write+0x16d/0xc30 [ 1228.289097] ? atime_needs_update+0x600/0x600 [ 1228.289784] ? generic_splice_sendpage+0x140/0x140 [ 1228.290706] ? pipe_to_user+0x170/0x170 [ 1228.291348] ? security_file_permission+0xb1/0xe0 [ 1228.292142] ? generic_splice_sendpage+0x140/0x140 [ 1228.292865] direct_splice_actor+0x10f/0x170 [ 1228.293517] splice_direct_to_actor+0x387/0x980 [ 1228.294316] ? pipe_to_sendpage+0x380/0x380 [ 1228.294988] ? do_splice_to+0x160/0x160 [ 1228.295634] ? security_file_permission+0xb1/0xe0 [ 1228.296347] do_splice_direct+0x1c4/0x290 [ 1228.297056] ? splice_direct_to_actor+0x980/0x980 [ 1228.297877] ? avc_policy_seqno+0x9/0x70 [ 1228.298601] ? security_file_permission+0xb1/0xe0 [ 1228.299435] do_sendfile+0x553/0x11e0 [ 1228.300196] ? do_pwritev+0x270/0x270 [ 1228.300782] ? wait_for_completion_io+0x270/0x270 [ 1228.301582] ? rcu_read_lock_any_held+0x75/0xa0 [ 1228.302496] ? vfs_write+0x354/0xb10 [ 1228.303121] __x64_sys_sendfile64+0x1d1/0x210 [ 1228.303894] ? __ia32_sys_sendfile+0x220/0x220 [ 1228.304706] do_syscall_64+0x33/0x40 [ 1228.305513] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1228.306388] RIP: 0033:0x7f34e6513b19 [ 1228.307163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1228.310401] RSP: 002b:00007f34e3a89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1228.311959] RAX: ffffffffffffffda RBX: 00007f34e6626f60 RCX: 00007f34e6513b19 [ 1228.313308] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1228.314471] RBP: 00007f34e3a891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1228.315719] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1228.316932] R13: 00007ffffc44f47f R14: 00007f34e3a89300 R15: 0000000000022000 [ 1228.363109] attempt to access beyond end of device [ 1228.363109] loop1: rw=2049, want=276, limit=128 [ 1228.364907] FAULT_INJECTION: forcing a failure. [ 1228.364907] name failslab, interval 1, probability 0, space 0, times 0 [ 1228.366595] CPU: 1 PID: 9094 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1228.367599] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1228.368812] Call Trace: [ 1228.369219] dump_stack+0x107/0x167 [ 1228.369767] should_fail.cold+0x5/0xa [ 1228.370352] ? create_object.isra.0+0x3a/0xa20 10:56:38 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, 0xffffffffffffffff, 0x80, &(0x7f0000000240)=@tipc=@name={0x1e, 0x2, 0x3, {{0x1, 0x1}, 0xffffffff}}}, 0x48004) r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000001c0), 0x0, 0xc}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x100000001) syz_io_uring_submit(0x0, r2, &(0x7f0000000180)=@IORING_OP_TEE={0x21, 0x2, 0x0, @fd_index=0x2, 0x0, 0x0, 0xd58c, 0xb, 0x0, {0x0, 0x0, r4}}, 0x9) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) open$dir(&(0x7f0000000140)='./file0\x00', 0x20000, 0x52) acct(0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1228.371033] should_failslab+0x5/0x20 [ 1228.371736] kmem_cache_alloc+0x5b/0x310 [ 1228.372534] create_object.isra.0+0x3a/0xa20 [ 1228.373235] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1228.373989] kmem_cache_alloc+0x159/0x310 [ 1228.374625] alloc_buffer_head+0x20/0x110 [ 1228.375241] alloc_page_buffers+0x14d/0x700 [ 1228.375890] create_empty_buffers+0x2c/0x640 [ 1228.376557] block_truncate_page+0x76c/0xab0 [ 1228.377206] ? fat_add_cluster+0x100/0x100 [ 1228.377836] ? selinux_inode_setattr+0x21c/0x2e0 [ 1228.378542] ? block_write_full_page+0x290/0x290 [ 1228.379246] ? inode_newsize_ok+0x18d/0x210 [ 1228.379891] ? setattr_prepare+0x135/0x7c0 [ 1228.380532] fat_setattr+0xa22/0xf50 [ 1228.381221] ? fat_free.isra.0+0x940/0x940 [ 1228.381849] notify_change+0xc28/0x1160 [ 1228.382467] do_truncate+0x134/0x1f0 [ 1228.383021] ? file_open_root+0x440/0x440 [ 1228.383636] ? lock_release+0x680/0x680 [ 1228.384254] do_sys_ftruncate+0x4e2/0x870 [ 1228.384880] do_syscall_64+0x33/0x40 [ 1228.385439] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1228.386195] RIP: 0033:0x7f6c59516b19 [ 1228.386760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1228.389428] RSP: 002b:00007f6c56a6b188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1228.390839] RAX: ffffffffffffffda RBX: 00007f6c5962a020 RCX: 00007f6c59516b19 [ 1228.391881] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1228.392923] RBP: 00007f6c56a6b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1228.393960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1228.395009] R13: 00007ffd8ecf288f R14: 00007f6c56a6b300 R15: 0000000000022000 10:56:38 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 4) [ 1228.469476] attempt to access beyond end of device [ 1228.469476] loop6: rw=0, want=147, limit=128 [ 1228.478459] attempt to access beyond end of device [ 1228.478459] loop6: rw=2049, want=276, limit=128 [ 1228.495095] attempt to access beyond end of device [ 1228.495095] loop4: rw=2049, want=276, limit=128 [ 1228.500202] attempt to access beyond end of device [ 1228.500202] loop1: rw=0, want=147, limit=128 [ 1228.524385] FAULT_INJECTION: forcing a failure. [ 1228.524385] name failslab, interval 1, probability 0, space 0, times 0 [ 1228.525394] CPU: 0 PID: 9101 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1228.525945] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1228.526627] Call Trace: [ 1228.526848] dump_stack+0x107/0x167 [ 1228.527146] should_fail.cold+0x5/0xa [ 1228.527457] ? create_object.isra.0+0x3a/0xa20 [ 1228.527828] should_failslab+0x5/0x20 [ 1228.528135] kmem_cache_alloc+0x5b/0x310 [ 1228.528469] create_object.isra.0+0x3a/0xa20 [ 1228.528822] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1228.529231] __kmalloc+0x16e/0x390 [ 1228.529526] alloc_pipe_info+0x1e5/0x590 [ 1228.529859] splice_direct_to_actor+0x774/0x980 [ 1228.530233] ? _cond_resched+0x12/0x80 [ 1228.530556] ? inode_security+0x107/0x140 [ 1228.530887] ? pipe_to_sendpage+0x380/0x380 [ 1228.531236] ? avc_policy_seqno+0x9/0x70 [ 1228.531565] ? selinux_file_permission+0x92/0x520 [ 1228.531950] ? do_splice_to+0x160/0x160 [ 1228.532278] ? security_file_permission+0xb1/0xe0 [ 1228.532672] do_splice_direct+0x1c4/0x290 [ 1228.533007] ? splice_direct_to_actor+0x980/0x980 [ 1228.533393] ? avc_policy_seqno+0x9/0x70 [ 1228.533728] ? security_file_permission+0xb1/0xe0 [ 1228.534121] do_sendfile+0x553/0x11e0 [ 1228.534441] ? do_pwritev+0x270/0x270 [ 1228.534749] ? wait_for_completion_io+0x270/0x270 [ 1228.535144] ? rcu_read_lock_any_held+0x75/0xa0 [ 1228.535520] ? vfs_write+0x354/0xb10 [ 1228.535823] __x64_sys_sendfile64+0x1d1/0x210 [ 1228.536183] ? __ia32_sys_sendfile+0x220/0x220 [ 1228.536559] do_syscall_64+0x33/0x40 [ 1228.536862] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1228.537272] RIP: 0033:0x7f24f4026b19 [ 1228.537573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1228.539051] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1228.539667] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1228.540238] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1228.540807] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1228.541383] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1228.541957] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1228.615836] attempt to access beyond end of device [ 1228.615836] loop5: rw=2049, want=276, limit=128 [ 1242.751951] FAULT_INJECTION: forcing a failure. [ 1242.751951] name failslab, interval 1, probability 0, space 0, times 0 [ 1242.753092] CPU: 0 PID: 9108 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1242.753733] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1242.754508] Call Trace: [ 1242.754770] dump_stack+0x107/0x167 [ 1242.755117] should_fail.cold+0x5/0xa [ 1242.755482] ? iter_file_splice_write+0x16d/0xc30 [ 1242.755935] should_failslab+0x5/0x20 [ 1242.756300] __kmalloc+0x72/0x390 [ 1242.756636] iter_file_splice_write+0x16d/0xc30 [ 1242.757073] ? atime_needs_update+0x600/0x600 [ 1242.757509] ? generic_splice_sendpage+0x140/0x140 [ 1242.757968] ? pipe_to_user+0x170/0x170 [ 1242.758360] ? security_file_permission+0xb1/0xe0 [ 1242.758824] ? generic_splice_sendpage+0x140/0x140 [ 1242.759289] direct_splice_actor+0x10f/0x170 [ 1242.759708] splice_direct_to_actor+0x387/0x980 [ 1242.760159] ? pipe_to_sendpage+0x380/0x380 [ 1242.760568] ? do_splice_to+0x160/0x160 [ 1242.760945] ? security_file_permission+0xb1/0xe0 [ 1242.761406] do_splice_direct+0x1c4/0x290 [ 1242.761802] ? splice_direct_to_actor+0x980/0x980 [ 1242.762257] ? avc_policy_seqno+0x9/0x70 [ 1242.762653] ? security_file_permission+0xb1/0xe0 [ 1242.763114] do_sendfile+0x553/0x11e0 [ 1242.763487] ? do_pwritev+0x270/0x270 [ 1242.763848] ? wait_for_completion_io+0x270/0x270 [ 1242.764307] ? rcu_read_lock_any_held+0x75/0xa0 [ 1242.764743] ? vfs_write+0x354/0xb10 [ 1242.765104] __x64_sys_sendfile64+0x1d1/0x210 [ 1242.765531] ? __ia32_sys_sendfile+0x220/0x220 [ 1242.765971] do_syscall_64+0x33/0x40 [ 1242.766325] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1242.766818] RIP: 0033:0x7f24f4026b19 [ 1242.767170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1242.768895] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1242.769616] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1242.770288] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1242.770965] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1242.771637] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1242.772303] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 10:56:52 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 5) 10:56:52 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, 0x0) 10:56:52 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 7) 10:56:52 executing program 3: r0 = fork() ptrace(0x10, r0) rt_sigqueueinfo(r0, 0x1d, &(0x7f0000000180)={0x31, 0x8003, 0x80000000}) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x4, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x800}, r0, 0x0, 0xffffffffffffffff, 0x3) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) openat(r2, &(0x7f0000000000)='./file0\x00', 0x480, 0x50) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x100000001) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f00000000c0)=0x5) 10:56:52 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 6) 10:56:52 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 7) 10:56:52 executing program 2: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:56:52 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 10) 10:56:52 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 6) [ 1242.880768] FAULT_INJECTION: forcing a failure. [ 1242.880768] name failslab, interval 1, probability 0, space 0, times 0 [ 1242.882503] CPU: 1 PID: 9132 Comm: syz-executor.0 Not tainted 5.10.222 #1 [ 1242.883508] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1242.884704] Call Trace: [ 1242.885100] dump_stack+0x107/0x167 [ 1242.885641] should_fail.cold+0x5/0xa [ 1242.886202] ? create_object.isra.0+0x3a/0xa20 [ 1242.886880] should_failslab+0x5/0x20 [ 1242.887437] kmem_cache_alloc+0x5b/0x310 [ 1242.888041] create_object.isra.0+0x3a/0xa20 [ 1242.888684] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1242.889433] kmem_cache_alloc+0x159/0x310 [ 1242.890025] ? mempool_free_pages+0x20/0x20 [ 1242.890663] mempool_alloc+0x148/0x360 [ 1242.891241] ? __check_block_validity.constprop.0+0x1ac/0x2f0 [ 1242.892086] ? mempool_resize+0x7d0/0x7d0 [ 1242.892698] ? ext4_map_blocks+0x87c/0x1910 [ 1242.893355] bio_alloc_bioset+0x36e/0x600 [ 1242.893964] ? lock_release+0x680/0x680 [ 1242.894543] ? bvec_alloc+0x2f0/0x2f0 [ 1242.895091] ? ext4_update_bh_state+0x9c/0x110 [ 1242.895770] submit_bh_wbc.constprop.0+0x1b8/0x780 [ 1242.896485] ? block_commit_write+0x30/0x30 [ 1242.897112] ext4_read_bh+0x134/0x330 [ 1242.897676] ext4_read_bh_lock+0x76/0xd0 [ 1242.898274] __ext4_block_zero_page_range+0x530/0x940 [ 1242.899050] ext4_truncate+0xdbf/0x1160 [ 1242.899635] ? unmap_mapping_pages+0x117/0x2a0 [ 1242.900310] ? ext4_punch_hole+0x1070/0x1070 [ 1242.900608] FAULT_INJECTION: forcing a failure. [ 1242.900608] name failslab, interval 1, probability 0, space 0, times 0 [ 1242.900970] ext4_setattr+0x1684/0x2160 [ 1242.900991] ? current_time+0x1e6/0x2c0 [ 1242.903135] ? ext4_journalled_write_end+0x1190/0x1190 [ 1242.903891] notify_change+0xc28/0x1160 [ 1242.904482] do_truncate+0x134/0x1f0 [ 1242.905025] ? file_open_root+0x440/0x440 [ 1242.905630] ? lock_release+0x680/0x680 [ 1242.906239] do_sys_ftruncate+0x4e2/0x870 [ 1242.906842] do_syscall_64+0x33/0x40 [ 1242.907384] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1242.908125] RIP: 0033:0x7fdb13aeab19 [ 1242.908664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1242.911315] RSP: 002b:00007fdb1103f188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1242.912418] RAX: ffffffffffffffda RBX: 00007fdb13bfe020 RCX: 00007fdb13aeab19 [ 1242.913443] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1242.914464] RBP: 00007fdb1103f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1242.915496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1242.916524] R13: 00007ffd9e9c2faf R14: 00007fdb1103f300 R15: 0000000000022000 [ 1242.917585] CPU: 0 PID: 9129 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1242.918205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1242.918959] Call Trace: [ 1242.919213] dump_stack+0x107/0x167 [ 1242.919543] should_fail.cold+0x5/0xa [ 1242.919883] ? create_object.isra.0+0x3a/0xa20 [ 1242.920288] should_failslab+0x5/0x20 [ 1242.920626] kmem_cache_alloc+0x5b/0x310 10:56:52 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, 0x0) [ 1242.921094] ? igrab+0xc0/0xc0 [ 1242.921411] create_object.isra.0+0x3a/0xa20 [ 1242.921790] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1242.922231] __kmalloc+0x16e/0x390 [ 1242.922555] iter_file_splice_write+0x16d/0xc30 [ 1242.922964] ? atime_needs_update+0x600/0x600 [ 1242.923366] ? generic_splice_sendpage+0x140/0x140 [ 1242.923784] ? pipe_to_user+0x170/0x170 [ 1242.924143] ? security_file_permission+0xb1/0xe0 [ 1242.924562] ? generic_splice_sendpage+0x140/0x140 [ 1242.924983] direct_splice_actor+0x10f/0x170 [ 1242.925369] splice_direct_to_actor+0x387/0x980 [ 1242.925768] ? pipe_to_sendpage+0x380/0x380 [ 1242.926146] ? do_splice_to+0x160/0x160 [ 1242.926504] ? security_file_permission+0xb1/0xe0 [ 1242.926924] do_splice_direct+0x1c4/0x290 [ 1242.927284] ? splice_direct_to_actor+0x980/0x980 [ 1242.927706] ? avc_policy_seqno+0x9/0x70 [ 1242.928066] ? security_file_permission+0xb1/0xe0 [ 1242.928490] do_sendfile+0x553/0x11e0 [ 1242.928828] ? do_pwritev+0x270/0x270 [ 1242.929164] ? wait_for_completion_io+0x270/0x270 [ 1242.929584] ? rcu_read_lock_any_held+0x75/0xa0 [ 1242.929982] ? vfs_write+0x354/0xb10 [ 1242.930320] __x64_sys_sendfile64+0x1d1/0x210 [ 1242.930719] ? __ia32_sys_sendfile+0x220/0x220 [ 1242.931126] do_syscall_64+0x33/0x40 [ 1242.931454] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1242.931899] RIP: 0033:0x7f24f4026b19 [ 1242.932223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1242.933794] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1242.934462] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1242.935114] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1242.935725] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1242.936328] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1242.936939] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1242.971091] FAULT_INJECTION: forcing a failure. [ 1242.971091] name failslab, interval 1, probability 0, space 0, times 0 [ 1242.972765] CPU: 1 PID: 9137 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1242.973714] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1242.974870] Call Trace: [ 1242.975251] dump_stack+0x107/0x167 [ 1242.975766] should_fail.cold+0x5/0xa [ 1242.976326] ? create_object.isra.0+0x3a/0xa20 [ 1242.976976] should_failslab+0x5/0x20 [ 1242.977529] kmem_cache_alloc+0x5b/0x310 [ 1242.978104] create_object.isra.0+0x3a/0xa20 [ 1242.978758] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1242.979481] kmem_cache_alloc+0x159/0x310 [ 1242.980092] alloc_buffer_head+0x20/0x110 [ 1242.980673] alloc_page_buffers+0x14d/0x700 [ 1242.981313] create_empty_buffers+0x2c/0x640 [ 1242.981947] block_truncate_page+0x76c/0xab0 [ 1242.982595] ? fat_add_cluster+0x100/0x100 [ 1242.983191] ? block_write_full_page+0x290/0x290 [ 1242.983880] ? inode_newsize_ok+0x18d/0x210 [ 1242.984490] ? setattr_prepare+0x135/0x7c0 [ 1242.985114] fat_setattr+0xa22/0xf50 [ 1242.985647] ? fat_free.isra.0+0x940/0x940 [ 1242.986270] notify_change+0xc28/0x1160 [ 1242.986855] do_truncate+0x134/0x1f0 [ 1242.987399] ? file_open_root+0x440/0x440 [ 1242.987991] ? lock_release+0x680/0x680 [ 1242.988600] do_sys_ftruncate+0x4e2/0x870 [ 1242.989199] do_syscall_64+0x33/0x40 [ 1242.989741] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1242.990461] RIP: 0033:0x7f6c59516b19 [ 1242.991010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1242.993580] RSP: 002b:00007f6c56a6b188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1242.994692] RAX: ffffffffffffffda RBX: 00007f6c5962a020 RCX: 00007f6c59516b19 [ 1242.995691] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1242.996684] RBP: 00007f6c56a6b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1242.997683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1242.998685] R13: 00007ffd8ecf288f R14: 00007f6c56a6b300 R15: 0000000000022000 [ 1243.016461] FAULT_INJECTION: forcing a failure. [ 1243.016461] name failslab, interval 1, probability 0, space 0, times 0 [ 1243.018087] CPU: 1 PID: 9136 Comm: syz-executor.6 Not tainted 5.10.222 #1 [ 1243.019091] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1243.020284] Call Trace: [ 1243.020672] dump_stack+0x107/0x167 [ 1243.021226] should_fail.cold+0x5/0xa [ 1243.021782] ? create_object.isra.0+0x3a/0xa20 [ 1243.022446] should_failslab+0x5/0x20 [ 1243.023014] kmem_cache_alloc+0x5b/0x310 [ 1243.023613] create_object.isra.0+0x3a/0xa20 [ 1243.024235] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1243.024977] kmem_cache_alloc+0x159/0x310 [ 1243.025573] alloc_buffer_head+0x20/0x110 [ 1243.026175] alloc_page_buffers+0x14d/0x700 [ 1243.026797] create_empty_buffers+0x2c/0x640 [ 1243.027444] block_truncate_page+0x76c/0xab0 [ 1243.028064] ? fat_add_cluster+0x100/0x100 [ 1243.028678] ? selinux_inode_setattr+0x21c/0x2e0 [ 1243.029351] ? block_write_full_page+0x290/0x290 [ 1243.030038] ? inode_newsize_ok+0x18d/0x210 [ 1243.030666] ? setattr_prepare+0x135/0x7c0 [ 1243.031286] fat_setattr+0xa22/0xf50 [ 1243.031816] ? fat_free.isra.0+0x940/0x940 [ 1243.032428] notify_change+0xc28/0x1160 [ 1243.033010] do_truncate+0x134/0x1f0 [ 1243.033556] ? file_open_root+0x440/0x440 [ 1243.034150] ? lock_release+0x680/0x680 [ 1243.034765] do_sys_ftruncate+0x4e2/0x870 [ 1243.035362] do_syscall_64+0x33/0x40 [ 1243.035904] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1243.036631] RIP: 0033:0x7ff082d02b19 [ 1243.037171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1243.039748] RSP: 002b:00007ff080257188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1243.040840] RAX: ffffffffffffffda RBX: 00007ff082e16020 RCX: 00007ff082d02b19 [ 1243.041832] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1243.042832] RBP: 00007ff0802571d0 R08: 0000000000000000 R09: 0000000000000000 [ 1243.043840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1243.044838] R13: 00007ffd09dbd22f R14: 00007ff080257300 R15: 0000000000022000 [ 1243.049601] FAULT_INJECTION: forcing a failure. [ 1243.049601] name failslab, interval 1, probability 0, space 0, times 0 [ 1243.051349] CPU: 1 PID: 9119 Comm: syz-executor.4 Not tainted 5.10.222 #1 [ 1243.052317] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1243.053471] Call Trace: [ 1243.053848] dump_stack+0x107/0x167 [ 1243.054364] should_fail.cold+0x5/0xa [ 1243.054916] ? mempool_alloc+0x148/0x360 [ 1243.055493] ? mempool_free_pages+0x20/0x20 [ 1243.056104] should_failslab+0x5/0x20 [ 1243.056646] kmem_cache_alloc+0x5b/0x310 [ 1243.057225] ? mempool_free_pages+0x20/0x20 [ 1243.057843] mempool_alloc+0x148/0x360 [ 1243.058419] ? mark_lock+0xf5/0x2df0 [ 1243.058961] ? mempool_resize+0x7d0/0x7d0 [ 1243.059557] ? mark_lock+0xf5/0x2df0 [ 1243.060107] ? __lock_acquire+0xbb1/0x5b00 [ 1243.060713] bio_alloc_bioset+0x36e/0x600 [ 1243.061312] ? bvec_alloc+0x2f0/0x2f0 [ 1243.061850] ? perf_trace_lock+0xac/0x490 [ 1243.062437] ? SOFTIRQ_verbose+0x10/0x10 [ 1243.063028] mpage_alloc+0x2f/0x260 [ 1243.063554] __mpage_writepage+0x114e/0x1670 [ 1243.064204] ? clean_buffers+0x2a0/0x2a0 [ 1243.064795] ? find_get_pages_range_tag+0x5c9/0xbf0 [ 1243.065501] ? page_mkclean+0x151/0x2c0 [ 1243.066064] ? invalid_page_referenced_vma+0x570/0x570 [ 1243.066801] ? find_get_pages_contig+0x9c0/0x9c0 [ 1243.067478] ? mark_held_locks+0x9e/0xe0 [ 1243.068052] ? percpu_counter_add_batch+0x8b/0x140 [ 1243.068756] ? clear_page_dirty_for_io+0x216/0x7c0 [ 1243.069457] write_cache_pages+0x57f/0xe50 [ 1243.070062] ? clean_buffers+0x2a0/0x2a0 [ 1243.070657] ? clear_page_dirty_for_io+0x7c0/0x7c0 [ 1243.071480] ? __lock_acquire+0x1657/0x5b00 [ 1243.071678] attempt to access beyond end of device [ 1243.071678] loop1: rw=0, want=147, limit=128 [ 1243.072137] ? fat_add_cluster+0x100/0x100 [ 1243.073453] ? fat_readahead+0x20/0x20 [ 1243.074010] mpage_writepages+0xd8/0x230 [ 1243.074592] ? mpage_end_io+0x2c0/0x2c0 [ 1243.075162] ? fat_add_cluster+0x100/0x100 [ 1243.075857] ? lock_chain_count+0x20/0x20 [ 1243.076491] do_writepages+0xee/0x2a0 [ 1243.077086] ? page_writeback_cpu_online+0x20/0x20 [ 1243.077892] ? mark_held_locks+0x9e/0xe0 [ 1243.078555] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1243.079407] ? ktime_get_coarse_real_ts64+0x15a/0x190 [ 1243.080305] ? trace_hardirqs_on+0x5b/0x180 [ 1243.080988] __filemap_fdatawrite_range+0x24b/0x2f0 [ 1243.081790] ? delete_from_page_cache_batch+0xa30/0xa30 [ 1243.082650] ? current_time+0x1e6/0x2c0 [ 1243.083381] ? fat_truncate_time+0x5f0/0x5f0 [ 1243.084003] ? fat_update_time+0x111/0x220 [ 1243.084601] filemap_write_and_wait_range+0x65/0x100 [ 1243.085402] generic_file_direct_write+0x391/0x560 [ 1243.086190] __generic_file_write_iter+0x235/0x5d0 [ 1243.087045] ? iter_file_splice_write+0x16d/0xc30 [ 1243.087806] generic_file_write_iter+0xdb/0x230 [ 1243.088476] do_iter_readv_writev+0x476/0x750 [ 1243.089239] ? new_sync_write+0x660/0x660 [ 1243.089967] ? avc_policy_seqno+0x9/0x70 [ 1243.090623] ? selinux_file_permission+0x92/0x520 [ 1243.091396] ? security_file_permission+0xb1/0xe0 [ 1243.092256] do_iter_write+0x191/0x700 [ 1243.092852] ? trace_hardirqs_on+0x5b/0x180 [ 1243.093562] vfs_iter_write+0x70/0xa0 [ 1243.094266] iter_file_splice_write+0x762/0xc30 [ 1243.095029] ? generic_splice_sendpage+0x140/0x140 [ 1243.095839] ? security_file_permission+0xb1/0xe0 [ 1243.096704] ? generic_splice_sendpage+0x140/0x140 [ 1243.097468] direct_splice_actor+0x10f/0x170 [ 1243.098181] splice_direct_to_actor+0x387/0x980 [ 1243.099025] ? pipe_to_sendpage+0x380/0x380 [ 1243.099694] ? do_splice_to+0x160/0x160 [ 1243.100336] ? security_file_permission+0xb1/0xe0 [ 1243.101184] do_splice_direct+0x1c4/0x290 [ 1243.101922] ? splice_direct_to_actor+0x980/0x980 [ 1243.102691] ? avc_policy_seqno+0x9/0x70 [ 1243.103370] ? security_file_permission+0xb1/0xe0 [ 1243.104260] do_sendfile+0x553/0x11e0 [ 1243.104824] ? do_pwritev+0x270/0x270 [ 1243.105419] ? wait_for_completion_io+0x270/0x270 [ 1243.106274] ? rcu_read_lock_any_held+0x75/0xa0 [ 1243.106999] ? vfs_write+0x354/0xb10 [ 1243.107604] __x64_sys_sendfile64+0x1d1/0x210 [ 1243.108352] ? __ia32_sys_sendfile+0x220/0x220 [ 1243.109157] do_syscall_64+0x33/0x40 [ 1243.109775] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1243.110518] RIP: 0033:0x7f34e6513b19 [ 1243.111157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1243.114173] RSP: 002b:00007f34e3a89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1243.115335] RAX: ffffffffffffffda RBX: 00007f34e6626f60 RCX: 00007f34e6513b19 [ 1243.116402] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1243.117595] RBP: 00007f34e3a891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1243.118699] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1243.119967] R13: 00007ffffc44f47f R14: 00007f34e3a89300 R15: 0000000000022000 [ 1243.144588] attempt to access beyond end of device [ 1243.144588] loop5: rw=2049, want=276, limit=128 10:56:53 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$AUTOFS_IOC_SETTIMEOUT(r0, 0x80049367, &(0x7f0000000000)=0x5) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1243.167521] attempt to access beyond end of device [ 1243.167521] loop6: rw=0, want=147, limit=128 [ 1243.173486] attempt to access beyond end of device [ 1243.173486] loop1: rw=2049, want=276, limit=128 [ 1243.174889] attempt to access beyond end of device [ 1243.174889] loop6: rw=2049, want=276, limit=128 10:56:53 executing program 2: ftruncate(0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x38) statx(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x100, 0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0) ioctl$NS_GET_OWNER_UID(r3, 0xb704, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r3) sendfile(r3, 0xffffffffffffffff, 0x0, 0x100000001) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_test', 0x122902, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/ip_vs\x00') openat(r5, &(0x7f0000000380)='./file1\x00', 0x101002, 0x0) writev(r4, &(0x7f00000006c0)=[{&(0x7f0000000180)="647732419e007299a0527d51dc496437e692665510d40d35b770fd8d702d121d997dc90d08763cc1ed88ba0f538cb17d600a", 0x32}], 0x1) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x2, &(0x7f0000000500)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r1}}, {@posixacl}, {@loose}, {@version_u}, {@dfltgid={'dfltgid', 0x3d, r2}}, {@version_9p2000}], [{@fowner_eq}, {@dont_hash}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@smackfshat={'smackfshat', 0x3d, '\',\'A'}}, {@seclabel}, {@pcr={'pcr', 0x3d, 0x33}}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@appraise}]}}) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, 0x0) syz_io_uring_setup(0x7502, &(0x7f0000000640)={0x0, 0xa6ea, 0x0, 0x2, 0x381}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000700), &(0x7f0000000740)=0x0) syz_io_uring_submit(0x0, r6, &(0x7f00000007c0)=@IORING_OP_FILES_UPDATE={0x14, 0x4, 0x0, 0x0, 0x9, &(0x7f0000000780)=[r5, r0], 0x2, 0x0, 0x1}, 0x9) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x8, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0xc, 0x0, 0x0, @u32}]}, 0x1c}}, 0x0) 10:56:53 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 7) 10:56:53 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 8) 10:56:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 7) [ 1243.254615] SELinux: duplicate or incompatible mount options 10:56:53 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x0, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:56:53 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 11) [ 1243.320770] attempt to access beyond end of device [ 1243.320770] loop1: rw=2049, want=276, limit=128 10:56:53 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x59, 0x0, 0x309802, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@afid={'afid', 0x3d, 0x35}}, {@afid={'afid', 0x3d, 0xff}}, {@nodevmap}, {@debug={'debug', 0x3d, 0xffff}}], [{@dont_hash}, {@context={'context', 0x3d, 'unconfined_u'}}, {@dont_measure}, {@seclabel}]}}) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1243.345186] FAULT_INJECTION: forcing a failure. [ 1243.345186] name failslab, interval 1, probability 0, space 0, times 0 [ 1243.346188] CPU: 0 PID: 9153 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1243.346759] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1243.347425] Call Trace: [ 1243.347649] dump_stack+0x107/0x167 [ 1243.347947] should_fail.cold+0x5/0xa [ 1243.348261] ? create_object.isra.0+0x3a/0xa20 [ 1243.348632] should_failslab+0x5/0x20 [ 1243.348943] kmem_cache_alloc+0x5b/0x310 [ 1243.349294] create_object.isra.0+0x3a/0xa20 [ 1243.349651] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1243.350062] kmem_cache_alloc+0x159/0x310 [ 1243.350412] alloc_buffer_head+0x20/0x110 [ 1243.350757] alloc_page_buffers+0x14d/0x700 [ 1243.351110] create_empty_buffers+0x2c/0x640 [ 1243.351477] block_truncate_page+0x76c/0xab0 [ 1243.351834] ? fat_add_cluster+0x100/0x100 [ 1243.352177] ? selinux_inode_setattr+0x21c/0x2e0 [ 1243.352566] ? block_write_full_page+0x290/0x290 [ 1243.352954] ? inode_newsize_ok+0x18d/0x210 [ 1243.353302] ? setattr_prepare+0x135/0x7c0 [ 1243.353648] fat_setattr+0xa22/0xf50 [ 1243.353953] ? fat_free.isra.0+0x940/0x940 [ 1243.354293] notify_change+0xc28/0x1160 [ 1243.354629] do_truncate+0x134/0x1f0 [ 1243.354929] ? file_open_root+0x440/0x440 [ 1243.355270] ? lock_release+0x680/0x680 [ 1243.355605] do_sys_ftruncate+0x4e2/0x870 [ 1243.355943] do_syscall_64+0x33/0x40 [ 1243.356245] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1243.356659] RIP: 0033:0x7f6c59516b19 [ 1243.356959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1243.358418] RSP: 002b:00007f6c56a8c188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1243.359034] RAX: ffffffffffffffda RBX: 00007f6c59629f60 RCX: 00007f6c59516b19 [ 1243.359607] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1243.360175] RBP: 00007f6c56a8c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1243.360747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1243.361316] R13: 00007ffd8ecf288f R14: 00007f6c56a8c300 R15: 0000000000022000 [ 1243.373667] attempt to access beyond end of device [ 1243.373667] loop1: rw=0, want=147, limit=128 [ 1243.378395] FAULT_INJECTION: forcing a failure. [ 1243.378395] name failslab, interval 1, probability 0, space 0, times 0 [ 1243.380063] CPU: 1 PID: 9162 Comm: syz-executor.0 Not tainted 5.10.222 #1 [ 1243.381036] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1243.382203] Call Trace: [ 1243.382595] dump_stack+0x107/0x167 [ 1243.383123] should_fail.cold+0x5/0xa [ 1243.383669] ? create_task_io_context+0x2c/0x430 [ 1243.384341] should_failslab+0x5/0x20 [ 1243.384878] kmem_cache_alloc_node+0x55/0x330 [ 1243.385525] create_task_io_context+0x2c/0x430 [ 1243.386180] submit_bio_checks+0x1382/0x1730 [ 1243.386825] ? __lock_acquire+0xbb1/0x5b00 [ 1243.387436] ? trace_event_raw_event_block_rq_requeue+0x560/0x560 [ 1243.388327] submit_bio_noacct+0x82/0x1010 [ 1243.388942] ? __lockdep_reset_lock+0x180/0x180 [ 1243.389604] ? blk_queue_enter+0xc30/0xc30 [ 1243.390212] ? lock_acquire+0x197/0x470 [ 1243.390794] ? find_held_lock+0x2c/0x110 [ 1243.391380] submit_bio+0xf3/0x4e0 [ 1243.391891] ? submit_bio_noacct+0x1010/0x1010 [ 1243.392570] submit_bh_wbc.constprop.0+0x580/0x780 [ 1243.393267] ? block_commit_write+0x30/0x30 [ 1243.393884] ext4_read_bh+0x134/0x330 [ 1243.394429] ext4_read_bh_lock+0x76/0xd0 [ 1243.395024] __ext4_block_zero_page_range+0x530/0x940 [ 1243.395769] ext4_truncate+0xdbf/0x1160 [ 1243.396341] ? unmap_mapping_pages+0x117/0x2a0 [ 1243.397001] ? ext4_punch_hole+0x1070/0x1070 [ 1243.397648] ext4_setattr+0x1684/0x2160 [ 1243.398219] ? current_time+0x1e6/0x2c0 [ 1243.398812] ? ext4_journalled_write_end+0x1190/0x1190 [ 1243.399553] notify_change+0xc28/0x1160 [ 1243.400129] do_truncate+0x134/0x1f0 [ 1243.400663] ? file_open_root+0x440/0x440 [ 1243.401253] ? lock_release+0x680/0x680 [ 1243.401844] do_sys_ftruncate+0x4e2/0x870 [ 1243.402442] do_syscall_64+0x33/0x40 [ 1243.402975] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1243.403702] RIP: 0033:0x7fdb13aeab19 [ 1243.404227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1243.406785] RSP: 002b:00007fdb1103f188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1243.407843] RAX: ffffffffffffffda RBX: 00007fdb13bfe020 RCX: 00007fdb13aeab19 [ 1243.408844] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1243.409847] RBP: 00007fdb1103f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1243.410851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1243.411849] R13: 00007ffd9e9c2faf R14: 00007fdb1103f300 R15: 0000000000022000 [ 1243.416082] attempt to access beyond end of device [ 1243.416082] loop4: rw=2049, want=276, limit=128 [ 1243.418027] FAULT_INJECTION: forcing a failure. [ 1243.418027] name failslab, interval 1, probability 0, space 0, times 0 [ 1243.419649] CPU: 1 PID: 9158 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1243.420606] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1243.421772] Call Trace: [ 1243.422157] dump_stack+0x107/0x167 [ 1243.422694] should_fail.cold+0x5/0xa [ 1243.423247] ? mempool_alloc+0x148/0x360 [ 1243.423828] ? mempool_free_pages+0x20/0x20 [ 1243.424451] should_failslab+0x5/0x20 [ 1243.425000] kmem_cache_alloc+0x5b/0x310 [ 1243.425593] ? mempool_free_pages+0x20/0x20 [ 1243.426236] mempool_alloc+0x148/0x360 [ 1243.426817] ? mark_lock+0xf5/0x2df0 [ 1243.427364] ? mempool_resize+0x7d0/0x7d0 [ 1243.427951] ? mark_lock+0xf5/0x2df0 [ 1243.428516] ? __lock_acquire+0xbb1/0x5b00 [ 1243.429129] bio_alloc_bioset+0x36e/0x600 [ 1243.429735] ? bvec_alloc+0x2f0/0x2f0 [ 1243.430291] ? perf_trace_lock+0xac/0x490 [ 1243.430897] ? SOFTIRQ_verbose+0x10/0x10 [ 1243.431491] mpage_alloc+0x2f/0x260 [ 1243.432024] __mpage_writepage+0x114e/0x1670 [ 1243.432688] ? clean_buffers+0x2a0/0x2a0 [ 1243.433291] ? find_get_pages_range_tag+0x5c9/0xbf0 [ 1243.434012] ? page_mkclean+0x151/0x2c0 [ 1243.434592] ? invalid_page_referenced_vma+0x570/0x570 [ 1243.435367] ? find_get_pages_contig+0x9c0/0x9c0 [ 1243.436050] ? mark_held_locks+0x9e/0xe0 [ 1243.436632] ? percpu_counter_add_batch+0x8b/0x140 [ 1243.437339] ? clear_page_dirty_for_io+0x216/0x7c0 [ 1243.438071] write_cache_pages+0x57f/0xe50 [ 1243.438702] ? clean_buffers+0x2a0/0x2a0 [ 1243.439318] ? clear_page_dirty_for_io+0x7c0/0x7c0 [ 1243.440043] ? __lock_acquire+0x1657/0x5b00 [ 1243.440686] ? fat_add_cluster+0x100/0x100 [ 1243.441287] ? fat_readahead+0x20/0x20 [ 1243.441856] mpage_writepages+0xd8/0x230 [ 1243.442433] ? mpage_end_io+0x2c0/0x2c0 [ 1243.443044] ? fat_add_cluster+0x100/0x100 [ 1243.443642] ? lock_chain_count+0x20/0x20 [ 1243.444280] do_writepages+0xee/0x2a0 [ 1243.444828] ? page_writeback_cpu_online+0x20/0x20 [ 1243.445548] ? mark_held_locks+0x9e/0xe0 [ 1243.446137] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1243.446922] ? ktime_get_coarse_real_ts64+0x15a/0x190 [ 1243.447655] ? trace_hardirqs_on+0x5b/0x180 [ 1243.448292] __filemap_fdatawrite_range+0x24b/0x2f0 [ 1243.449000] ? delete_from_page_cache_batch+0xa30/0xa30 [ 1243.449771] ? current_time+0x1e6/0x2c0 [ 1243.450348] ? fat_truncate_time+0x5f0/0x5f0 [ 1243.451000] ? fat_update_time+0x111/0x220 [ 1243.451614] filemap_write_and_wait_range+0x65/0x100 [ 1243.452365] generic_file_direct_write+0x391/0x560 [ 1243.453077] __generic_file_write_iter+0x235/0x5d0 [ 1243.453796] ? iter_file_splice_write+0x16d/0xc30 [ 1243.454489] generic_file_write_iter+0xdb/0x230 [ 1243.455185] do_iter_readv_writev+0x476/0x750 [ 1243.455833] ? new_sync_write+0x660/0x660 [ 1243.456438] ? avc_policy_seqno+0x9/0x70 [ 1243.457019] ? selinux_file_permission+0x92/0x520 [ 1243.457733] ? security_file_permission+0xb1/0xe0 [ 1243.458430] do_iter_write+0x191/0x700 [ 1243.459015] ? trace_hardirqs_on+0x5b/0x180 [ 1243.459642] vfs_iter_write+0x70/0xa0 [ 1243.460206] iter_file_splice_write+0x762/0xc30 [ 1243.460887] ? generic_splice_sendpage+0x140/0x140 [ 1243.461633] ? security_file_permission+0xb1/0xe0 [ 1243.462321] ? generic_splice_sendpage+0x140/0x140 [ 1243.463046] direct_splice_actor+0x10f/0x170 [ 1243.463675] splice_direct_to_actor+0x387/0x980 [ 1243.464361] ? pipe_to_sendpage+0x380/0x380 [ 1243.464978] ? do_splice_to+0x160/0x160 [ 1243.465562] ? security_file_permission+0xb1/0xe0 [ 1243.466259] do_splice_direct+0x1c4/0x290 [ 1243.466875] ? splice_direct_to_actor+0x980/0x980 [ 1243.467562] ? avc_policy_seqno+0x9/0x70 [ 1243.468171] ? security_file_permission+0xb1/0xe0 [ 1243.468869] do_sendfile+0x553/0x11e0 [ 1243.469447] ? do_pwritev+0x270/0x270 [ 1243.469994] ? wait_for_completion_io+0x270/0x270 [ 1243.470710] ? rcu_read_lock_any_held+0x75/0xa0 [ 1243.471371] ? vfs_write+0x354/0xb10 [ 1243.471926] __x64_sys_sendfile64+0x1d1/0x210 [ 1243.472569] ? __ia32_sys_sendfile+0x220/0x220 [ 1243.473249] do_syscall_64+0x33/0x40 [ 1243.473784] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1243.474528] RIP: 0033:0x7f24f4026b19 [ 1243.475070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1243.477720] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1243.478799] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1243.479790] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1243.480795] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1243.481787] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1243.482789] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 10:56:53 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 8) [ 1243.525855] FAULT_INJECTION: forcing a failure. [ 1243.525855] name failslab, interval 1, probability 0, space 0, times 0 [ 1243.526976] CPU: 0 PID: 9164 Comm: syz-executor.6 Not tainted 5.10.222 #1 [ 1243.527529] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1243.528199] Call Trace: [ 1243.528425] dump_stack+0x107/0x167 [ 1243.528724] should_fail.cold+0x5/0xa [ 1243.529036] ? create_object.isra.0+0x3a/0xa20 [ 1243.529417] should_failslab+0x5/0x20 [ 1243.529729] kmem_cache_alloc+0x5b/0x310 [ 1243.530061] create_object.isra.0+0x3a/0xa20 [ 1243.530417] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1243.530838] kmem_cache_alloc+0x159/0x310 [ 1243.531184] alloc_buffer_head+0x20/0x110 [ 1243.531538] alloc_page_buffers+0x14d/0x700 [ 1243.531892] create_empty_buffers+0x2c/0x640 [ 1243.532258] block_truncate_page+0x76c/0xab0 [ 1243.532625] ? fat_add_cluster+0x100/0x100 [ 1243.532969] ? selinux_inode_setattr+0x21c/0x2e0 [ 1243.533352] ? block_write_full_page+0x290/0x290 [ 1243.533739] ? inode_newsize_ok+0x18d/0x210 [ 1243.534089] ? setattr_prepare+0x135/0x7c0 [ 1243.534439] fat_setattr+0xa22/0xf50 [ 1243.534759] ? fat_free.isra.0+0x940/0x940 [ 1243.535105] notify_change+0xc28/0x1160 [ 1243.535448] do_truncate+0x134/0x1f0 [ 1243.535753] ? file_open_root+0x440/0x440 [ 1243.536092] ? lock_release+0x680/0x680 [ 1243.536436] do_sys_ftruncate+0x4e2/0x870 [ 1243.536779] do_syscall_64+0x33/0x40 [ 1243.537084] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1243.537499] RIP: 0033:0x7ff082d02b19 [ 1243.537805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1243.539301] RSP: 002b:00007ff080257188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1243.539920] RAX: ffffffffffffffda RBX: 00007ff082e16020 RCX: 00007ff082d02b19 [ 1243.540503] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1243.541079] RBP: 00007ff0802571d0 R08: 0000000000000000 R09: 0000000000000000 [ 1243.541663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1243.542241] R13: 00007ffd09dbd22f R14: 00007ff080257300 R15: 0000000000022000 [ 1243.548524] attempt to access beyond end of device [ 1243.548524] loop6: rw=0, want=147, limit=128 [ 1243.559200] 9pnet: Insufficient options for proto=fd [ 1243.575517] SELinux: duplicate or incompatible mount options [ 1243.579175] attempt to access beyond end of device [ 1243.579175] loop6: rw=2049, want=276, limit=128 [ 1243.607775] 9pnet: Insufficient options for proto=fd [ 1243.669863] FAULT_INJECTION: forcing a failure. [ 1243.669863] name failslab, interval 1, probability 0, space 0, times 0 [ 1243.670912] CPU: 0 PID: 9172 Comm: syz-executor.4 Not tainted 5.10.222 #1 [ 1243.671465] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1243.672149] Call Trace: [ 1243.672391] dump_stack+0x107/0x167 [ 1243.672711] should_fail.cold+0x5/0xa [ 1243.673044] ? create_object.isra.0+0x3a/0xa20 [ 1243.673437] should_failslab+0x5/0x20 [ 1243.673768] kmem_cache_alloc+0x5b/0x310 [ 1243.674120] ? mark_lock+0xf5/0x2df0 [ 1243.674450] create_object.isra.0+0x3a/0xa20 [ 1243.674836] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1243.675284] kmem_cache_alloc+0x159/0x310 [ 1243.675648] ? mempool_free_pages+0x20/0x20 [ 1243.676021] mempool_alloc+0x148/0x360 [ 1243.676364] ? mark_lock+0xf5/0x2df0 [ 1243.676685] ? mempool_resize+0x7d0/0x7d0 [ 1243.677036] ? mark_lock+0xf5/0x2df0 [ 1243.677375] ? __lock_acquire+0xbb1/0x5b00 [ 1243.677751] bio_alloc_bioset+0x36e/0x600 [ 1243.678110] ? bvec_alloc+0x2f0/0x2f0 [ 1243.678448] ? perf_trace_lock+0xac/0x490 [ 1243.678813] ? SOFTIRQ_verbose+0x10/0x10 [ 1243.679178] mpage_alloc+0x2f/0x260 [ 1243.679508] __mpage_writepage+0x114e/0x1670 [ 1243.679908] ? clean_buffers+0x2a0/0x2a0 [ 1243.680271] ? find_get_pages_range_tag+0x5c9/0xbf0 [ 1243.680704] ? page_mkclean+0x151/0x2c0 [ 1243.681046] ? invalid_page_referenced_vma+0x570/0x570 [ 1243.681491] ? find_get_pages_contig+0x9c0/0x9c0 [ 1243.681906] ? mark_held_locks+0x9e/0xe0 [ 1243.682262] ? percpu_counter_add_batch+0x8b/0x140 [ 1243.682670] ? clear_page_dirty_for_io+0x216/0x7c0 [ 1243.683071] write_cache_pages+0x57f/0xe50 [ 1243.683415] ? clean_buffers+0x2a0/0x2a0 [ 1243.683750] ? clear_page_dirty_for_io+0x7c0/0x7c0 [ 1243.684157] ? __lock_acquire+0x1657/0x5b00 [ 1243.684505] ? fat_add_cluster+0x100/0x100 [ 1243.684842] ? fat_readahead+0x20/0x20 [ 1243.685155] mpage_writepages+0xd8/0x230 [ 1243.685494] ? mpage_end_io+0x2c0/0x2c0 [ 1243.685816] ? fat_add_cluster+0x100/0x100 [ 1243.686161] ? lock_chain_count+0x20/0x20 [ 1243.686513] do_writepages+0xee/0x2a0 [ 1243.686842] ? page_writeback_cpu_online+0x20/0x20 [ 1243.687243] ? mark_held_locks+0x9e/0xe0 [ 1243.687584] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1243.688007] ? ktime_get_coarse_real_ts64+0x15a/0x190 [ 1243.688422] ? trace_hardirqs_on+0x5b/0x180 [ 1243.688776] __filemap_fdatawrite_range+0x24b/0x2f0 [ 1243.689177] ? delete_from_page_cache_batch+0xa30/0xa30 [ 1243.689608] ? current_time+0x1e6/0x2c0 [ 1243.689940] ? fat_truncate_time+0x5f0/0x5f0 [ 1243.690294] ? fat_update_time+0x111/0x220 [ 1243.690645] filemap_write_and_wait_range+0x65/0x100 [ 1243.691059] generic_file_direct_write+0x391/0x560 [ 1243.691459] __generic_file_write_iter+0x235/0x5d0 [ 1243.691861] ? iter_file_splice_write+0x16d/0xc30 [ 1243.692252] generic_file_write_iter+0xdb/0x230 [ 1243.692631] do_iter_readv_writev+0x476/0x750 [ 1243.692996] ? new_sync_write+0x660/0x660 [ 1243.693334] ? avc_policy_seqno+0x9/0x70 [ 1243.693661] ? selinux_file_permission+0x92/0x520 [ 1243.694056] ? security_file_permission+0xb1/0xe0 [ 1243.694458] do_iter_write+0x191/0x700 [ 1243.694783] ? trace_hardirqs_on+0x5b/0x180 [ 1243.695141] vfs_iter_write+0x70/0xa0 [ 1243.695454] iter_file_splice_write+0x762/0xc30 [ 1243.695840] ? generic_splice_sendpage+0x140/0x140 [ 1243.696255] ? security_file_permission+0xb1/0xe0 [ 1243.696649] ? generic_splice_sendpage+0x140/0x140 [ 1243.697053] direct_splice_actor+0x10f/0x170 [ 1243.697425] splice_direct_to_actor+0x387/0x980 [ 1243.697803] ? pipe_to_sendpage+0x380/0x380 [ 1243.698158] ? do_splice_to+0x160/0x160 [ 1243.698483] ? security_file_permission+0xb1/0xe0 [ 1243.698888] do_splice_direct+0x1c4/0x290 [ 1243.699227] ? splice_direct_to_actor+0x980/0x980 [ 1243.699614] ? avc_policy_seqno+0x9/0x70 [ 1243.699948] ? security_file_permission+0xb1/0xe0 [ 1243.700348] do_sendfile+0x553/0x11e0 [ 1243.700668] ? do_pwritev+0x270/0x270 [ 1243.700978] ? wait_for_completion_io+0x270/0x270 [ 1243.701379] ? rcu_read_lock_any_held+0x75/0xa0 [ 1243.701752] ? vfs_write+0x354/0xb10 [ 1243.702064] __x64_sys_sendfile64+0x1d1/0x210 [ 1243.702426] ? __ia32_sys_sendfile+0x220/0x220 [ 1243.702812] do_syscall_64+0x33/0x40 [ 1243.703111] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1243.703528] RIP: 0033:0x7f34e6513b19 [ 1243.703829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1243.705306] RSP: 002b:00007f34e3a89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1243.705924] RAX: ffffffffffffffda RBX: 00007f34e6626f60 RCX: 00007f34e6513b19 [ 1243.706493] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1243.707072] RBP: 00007f34e3a891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1243.707645] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1243.708218] R13: 00007ffffc44f47f R14: 00007f34e3a89300 R15: 0000000000022000 10:57:08 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 9) 10:57:08 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 9) 10:57:08 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 8) 10:57:08 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x0, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:57:08 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 12) 10:57:08 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 8) 10:57:08 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x24) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x9a) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 10:57:08 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x105142, 0x0) lseek(r1, 0x0, 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x120) copy_file_range(r2, 0x0, r1, 0x0, 0x200f5ef, 0x0) 10:57:08 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x428300, 0x1a0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1258.163099] FAULT_INJECTION: forcing a failure. [ 1258.163099] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.165018] CPU: 0 PID: 9198 Comm: syz-executor.0 Not tainted 5.10.222 #1 [ 1258.166202] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.167574] Call Trace: [ 1258.168020] dump_stack+0x107/0x167 [ 1258.168628] should_fail.cold+0x5/0xa [ 1258.169258] ? create_object.isra.0+0x3a/0xa20 [ 1258.170016] should_failslab+0x5/0x20 [ 1258.170110] FAULT_INJECTION: forcing a failure. [ 1258.170110] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.170636] kmem_cache_alloc+0x5b/0x310 [ 1258.170668] create_object.isra.0+0x3a/0xa20 [ 1258.173063] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1258.173904] kmem_cache_alloc_node+0x169/0x330 [ 1258.174669] create_task_io_context+0x2c/0x430 [ 1258.175437] submit_bio_checks+0x1382/0x1730 [ 1258.176170] ? __lock_acquire+0xbb1/0x5b00 [ 1258.176885] ? trace_event_raw_event_block_rq_requeue+0x560/0x560 [ 1258.177907] submit_bio_noacct+0x82/0x1010 [ 1258.178618] ? __lockdep_reset_lock+0x180/0x180 [ 1258.179388] ? blk_queue_enter+0xc30/0xc30 [ 1258.180100] ? lock_acquire+0x197/0x470 [ 1258.180750] ? find_held_lock+0x2c/0x110 [ 1258.181440] submit_bio+0xf3/0x4e0 [ 1258.182028] ? submit_bio_noacct+0x1010/0x1010 [ 1258.182816] submit_bh_wbc.constprop.0+0x580/0x780 [ 1258.183627] ? block_commit_write+0x30/0x30 [ 1258.184347] ext4_read_bh+0x134/0x330 [ 1258.184970] ext4_read_bh_lock+0x76/0xd0 [ 1258.185645] __ext4_block_zero_page_range+0x530/0x940 [ 1258.186498] ext4_truncate+0xdbf/0x1160 [ 1258.187153] ? unmap_mapping_pages+0x117/0x2a0 [ 1258.187908] ? ext4_punch_hole+0x1070/0x1070 [ 1258.188645] ext4_setattr+0x1684/0x2160 [ 1258.189295] ? current_time+0x1e6/0x2c0 [ 1258.189966] ? ext4_journalled_write_end+0x1190/0x1190 [ 1258.190821] notify_change+0xc28/0x1160 [ 1258.191495] do_truncate+0x134/0x1f0 [ 1258.192101] ? file_open_root+0x440/0x440 [ 1258.192779] ? lock_release+0x680/0x680 [ 1258.193460] do_sys_ftruncate+0x4e2/0x870 [ 1258.194143] do_syscall_64+0x33/0x40 [ 1258.194750] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.195584] RIP: 0033:0x7fdb13aeab19 [ 1258.196182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.199108] RSP: 002b:00007fdb1103f188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1258.200328] RAX: ffffffffffffffda RBX: 00007fdb13bfe020 RCX: 00007fdb13aeab19 [ 1258.201479] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1258.202620] RBP: 00007fdb1103f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.203760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1258.204904] R13: 00007ffd9e9c2faf R14: 00007fdb1103f300 R15: 0000000000022000 [ 1258.206074] CPU: 1 PID: 9193 Comm: syz-executor.4 Not tainted 5.10.222 #1 [ 1258.206730] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.207497] Call Trace: [ 1258.207748] dump_stack+0x107/0x167 [ 1258.208091] should_fail.cold+0x5/0xa [ 1258.208449] ? mempool_alloc+0x148/0x360 [ 1258.208821] ? mempool_free_pages+0x20/0x20 [ 1258.209229] should_failslab+0x5/0x20 [ 1258.209593] kmem_cache_alloc+0x5b/0x310 [ 1258.209976] ? mempool_free_pages+0x20/0x20 [ 1258.210384] mempool_alloc+0x148/0x360 [ 1258.210757] ? mark_lock+0xf5/0x2df0 [ 1258.211116] ? mempool_resize+0x7d0/0x7d0 [ 1258.211502] ? mark_lock+0xf5/0x2df0 [ 1258.211860] ? __lock_acquire+0xbb1/0x5b00 [ 1258.212260] bio_alloc_bioset+0x36e/0x600 [ 1258.212650] ? bvec_alloc+0x2f0/0x2f0 [ 1258.213011] ? perf_trace_lock+0xac/0x490 [ 1258.213399] ? SOFTIRQ_verbose+0x10/0x10 [ 1258.213782] mpage_alloc+0x2f/0x260 [ 1258.214124] __mpage_writepage+0x114e/0x1670 [ 1258.214548] ? clean_buffers+0x2a0/0x2a0 [ 1258.214944] ? find_get_pages_range_tag+0x5c9/0xbf0 [ 1258.215406] ? page_mkclean+0x151/0x2c0 [ 1258.215775] ? invalid_page_referenced_vma+0x570/0x570 [ 1258.216258] ? find_get_pages_contig+0x9c0/0x9c0 [ 1258.216701] ? mark_held_locks+0x9e/0xe0 [ 1258.217077] ? percpu_counter_add_batch+0x8b/0x140 [ 1258.217536] ? clear_page_dirty_for_io+0x216/0x7c0 [ 1258.217995] write_cache_pages+0x57f/0xe50 [ 1258.218391] ? clean_buffers+0x2a0/0x2a0 [ 1258.218775] ? clear_page_dirty_for_io+0x7c0/0x7c0 [ 1258.219252] ? __lock_acquire+0x1657/0x5b00 [ 1258.219658] ? fat_add_cluster+0x100/0x100 [ 1258.220048] ? fat_readahead+0x20/0x20 [ 1258.220408] mpage_writepages+0xd8/0x230 [ 1258.220790] ? mpage_end_io+0x2c0/0x2c0 [ 1258.221161] ? fat_add_cluster+0x100/0x100 [ 1258.221553] ? lock_chain_count+0x20/0x20 [ 1258.221956] do_writepages+0xee/0x2a0 [ 1258.222311] ? page_writeback_cpu_online+0x20/0x20 [ 1258.222769] ? mark_held_locks+0x9e/0xe0 [ 1258.223154] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1258.223641] ? ktime_get_coarse_real_ts64+0x15a/0x190 [ 1258.224114] ? trace_hardirqs_on+0x5b/0x180 [ 1258.224519] __filemap_fdatawrite_range+0x24b/0x2f0 [ 1258.224983] ? delete_from_page_cache_batch+0xa30/0xa30 [ 1258.225469] ? current_time+0x1e6/0x2c0 [ 1258.225847] ? fat_truncate_time+0x5f0/0x5f0 [ 1258.226250] ? fat_update_time+0x111/0x220 [ 1258.226645] filemap_write_and_wait_range+0x65/0x100 [ 1258.227124] generic_file_direct_write+0x391/0x560 [ 1258.227585] __generic_file_write_iter+0x235/0x5d0 [ 1258.228037] ? iter_file_splice_write+0x16d/0xc30 [ 1258.228485] generic_file_write_iter+0xdb/0x230 [ 1258.228924] do_iter_readv_writev+0x476/0x750 [ 1258.229340] ? new_sync_write+0x660/0x660 [ 1258.229725] ? avc_policy_seqno+0x9/0x70 [ 1258.230098] ? selinux_file_permission+0x92/0x520 [ 1258.230549] ? security_file_permission+0xb1/0xe0 [ 1258.231010] do_iter_write+0x191/0x700 [ 1258.231379] ? trace_hardirqs_on+0x5b/0x180 [ 1258.231784] vfs_iter_write+0x70/0xa0 [ 1258.232141] iter_file_splice_write+0x762/0xc30 [ 1258.232581] ? generic_splice_sendpage+0x140/0x140 [ 1258.233047] ? security_file_permission+0xb1/0xe0 [ 1258.233488] ? generic_splice_sendpage+0x140/0x140 [ 1258.233955] direct_splice_actor+0x10f/0x170 [ 1258.234363] splice_direct_to_actor+0x387/0x980 [ 1258.234813] ? pipe_to_sendpage+0x380/0x380 [ 1258.235217] ? do_splice_to+0x160/0x160 [ 1258.235587] ? security_file_permission+0xb1/0xe0 [ 1258.236035] do_splice_direct+0x1c4/0x290 [ 1258.236452] ? splice_direct_to_actor+0x980/0x980 [ 1258.236918] ? avc_policy_seqno+0x9/0x70 [ 1258.237299] ? security_file_permission+0xb1/0xe0 [ 1258.237753] do_sendfile+0x553/0x11e0 [ 1258.238116] ? do_pwritev+0x270/0x270 [ 1258.238471] ? wait_for_completion_io+0x270/0x270 [ 1258.238927] ? rcu_read_lock_any_held+0x75/0xa0 [ 1258.239353] ? vfs_write+0x354/0xb10 [ 1258.239703] __x64_sys_sendfile64+0x1d1/0x210 [ 1258.240116] ? __ia32_sys_sendfile+0x220/0x220 [ 1258.240546] do_syscall_64+0x33/0x40 [ 1258.240885] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.241354] RIP: 0033:0x7f34e6513b19 [ 1258.241703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.243386] RSP: 002b:00007f34e3a89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1258.244081] RAX: ffffffffffffffda RBX: 00007f34e6626f60 RCX: 00007f34e6513b19 [ 1258.244731] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1258.245376] RBP: 00007f34e3a891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.246032] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1258.246671] R13: 00007ffffc44f47f R14: 00007f34e3a89300 R15: 0000000000022000 [ 1258.249126] handle_bad_sector: 2 callbacks suppressed [ 1258.249143] attempt to access beyond end of device [ 1258.249143] loop1: rw=2049, want=276, limit=128 [ 1258.253203] FAULT_INJECTION: forcing a failure. [ 1258.253203] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.254996] CPU: 0 PID: 9185 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1258.256118] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.257404] Call Trace: [ 1258.257826] dump_stack+0x107/0x167 [ 1258.258405] should_fail.cold+0x5/0xa [ 1258.259074] ? create_object.isra.0+0x3a/0xa20 [ 1258.259800] should_failslab+0x5/0x20 [ 1258.260020] FAULT_INJECTION: forcing a failure. [ 1258.260020] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.260393] kmem_cache_alloc+0x5b/0x310 [ 1258.260419] ? mark_lock+0xf5/0x2df0 [ 1258.262618] create_object.isra.0+0x3a/0xa20 [ 1258.263318] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1258.264117] kmem_cache_alloc+0x159/0x310 [ 1258.264774] ? mempool_free_pages+0x20/0x20 [ 1258.265455] mempool_alloc+0x148/0x360 [ 1258.266068] ? mark_lock+0xf5/0x2df0 [ 1258.266649] ? mempool_resize+0x7d0/0x7d0 [ 1258.267300] ? mark_lock+0xf5/0x2df0 [ 1258.267901] ? __lock_acquire+0xbb1/0x5b00 [ 1258.268567] bio_alloc_bioset+0x36e/0x600 [ 1258.269216] ? bvec_alloc+0x2f0/0x2f0 [ 1258.269813] ? perf_trace_lock+0xac/0x490 [ 1258.270461] ? SOFTIRQ_verbose+0x10/0x10 [ 1258.271111] mpage_alloc+0x2f/0x260 [ 1258.271690] __mpage_writepage+0x114e/0x1670 [ 1258.272405] ? clean_buffers+0x2a0/0x2a0 [ 1258.273054] ? find_get_pages_range_tag+0x5c9/0xbf0 [ 1258.273837] ? page_mkclean+0x151/0x2c0 [ 1258.274458] ? invalid_page_referenced_vma+0x570/0x570 [ 1258.275280] ? find_get_pages_contig+0x9c0/0x9c0 [ 1258.276029] ? mark_held_locks+0x9e/0xe0 [ 1258.276666] ? percpu_counter_add_batch+0x8b/0x140 [ 1258.277441] ? clear_page_dirty_for_io+0x216/0x7c0 [ 1258.278217] write_cache_pages+0x57f/0xe50 [ 1258.278882] ? clean_buffers+0x2a0/0x2a0 [ 1258.279538] ? clear_page_dirty_for_io+0x7c0/0x7c0 [ 1258.280330] ? __lock_acquire+0x1657/0x5b00 [ 1258.281010] ? fat_add_cluster+0x100/0x100 [ 1258.281668] ? fat_readahead+0x20/0x20 [ 1258.282277] mpage_writepages+0xd8/0x230 [ 1258.282914] ? mpage_end_io+0x2c0/0x2c0 [ 1258.283537] ? fat_add_cluster+0x100/0x100 [ 1258.284190] ? lock_chain_count+0x20/0x20 [ 1258.284858] do_writepages+0xee/0x2a0 [ 1258.285459] ? page_writeback_cpu_online+0x20/0x20 [ 1258.286218] ? mark_held_locks+0x9e/0xe0 [ 1258.286856] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1258.287674] ? ktime_get_coarse_real_ts64+0x15a/0x190 [ 1258.288465] ? trace_hardirqs_on+0x5b/0x180 [ 1258.289144] __filemap_fdatawrite_range+0x24b/0x2f0 [ 1258.289915] ? delete_from_page_cache_batch+0xa30/0xa30 [ 1258.290730] ? current_time+0x1e6/0x2c0 [ 1258.291377] ? fat_truncate_time+0x5f0/0x5f0 [ 1258.292055] ? fat_update_time+0x111/0x220 [ 1258.292716] filemap_write_and_wait_range+0x65/0x100 [ 1258.293500] generic_file_direct_write+0x391/0x560 [ 1258.294271] __generic_file_write_iter+0x235/0x5d0 [ 1258.295031] ? iter_file_splice_write+0x16d/0xc30 [ 1258.295785] generic_file_write_iter+0xdb/0x230 [ 1258.296513] do_iter_readv_writev+0x476/0x750 [ 1258.297211] ? new_sync_write+0x660/0x660 [ 1258.297848] ? avc_policy_seqno+0x9/0x70 [ 1258.298474] ? selinux_file_permission+0x92/0x520 [ 1258.299229] ? security_file_permission+0xb1/0xe0 [ 1258.299983] do_iter_write+0x191/0x700 [ 1258.300584] ? trace_hardirqs_on+0x5b/0x180 [ 1258.301255] vfs_iter_write+0x70/0xa0 [ 1258.301845] iter_file_splice_write+0x762/0xc30 [ 1258.302577] ? generic_splice_sendpage+0x140/0x140 [ 1258.303362] ? security_file_permission+0xb1/0xe0 [ 1258.304104] ? generic_splice_sendpage+0x140/0x140 [ 1258.304853] direct_splice_actor+0x10f/0x170 [ 1258.305535] splice_direct_to_actor+0x387/0x980 [ 1258.306255] ? pipe_to_sendpage+0x380/0x380 [ 1258.306926] ? do_splice_to+0x160/0x160 [ 1258.307541] ? security_file_permission+0xb1/0xe0 [ 1258.308287] do_splice_direct+0x1c4/0x290 [ 1258.308925] ? splice_direct_to_actor+0x980/0x980 [ 1258.309655] ? avc_policy_seqno+0x9/0x70 [ 1258.310288] ? security_file_permission+0xb1/0xe0 [ 1258.311043] do_sendfile+0x553/0x11e0 [ 1258.311644] ? do_pwritev+0x270/0x270 [ 1258.312232] ? wait_for_completion_io+0x270/0x270 [ 1258.312969] ? rcu_read_lock_any_held+0x75/0xa0 [ 1258.313678] ? vfs_write+0x354/0xb10 [ 1258.314255] __x64_sys_sendfile64+0x1d1/0x210 [ 1258.314945] ? __ia32_sys_sendfile+0x220/0x220 [ 1258.315656] do_syscall_64+0x33/0x40 [ 1258.316220] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.316997] RIP: 0033:0x7f24f4026b19 [ 1258.317562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.320316] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1258.321468] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1258.322538] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1258.323609] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.324677] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1258.325751] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1258.326850] CPU: 1 PID: 9201 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1258.327470] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.328196] Call Trace: [ 1258.328433] dump_stack+0x107/0x167 [ 1258.328760] should_fail.cold+0x5/0xa [ 1258.329101] ? create_object.isra.0+0x3a/0xa20 [ 1258.329511] should_failslab+0x5/0x20 [ 1258.329853] kmem_cache_alloc+0x5b/0x310 [ 1258.330216] create_object.isra.0+0x3a/0xa20 [ 1258.330612] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1258.331077] kmem_cache_alloc+0x159/0x310 [ 1258.331444] alloc_buffer_head+0x20/0x110 [ 1258.331811] alloc_page_buffers+0x14d/0x700 [ 1258.332196] create_empty_buffers+0x2c/0x640 [ 1258.332588] block_truncate_page+0x76c/0xab0 [ 1258.332974] ? fat_add_cluster+0x100/0x100 [ 1258.333346] ? selinux_inode_setattr+0x21c/0x2e0 [ 1258.333762] ? block_write_full_page+0x290/0x290 [ 1258.334180] ? inode_newsize_ok+0x18d/0x210 [ 1258.334557] ? setattr_prepare+0x135/0x7c0 [ 1258.334943] fat_setattr+0xa22/0xf50 [ 1258.335282] ? fat_free.isra.0+0x940/0x940 [ 1258.335651] notify_change+0xc28/0x1160 [ 1258.336011] do_truncate+0x134/0x1f0 [ 1258.336341] ? file_open_root+0x440/0x440 [ 1258.336705] ? lock_release+0x680/0x680 [ 1258.337071] do_sys_ftruncate+0x4e2/0x870 [ 1258.337440] do_syscall_64+0x33/0x40 [ 1258.337766] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.338214] RIP: 0033:0x7f6c59516b19 [ 1258.338539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.340142] RSP: 002b:00007f6c56a6b188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1258.340803] RAX: ffffffffffffffda RBX: 00007f6c5962a020 RCX: 00007f6c59516b19 [ 1258.341419] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1258.342034] RBP: 00007f6c56a6b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.342647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1258.343270] R13: 00007ffd8ecf288f R14: 00007f6c56a6b300 R15: 0000000000022000 [ 1258.354414] FAULT_INJECTION: forcing a failure. [ 1258.354414] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.356207] CPU: 0 PID: 9204 Comm: syz-executor.6 Not tainted 5.10.222 #1 [ 1258.357229] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.358463] Call Trace: [ 1258.358866] dump_stack+0x107/0x167 [ 1258.359426] should_fail.cold+0x5/0xa [ 1258.360005] ? create_object.isra.0+0x3a/0xa20 [ 1258.360686] should_failslab+0x5/0x20 [ 1258.361258] kmem_cache_alloc+0x5b/0x310 [ 1258.361872] create_object.isra.0+0x3a/0xa20 [ 1258.362529] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1258.363300] kmem_cache_alloc+0x159/0x310 [ 1258.363929] alloc_buffer_head+0x20/0x110 [ 1258.364546] alloc_page_buffers+0x14d/0x700 [ 1258.365194] create_empty_buffers+0x2c/0x640 [ 1258.365860] block_truncate_page+0x76c/0xab0 [ 1258.366518] ? fat_add_cluster+0x100/0x100 [ 1258.367158] ? selinux_inode_setattr+0x21c/0x2e0 [ 1258.367867] ? block_write_full_page+0x290/0x290 [ 1258.368567] ? inode_newsize_ok+0x18d/0x210 [ 1258.369213] ? setattr_prepare+0x135/0x7c0 [ 1258.369853] fat_setattr+0xa22/0xf50 [ 1258.370422] ? fat_free.isra.0+0x940/0x940 [ 1258.371059] notify_change+0xc28/0x1160 [ 1258.371665] do_truncate+0x134/0x1f0 [ 1258.372226] ? file_open_root+0x440/0x440 [ 1258.372847] ? lock_release+0x680/0x680 [ 1258.373469] do_sys_ftruncate+0x4e2/0x870 [ 1258.374096] do_syscall_64+0x33/0x40 [ 1258.374645] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.375412] RIP: 0033:0x7ff082d02b19 [ 1258.375968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.378651] RSP: 002b:00007ff080257188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1258.379838] RAX: ffffffffffffffda RBX: 00007ff082e16020 RCX: 00007ff082d02b19 [ 1258.380872] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1258.381912] RBP: 00007ff0802571d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.382956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1258.383997] R13: 00007ffd09dbd22f R14: 00007ff080257300 R15: 0000000000022000 [ 1258.390122] attempt to access beyond end of device [ 1258.390122] loop6: rw=0, want=147, limit=128 [ 1258.414649] attempt to access beyond end of device [ 1258.414649] loop6: rw=2049, want=276, limit=128 [ 1258.417925] attempt to access beyond end of device [ 1258.417925] loop5: rw=2049, want=276, limit=128 10:57:08 executing program 2: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000140), 0x8}, 0xdd48a83c10608be0, 0x0, 0x0, 0x2, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rt_sigqueueinfo(0x0, 0x11, &(0x7f0000000280)={0x0, 0x0, 0x6}) r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2800, 0x3) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x1d, &(0x7f0000000300)={0x0, 0x5c3e, 0x8, 0x1, 0x3e1}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000200)=0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000280)=@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}}}, 0x0) syz_io_uring_setup(0x6a25, &(0x7f00000003c0)={0x0, 0xf43e, 0x4, 0x3, 0x3a7, 0x0, r1}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000240)=0x0) syz_io_uring_submit(r2, r5, &(0x7f0000000440)=@IORING_OP_CLOSE={0x13, 0x3, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xd84a) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)) io_uring_enter(r1, 0x76d2, 0x0, 0x0, 0x0, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x100000001) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_IPV6_IPSEC_POLICY(r8, 0x29, 0x22, &(0x7f00000004c0)={{{@in6=@remote, @in6}}, {{@in6=@remote}, 0x0, @in6=@initdev}}, &(0x7f0000000100)=0x8) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0xc0ff, 0x4) r9 = creat(&(0x7f0000000380)='./file0\x00', 0x28) write$binfmt_elf64(r9, &(0x7f0000000100)=ANY=[], 0xfdef) [ 1258.437503] attempt to access beyond end of device [ 1258.437503] loop4: rw=2049, want=276, limit=128 10:57:08 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x0, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:57:08 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 9) 10:57:08 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x14d340, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 10:57:08 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 9) [ 1258.517759] attempt to access beyond end of device [ 1258.517759] loop1: rw=0, want=147, limit=128 10:57:08 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 13) [ 1258.577748] attempt to access beyond end of device [ 1258.577748] loop6: rw=2049, want=276, limit=128 [ 1258.588549] FAULT_INJECTION: forcing a failure. [ 1258.588549] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.589532] CPU: 1 PID: 9213 Comm: syz-executor.6 Not tainted 5.10.222 #1 [ 1258.590074] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.590743] Call Trace: [ 1258.590974] dump_stack+0x107/0x167 [ 1258.591275] should_fail.cold+0x5/0xa [ 1258.591583] ? create_object.isra.0+0x3a/0xa20 [ 1258.591961] should_failslab+0x5/0x20 [ 1258.592270] kmem_cache_alloc+0x5b/0x310 [ 1258.592605] create_object.isra.0+0x3a/0xa20 [ 1258.592959] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1258.593369] kmem_cache_alloc+0x159/0x310 [ 1258.593708] alloc_buffer_head+0x20/0x110 [ 1258.594042] alloc_page_buffers+0x14d/0x700 [ 1258.594397] create_empty_buffers+0x2c/0x640 [ 1258.594763] block_truncate_page+0x76c/0xab0 [ 1258.595125] ? fat_add_cluster+0x100/0x100 [ 1258.595480] ? selinux_inode_setattr+0x21c/0x2e0 [ 1258.595857] ? block_write_full_page+0x290/0x290 [ 1258.596237] ? inode_newsize_ok+0x18d/0x210 [ 1258.596583] ? setattr_prepare+0x135/0x7c0 [ 1258.596928] fat_setattr+0xa22/0xf50 [ 1258.597238] ? fat_free.isra.0+0x940/0x940 [ 1258.597576] notify_change+0xc28/0x1160 [ 1258.597909] do_truncate+0x134/0x1f0 [ 1258.598209] ? file_open_root+0x440/0x440 [ 1258.598545] ? lock_release+0x680/0x680 [ 1258.598880] do_sys_ftruncate+0x4e2/0x870 [ 1258.599225] do_syscall_64+0x33/0x40 [ 1258.599528] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.599939] RIP: 0033:0x7ff082d02b19 [ 1258.600243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.601714] RSP: 002b:00007ff080278188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1258.602319] RAX: ffffffffffffffda RBX: 00007ff082e15f60 RCX: 00007ff082d02b19 [ 1258.602888] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1258.603460] RBP: 00007ff0802781d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.604027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1258.604598] R13: 00007ffd09dbd22f R14: 00007ff080278300 R15: 0000000000022000 [ 1258.606495] attempt to access beyond end of device [ 1258.606495] loop6: rw=0, want=147, limit=128 10:57:08 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 10) 10:57:08 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 10) 10:57:08 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 10) [ 1258.764297] FAULT_INJECTION: forcing a failure. [ 1258.764297] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.765601] CPU: 1 PID: 9226 Comm: syz-executor.0 Not tainted 5.10.222 #1 [ 1258.766150] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.766819] Call Trace: [ 1258.767051] dump_stack+0x107/0x167 [ 1258.767352] should_fail.cold+0x5/0xa [ 1258.767663] ? create_object.isra.0+0x3a/0xa20 [ 1258.768034] should_failslab+0x5/0x20 [ 1258.768348] kmem_cache_alloc+0x5b/0x310 [ 1258.768682] create_object.isra.0+0x3a/0xa20 [ 1258.769040] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1258.769459] __kmalloc+0x16e/0x390 [ 1258.769762] ext4_ext_remove_space+0x15af/0x3d90 [ 1258.770165] ? ext4_es_remove_extent+0x2f2/0x450 [ 1258.770559] ? do_raw_read_unlock+0x70/0x70 [ 1258.770924] ? ext4_da_release_space+0x21/0x480 [ 1258.771300] ? ext4_ext_index_trans_blocks+0x170/0x170 [ 1258.771737] ? ext4_es_lookup_extent+0xaa0/0xaa0 [ 1258.772124] ? down_write_killable+0x180/0x180 [ 1258.772508] ext4_ext_truncate+0x1ea/0x250 [ 1258.772859] ext4_truncate+0xc38/0x1160 [ 1258.773184] ? unmap_mapping_pages+0x117/0x2a0 [ 1258.773557] ? ext4_punch_hole+0x1070/0x1070 [ 1258.773922] ext4_setattr+0x1684/0x2160 [ 1258.774244] ? current_time+0x1e6/0x2c0 [ 1258.774581] ? ext4_journalled_write_end+0x1190/0x1190 [ 1258.775010] notify_change+0xc28/0x1160 [ 1258.775341] do_truncate+0x134/0x1f0 [ 1258.775642] ? file_open_root+0x440/0x440 [ 1258.775982] ? lock_release+0x680/0x680 [ 1258.776321] do_sys_ftruncate+0x4e2/0x870 [ 1258.776664] do_syscall_64+0x33/0x40 [ 1258.776968] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.777384] RIP: 0033:0x7fdb13aeab19 [ 1258.777688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.779167] RSP: 002b:00007fdb1103f188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1258.779775] RAX: ffffffffffffffda RBX: 00007fdb13bfe020 RCX: 00007fdb13aeab19 [ 1258.780341] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1258.780907] RBP: 00007fdb1103f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.781476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1258.782044] R13: 00007ffd9e9c2faf R14: 00007fdb1103f300 R15: 0000000000022000 [ 1258.807853] FAULT_INJECTION: forcing a failure. [ 1258.807853] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.808984] CPU: 1 PID: 9224 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1258.809538] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.810214] Call Trace: [ 1258.810450] dump_stack+0x107/0x167 [ 1258.810768] should_fail.cold+0x5/0xa [ 1258.811107] ? mempool_alloc+0x148/0x360 [ 1258.811452] ? mempool_free_pages+0x20/0x20 [ 1258.811827] should_failslab+0x5/0x20 [ 1258.812152] kmem_cache_alloc+0x5b/0x310 [ 1258.812509] ? mempool_free_pages+0x20/0x20 [ 1258.812880] mempool_alloc+0x148/0x360 [ 1258.813226] ? mempool_resize+0x7d0/0x7d0 [ 1258.813589] ? mark_lock+0xf5/0x2df0 [ 1258.813916] ? mempool_resize+0x7d0/0x7d0 [ 1258.814274] ? mark_lock+0xf5/0x2df0 [ 1258.814610] bvec_alloc+0xd8/0x2f0 [ 1258.814930] bio_alloc_bioset+0x40a/0x600 [ 1258.815288] ? bvec_alloc+0x2f0/0x2f0 [ 1258.815628] ? perf_trace_lock+0xac/0x490 [ 1258.815982] ? SOFTIRQ_verbose+0x10/0x10 [ 1258.816336] mpage_alloc+0x2f/0x260 [ 1258.816656] __mpage_writepage+0x114e/0x1670 [ 1258.817056] ? clean_buffers+0x2a0/0x2a0 [ 1258.817417] ? find_get_pages_range_tag+0x5c9/0xbf0 [ 1258.817844] ? page_mkclean+0x151/0x2c0 [ 1258.818189] ? invalid_page_referenced_vma+0x570/0x570 [ 1258.818640] ? find_get_pages_contig+0x9c0/0x9c0 [ 1258.819061] ? mark_held_locks+0x9e/0xe0 [ 1258.819414] ? percpu_counter_add_batch+0x8b/0x140 [ 1258.819842] ? clear_page_dirty_for_io+0x216/0x7c0 [ 1258.820266] write_cache_pages+0x57f/0xe50 [ 1258.820611] ? clean_buffers+0x2a0/0x2a0 [ 1258.820942] ? clear_page_dirty_for_io+0x7c0/0x7c0 [ 1258.821351] ? __lock_acquire+0x1657/0x5b00 [ 1258.821709] ? fat_add_cluster+0x100/0x100 [ 1258.822049] ? fat_readahead+0x20/0x20 [ 1258.822361] mpage_writepages+0xd8/0x230 [ 1258.822690] ? mpage_end_io+0x2c0/0x2c0 [ 1258.823019] ? fat_add_cluster+0x100/0x100 [ 1258.823361] ? lock_chain_count+0x20/0x20 [ 1258.823710] do_writepages+0xee/0x2a0 [ 1258.824021] ? page_writeback_cpu_online+0x20/0x20 [ 1258.824416] ? mark_held_locks+0x9e/0xe0 [ 1258.824747] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1258.825168] ? ktime_get_coarse_real_ts64+0x15a/0x190 [ 1258.825578] ? trace_hardirqs_on+0x5b/0x180 [ 1258.825928] __filemap_fdatawrite_range+0x24b/0x2f0 [ 1258.826329] ? delete_from_page_cache_batch+0xa30/0xa30 [ 1258.826752] ? current_time+0x1e6/0x2c0 [ 1258.827086] ? fat_truncate_time+0x5f0/0x5f0 [ 1258.827436] ? fat_update_time+0x111/0x220 [ 1258.827783] filemap_write_and_wait_range+0x65/0x100 [ 1258.828189] generic_file_direct_write+0x391/0x560 [ 1258.828589] __generic_file_write_iter+0x235/0x5d0 [ 1258.828978] ? iter_file_splice_write+0x16d/0xc30 [ 1258.829370] generic_file_write_iter+0xdb/0x230 [ 1258.829745] do_iter_readv_writev+0x476/0x750 [ 1258.830109] ? new_sync_write+0x660/0x660 [ 1258.830441] ? avc_policy_seqno+0x9/0x70 [ 1258.830766] ? selinux_file_permission+0x92/0x520 [ 1258.831163] ? security_file_permission+0xb1/0xe0 [ 1258.831564] do_iter_write+0x191/0x700 [ 1258.831881] ? trace_hardirqs_on+0x5b/0x180 [ 1258.832232] vfs_iter_write+0x70/0xa0 [ 1258.832550] iter_file_splice_write+0x762/0xc30 [ 1258.832935] ? generic_splice_sendpage+0x140/0x140 [ 1258.833344] ? security_file_permission+0xb1/0xe0 [ 1258.833737] ? generic_splice_sendpage+0x140/0x140 [ 1258.834131] direct_splice_actor+0x10f/0x170 [ 1258.834491] splice_direct_to_actor+0x387/0x980 [ 1258.834875] ? pipe_to_sendpage+0x380/0x380 [ 1258.835231] ? do_splice_to+0x160/0x160 [ 1258.835554] ? security_file_permission+0xb1/0xe0 [ 1258.835945] do_splice_direct+0x1c4/0x290 [ 1258.836283] ? splice_direct_to_actor+0x980/0x980 [ 1258.836668] ? avc_policy_seqno+0x9/0x70 [ 1258.836999] ? security_file_permission+0xb1/0xe0 [ 1258.837394] do_sendfile+0x553/0x11e0 [ 1258.837713] ? do_pwritev+0x270/0x270 [ 1258.838025] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1258.838446] ? asm_sysvec_call_function_single+0x12/0x20 [ 1258.838876] ? trace_hardirqs_on+0x5b/0x180 [ 1258.839236] __x64_sys_sendfile64+0x1d1/0x210 [ 1258.839601] ? __ia32_sys_sendfile+0x220/0x220 [ 1258.839965] ? __ia32_sys_sendfile+0x220/0x220 [ 1258.840340] do_syscall_64+0x33/0x40 [ 1258.840648] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.841059] RIP: 0033:0x7f24f4026b19 [ 1258.841358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.842815] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1258.843426] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1258.843997] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1258.844563] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.845129] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000001 [ 1258.845697] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1258.905605] attempt to access beyond end of device [ 1258.905605] loop6: rw=2049, want=276, limit=128 [ 1258.910253] FAULT_INJECTION: forcing a failure. [ 1258.910253] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.911169] CPU: 1 PID: 9237 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1258.911715] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.912378] Call Trace: [ 1258.912608] dump_stack+0x107/0x167 [ 1258.912906] should_fail.cold+0x5/0xa [ 1258.913217] ? create_object.isra.0+0x3a/0xa20 [ 1258.913590] should_failslab+0x5/0x20 [ 1258.913897] kmem_cache_alloc+0x5b/0x310 [ 1258.914229] create_object.isra.0+0x3a/0xa20 [ 1258.914584] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1258.915001] kmem_cache_alloc+0x159/0x310 [ 1258.915342] alloc_buffer_head+0x20/0x110 [ 1258.915687] alloc_page_buffers+0x14d/0x700 [ 1258.916040] create_empty_buffers+0x2c/0x640 [ 1258.916399] block_truncate_page+0x76c/0xab0 [ 1258.916755] ? fat_add_cluster+0x100/0x100 [ 1258.917099] ? selinux_inode_setattr+0x21c/0x2e0 [ 1258.917478] ? block_write_full_page+0x290/0x290 [ 1258.917860] ? inode_newsize_ok+0x18d/0x210 [ 1258.918207] ? setattr_prepare+0x135/0x7c0 [ 1258.918565] fat_setattr+0xa22/0xf50 [ 1258.918869] ? fat_free.isra.0+0x940/0x940 [ 1258.919212] notify_change+0xc28/0x1160 [ 1258.919537] do_truncate+0x134/0x1f0 [ 1258.919846] ? file_open_root+0x440/0x440 [ 1258.920181] ? lock_release+0x680/0x680 [ 1258.920520] do_sys_ftruncate+0x4e2/0x870 [ 1258.920859] do_syscall_64+0x33/0x40 [ 1258.921161] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.921571] RIP: 0033:0x7f6c59516b19 [ 1258.921874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.923339] RSP: 002b:00007f6c56a6b188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1258.923948] RAX: ffffffffffffffda RBX: 00007f6c5962a020 RCX: 00007f6c59516b19 [ 1258.924519] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1258.925086] RBP: 00007f6c56a6b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.925654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1258.926221] R13: 00007ffd8ecf288f R14: 00007f6c56a6b300 R15: 0000000000022000 [ 1258.929270] FAULT_INJECTION: forcing a failure. [ 1258.929270] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.930149] CPU: 1 PID: 9232 Comm: syz-executor.4 Not tainted 5.10.222 #1 [ 1258.930701] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.931362] Call Trace: [ 1258.931576] dump_stack+0x107/0x167 [ 1258.931876] should_fail.cold+0x5/0xa [ 1258.932182] ? create_object.isra.0+0x3a/0xa20 [ 1258.932545] should_failslab+0x5/0x20 [ 1258.932851] kmem_cache_alloc+0x5b/0x310 [ 1258.933179] create_object.isra.0+0x3a/0xa20 [ 1258.933531] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1258.933937] kmem_cache_alloc+0x159/0x310 [ 1258.934275] ? mempool_free_pages+0x20/0x20 [ 1258.934619] mempool_alloc+0x148/0x360 [ 1258.934942] ? mempool_resize+0x7d0/0x7d0 [ 1258.935276] ? mark_lock+0xf5/0x2df0 [ 1258.935578] ? mempool_resize+0x7d0/0x7d0 [ 1258.935912] ? mark_lock+0xf5/0x2df0 [ 1258.936219] bvec_alloc+0xd8/0x2f0 [ 1258.936508] bio_alloc_bioset+0x40a/0x600 [ 1258.936842] ? bvec_alloc+0x2f0/0x2f0 [ 1258.937149] ? perf_trace_lock+0xac/0x490 [ 1258.937480] ? SOFTIRQ_verbose+0x10/0x10 [ 1258.937809] mpage_alloc+0x2f/0x260 [ 1258.938105] __mpage_writepage+0x114e/0x1670 [ 1258.938469] ? clean_buffers+0x2a0/0x2a0 [ 1258.938803] ? mark_held_locks+0x9e/0xe0 [ 1258.939136] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1258.939552] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1258.939980] ? trace_hardirqs_on+0x5b/0x180 [ 1258.940327] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1258.940761] ? percpu_counter_add_batch+0x8b/0x140 [ 1258.941157] ? clear_page_dirty_for_io+0x216/0x7c0 [ 1258.941549] write_cache_pages+0x57f/0xe50 [ 1258.941897] ? clean_buffers+0x2a0/0x2a0 [ 1258.942239] ? clear_page_dirty_for_io+0x7c0/0x7c0 [ 1258.942650] ? __lock_acquire+0x1657/0x5b00 [ 1258.943003] ? fat_add_cluster+0x100/0x100 [ 1258.943342] ? fat_readahead+0x20/0x20 [ 1258.943653] mpage_writepages+0xd8/0x230 [ 1258.943979] ? mpage_end_io+0x2c0/0x2c0 [ 1258.944298] ? fat_add_cluster+0x100/0x100 [ 1258.944637] ? lock_chain_count+0x20/0x20 [ 1258.944985] do_writepages+0xee/0x2a0 [ 1258.945295] ? page_writeback_cpu_online+0x20/0x20 [ 1258.945691] ? mark_held_locks+0x9e/0xe0 [ 1258.946028] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1258.946447] ? ktime_get_coarse_real_ts64+0x15a/0x190 [ 1258.946855] ? trace_hardirqs_on+0x5b/0x180 [ 1258.947210] __filemap_fdatawrite_range+0x24b/0x2f0 [ 1258.947606] ? delete_from_page_cache_batch+0xa30/0xa30 [ 1258.948027] ? current_time+0x1e6/0x2c0 [ 1258.948351] ? fat_truncate_time+0x5f0/0x5f0 [ 1258.948704] ? fat_update_time+0x111/0x220 [ 1258.949043] filemap_write_and_wait_range+0x65/0x100 [ 1258.949450] generic_file_direct_write+0x391/0x560 [ 1258.949844] __generic_file_write_iter+0x235/0x5d0 [ 1258.950235] ? iter_file_splice_write+0x16d/0xc30 [ 1258.950631] generic_file_write_iter+0xdb/0x230 [ 1258.951016] do_iter_readv_writev+0x476/0x750 [ 1258.951387] ? new_sync_write+0x660/0x660 [ 1258.951717] ? avc_policy_seqno+0x9/0x70 [ 1258.952049] ? selinux_file_permission+0x92/0x520 [ 1258.952440] ? security_file_permission+0xb1/0xe0 [ 1258.952829] do_iter_write+0x191/0x700 [ 1258.953143] ? trace_hardirqs_on+0x5b/0x180 [ 1258.953496] vfs_iter_write+0x70/0xa0 [ 1258.953807] iter_file_splice_write+0x762/0xc30 [ 1258.954190] ? generic_splice_sendpage+0x140/0x140 [ 1258.954620] ? security_file_permission+0xb1/0xe0 [ 1258.955012] ? generic_splice_sendpage+0x140/0x140 [ 1258.955409] direct_splice_actor+0x10f/0x170 [ 1258.955765] splice_direct_to_actor+0x387/0x980 [ 1258.956144] ? pipe_to_sendpage+0x380/0x380 [ 1258.956495] ? do_splice_to+0x160/0x160 [ 1258.956818] ? security_file_permission+0xb1/0xe0 [ 1258.957206] do_splice_direct+0x1c4/0x290 [ 1258.957543] ? splice_direct_to_actor+0x980/0x980 [ 1258.957926] ? avc_policy_seqno+0x9/0x70 [ 1258.958258] ? security_file_permission+0xb1/0xe0 [ 1258.958651] do_sendfile+0x553/0x11e0 [ 1258.958977] ? do_pwritev+0x270/0x270 [ 1258.959285] ? wait_for_completion_io+0x270/0x270 [ 1258.959671] ? rcu_read_lock_any_held+0x75/0xa0 [ 1258.960039] ? vfs_write+0x354/0xb10 [ 1258.960345] __x64_sys_sendfile64+0x1d1/0x210 [ 1258.960706] ? __ia32_sys_sendfile+0x220/0x220 [ 1258.961079] do_syscall_64+0x33/0x40 [ 1258.961378] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.961794] RIP: 0033:0x7f34e6513b19 [ 1258.962094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.963562] RSP: 002b:00007f34e3a89188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1258.964165] RAX: ffffffffffffffda RBX: 00007f34e6626f60 RCX: 00007f34e6513b19 [ 1258.964731] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1258.965296] RBP: 00007f34e3a891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.965864] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1258.966431] R13: 00007ffffc44f47f R14: 00007f34e3a89300 R15: 0000000000022000 [ 1258.979433] FAULT_INJECTION: forcing a failure. [ 1258.979433] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.980360] CPU: 1 PID: 9238 Comm: syz-executor.6 Not tainted 5.10.222 #1 [ 1258.980908] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1258.981576] Call Trace: [ 1258.981794] dump_stack+0x107/0x167 [ 1258.982094] should_fail.cold+0x5/0xa [ 1258.982404] ? create_object.isra.0+0x3a/0xa20 [ 1258.982774] should_failslab+0x5/0x20 [ 1258.983089] kmem_cache_alloc+0x5b/0x310 [ 1258.983426] create_object.isra.0+0x3a/0xa20 [ 1258.983783] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1258.984199] kmem_cache_alloc+0x159/0x310 [ 1258.984541] alloc_buffer_head+0x20/0x110 [ 1258.984877] alloc_page_buffers+0x14d/0x700 [ 1258.985231] create_empty_buffers+0x2c/0x640 [ 1258.985594] block_truncate_page+0x76c/0xab0 [ 1258.985951] ? fat_add_cluster+0x100/0x100 [ 1258.986296] ? selinux_inode_setattr+0x21c/0x2e0 [ 1258.986676] ? block_write_full_page+0x290/0x290 [ 1258.987064] ? inode_newsize_ok+0x18d/0x210 [ 1258.987411] ? setattr_prepare+0x135/0x7c0 [ 1258.987759] fat_setattr+0xa22/0xf50 [ 1258.988063] ? fat_free.isra.0+0x940/0x940 [ 1258.988405] notify_change+0xc28/0x1160 [ 1258.988733] do_truncate+0x134/0x1f0 [ 1258.989037] ? file_open_root+0x440/0x440 [ 1258.989371] ? lock_release+0x680/0x680 [ 1258.989714] do_sys_ftruncate+0x4e2/0x870 [ 1258.990052] do_syscall_64+0x33/0x40 [ 1258.990355] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1258.990764] RIP: 0033:0x7ff082d02b19 [ 1258.991078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1258.992541] RSP: 002b:00007ff080257188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1258.993154] RAX: ffffffffffffffda RBX: 00007ff082e16020 RCX: 00007ff082d02b19 [ 1258.993724] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1258.994292] RBP: 00007ff0802571d0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.994864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1258.995442] R13: 00007ffd09dbd22f R14: 00007ff080257300 R15: 0000000000022000 [ 1259.002933] attempt to access beyond end of device [ 1259.002933] loop5: rw=2049, want=276, limit=128 10:57:24 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 11) 10:57:24 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x0, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:57:24 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 10) 10:57:24 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 11) 10:57:24 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) r3 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f00000017c0)={0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r0, &(0x7f0000001d80)=ANY=[@ANYBLOB="7f454c46a70400015c0100000000000003003e0009000000cc000000000000004000000000000000d10100000000000008000000050038000200ffffff00d10007000000010000000600000000000000faffffffffffffff31190000000000000300000000000000040000000000000004000000000000001a42a50f94a9856f287df99e2374c9ed408813d8363091b0b04291f4336fdf2934187a39ff2eb9fe2ae02ecd3b19711cf15e9d94191f3db3822962d348e7ba9dda56544af6b97760ab4aa73ac6795eccdb737ade44d2282b6da27c0ae2c6188dc8bce0d2e850bcb2192ae03e9a265c8dfa6a2e405bde6f45960c7aae58a79d03e41af1cc8281a49383e8fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e4ffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e3ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000580d00"/1781], 0x703) syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x6, 0x6, &(0x7f0000001700)=[{&(0x7f0000000180)="460b261fdd55a15d0982e95921895db39923931195c42e93480e96f212ff226021a7b9ac4c10733d7e6635487554fb4727fb72e7df9b24bd2781bbcbe18007dfdc50d1e1f3eded3aa852b4c2141f08b8e92a0e3381bc872bd74bab92f662a3439015d12a8a5265f69aea4938bd7722851c1010f9116c1cfb5044a82e465dd108bd56a78e215bc594ccc02a08378e5a4ffcc902d3065d449013e6c679d448c02ba9025fcce40c1d929c7584f5", 0xac, 0x1}, {&(0x7f0000000300)="453ba8c66b4431de2024f2b9450d9dab2555d14cd18f798bfa13ea679a09081d05843584c57f7efeb0cb69abaa354d54163b8693e03d2b1cf1ebfd6077bbda38030798cfdc5af2e01a9da8fa783106a50a206a5dadae87029264c01bff0b12127d22d09525e335aaab3a15c598b5955de08543fd9563b8086b4a3f445c79053508ba3017312b2518cf4b5ae9ccde78ba5e156346745dfc3ddafc3cb0950ac266262b3dc772c7696bb57dc7b42bedc0af03d3835d4e69a805ba0f863a92fbc39ac4b0ce7edd231bc73aa857f67513a404e4aafa563218618667ed36f0b93fc72735b8ef9500a843c723f0b8f3370c", 0xee, 0x8}, {&(0x7f0000000240)="5e6b13d0295f24b9eda2797384acf1d337be81b111b590686480ef3d866fb415047760a87088dfab4591b8f8e539738808b7a434565e24e1f2b31a7f1800dd7823e5de6393d8496264bf3fe51647825c07180f", 0x53, 0x3f}, {&(0x7f0000000500)="1eb8bf148605e4ae56ae12a33534f835dc4ff9de56b768da30c147b324f1122af751c342be7c5742f2a1fb14ac7d86158f27275122fb40d7fa5e88f490383524c428c0527ab87db775e1feffc6702ec392a82eaea4568f285390e8f6a130e1437ccc9ad0f4b1c38c3eda7b4e4e80d245c70116a55d009b17ba32e75c39b56fe7d4240bfc4358643c8ea49e1e71868be37fcfb87db3d42c67e8f516cd0a10a91a22a6293d525d06db43f971dd611a7da65f77dced9f09fe0932cca2b4cebecd03c6eaa38bbe80f63e28333bad79747900aaa26b0559", 0xd5, 0x20080}, {&(0x7f0000000600)="20d953abcd404933c0dbc2b1ae20aaf48620dc5d90f05fe95eb2ab5303f265c38b23f234da1ed28c0ded978d4987dcf6e7a17de5240345642608a10ff41f40e1594d0629218957e1b27bc4975b50bb42f696607b1742c0bc2d22ac9e4b30620094c29b2207647c3eec2cd55bd544cec93b3dbd93051b445bd31a60705a2f056c7a4e2def56dd35a6e9f4e86e90f309b4ae031412f17e069e5dfda1047330e3ab615889c4977a5d666be557ff8e60616ebe2a18ec5636215c27b09678717c962ce5a047c6441679f1af28a4988b208f7136d457e918f1a6bd1284a3f7245e9e101e5029bcc54695a4c40e906d", 0xec, 0x2}, {&(0x7f0000000700)="44c7c7a785bb9f951fa94e517d5823fb00d48366df1494ddf6fccf642922d9c9e8ac76841057b094b6e8ba69ce9776d1f2b1ee5c72b98711cf0df195de3710d0e30711dc533d1fa327f6ae07cb346d1132fa287ba60d969180bb39b0f8d93e877ab22a40fb1609d9e8794e04d6c20f963df43a279e20c1fbf500b0f0a1e6ab091d7f0e7d8cba0375ad42dde5359e5af57ca78b20280a29c972139063fea1579e26cdac949d8119b52f21b4e51bdfa555d854b0fb5de1509e9c181fae6ac1f07fb016b9759d3d6543dff31f9997938252d83ed1ef9e149d92957837edc5ef77497575e86d091902b98c8f2c5170b4b3a0f2ba0ca26a4a515e1e4673df7156e6524061234631bc7e4077c99854e75057a2de400b1f0cc24a43343d1ad5dc61d8f3b47e88589347fc89f3c306df0e43447ff326fed48aec9aaa05944ad5e674f6eeaddf50f85a7cec53b484dbb062e2fdfb746fc592d3926652ded56f2280ccde107c3753d4214d13d9221ebd26d1d22cea55bafb5e00d6d8bb870823438bf79f6c272e53238550cb15ffe866747bc5d8dfe33c519a8b7a5190be341ed4ccd71c3f197fedef4631ab39bd925371bc4ca880c0af258e471945b11180ddf7dcb23f216c1a146d29808deeeacd7b20432c5c13861593f861ca13c11924c2e8d5d4501658f3832cc2b9740dedc47ea367141d679f52aa8f56fd0270498098e0ff74c9c59271c0ab0067eb55d14f291e40c9dfaae9babe89b116137dcfd82b0712116844f815616847bd58c2b5b1d446ba7da89f37caf87907bbeb951414537716e29b2e97e4cdbce60e8f92ce64325af3379eb2b4f475f4bc680c59b252fc4433e0b541c23b164b4d732885fb2d26ed7ba4c8dee4009e33e8b62b0ad5f182e648aa9b1596cb3e0cb5b16a8fa44272f2da02c8911d168ac5dd0d629b22f07d45ab8b95bbe7f419a5d8aa1d79866c3cea083ae84e3942fb93fdddc22cf5f7434c4afbd32232eaf020a450f32e2a6084b3b9eb497d15a742b28dea7b82ef9bbd1c06ee357a9295921fb2653fc003f709f7872fcaccbde314ab36ec82e7217d277c44beb343354be748106fb33291fe65b4bfa5caa119426c1e8c5006886ef1fd93e0304990c1a2305cc7175af371ee71c39a94644183ca04007ce54fed3aec9e993631c61e1420370193097578244165c42cca828ee8a4873706376dadd84143a3b1d989de14d73aa6b13ba984234aa6e3948a839382ce5a230d97b75cc21602034f54987c5c6d58317ae43f1fcddbd1902a8d298e3b959fc9f8505b7023ee175867d1f076716d0ee441c960161ffda0df27a986092aad87ed373efcfb4ff68fbdb7e64a65858d161de010b6e44ab21d141e76e628dc2e48f0f67d0c7a374ea410ab585770ab69cac80359007a6a550f39e1dfce19b6e3301d9a04f5fdf521cbd6cfa36fe44cabd35bdde226407975eee4c9ed3f73f35ada2e615621c5b36ef54166ffc736bc2eb0959e1a3ff155e91241bf3c44cfa5549b9126dad8731734d74798eaaabc3506f6c6baf1f33db2b89005ae53996570bfaf8efe9679bff8bd226538f69014ffa84f879ef28d3ffd0260836d91847298d360ecbdc4b8785c4e51b9f4fdcf7ba8e436a2e066596c0d975cbc80f7f3cf4754e65fed667a54332153e873c6bbc173085286d887e22ad456490a900584a46ae662ca4d4e2312691c42d3c0ddeb494541f8d4605fc4f82975e40b617fc52f6524c0ffd30b1a8bd6cd9966beba8b7cf41b3afea1610cb0bca9417e1274ea7586362ea8d566f5226be89abac5779bb50ed08808c7b77e7c6a310bd310b7f1a926473ed0389f0e1b37bcc138e09c0f725ee37a7e7f54844c253722af2daf7cdcdeffe13d80199c2e8c1306192ff5b7d66538744ef6659bdc6a212c5e7663b7689f49b22db23cd814bada35d4c46197ceb15808c0feb2c80abd5e71e20a0298aa576bc6dcd7a47afb30fb9540b4b6214515c830280417b82a67ce12ec4d583e5246ace4b38730549458ac3192ee461508f07f56796862de9e9699e57fb3f654a365fa4058be4535bb6b17f9fae319e3987ca58c1405f6d3465d10ffd75e43706d189f65056b17bc870e2b79335ffafc229cbd553be4132be867a85ec3f3e849c71294e5334efdd1309ed302a85002ea5be3951b7072367c15200bc7c2644c81c66295bdc047c4b3cd72faeec3ba5b1c77363d641fe0ee8459ce55d1e0afc6c5eca0a6d471fc8bcfbb9ac947cd0784202846a9c8e497809407849b4de7f8fd0e6eb995550e52ec6390fd36f7fb02e647041372a48f0fd87d5289a9bffec203d48a288b8669161f777b79b3a0d8e2d13954d8070165f61695d0e4433c557df886c799b05a5602dc8bcf5f3e15aad7f81573583c739fa47a6d064de8b1dfe687ac86c79f0d550fe221d75bb9fe1d76430a534cb582de4a4b8532bdcc9a678c678c7c6cdc914ad9be6f2f95aec9f3d42ebf19514e42456bc584ca1e6be8f92a53c94476831d42a15e675e09ba91d18aaea9bcd0641bbdba3127a586e7de92aed4a75541465f68be9549e63162df87a04f96c6085a691e200bbddc43560650427f8a829bf63c382bfb7a5b2667bb8f9a3b43ba08dba576d2083b8c65db485a41f1faa75e74519d4a8ca2ffef1f56125f94b21c3e429e1dc6d168cec2090a08b2f48f6e4c5243dd2e1ef4b40f4be29f9bd175326ea20a06be9b6b9db39b62cd875eae1754b945817e934522e4ea5c6b4a34ceebff0efe51bc9eb9f6f18b9d8c0d8e61b4bd0b6a26dc7d8f27e082bd75407d565edecf5f0b07d8eddf36cd9b08200eed62bf13925983c546b62d530d4f1eadada2449c04956191e9d6fea79a174c138005c63602ca75bf5adc764ffed640405bbac3cdfc86a580fcfef7ee3a44c7de520fb710bdd903f0ec93bc80e2c1ab926d23fbce5a655f91dca6f730393eca10bcae666d60d536dc92cb08bc89654a3fa12740f132204b56e3e103842baf78e303554fed0ef373a439da606784995d2c4ddd3c79e4c3d4c7a1c30bb7e2ba5ee15a15b1fc03e6e17a9edac9b1ccc464cf6cc5abb17123ccb377c209e02b916561be16d9421406918e560667fb696a52a887f4c01c9ddc02139acabd31d2556959a28881541c513d202fb72ce986a07355937527629a79fe59cf18d09f817f7915077eea6539752b7e546692d6a57dda5a63c56ac078887019952bf969a88b47a47547529ff20772ec6148151451710f6187d94139d5a644e3c6a8c5272fe45eedc72359d1220c69c65858b7f60cb087d2329fc539ee08248823aa6057e86e29380ed9008c193324cec17155c1240e6c892a0efda9b2cb9bbaa7b037f0b5b4b9148318aa5d34d47fb3b4ed9b9456b55e21a0d3ba6aaac9249a4abfc23ef9336e04828f249ce2a3581daed226eb3f820af5a8626f1b1b24f19f57e231cf010f44ee5108bce8e99c1f460e9d29c570c6cda81cc6f27eb8e70fcd1bbce2af55aa5c4c4fe56912bae868a5128aea134332e91b75e1cb2072e323a6eef1c136f1399402c3dfc76b3fc997f30ddf64b23f1d51ee477621f46cf810971c0702f5a42ddc8871b77eaf42f71bb63b791656d5f3c01690745551f0afa62be252d3b2a15f00711644e4ac5fb124d40ba72b839d6f61b54ba6f2b9dd29e556a68e2552fe2dbe7434f1b2579372cd6b3e51fd6da6061cd6da537505227ac40ea5c018f0d87121ec8ff044ff73288bf6971d0035c7f6f414ce47e6a7e4d9547bb1acdbd6d81d94b13157e37843aeb9112e0740a400a5c5db287d5e7e02413535c4a50260290993c6a30ed0cff05101846a5f9eba344c4ee61591f9ee0934f2022712225575e8a9d0fe6bb300722c8b49a77c236649b2d7a92a8c5e4dd58eb009681e41cccea213443027dece06535dc281b7a28efb560800c86f90388f0c7c0fb517bf8f44a47e0f0521b835fbfd87679d83026b60f6d5637d32d41c8b440ab680f9aae8ab3e4c639e12c972a32ecfd5e20f3b5a5214b493e63ea77e255e0bf3eddc47ac0316846933350c2c2f08a839bd3965cbd0d98721399fb22bdf038c639738baa6f9eeaa911e2df3680c95672656bad46a62e8d2a8c6d1291aa6b80b529e5d452f1a26e3bc37281808b44da0add468a2e88660f0c650f690d2806836ddbb8e5f28122aded4b5280a77b22610f6a61967276e9593bed4a1b8829b8c0ba834a250546fed61d2ffbfef2dc288e7a7f0c3a7780bd3094aa4b9d55eca97c6d60969bb1d9ab7b759384f2841f12eac5fdc8e09804fd897bba7a042f9f2f7f2b5a4b286a49d40445a0884587ad5ae528baddfdd2f55124d9ad6f7a0711c0bcba2237f325816bc432549e6448e05f4e91d416a0cee1b955ac24469323b55c6d4bdc6a3462d93e7177873ada9e748bd5119d3518f86c95405ccdf552a7824409fc441bf2f09f8ac62f9d9b84ef422fbbac7ddad8e9099b9043b05737fe317b3c04a782a6d76ca6259e9edab7d89cbca8c17f9c9e0e39f7bdb2f622ae1f53299a3463bfabba11545d425b7024d24454ed4752eb9fc052e2f01b8282b2d2cf17735b5b6bf093f98908223ae19a02bab2782a2c535d7184b64022f19e567d30717049853cc9a80969f853aa18731180c84a8f5dd490ebbc25f92dfd796cd2a8226637105dfee338ae39f3bca7770334af47b5d15426dbbf0ec275aec027261aec8b17a9dd0345217ffe34c0689f7139ea854731f47e67c0bed666eb1a7341a1db6fd523c8237db912fd98be92238388fb3885675693141839be7dfe803e638f3c5cd073092e0d32b48640aee988a2675aba73d48442b8f00ce10df2cadd4da392db23ac1889639cee61ca24dcfe62212e788a359b484c08a7ef63f28942aa2e8d7be79f34075e4f923e50f656e5610fedbd36180a1c58c7a9c670ec46a2e2d27d1b26bade95ff5f3d9c01fe51b933ac1599d8b708b2a6c276b3949f4d83346e3b77920000b652320a6ba0dc761181b21a7c4d901f5b420e08665d531325ab281436164833c7121e6a0344808e10d7f51931d098a6c065dc91ea173dc82f90bc0559cb0006597dca951bf271adb2f35ea966fa13e44483f2621498706dbe8c1aa657e5dddda648033c2479ebdd9e92548ca15dae0460387b329ea802b2c1b2b3082692c08fc0dcf82c8f6f063407dbce645507ae60ec136e678e33b018e0aa732414ecbbc7b9c414c44f359c6703cdace224bf3a5cd76b1ce28a8610c7f0a3ce9e7a54e479fe217a7a1f769edd17b726039f091cb82c63f39fff0c56490e67b509da01421afaabe39dc9640c6125e5029e2998f193c79f9aff714c69364ffabed82a316b6dd01f4ce815526f47161ff116fce72eae0ee046d1a5e8364392821b4c5ee00d3bd96ca65b4ac1dd87f569f0155b88f1d7f42a050e7595c73350efff68648d4c994ab9fed4b414f8c7daea53243f862e6d77ee240ac81d90d81af374cee2fc26dd8c5dfdeab5ceb0e37f4f445535a5ca7eb9527e0c6a21e358b046b4cab3b1ab9cf798e6a5264b5f79b60661facdf7e6f76b7febcaa22e2f2d6a22c8497c0ee4a1b61d935c9c5e9c4f9a1a85087b46d12a3f7a82fb2b2a501fa8b5a90cc748776dca908e0a8b3928445b899ef713d1ab779e166b38f80df6dd40a6e372d412123ab56f2879e0ade5defb65c27f8dae8584c3eab8c49bcc2ee9bec987edb1c5a17b07647dfcb9a6196798711937526fdcb3b9d8c73c4c17dbb1e1449d6cfe9c1b25fc5e8285229c3f2ba4a26fc87266ea199491167cdc3708706", 0x1000, 0xfffffffffffffffb}], 0x50, &(0x7f0000002480)=ANY=[@ANYBLOB="687567653d6e657665722c6e725f696e6f6465733d2d253678372c756964bd", @ANYRESHEX=r4, @ANYRES64=r2, @ANYRESHEX=0xee00, @ANYBLOB="2c6d61736b3d5e4d41595f524541442c736d61636b6673726f6f743d2c736d61636b66736861743d280e5d252c2c6f626a5f747970653d25a72d262c00"]) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) r5 = gettid() r6 = open_tree(r1, &(0x7f0000001a80)='./file0\x00', 0x8001) r7 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r8 = openat(r6, &(0x7f0000000000)='./file1\x00', 0x0, 0x1bb) sendfile(r7, r8, 0x0, 0x100000001) faccessat2(r8, &(0x7f0000001840)='./file0\x00', 0x4, 0x180) perf_event_open(&(0x7f0000001900)={0x3, 0x80, 0x0, 0xfb, 0x2, 0x1b, 0x0, 0x3, 0x1108, 0x6, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_bp={&(0x7f0000000480), 0x4}, 0xc431, 0x4, 0x9, 0x8, 0xfffffffffffffff9, 0xffffffc9, 0x1, 0x0, 0x8, 0x0, 0x5}, r5, 0x4, r6, 0x8) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc0189379, &(0x7f0000001ac0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="00d395a4eaedd1ad9f4400000000f4935cf7e3cba9a5fc256f7ed5b17d0000"]) getsockname$unix(r9, &(0x7f00000019c0)=@abs, &(0x7f0000001a40)=0x6e) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 10:57:24 executing program 2: syz_emit_ethernet(0x7e, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500007000000000000190780a010102ac1414aa03009078ac1e0001450000000000000000040000ac141400ffffffff442400030000000000000000ac1e000100000000ac1414aa000000000000000000000000071b00e000000001ffffffff00"], 0x0) 10:57:24 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 11) 10:57:24 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 14) [ 1274.824635] tmpfs: Bad value for 'nr_inodes' [ 1274.850364] FAULT_INJECTION: forcing a failure. [ 1274.850364] name failslab, interval 1, probability 0, space 0, times 0 [ 1274.852009] CPU: 0 PID: 9267 Comm: syz-executor.0 Not tainted 5.10.222 #1 [ 1274.852956] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1274.854095] Call Trace: [ 1274.854475] dump_stack+0x107/0x167 [ 1274.854992] should_fail.cold+0x5/0xa [ 1274.855542] ? create_object.isra.0+0x3a/0xa20 [ 1274.856186] should_failslab+0x5/0x20 [ 1274.856721] kmem_cache_alloc+0x5b/0x310 [ 1274.857308] ? pagecache_get_page+0x243/0xc80 [ 1274.857964] create_object.isra.0+0x3a/0xa20 [ 1274.858605] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1274.859354] kmem_cache_alloc+0x159/0x310 [ 1274.859974] ext4_free_blocks+0xef2/0x2200 [ 1274.860609] ? ext4_mb_new_blocks+0x45c0/0x45c0 [ 1274.861294] ? jbd2_journal_put_journal_head+0x3f2/0x560 [ 1274.862093] ? __ext4_journal_get_write_access+0x1bf/0x2c0 [ 1274.862914] ext4_ext_remove_space+0x1ef7/0x3d90 [ 1274.863654] ? ext4_ext_index_trans_blocks+0x170/0x170 [ 1274.864424] ? ext4_es_lookup_extent+0xaa0/0xaa0 [ 1274.865117] ? down_write_killable+0x180/0x180 [ 1274.865788] ext4_ext_truncate+0x1ea/0x250 [ 1274.866412] ext4_truncate+0xc38/0x1160 [ 1274.866988] ? unmap_mapping_pages+0x117/0x2a0 [ 1274.867666] ? ext4_punch_hole+0x1070/0x1070 [ 1274.868325] ext4_setattr+0x1684/0x2160 [ 1274.868898] ? current_time+0x1e6/0x2c0 [ 1274.869498] ? ext4_journalled_write_end+0x1190/0x1190 [ 1274.870253] notify_change+0xc28/0x1160 [ 1274.870843] do_truncate+0x134/0x1f0 [ 1274.871500] ? file_open_root+0x440/0x440 [ 1274.872132] ? lock_release+0x680/0x680 [ 1274.872760] do_sys_ftruncate+0x4e2/0x870 [ 1274.873388] do_syscall_64+0x33/0x40 [ 1274.873949] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1274.874712] RIP: 0033:0x7fdb13aeab19 [ 1274.875291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1274.876745] tmpfs: Bad value for 'nr_inodes' [ 1274.878035] RSP: 002b:00007fdb1103f188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1274.879971] RAX: ffffffffffffffda RBX: 00007fdb13bfe020 RCX: 00007fdb13aeab19 [ 1274.880539] FAULT_INJECTION: forcing a failure. [ 1274.880539] name failslab, interval 1, probability 0, space 0, times 0 [ 1274.881035] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1274.881053] RBP: 00007fdb1103f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1274.884777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1274.885845] R13: 00007ffd9e9c2faf R14: 00007fdb1103f300 R15: 0000000000022000 [ 1274.886957] CPU: 1 PID: 9249 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1274.888074] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1274.889480] Call Trace: [ 1274.889894] dump_stack+0x107/0x167 [ 1274.890458] should_fail.cold+0x5/0xa [ 1274.891043] ? create_object.isra.0+0x3a/0xa20 [ 1274.891754] should_failslab+0x5/0x20 [ 1274.892340] kmem_cache_alloc+0x5b/0x310 [ 1274.892970] create_object.isra.0+0x3a/0xa20 [ 1274.893646] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1274.894434] kmem_cache_alloc+0x159/0x310 [ 1274.895073] ? mempool_free_pages+0x20/0x20 [ 1274.895739] mempool_alloc+0x148/0x360 [ 1274.896346] ? mempool_resize+0x7d0/0x7d0 [ 1274.896987] ? mark_lock+0xf5/0x2df0 [ 1274.897562] ? mempool_resize+0x7d0/0x7d0 [ 1274.898194] ? mark_lock+0xf5/0x2df0 [ 1274.898782] bvec_alloc+0xd8/0x2f0 [ 1274.899341] bio_alloc_bioset+0x40a/0x600 10:57:24 executing program 2: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='configfs\x00', 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) unlinkat(r1, &(0x7f0000000180)='./file0\x00', 0x200) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x100000001) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r7, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x180000, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@nodevmap}, {@version_u}, {@version_u}, {@access_user}, {@access_client}], [{@obj_role={'obj_role', 0x3d, 'configfs\x00'}}, {@audit}, {@dont_appraise}, {@fsname={'fsname', 0x3d, 'configfs\x00'}}, {@obj_user={'obj_user', 0x3d, ',#-,&++'}}, {@fowner_eq={'fowner', 0x3d, r7}}, {@uid_lt={'uid<', r8}}, {@fowner_lt={'fowner<', r9}}]}}) getdents(r2, &(0x7f0000001180)=""/4091, 0xffb) [ 1274.899976] ? bvec_alloc+0x2f0/0x2f0 [ 1274.900744] ? perf_trace_lock+0xac/0x490 [ 1274.901378] ? SOFTIRQ_verbose+0x10/0x10 [ 1274.902007] mpage_alloc+0x2f/0x260 [ 1274.902568] __mpage_writepage+0x114e/0x1670 [ 1274.903280] ? clean_buffers+0x2a0/0x2a0 [ 1274.903914] ? find_get_pages_range_tag+0x5c9/0xbf0 [ 1274.904684] ? page_mkclean+0x151/0x2c0 [ 1274.905296] ? invalid_page_referenced_vma+0x570/0x570 [ 1274.906094] ? find_get_pages_contig+0x9c0/0x9c0 [ 1274.906825] ? mark_held_locks+0x9e/0xe0 [ 1274.907465] ? percpu_counter_add_batch+0x8b/0x140 [ 1274.908225] ? clear_page_dirty_for_io+0x216/0x7c0 [ 1274.908985] write_cache_pages+0x57f/0xe50 [ 1274.909640] ? clean_buffers+0x2a0/0x2a0 [ 1274.910273] ? clear_page_dirty_for_io+0x7c0/0x7c0 [ 1274.911050] ? __lock_acquire+0x1657/0x5b00 [ 1274.911730] ? fat_add_cluster+0x100/0x100 [ 1274.912379] ? fat_readahead+0x20/0x20 [ 1274.912972] mpage_writepages+0xd8/0x230 [ 1274.913599] ? mpage_end_io+0x2c0/0x2c0 [ 1274.914212] ? fat_add_cluster+0x100/0x100 [ 1274.914865] ? lock_chain_count+0x20/0x20 [ 1274.915538] do_writepages+0xee/0x2a0 [ 1274.916135] ? page_writeback_cpu_online+0x20/0x20 [ 1274.916889] ? mark_held_locks+0x9e/0xe0 [ 1274.917522] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1274.918324] ? ktime_get_coarse_real_ts64+0x15a/0x190 [ 1274.919108] ? trace_hardirqs_on+0x5b/0x180 [ 1274.919784] __filemap_fdatawrite_range+0x24b/0x2f0 [ 1274.920553] ? delete_from_page_cache_batch+0xa30/0xa30 [ 1274.921366] ? current_time+0x1e6/0x2c0 [ 1274.921992] ? fat_truncate_time+0x5f0/0x5f0 [ 1274.922664] ? fat_update_time+0x111/0x220 [ 1274.923332] filemap_write_and_wait_range+0x65/0x100 [ 1274.924110] generic_file_direct_write+0x391/0x560 [ 1274.924876] __generic_file_write_iter+0x235/0x5d0 [ 1274.925627] ? iter_file_splice_write+0x16d/0xc30 [ 1274.926374] generic_file_write_iter+0xdb/0x230 [ 1274.927101] do_iter_readv_writev+0x476/0x750 [ 1274.927804] ? new_sync_write+0x660/0x660 [ 1274.928437] ? avc_policy_seqno+0x9/0x70 [ 1274.929058] ? selinux_file_permission+0x92/0x520 [ 1274.929807] ? security_file_permission+0xb1/0xe0 [ 1274.930556] do_iter_write+0x191/0x700 [ 1274.931156] ? trace_hardirqs_on+0x5b/0x180 [ 1274.931833] vfs_iter_write+0x70/0xa0 [ 1274.932423] iter_file_splice_write+0x762/0xc30 [ 1274.933160] ? generic_splice_sendpage+0x140/0x140 [ 1274.933934] ? security_file_permission+0xb1/0xe0 [ 1274.934677] ? generic_splice_sendpage+0x140/0x140 [ 1274.935443] direct_splice_actor+0x10f/0x170 [ 1274.936126] splice_direct_to_actor+0x387/0x980 [ 1274.936846] ? pipe_to_sendpage+0x380/0x380 [ 1274.937516] ? do_splice_to+0x160/0x160 [ 1274.938129] ? security_file_permission+0xb1/0xe0 [ 1274.938882] do_splice_direct+0x1c4/0x290 [ 1274.939531] ? splice_direct_to_actor+0x980/0x980 [ 1274.940269] ? avc_policy_seqno+0x9/0x70 [ 1274.940906] ? security_file_permission+0xb1/0xe0 [ 1274.941658] do_sendfile+0x553/0x11e0 [ 1274.942261] ? do_pwritev+0x270/0x270 [ 1274.942847] ? wait_for_completion_io+0x270/0x270 [ 1274.943599] ? rcu_read_lock_any_held+0x75/0xa0 [ 1274.944314] ? vfs_write+0x354/0xb10 [ 1274.944899] __x64_sys_sendfile64+0x1d1/0x210 [ 1274.945589] ? __ia32_sys_sendfile+0x220/0x220 [ 1274.946317] do_syscall_64+0x33/0x40 [ 1274.946889] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1274.947679] RIP: 0033:0x7f24f4026b19 [ 1274.948250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1274.951041] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1274.952212] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1274.953296] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1274.954385] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1274.955473] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1274.956560] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1274.982185] FAULT_INJECTION: forcing a failure. [ 1274.982185] name failslab, interval 1, probability 0, space 0, times 0 [ 1274.983991] CPU: 0 PID: 9271 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1274.985035] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1274.986300] Call Trace: [ 1274.986713] dump_stack+0x107/0x167 [ 1274.987291] should_fail.cold+0x5/0xa [ 1274.987873] ? create_object.isra.0+0x3a/0xa20 [ 1274.988571] should_failslab+0x5/0x20 [ 1274.989157] kmem_cache_alloc+0x5b/0x310 [ 1274.989790] create_object.isra.0+0x3a/0xa20 [ 1274.990466] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1274.991257] kmem_cache_alloc+0x159/0x310 [ 1274.991905] alloc_buffer_head+0x20/0x110 [ 1274.992534] alloc_page_buffers+0x14d/0x700 [ 1274.993199] create_empty_buffers+0x2c/0x640 [ 1274.993877] block_truncate_page+0x76c/0xab0 [ 1274.994546] ? fat_add_cluster+0x100/0x100 [ 1274.995189] ? selinux_inode_setattr+0x21c/0x2e0 [ 1274.995929] ? block_write_full_page+0x290/0x290 [ 1274.996652] ? inode_newsize_ok+0x18d/0x210 [ 1274.997308] ? setattr_prepare+0x135/0x7c0 [ 1274.997956] fat_setattr+0xa22/0xf50 [ 1274.998533] ? fat_free.isra.0+0x940/0x940 [ 1274.999176] notify_change+0xc28/0x1160 [ 1274.999822] do_truncate+0x134/0x1f0 [ 1275.000391] ? file_open_root+0x440/0x440 [ 1275.001029] ? lock_release+0x680/0x680 [ 1275.001662] do_sys_ftruncate+0x4e2/0x870 [ 1275.002300] do_syscall_64+0x33/0x40 [ 1275.002867] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1275.003646] RIP: 0033:0x7f6c59516b19 [ 1275.004184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1275.006951] RSP: 002b:00007f6c56a6b188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1275.008135] RAX: ffffffffffffffda RBX: 00007f6c5962a020 RCX: 00007f6c59516b19 [ 1275.009216] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1275.010287] RBP: 00007f6c56a6b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1275.011399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1275.012474] R13: 00007ffd8ecf288f R14: 00007f6c56a6b300 R15: 0000000000022000 [ 1275.014563] FAULT_INJECTION: forcing a failure. [ 1275.014563] name failslab, interval 1, probability 0, space 0, times 0 [ 1275.016424] CPU: 0 PID: 9277 Comm: syz-executor.6 Not tainted 5.10.222 #1 [ 1275.017460] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1275.018703] Call Trace: [ 1275.019109] dump_stack+0x107/0x167 [ 1275.019693] should_fail.cold+0x5/0xa [ 1275.020279] ? create_object.isra.0+0x3a/0xa20 [ 1275.020979] should_failslab+0x5/0x20 [ 1275.021562] kmem_cache_alloc+0x5b/0x310 [ 1275.022186] create_object.isra.0+0x3a/0xa20 [ 1275.022861] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1275.023658] kmem_cache_alloc+0x159/0x310 [ 1275.024297] alloc_buffer_head+0x20/0x110 [ 1275.024930] alloc_page_buffers+0x14d/0x700 [ 1275.025592] create_empty_buffers+0x2c/0x640 [ 1275.026276] block_truncate_page+0x76c/0xab0 [ 1275.026948] ? fat_add_cluster+0x100/0x100 [ 1275.027613] ? selinux_inode_setattr+0x21c/0x2e0 [ 1275.028331] ? block_write_full_page+0x290/0x290 [ 1275.029045] ? inode_newsize_ok+0x18d/0x210 [ 1275.029699] ? setattr_prepare+0x135/0x7c0 [ 1275.030350] fat_setattr+0xa22/0xf50 [ 1275.030923] ? fat_free.isra.0+0x940/0x940 [ 1275.031591] notify_change+0xc28/0x1160 [ 1275.032215] do_truncate+0x134/0x1f0 [ 1275.032789] ? file_open_root+0x440/0x440 [ 1275.033423] ? lock_release+0x680/0x680 [ 1275.034059] do_sys_ftruncate+0x4e2/0x870 [ 1275.034697] do_syscall_64+0x33/0x40 [ 1275.035280] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1275.036056] RIP: 0033:0x7ff082d02b19 [ 1275.036622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1275.039407] RSP: 002b:00007ff080257188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1275.040566] RAX: ffffffffffffffda RBX: 00007ff082e16020 RCX: 00007ff082d02b19 [ 1275.041643] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1275.042719] RBP: 00007ff0802571d0 R08: 0000000000000000 R09: 0000000000000000 [ 1275.043816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1275.044891] R13: 00007ffd09dbd22f R14: 00007ff080257300 R15: 0000000000022000 [ 1275.098924] handle_bad_sector: 4 callbacks suppressed [ 1275.098939] attempt to access beyond end of device [ 1275.098939] loop5: rw=2049, want=276, limit=128 [ 1275.136293] attempt to access beyond end of device [ 1275.136293] loop1: rw=0, want=147, limit=128 [ 1275.139336] attempt to access beyond end of device [ 1275.139336] loop6: rw=0, want=147, limit=128 [ 1275.145734] attempt to access beyond end of device [ 1275.145734] loop6: rw=2049, want=276, limit=128 [ 1275.183835] attempt to access beyond end of device [ 1275.183835] loop1: rw=2049, want=276, limit=128 10:57:39 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 12) 10:57:39 executing program 2: creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000080), 0x0) open_by_handle_at(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000020000000b00000000000000007aa5b83803005ff684c44046d718be652d3375adb1a4206bf9071070440ae9db474bdd1e0e0d9fa311d46842660664576a43e4a218cb634df7e6cb"], 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x8) 10:57:39 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 15) 10:57:39 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, @out_args}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000140)={{0x1, 0x1, 0x18, r1, {0xffffffffffffffff, 0xee01}}, './file0\x00'}) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) perf_event_open(&(0x7f00000001c0)={0x3, 0x80, 0x1f, 0x6, 0x80, 0x8, 0x0, 0x10000, 0x8, 0x4, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfff, 0x2, @perf_bp={&(0x7f0000000180), 0x4}, 0x5a000, 0x5, 0x33, 0x6, 0xffffffffffff50e3, 0xc3, 0x9, 0x0, 0xe62c, 0x0, 0x9}, 0x0, 0x6, 0xffffffffffffffff, 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 10:57:39 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) 10:57:39 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x0, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:57:39 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 11) 10:57:39 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 12) [ 1289.963798] FAULT_INJECTION: forcing a failure. [ 1289.963798] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1289.964967] CPU: 0 PID: 9297 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1289.965618] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1289.966363] Call Trace: [ 1289.966611] dump_stack+0x107/0x167 [ 1289.966953] should_fail.cold+0x5/0xa [ 1289.967309] __alloc_pages_nodemask+0x182/0x600 [ 1289.967741] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1289.968288] ? find_get_entry+0x2c8/0x740 [ 1289.968660] ? release_pages+0x806/0xc20 [ 1289.969043] alloc_pages_current+0x187/0x280 [ 1289.969446] __page_cache_alloc+0x2d2/0x360 [ 1289.969848] pagecache_get_page+0x2c7/0xc80 [ 1289.970240] ? _cond_resched+0x12/0x80 [ 1289.970603] grab_cache_page_write_begin+0x64/0xa0 [ 1289.971049] cont_write_begin+0x448/0x980 [ 1289.971437] ? fat_add_cluster+0x100/0x100 [ 1289.971828] ? nobh_write_begin+0xed0/0xed0 [ 1289.972227] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1289.972693] fat_write_begin+0x89/0x180 [ 1289.973055] ? fat_add_cluster+0x100/0x100 [ 1289.973444] generic_perform_write+0x20a/0x4f0 [ 1289.973866] ? fat_direct_IO+0x1ef/0x380 [ 1289.974235] ? page_cache_prev_miss+0x310/0x310 [ 1289.974674] __generic_file_write_iter+0x2cd/0x5d0 [ 1289.975123] generic_file_write_iter+0xdb/0x230 [ 1289.975560] do_iter_readv_writev+0x476/0x750 [ 1289.975976] ? new_sync_write+0x660/0x660 [ 1289.976351] ? avc_policy_seqno+0x9/0x70 [ 1289.976720] ? selinux_file_permission+0x92/0x520 [ 1289.977168] ? security_file_permission+0xb1/0xe0 [ 1289.977616] do_iter_write+0x191/0x700 [ 1289.977973] ? trace_hardirqs_on+0x5b/0x180 [ 1289.978372] vfs_iter_write+0x70/0xa0 [ 1289.978723] iter_file_splice_write+0x762/0xc30 [ 1289.979159] ? generic_splice_sendpage+0x140/0x140 [ 1289.979628] ? security_file_permission+0xb1/0xe0 [ 1289.980069] ? generic_splice_sendpage+0x140/0x140 [ 1289.980518] direct_splice_actor+0x10f/0x170 [ 1289.980922] splice_direct_to_actor+0x387/0x980 [ 1289.981349] ? pipe_to_sendpage+0x380/0x380 [ 1289.981746] ? do_splice_to+0x160/0x160 [ 1289.982120] ? security_file_permission+0xb1/0xe0 [ 1289.982568] do_splice_direct+0x1c4/0x290 [ 1289.982947] ? splice_direct_to_actor+0x980/0x980 [ 1289.983383] ? avc_policy_seqno+0x9/0x70 [ 1289.983769] ? security_file_permission+0xb1/0xe0 [ 1289.984221] do_sendfile+0x553/0x11e0 [ 1289.984585] ? do_pwritev+0x270/0x270 [ 1289.984934] ? wait_for_completion_io+0x270/0x270 [ 1289.985370] ? rcu_read_lock_any_held+0x75/0xa0 [ 1289.985787] ? vfs_write+0x354/0xb10 [ 1289.986131] __x64_sys_sendfile64+0x1d1/0x210 [ 1289.986539] ? __ia32_sys_sendfile+0x220/0x220 [ 1289.986963] do_syscall_64+0x33/0x40 [ 1289.987301] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1289.987769] RIP: 0033:0x7f24f4026b19 [ 1289.988108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1289.989749] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1289.990435] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1289.991077] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1289.991723] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1289.992362] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1289.993000] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1290.002546] FAULT_INJECTION: forcing a failure. [ 1290.002546] name failslab, interval 1, probability 0, space 0, times 0 [ 1290.003635] CPU: 0 PID: 9310 Comm: syz-executor.0 Not tainted 5.10.222 #1 [ 1290.004264] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1290.005028] Call Trace: [ 1290.005278] dump_stack+0x107/0x167 [ 1290.005620] should_fail.cold+0x5/0xa [ 1290.005975] ? create_object.isra.0+0x3a/0xa20 [ 1290.006404] should_failslab+0x5/0x20 [ 1290.006757] kmem_cache_alloc+0x5b/0x310 [ 1290.007136] ? pagecache_get_page+0x243/0xc80 [ 1290.007563] create_object.isra.0+0x3a/0xa20 [ 1290.007977] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1290.008450] kmem_cache_alloc+0x159/0x310 [ 1290.008841] ext4_free_blocks+0xef2/0x2200 [ 1290.009246] ? ext4_mb_new_blocks+0x45c0/0x45c0 [ 1290.009787] ? _raw_read_unlock+0x1a/0x30 [ 1290.010158] ? jbd2_journal_extend+0x160/0x6a0 [ 1290.010580] ? __ext4_journal_ensure_credits+0x263/0x2e0 [ 1290.011067] ext4_ext_remove_space+0x1ef7/0x3d90 [ 1290.011520] ? ext4_ext_index_trans_blocks+0x170/0x170 [ 1290.012004] ? ext4_es_lookup_extent+0xaa0/0xaa0 [ 1290.012435] ? down_write_killable+0x180/0x180 [ 1290.012847] ext4_ext_truncate+0x1ea/0x250 [ 1290.013232] ext4_truncate+0xc38/0x1160 [ 1290.013589] ? unmap_mapping_pages+0x117/0x2a0 [ 1290.014005] ? ext4_punch_hole+0x1070/0x1070 [ 1290.014409] ext4_setattr+0x1684/0x2160 [ 1290.014766] ? current_time+0x1e6/0x2c0 [ 1290.015136] ? ext4_journalled_write_end+0x1190/0x1190 [ 1290.015607] notify_change+0xc28/0x1160 [ 1290.015974] do_truncate+0x134/0x1f0 [ 1290.016307] ? file_open_root+0x440/0x440 [ 1290.016680] ? lock_release+0x680/0x680 [ 1290.017054] do_sys_ftruncate+0x4e2/0x870 [ 1290.017432] do_syscall_64+0x33/0x40 [ 1290.017768] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1290.018225] RIP: 0033:0x7fdb13aeab19 [ 1290.018559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1290.020188] RSP: 002b:00007fdb1103f188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1290.020867] RAX: ffffffffffffffda RBX: 00007fdb13bfe020 RCX: 00007fdb13aeab19 [ 1290.021496] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1290.022128] RBP: 00007fdb1103f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1290.022758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1290.023387] R13: 00007ffd9e9c2faf R14: 00007fdb1103f300 R15: 0000000000022000 [ 1290.027373] attempt to access beyond end of device [ 1290.027373] loop1: rw=2049, want=276, limit=128 [ 1290.030401] attempt to access beyond end of device [ 1290.030401] loop1: rw=0, want=147, limit=128 [ 1290.034524] FAULT_INJECTION: forcing a failure. [ 1290.034524] name fail_usercopy, interval 1, probability 0, space 0, times 0 10:57:40 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x0, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:57:40 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000000)=0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f0000000140)=r2) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) fsync(r0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1290.036395] CPU: 1 PID: 9311 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1290.037585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1290.038855] Call Trace: [ 1290.039271] dump_stack+0x107/0x167 [ 1290.040009] should_fail.cold+0x5/0xa [ 1290.040661] _copy_to_user+0x2e/0x180 [ 1290.041312] simple_read_from_buffer+0xcc/0x160 [ 1290.042109] proc_fail_nth_read+0x198/0x230 [ 1290.042837] ? proc_sessionid_read+0x230/0x230 [ 1290.043619] ? security_file_permission+0xb1/0xe0 [ 1290.044417] ? proc_sessionid_read+0x230/0x230 [ 1290.045063] vfs_read+0x228/0x620 [ 1290.045561] ksys_read+0x12d/0x260 [ 1290.046066] ? vfs_write+0xb10/0xb10 [ 1290.046611] do_syscall_64+0x33/0x40 [ 1290.047136] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1290.047872] RIP: 0033:0x7f6c594c969c [ 1290.048404] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1290.050981] RSP: 002b:00007f6c56a6b170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1290.052081] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007f6c594c969c [ 1290.053091] RDX: 000000000000000f RSI: 00007f6c56a6b1e0 RDI: 0000000000000007 [ 1290.054131] RBP: 00007f6c56a6b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1290.055150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1290.056150] R13: 00007ffd8ecf288f R14: 00007f6c56a6b300 R15: 0000000000022000 10:57:40 executing program 2: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x0, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1290.103575] FAULT_INJECTION: forcing a failure. [ 1290.103575] name failslab, interval 1, probability 0, space 0, times 0 [ 1290.105196] CPU: 1 PID: 9315 Comm: syz-executor.6 Not tainted 5.10.222 #1 [ 1290.106162] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1290.107331] Call Trace: [ 1290.107747] dump_stack+0x107/0x167 [ 1290.108273] should_fail.cold+0x5/0xa [ 1290.108822] ? mempool_alloc+0x148/0x360 [ 1290.109400] ? mempool_free_pages+0x20/0x20 [ 1290.110162] should_failslab+0x5/0x20 [ 1290.110724] kmem_cache_alloc+0x5b/0x310 [ 1290.111328] ? mempool_free_pages+0x20/0x20 [ 1290.111964] mempool_alloc+0x148/0x360 [ 1290.112548] ? mempool_resize+0x7d0/0x7d0 [ 1290.113164] ? perf_trace_lock+0xac/0x490 [ 1290.113794] bio_alloc_bioset+0x36e/0x600 [ 1290.114414] ? bvec_alloc+0x2f0/0x2f0 [ 1290.114985] ? block_truncate_page+0x76c/0xab0 [ 1290.115670] submit_bh_wbc.constprop.0+0x1b8/0x780 [ 1290.116395] ll_rw_block+0x1e7/0x230 [ 1290.116951] block_truncate_page+0x7d6/0xab0 [ 1290.117599] ? fat_add_cluster+0x100/0x100 [ 1290.118230] ? block_write_full_page+0x290/0x290 [ 1290.118927] ? inode_newsize_ok+0x18d/0x210 [ 1290.119575] ? setattr_prepare+0x135/0x7c0 [ 1290.120201] fat_setattr+0xa22/0xf50 [ 1290.120759] ? fat_free.isra.0+0x940/0x940 [ 1290.121389] notify_change+0xc28/0x1160 [ 1290.121989] do_truncate+0x134/0x1f0 [ 1290.122543] ? file_open_root+0x440/0x440 [ 1290.123147] ? lock_release+0x680/0x680 [ 1290.123778] do_sys_ftruncate+0x4e2/0x870 [ 1290.124404] do_syscall_64+0x33/0x40 [ 1290.124953] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1290.125710] RIP: 0033:0x7ff082d02b19 [ 1290.126260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1290.128951] RSP: 002b:00007ff080257188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1290.130067] RAX: ffffffffffffffda RBX: 00007ff082e16020 RCX: 00007ff082d02b19 [ 1290.131116] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1290.132166] RBP: 00007ff0802571d0 R08: 0000000000000000 R09: 0000000000000000 [ 1290.133204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1290.134256] R13: 00007ffd09dbd22f R14: 00007ff080257300 R15: 0000000000022000 [ 1290.138893] attempt to access beyond end of device [ 1290.138893] loop4: rw=2049, want=276, limit=128 10:57:40 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 12) 10:57:40 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x0, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:57:40 executing program 2: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x0, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:57:40 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000002) [ 1290.253763] attempt to access beyond end of device [ 1290.253763] loop6: rw=0, want=147, limit=128 10:57:40 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) [ 1290.284339] attempt to access beyond end of device [ 1290.284339] loop6: rw=2049, want=276, limit=128 [ 1290.284960] FAULT_INJECTION: forcing a failure. [ 1290.284960] name failslab, interval 1, probability 0, space 0, times 0 [ 1290.286706] CPU: 0 PID: 9326 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1290.287289] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1290.287987] Call Trace: [ 1290.288232] dump_stack+0x107/0x167 [ 1290.288560] should_fail.cold+0x5/0xa [ 1290.288919] ? create_object.isra.0+0x3a/0xa20 [ 1290.289341] should_failslab+0x5/0x20 [ 1290.289691] kmem_cache_alloc+0x5b/0x310 [ 1290.290066] create_object.isra.0+0x3a/0xa20 [ 1290.290460] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1290.290927] kmem_cache_alloc+0x159/0x310 [ 1290.291302] ? mempool_free_pages+0x20/0x20 [ 1290.291696] mempool_alloc+0x148/0x360 [ 1290.292063] ? mempool_resize+0x7d0/0x7d0 [ 1290.292432] ? mark_lock+0xf5/0x2df0 [ 1290.292758] ? mempool_resize+0x7d0/0x7d0 [ 1290.293123] ? mark_lock+0xf5/0x2df0 [ 1290.293450] ? mark_lock+0xf5/0x2df0 [ 1290.293793] bvec_alloc+0xd8/0x2f0 [ 1290.294116] bio_alloc_bioset+0x40a/0x600 [ 1290.294492] ? bvec_alloc+0x2f0/0x2f0 [ 1290.294831] ? perf_trace_lock+0xac/0x490 [ 1290.295204] ? SOFTIRQ_verbose+0x10/0x10 [ 1290.295565] mpage_alloc+0x2f/0x260 [ 1290.295880] __mpage_writepage+0x114e/0x1670 [ 1290.296259] ? clean_buffers+0x2a0/0x2a0 [ 1290.296606] ? find_get_pages_range_tag+0x5c9/0xbf0 [ 1290.297025] ? page_mkclean+0x151/0x2c0 [ 1290.297354] ? invalid_page_referenced_vma+0x570/0x570 [ 1290.297779] ? find_get_pages_contig+0x9c0/0x9c0 [ 1290.298175] ? mark_held_locks+0x9e/0xe0 [ 1290.298509] ? percpu_counter_add_batch+0x8b/0x140 [ 1290.298918] ? clear_page_dirty_for_io+0x216/0x7c0 [ 1290.299318] write_cache_pages+0x57f/0xe50 [ 1290.299685] ? clean_buffers+0x2a0/0x2a0 [ 1290.300023] ? clear_page_dirty_for_io+0x7c0/0x7c0 [ 1290.300446] ? __lock_acquire+0x1657/0x5b00 [ 1290.300808] ? fat_add_cluster+0x100/0x100 [ 1290.301155] ? fat_readahead+0x20/0x20 [ 1290.301472] mpage_writepages+0xd8/0x230 [ 1290.301813] ? mpage_end_io+0x2c0/0x2c0 [ 1290.302140] ? fat_add_cluster+0x100/0x100 [ 1290.302488] ? lock_chain_count+0x20/0x20 [ 1290.302841] do_writepages+0xee/0x2a0 [ 1290.303165] ? page_writeback_cpu_online+0x20/0x20 [ 1290.303577] ? mark_held_locks+0x9e/0xe0 [ 1290.303915] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1290.304342] ? ktime_get_coarse_real_ts64+0x15a/0x190 [ 1290.304764] ? trace_hardirqs_on+0x5b/0x180 [ 1290.305117] __filemap_fdatawrite_range+0x24b/0x2f0 [ 1290.305532] ? delete_from_page_cache_batch+0xa30/0xa30 [ 1290.305962] ? current_time+0x1e6/0x2c0 [ 1290.306300] ? fat_truncate_time+0x5f0/0x5f0 [ 1290.306656] ? fat_update_time+0x111/0x220 [ 1290.307008] filemap_write_and_wait_range+0x65/0x100 [ 1290.307424] generic_file_direct_write+0x391/0x560 [ 1290.307854] __generic_file_write_iter+0x235/0x5d0 [ 1290.308271] ? iter_file_splice_write+0x16d/0xc30 [ 1290.308684] generic_file_write_iter+0xdb/0x230 [ 1290.309080] do_iter_readv_writev+0x476/0x750 [ 1290.309467] ? new_sync_write+0x660/0x660 [ 1290.309810] ? avc_policy_seqno+0x9/0x70 [ 1290.310151] ? selinux_file_permission+0x92/0x520 [ 1290.310550] ? security_file_permission+0xb1/0xe0 [ 1290.310957] do_iter_write+0x191/0x700 [ 1290.311276] ? trace_hardirqs_on+0x5b/0x180 [ 1290.311657] vfs_iter_write+0x70/0xa0 [ 1290.311989] iter_file_splice_write+0x762/0xc30 [ 1290.312382] ? generic_splice_sendpage+0x140/0x140 [ 1290.312793] ? security_file_permission+0xb1/0xe0 [ 1290.313191] ? generic_splice_sendpage+0x140/0x140 [ 1290.313590] direct_splice_actor+0x10f/0x170 [ 1290.313962] splice_direct_to_actor+0x387/0x980 [ 1290.314363] ? pipe_to_sendpage+0x380/0x380 [ 1290.314716] ? do_splice_to+0x160/0x160 [ 1290.315041] ? security_file_permission+0xb1/0xe0 [ 1290.315444] do_splice_direct+0x1c4/0x290 [ 1290.315787] ? splice_direct_to_actor+0x980/0x980 [ 1290.316182] ? avc_policy_seqno+0x9/0x70 [ 1290.316519] ? security_file_permission+0xb1/0xe0 [ 1290.316915] do_sendfile+0x553/0x11e0 [ 1290.317234] ? do_pwritev+0x270/0x270 [ 1290.317550] ? wait_for_completion_io+0x270/0x270 [ 1290.317963] ? rcu_read_lock_any_held+0x75/0xa0 [ 1290.318343] ? vfs_write+0x354/0xb10 [ 1290.318654] __x64_sys_sendfile64+0x1d1/0x210 [ 1290.319037] ? __ia32_sys_sendfile+0x220/0x220 [ 1290.319433] do_syscall_64+0x33/0x40 [ 1290.319762] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1290.320181] RIP: 0033:0x7f24f4026b19 [ 1290.320495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1290.321993] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1290.322637] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1290.323235] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1290.323843] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1290.324417] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1290.324996] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 10:57:40 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 13) 10:57:40 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 16) 10:57:40 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x0, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1290.456765] attempt to access beyond end of device [ 1290.456765] loop1: rw=2049, want=276, limit=128 [ 1290.461923] attempt to access beyond end of device 10:57:40 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x60500) ioctl$BTRFS_IOC_QGROUP_LIMIT(r1, 0x8030942b, &(0x7f0000000140)={0x8000, {0x24, 0x7, 0x1, 0xfffffffffffffffe, 0x2}}) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = epoll_create(0x4) ioctl$BTRFS_IOC_GET_DEV_STATS(r4, 0xc4089434, &(0x7f0000000500)={0x0, 0x800, 0x0, [0x80000000, 0x2, 0x2, 0xe1, 0xdb1], [0x1ff, 0x9, 0xfffffffffffffffc, 0x4, 0x0, 0x1, 0x4, 0x4, 0xffffffff, 0x3, 0x3f, 0x1000, 0x7, 0x3f, 0x20, 0x9f, 0x544fab1f, 0x3, 0x1, 0xffff, 0x72b2, 0x1, 0x0, 0x140000000000000, 0x1, 0x3ff, 0x8, 0x0, 0x80, 0x1, 0x100000001, 0x3, 0x9, 0x1, 0x6, 0x8, 0x4, 0x0, 0x2, 0x9, 0x39f80740, 0x5000000000000, 0x9, 0x18000, 0xe81, 0xf2f8, 0xffffffff, 0xfffffffffffffffe, 0x7f, 0x10000, 0x8001, 0x5, 0xa1b, 0x2, 0x401, 0x100000001, 0x3, 0x8, 0x4, 0x80000000, 0x3, 0x5, 0xd3ef, 0x401, 0x9, 0x62fa, 0x7, 0x400, 0x1, 0x6, 0x6, 0x0, 0x8, 0x1ff, 0xa7f, 0x8, 0x7, 0x6, 0x2, 0x0, 0x81, 0xa501, 0x0, 0x0, 0x7ff, 0xfffffffffffffffe, 0x3ff, 0x6, 0x5, 0x1, 0x1, 0x9, 0x5, 0x4, 0xf2d3, 0x0, 0x0, 0xb5d, 0x3, 0x3, 0x401, 0xfffffffffffffff7, 0x7, 0x80, 0x200, 0x6, 0x5, 0x10001, 0x0, 0x3f, 0x5, 0x1, 0x10001, 0x3, 0x101, 0x1, 0x7, 0x401, 0x7, 0x401, 0x8]}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r5 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r5, 0x0, 0x0) getresgid(&(0x7f00000010c0), &(0x7f0000001100)=0x0, &(0x7f0000001140)) semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f0000001200)={{0x0, 0xee01, r6, 0xffffffffffffffff, 0x0, 0x4, 0x2}, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f}) fcntl$getownex(r4, 0x10, &(0x7f0000002bc0)={0x0, 0x0}) getresgid(&(0x7f0000002c00), &(0x7f0000002c40), &(0x7f0000002c80)=0x0) [ 1290.461923] loop6: rw=2049, want=276, limit=128 sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002dc0)=[{{&(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000200)="b3ff0a44a0d26b7c1c8efda03837de", 0xf}, {&(0x7f0000000240)="ec92f126d13f1950866be1d243fbaa02e4c6d29371723a8f52bc6a13ce458d3add7626e337a57e68c0e437a94614b671a159c821e4d137bec7da47c9fd4374bca1801f934d", 0x45}, {&(0x7f0000000300)="9b87ce46ec3d199b88430c55aadb411902d9938c1420a4a40f3d7d756550fe7fe50192a5dead882427afe8623f0f5c48d8c7b488d3afa9d9b4d1d4a4df96ab8f65ef60331e1d6684154435fa0e", 0x4d}], 0x3, &(0x7f0000000480)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee00}}}, @cred={{0x1c}}], 0x40, 0x20000000}}, {{&(0x7f0000000940)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000000a80)=[{&(0x7f00000009c0)="92401c8a195a50453638ce75b20acf4f98093221c06fa219c04138979626f13387425fd068643e31a8afc86573e4ee3b9eb82d17d4cc87da360cc76f8ca8a596a0eecfee7c5d2f5d15fae559c50f15833166d4f07d1d6c2c60c26ab51ecef319de42bf7036e793d21cf48894280deb6922578fce2273ad62a9ac37bb4f9347ed8935b7e2c5bc49cec26ae1226c02fd48", 0x90}], 0x1, 0x0, 0x0, 0x4800}}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000ac0)="32879bee9a5713c81d0324193b0c6f674ceab06a2cbf52dd8251ce19246b820473531004ee822a5804a8a3f59f428484959316b5e87f875c999a195fdeecb6762904f18e796e67e5db85918e777b29af10ee49bb19043f4038d2cb24cfc8f00145c7f6f5f0ecb6ebd603ad9f3578093daa0cba9412b65c50e31898c2f7efb336bd25616d45922bd19839bc4a5650c9e5fd4ec5effb931bb2c2dccc331d5413d55387c346bfc779d14878021d0a5eeb1c95663b00132b4557003c55707f2576e9fe3e6f5c6d6c99e4a1868a507c4fc2f252a7", 0xd2}, {&(0x7f0000000bc0)="c2729f34cfa0c7d5f88f06ab56a8bd63a95ca85c68d15a6d75a9a00412cb06de9ec3ec229096d1c5ec6637e2cfa01ae4cb38a27c89703c50ef1cc465bf9cbc923e67504593697517baf271f9f1c95ef251e702c5e490de756c444ab8fb27bfadc737fb2ca88839a02fa874e5c8b2331b6d95cb9294a9f9a69c895054c8a3e733e9af", 0x82}], 0x2, &(0x7f0000000f00)=[@rights={{0x14, 0x1, 0x1, [r3]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}}}, @rights={{0x20, 0x1, 0x1, [r2, 0xffffffffffffffff, r2, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [r0, 0xffffffffffffffff, r4, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @rights={{0x1c, 0x1, 0x1, [r4, 0xffffffffffffffff, r3]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r4, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [r4]}}], 0x130, 0x8000}}, {{&(0x7f0000001040)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000001540)=[{&(0x7f00000010c0)="5ebdafbf1e804f89b307ecea2a4041797d176c5f64969823beb32a0f468738127f726733930a9a21a5e974287051a222b5", 0x31}, {&(0x7f0000001100)="edb02f1c0daaf61a19dc670893c7bedd396ad7dbf7e44adab39759609f932de3c39c393a40bf5d6937d9faafb341d462c21ad4da5fd1901bc315be769018d32eb2ad69bb8224156686fe65a7a6faaf1c872577b5b217bab2cdb38bc67d183b2347aaa6f964220349", 0x68}, {&(0x7f0000001180)="45a417f6e89c6a8cce13613526ae3c0888591a1bc39bc9c76ee26909f1ba8e903dccf4b87e4b8907d523faeb21e471eedac90dd096654d1ba6b9563819843a8f069f386283bddc8c976502c592da834ac2e85da7a02751c2ae152569c8eb0603cabdcd05bfbc742a29273590bd40ab4a25527922be4b03e310d445736785d2369c624016fd0b28ba3c7ea1ccc9655d07a24e5b61713e4452c77535d27ae32289021ae09b10fb0f6568672dd2633a8a0b1dbd6a49c4971ff1ece851584e829ce03c866190044325bd2b0e2a18567d21852bc6101a8948eb17241090399e8b9472ff1a96f2ca9ca596a74d9886d3", 0xed}, {&(0x7f0000001280)="79c17e331cd1dfb3385686674b965dccc9faf2f70f978e38463b36276e95bae37efaec6bedff3c2e798edfab06ba95683c456510c5e1244acf433fc3b6712b6c10f9fbbe4014fd56dde851f094fa1d5ec79eea3e07f087a9e99de3a3145a54b5db39c29edeee6bcf5268aac4e970b9cb90a3bca9a54b63e661645f9097be8cdc3fb4a17e981f12e76aa972740cc0ecef3c4427e9b3d38ef9d8f62431200b96bf494d243220d47c0411ad131398fd88a8a19d482457810537", 0xb8}, {&(0x7f0000001340)="5832dd4d3cad463edc7ea7c08fb6bcba070c41a9bb69db6c2a6745e6a8a5f3d53b838ec4155d53f3c1f49bdc497cde39395fddb634059e2d44ad94e30cbc0e84b9aaef2eb727ac86ffe07bccc1a45144b3a0b0878a4b417f5b6d87a8baaa1ca1601ae2efbe6c5d28d5bbacd1c8790699a05f478f6996c0cf4e2e08d3178e4b1efa6e1c790cf8551894c3734adfcdf459a649b4d7d2120aa81746668cb209f5a204bd4885e3dbdfda0e86b196810e0ca02d37bd48995af32faa3b487a3ae2b39ed17226794124abbf7f446f13d1c8ca6d514b254f", 0xd4}, {&(0x7f0000001440)="6d20c92226e80b659494597daec7b94914be4f01ef34b22f2e3eb55b9a9d5f81b0a7effc6013691472a6ee1b484a90fe45e94ba9", 0x34}, {&(0x7f0000001480)="d9f99c4338e017fa7a4bfe98f3d2e9b6eb4c7748b88ccf0ee3fd2b766b28f67dea663cc155c560789d69f1cd1d5518c81eab029fbce4588261ff9f82f2e6aa81f2e0fe9ccd7830d1074896faf0", 0x4d}, {&(0x7f0000001500)="d124a8ed2abca547b68a44f38c7894a2fc75f0e3b6c22b45cded2c19e069fcd7a31fef1d80cdbb2f", 0x28}], 0x8, 0x0, 0x0, 0xc1}}, {{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000015c0)="30690af12d657b2dc6cb6c5093913ec5e8251ac4098f5ded9a1a154fdeced7e9a514eaddbd45340fc2f1a0c694465f1da97877f4c8c25ea48b088eb58689bc856069b9e315088e23c376925fc3a4f2ae34c67804d05c55298e76db7566a4871baed6abd8d196d24298091076d6221f8e955bccb37b14d85c16a7e6d9ee4ca7eb35ae8fa417ad6a915bd01420cc9cf8e41eabda3d932860583735a8c81336cdb1fe046400eca21c874758150eae9cd08ac6492166c6db314300276486f6cb855620882a9a3a554a12dbe909257610e3c63eba7f97f0e3d931e996e62681b4e1f289d935", 0xe3}, {&(0x7f00000016c0)="37f97fa8cc207e388fe2c7f529e5da10dc7eccd4b5d35a5dea88ec7a26dc06acd82facb5bab524ad8f295efc2aae4371181bdd4e55b89213ecac4c91dfc5e1abf078cf89d982ac06a3939576dd63e456e59357525b378763948d257d8f053fe6bdcdc00514870b9f1e7ff8ab4987d76eaed8d79a49a56a6c", 0x78}, {&(0x7f0000001740)="c17982fa72611372145ab75440b30dcd4558b9e572", 0x15}], 0x3, 0x0, 0x0, 0x4000051}}, {{&(0x7f00000017c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000002a00)=[{&(0x7f0000001840)="543abcc2064493e5a228bdb9d6e5fc621127f41cb2ed3917301be0d1e2e2f5758f5f44c086275c8a7a38821f5e4971f5843cb4d100633b777433f28e4abc0104a0c20e7cb911a435833c5a22ea7565f40a7edf575db2d0b309efb4f84e440844bee82a5cff1c0ef10385137b3bb12d373459fc6d7bd325a8cee6ab74fc24e58cbd6d4489193f3053806819054699f49d6e1c58e039c52682c1569bd42e92b41e4f9a33bc74ff72b40703450314250e8bde61bc2ca64575b725c3a343d14f7d3b1753824ee8029d76ec539c75a443ebdd36a931a55e2f858311575ffb2e886338852b295821b82315fe1a8186fca1a737b1c82376d34e045d71c5be715312456f9540322c55142b9661fda8c22c490b5e6247e9f1897f496342f8524b30b15b62079843a2f25ec60bad025d78dbf258cc97afedda1b53dad89e539599c6442260422c27e9808f085325dec54e5e5fdccea098a72c28944e385ee4959257923d792ad730de5cc2b3bd552576fc516453b7e18e72f0a52083d4cd35c814a3a0372303bab01cf5a56e5ffe18f9875e054a5c9ca134824499d621365999029c2cbf75514f0ee1b96ee3aefaf84f1a7cfbb33356de7dfab19ee54dc5e38211d7c9f868e8c9eaa9a6cd227b63fdf34ff98b05a2e8a67ce14b13b0e1e8046e79c4fafb7df023567e363ef5662e02cf2f85070a103f29bebfcffe1c086be4aed8d857d82e9b455649f3625443442f937f766899510eb3c02bd89f9b030410d5805d76ee76ca1f80ffb2020143d6a30cc4608b69afa2baa611e84b17ac7d710c5e597f5dc2d2640ac5eab00240f1839e1829af50a60d0e18823200e877d824947bf9f91d30095c5bad71bb7af1601b9e6b7853f44fa01ef3e3cb96d9e3d835f758de46dae316264ef91702abfd0d5054265e1595bb60b78bb080311de293f0a644436009ea1eaa1dee94e9cf5a5d917b84780221c9f430a76c948a21ed9daff19e5f8440711b813b7c17bf8fe8d3d95fbec304012dc1e436657ccb75f0620f72ef74de18c2102c2f96207b673149010ab513b8976a9a48038f445dc0b6bdcad6fec23a255aab72e532bf42b3230cb1e7c2fde7e3b7905772fd8f691a7907e77364cef4a3b0a49102a82e75168856a18579c44953241ffcc4df2e3885139a359f3b4dc4c3efdbcc12c8c90c6016c6fff709ff01b70e8bf6dadd13ef0e7406b0f5f22a6e1ee6e6403b6e975e96497581e7c1c505578078f34ee42dba1fbceab267ce1dd3b6fbe7e4c1e64192a187e536add24a371371930400694cf2da4a51a2e91b6b8075d7e888a10b40898442c1583f05a31f2faa83c6d74582e2212d3ef324d316b57b4ca1240e042e4747771213ab4203b33c22ff8d71e09d9b945d1e9cee035efa2804e772012c0aea2b73085c96d1f5be3bb56344af7430f79c9e8ae304a7e2d32ee8baa82abcfe280bbbaf0de552f9756d7c38286d97d0a48f79078ec3bf8cf64fcb807a0118cab1e47d77fa376cf0d3968c5721724dbcdf57fe8cc51a4973c0c64447757afa1d239eb4156965244257d403199a8ce2c7e514ccfa74d8d061d82f5254e13fcd40673353a3992f6b5ac4bf2d99a76b130e33619b594a014537b37b229ff8f200e62ffef560f677c859878358b68ef5aa31593f1ff8f2950751a8f9e6d59dc9eb1a4f33cbcef0bb12cbbc2783e5010ad40c29015d6756d439fec1503806df734801fcd48249dd5e9c260b051c6a9408da9a082a20ac096c8a89dd9652484e8789e24999a1ae72c34c18f3b688bc7223825d28cdbf64afa0d931ffa95a608132445dff51fa2f06677ca9039c22196215be472015a96aa0ac44d739e689fd73a58557608d6352664c86c38e2311b0b7e07de43fa1478de9eaab4a0896a6b986b893c82410a0ff977a2d020b2a608d4a05be58ddda5c7eeb68275e68b18076ffcd4b247a09207ee237d5b74490c0aac6dece365ae13b3b16fdfe5ffe7564bf9b4f998924bbb73cdfc4c58e8ad79b1e63d821396c42982bff31c48c1d765f25c856bfb69270051eeffb950808b685dcb07bdcdb29c4397cc3e3e681eaa20ec3206fa232a37276de4f17993e5641c82c55c3a00320b9be35b1ac7c70dd07ed012c7b496d3b8f10575adbb7c29c4f295649b7d37bbd93ea43988e2fcc8ecb9e105e7e630ce26b8f17a3b444f960a92d2037c7b4267f2d90ee53da7d32254f3d47286644068f9727bd16e2aff8135ce6166f544220ebbeabff406aab80ec930a83b2e3ea6810b3aaa423badf6986bdfaeb68fbe98a65c29b84033e5c0030f4e509b80703e663998969633e619dcbe5eaa8e3979ef0b4f310af41a1c4cb060f103babdfa8801bd858357282edd2f68acc8632e90c78e022487d5729388555ce1f11995ef545d72158029023741b612190f9b2ab1da5ca5f6b7af6bf5c6e385b0b661c7ebb440e7c68d2ac2e3dab41173cb52f347dd5933fccc1e0944e4dba78e0c11e55aad0011619b5ac7a0503f336bd7bf6d7ada3ac5b8802ec612d5fbc8325c72034d223ae8961daffab59ebf411b19f1b328b8c0d3fd3e5ecddb3054999b00c9480c8b1fb02776d4cf001893741bad24f03004d30b0433029a16c8d8e66a4349ef8378cb98c6d1ec28c839e37744f7da634411336cf175a44fdecde13e01d7b1dac59e8dc60f1a1eb7fe85f9d520d471f764f23fb0d042916a8159b8355e35e4d69efff7d174677fbc86552ee17c0c81b29c4e821636541201dcdf6699d43533ec5b230888121dff7852b43b0b55b6a1657b6d31f349f436ab881ddcde1978fc7fecf98aeebde4db1cc77a1fef806d145ebb5162549b77fcfaa8e3c20a6d6d805c8bda2904b7cab86a523d824559744993f8e16129a4118e67006237a525b86d1b68d3f14b27a78fe816a36164160d542fd0ffbe8e70524bde62c438e02d5d20fbe642eff841e22fc861b094612c505d03483e96bb9372919c960de902443e74d99703cdd40079d0ce06309dcb8bceeec7174f41fa4d005acf159116ad585aefb0a41237ec5e7bb0f88f64c8841005543d2d3d9166c4e457c69b20dafdb9a36ad637ddeba23ca1a0cc5a029f76a6b53b39089dabe291787e1a74951e5f99b72ab0591d49bcc0788fcff8754b36388ac4e274f17f22305251e54865c3895bf1471193e1a6ca89e0381cc554dc2b88a7b2665ee848cbf9a1fef75987db10f33b1b1ee6bd0ee7e7f2a02bd7d84c6ed2c09c112419ec4d8c8d3d5be2b78a7446730a28f8466386a9dd23b5b8c68450a4c0e31ef5c589f7f2c71375befa29121a87c53fe421e7850bab153fb916e5bcab704068d93f86dcc45feb74bd3d68226d4e35b7a0585ff846fe3a31fcc53144e9f3abefa3d1d976543f3fe3a401f8c017fdd22be95237d817ed0b006dd4d231b74a1e186974e6251abd398c28d40e6384d94d50c84cfdb8eda9b357df2e94f69aee939adb0ad8efd54f4bb79522f8f9c9e094cea1c43672b47da13644680c6357642a7ec19c7a3b3264c86e8de9b34d1dea659a8102b78e4c5f1a506b424af45dcde8bc03c3a2870d2b4ab9768d8a2a616d7e515646c9bd23696e854c8879571d74edb75d68d3454c09f48d0b3e6220a406bce7342ca1fe6b8c0590102db2e03ae7d885962a49bd7ae088abd385a4adc9a130c01880b437dccde3daffded9b97f2ed670814686730cf8a5ce138b21432a2bdcdc42f2443e978cba4da24f82b196b6e23ea91171f419d5554aa4347a570d471f04b3a51cf12dd427569705660ecd6c2da32ba7d0a82a63cb6dd4a6b50f8ee845f46b597d38173a759b4ccd353ab3d1dc958f5ef8912b8f464955b830d9250fb83aae98ded969a61d51f822fe84c8b8b7bc0df3ce73830f4cc6d76b0554be3724de910978d8b6f35d57c3566dc352621782d812798c72a415a571363ff497c8a42089ff75ef38bdf7a4cc060430ef9c9676ff02295b359183d31a6ad8031e482546c4a72593cddbc9fcf246749aab78f931d8b35ee250bd614df5d3a71ed171f97c674ce4d39db30d4df0bfa12d458c078fb8514cadd9dbc54d62caefcce49a4dbd3d903e6e75ad147d966fe9f413b64cf0e63f3fd0cbd4d8acf52cb3c93490efda850c982bc13d8b0e1138852f27e05614ca4dad0fc83159e640b027708682ac11c5032cec534f938474ba63508fdf411f23e2363187f2bf22d8a4efa278f9897ceddf573f8f65c1431e96fd1adcc0ef6c0c781f23189999b153e0e306829ad4911e35cbd6608e0fba9ba99cbcaecc4f9e53872e8385e08f862bc1b9e29cafb2dfdfd5cb672625fbe4d4163cdad33b537f3b52ef4b2e74658cd7c4ffde21845b384b2584edd8d6d7c83b16ce3f7738c6f6d34ee26808963a57d6a583828511137a349031ab316b1dcc8040d804ecca2e0d3019c3e20ee86c73db7aea028ac3dd5dd6721e7017385101c5dc21fd31d2419b2600e58a687a2a1fbc08809dfac09d712d982d9b5cc164e8dab80cfea10d1675f4deca031c59d96e93b5e65ec058b06e957e8579ddac1c49b52a69a6af5d032d684b8629e4f90db70f960d8d8c5cab94017820cdce423051725b6686596b38229e6fd37104e4a0657798fdfa51fbd5a31119693d073fe030c6b9efa072a03e0038feedf63a3bfbe45140a92b94e4b0aaf7c0bf45ce0b8bcc4360fc7db47945423ec866e6e66c7f51ad14ff51da9b65f2180a3c48f13bd66dafc649b886d940593c09a907ed159daf33307b8c769c1757f05c17995b65edfdbe3478e5e4ac93eb8cbe1ca44f57108f02c0457fcd80faa80cb5f90c9ff68d3889dfbbd9af214acc6fffdd44119b0b6b7caddf3045671916325ba4a35632672c6620933c16e40276247c7a8e58be1f6acc71c6ee70aa798dc2e9a257b61997ca2e34e33beac7d868bfd22c5f5592e97f1494e75e30ed1a40bda6aa0bd70976a416f99a2143c94d91c33148fca296ff358e26149b174935bd3f269ba4ae9ff2c1ae0cb815eab800aff0be19217e511630e0ee2a76331ec2031365db3145ddc070aeb4a1390ae5f3e49d2e0247488d3e5471331375674df633219607e65cb7af9de8aa2fcc22c9f7627a373d44d29afd2a4e92dccc536b6a6e9f07e00995fcd03958dffd1a48c63a6adf2edf9d79dafc19cf68271585a78c73b1582532da4b4be4953f9b18ab20f0260aebf127810583550d79addd6dfa6995f1e4edb62ae96336823add56790c6dfc5514b3bd39908a4dd1e9a3284d2a5e37066627bbe9668a9faba486a3b8aeb7b9a796cba130229d634508477dffb825aeeade523397a6a4bf4b369229208278404193211276012922aca79784f1d13a6b39f0dc95be178fc9ed8b24c5a83dcf3a8bf939a7fe880e8687846b886e9b26962e7637e6dd8aaacb5b5a84d9d3463c2a4ea98fb03a4384d016bc422d85b68a055ccdfbc08978dea0bfe7b97cd09f608492f5070cdafd1d2736d6a481c7f87d188be3744474c2cbb3e43e434f7c816ba35d8cfe2a4591e1217a01fb920f0971223b8e64ada905a73f7acbe5eb8ecae9cb3c284f1baf59ace909949175b4112318203724f2535763332b473224a6ae53959f9afccacbc8989676fdb743f280645e487cbe1f23279e38724acf97c4e105eaf5231a7702f9f58d5fe1145424a356b46fa0936ba7cd6b1742f0e1f69f3a8495aec81263cea312115d2a76d7904998ba9bf6468744ed2d8f433fd3ae78f4576ee7a47f2553cd825c3bb479956021cb82143e40ffc196522ccb6ab046503703e6784ad58d89b6f9bf5042a8b5b6f", 0x1000}, {&(0x7f0000002840)="0f8a566c9a0e7abd9a0dd85e6d3584d46a5ba9e6788be6cd6c482d0b6065cafbb3ea9b5accdcecb33fefc8f49c8986dc69504e2958b03bc921eb4766e3e848f0938ce340806028fe62b3af68802fe0e403dd5ad2ad76a28729e315d2984fe1b51340e9bc35ef785932960c43fbb739d5f6d7c078d5071b1c5f8138580110cf29d8fa492c79bf1e1666418000a2cfb338d281a27ea1f315da0a950554", 0x9c}, {&(0x7f0000002900)="7331a65f4b25eee9accfb09bf8524c951a060c814712b126890e0de4fe108c0767a8c7e3d4d31e9a45c3a70ffe3fe45fddf4fa38017df2b0f68f65820c8c73b6dd51f50689bee6d2df0c2582", 0x4c}, {&(0x7f0000002980)="b6318efdf81225f09a73502e8b00e85e5feb4ca8e6d342e6644f5e27bc9482f3dd89ce20b2b67e2c394436125df67214e824e134b78b5e742abf7fb9a2b1e7540e898e4d6984dbb44464f9f775b2a706eb6d3fe8be27d40565f0716e887ccaa58d32898f8f8879cd6193c2848c0ad02084adc4c0e6f2609781a003c1b1", 0x7d}], 0x4, &(0x7f0000002cc0)=[@cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff, r1]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r3]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r1]}}, @rights={{0x28, 0x1, 0x1, [r4, 0xffffffffffffffff, r0, r4, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00, r6}}}, @cred={{0x1c, 0x1, 0x2, {r7, 0xffffffffffffffff, r8}}}], 0xe0, 0x4000080}}], 0x6, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1290.470288] attempt to access beyond end of device [ 1290.470288] loop6: rw=0, want=147, limit=128 [ 1290.471110] FAULT_INJECTION: forcing a failure. [ 1290.471110] name failslab, interval 1, probability 0, space 0, times 0 [ 1290.472658] CPU: 0 PID: 9342 Comm: syz-executor.0 Not tainted 5.10.222 #1 [ 1290.473212] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1290.473427] FAULT_INJECTION: forcing a failure. [ 1290.473427] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1290.473882] Call Trace: [ 1290.473901] dump_stack+0x107/0x167 [ 1290.473916] should_fail.cold+0x5/0xa [ 1290.473937] ? create_object.isra.0+0x3a/0xa20 [ 1290.473952] should_failslab+0x5/0x20 [ 1290.477312] kmem_cache_alloc+0x5b/0x310 [ 1290.477646] ? pagecache_get_page+0x243/0xc80 [ 1290.478011] create_object.isra.0+0x3a/0xa20 [ 1290.478371] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1290.478786] kmem_cache_alloc+0x159/0x310 [ 1290.479129] ext4_free_blocks+0xef2/0x2200 [ 1290.479486] ? ext4_mb_new_blocks+0x45c0/0x45c0 [ 1290.479883] ? __ext4_journal_get_write_access+0x1bf/0x2c0 [ 1290.480344] ext4_ext_remove_space+0x1ef7/0x3d90 [ 1290.480746] ? ext4_ext_index_trans_blocks+0x170/0x170 [ 1290.481177] ? ext4_es_lookup_extent+0xaa0/0xaa0 [ 1290.481560] ? down_write+0xe0/0x160 [ 1290.481864] ? down_write_killable+0x180/0x180 [ 1290.482236] ext4_ext_truncate+0x1ea/0x250 [ 1290.482583] ext4_truncate+0xc38/0x1160 [ 1290.482906] ? unmap_mapping_pages+0x117/0x2a0 [ 1290.483289] ? ext4_punch_hole+0x1070/0x1070 [ 1290.483660] ext4_setattr+0x1684/0x2160 [ 1290.483984] ? current_time+0x1e6/0x2c0 [ 1290.484319] ? ext4_journalled_write_end+0x1190/0x1190 [ 1290.484743] notify_change+0xc28/0x1160 [ 1290.485071] do_truncate+0x134/0x1f0 [ 1290.485376] ? file_open_root+0x440/0x440 [ 1290.485714] ? lock_release+0x680/0x680 [ 1290.486054] do_sys_ftruncate+0x4e2/0x870 [ 1290.486399] do_syscall_64+0x33/0x40 [ 1290.486703] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1290.487116] RIP: 0033:0x7fdb13aeab19 [ 1290.487423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1290.488893] RSP: 002b:00007fdb1103f188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1290.489508] RAX: ffffffffffffffda RBX: 00007fdb13bfe020 RCX: 00007fdb13aeab19 [ 1290.490083] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1290.490659] RBP: 00007fdb1103f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1290.491232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1290.491811] R13: 00007ffd9e9c2faf R14: 00007fdb1103f300 R15: 0000000000022000 [ 1290.492424] CPU: 1 PID: 9340 Comm: syz-executor.6 Not tainted 5.10.222 #1 [ 1290.493446] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1290.494667] Call Trace: [ 1290.495071] dump_stack+0x107/0x167 [ 1290.495630] should_fail.cold+0x5/0xa [ 1290.496208] _copy_from_user+0x2e/0x1b0 [ 1290.496809] kstrtouint_from_user+0xbd/0x220 [ 1290.497467] ? kstrtou8_from_user+0x210/0x210 [ 1290.498143] ? lock_acquire+0x197/0x470 [ 1290.498742] ? ksys_write+0x12d/0x260 [ 1290.499325] proc_fail_nth_write+0x78/0x220 [ 1290.499980] ? proc_task_getattr+0x1f0/0x1f0 [ 1290.500644] ? proc_task_getattr+0x1f0/0x1f0 [ 1290.501405] vfs_write+0x29a/0xb10 [ 1290.502057] ksys_write+0x12d/0x260 [ 1290.502601] ? __ia32_sys_read+0xb0/0xb0 [ 1290.503215] do_syscall_64+0x33/0x40 [ 1290.503788] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1290.504543] RIP: 0033:0x7ff082cb55ff [ 1290.505099] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 1290.506416] attempt to access beyond end of device [ 1290.506416] loop1: rw=0, want=147, limit=128 [ 1290.507839] RSP: 002b:00007ff080278170 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1290.507866] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff082cb55ff [ 1290.510724] RDX: 0000000000000001 RSI: 00007ff0802781e0 RDI: 0000000000000007 [ 1290.511904] RBP: 00007ff0802781d0 R08: 0000000000000000 R09: 0000000000000000 [ 1290.513068] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1290.514331] R13: 00007ffd09dbd22f R14: 00007ff080278300 R15: 0000000000022000 10:57:40 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x100000001) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000040)=0x6) openat$full(0xffffffffffffff9c, &(0x7f0000000280), 0x60000, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) getuid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001680)) socket$inet_udp(0x2, 0x2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev}, 0xb) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @dev}, 0xb) socket$inet_udp(0x2, 0x2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev}, 0xb) socket$inet6_udp(0xa, 0x2, 0x0) [ 1290.546528] attempt to access beyond end of device [ 1290.546528] loop5: rw=2049, want=276, limit=128 10:57:55 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0x20000) 10:57:55 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) r1 = openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000000), 0x2, 0x0) lseek(r1, 0x8, 0x3) 10:57:55 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x0, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:57:55 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 13) 10:57:55 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x641000, 0x0) fcntl$setflags(r0, 0x2, 0x0) socketpair(0xa, 0x2, 0x0, &(0x7f0000005a00)) 10:57:55 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 17) 10:57:55 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 10:57:55 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000003) 10:57:55 executing program 2: perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) add_key$keyring(0x0, &(0x7f0000000400)={'syz', 0x2}, 0x0, 0x0, 0x0) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000440)) r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x1}]}) keyctl$KEYCTL_MOVE(0x1e, r2, 0xfffffffffffffffc, r1, 0x0) r3 = add_key(&(0x7f00000001c0)='user\x00', &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, 0x0) keyctl$revoke(0x3, r3) unshare(0x48020200) 10:57:55 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat(r0, &(0x7f0000000000)='./file1\x00', 0x400, 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1305.911619] FAULT_INJECTION: forcing a failure. [ 1305.911619] name failslab, interval 1, probability 0, space 0, times 0 [ 1305.913489] CPU: 1 PID: 9388 Comm: syz-executor.0 Not tainted 5.10.222 #1 [ 1305.914518] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1305.915762] Call Trace: [ 1305.916177] dump_stack+0x107/0x167 [ 1305.916371] attempt to access beyond end of device [ 1305.916371] loop1: rw=2049, want=276, limit=128 [ 1305.916736] should_fail.cold+0x5/0xa [ 1305.918708] ? jbd2__journal_start+0x190/0x7e0 [ 1305.919403] should_failslab+0x5/0x20 [ 1305.919990] kmem_cache_alloc+0x5b/0x310 [ 1305.920609] ? lock_downgrade+0x6d0/0x6d0 [ 1305.921248] jbd2__journal_start+0x190/0x7e0 [ 1305.921918] __ext4_journal_start_sb+0x214/0x390 [ 1305.922641] ext4_dirty_inode+0xbc/0x130 [ 1305.923257] ? ext4_setattr+0x2160/0x2160 [ 1305.923872] __mark_inode_dirty+0x492/0xd40 [ 1305.924524] ext4_setattr+0x125d/0x2160 [ 1305.925107] ? current_time+0x1e6/0x2c0 [ 1305.925713] ? ext4_journalled_write_end+0x1190/0x1190 [ 1305.926483] notify_change+0xc28/0x1160 [ 1305.927080] do_truncate+0x134/0x1f0 [ 1305.927634] ? file_open_root+0x440/0x440 [ 1305.928247] ? lock_release+0x680/0x680 [ 1305.928862] do_sys_ftruncate+0x4e2/0x870 [ 1305.929483] do_syscall_64+0x33/0x40 [ 1305.930030] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1305.930780] RIP: 0033:0x7fdb13aeab19 [ 1305.931335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1305.934011] RSP: 002b:00007fdb1103f188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1305.935115] RAX: ffffffffffffffda RBX: 00007fdb13bfe020 RCX: 00007fdb13aeab19 [ 1305.936165] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1305.937209] RBP: 00007fdb1103f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1305.938249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1305.939291] R13: 00007ffd9e9c2faf R14: 00007fdb1103f300 R15: 0000000000022000 [ 1305.962935] attempt to access beyond end of device [ 1305.962935] loop1: rw=2049, want=404, limit=128 [ 1305.975161] attempt to access beyond end of device [ 1305.975161] loop6: rw=2049, want=276, limit=128 [ 1305.993043] FAULT_INJECTION: forcing a failure. [ 1305.993043] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1305.995053] CPU: 1 PID: 9375 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1305.996418] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1305.997712] Call Trace: [ 1305.998220] dump_stack+0x107/0x167 [ 1305.998784] should_fail.cold+0x5/0xa [ 1305.999428] __alloc_pages_nodemask+0x182/0x600 [ 1306.000201] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1306.001279] ? find_get_entry+0x2c8/0x740 [ 1306.001901] ? release_pages+0x806/0xc20 [ 1306.002622] alloc_pages_current+0x187/0x280 [ 1306.003414] __page_cache_alloc+0x2d2/0x360 [ 1306.004198] pagecache_get_page+0x2c7/0xc80 [ 1306.004972] ? _cond_resched+0x12/0x80 [ 1306.005551] grab_cache_page_write_begin+0x64/0xa0 [ 1306.006407] cont_write_begin+0x448/0x980 [ 1306.007156] ? fat_add_cluster+0x100/0x100 [ 1306.007863] ? nobh_write_begin+0xed0/0xed0 [ 1306.008681] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1306.009426] fat_write_begin+0x89/0x180 [ 1306.010137] ? fat_add_cluster+0x100/0x100 [ 1306.010924] generic_perform_write+0x20a/0x4f0 [ 1306.011685] ? fat_direct_IO+0x1ef/0x380 [ 1306.012479] ? page_cache_prev_miss+0x310/0x310 [ 1306.013180] __generic_file_write_iter+0x2cd/0x5d0 [ 1306.014069] generic_file_write_iter+0xdb/0x230 [ 1306.014906] do_iter_readv_writev+0x476/0x750 [ 1306.015767] ? new_sync_write+0x660/0x660 [ 1306.016453] ? avc_policy_seqno+0x9/0x70 [ 1306.017067] ? selinux_file_permission+0x92/0x520 [ 1306.017886] ? security_file_permission+0xb1/0xe0 [ 1306.018736] do_iter_write+0x191/0x700 [ 1306.019559] ? trace_hardirqs_on+0x5b/0x180 [ 1306.020215] vfs_iter_write+0x70/0xa0 [ 1306.020899] iter_file_splice_write+0x762/0xc30 [ 1306.021628] ? generic_splice_sendpage+0x140/0x140 [ 1306.022496] ? security_file_permission+0xb1/0xe0 [ 1306.023387] ? generic_splice_sendpage+0x140/0x140 [ 1306.024145] direct_splice_actor+0x10f/0x170 [ 1306.024860] splice_direct_to_actor+0x387/0x980 [ 1306.025677] ? pipe_to_sendpage+0x380/0x380 [ 1306.026580] ? do_splice_to+0x160/0x160 [ 1306.027157] ? security_file_permission+0xb1/0xe0 [ 1306.028037] do_splice_direct+0x1c4/0x290 [ 1306.028666] ? splice_direct_to_actor+0x980/0x980 [ 1306.029575] ? avc_policy_seqno+0x9/0x70 [ 1306.030368] ? security_file_permission+0xb1/0xe0 [ 1306.031089] do_sendfile+0x553/0x11e0 [ 1306.031800] ? do_pwritev+0x270/0x270 [ 1306.032479] ? wait_for_completion_io+0x270/0x270 [ 1306.033330] ? rcu_read_lock_any_held+0x75/0xa0 [ 1306.034146] ? vfs_write+0x354/0xb10 [ 1306.034774] __x64_sys_sendfile64+0x1d1/0x210 [ 1306.035506] ? __ia32_sys_sendfile+0x220/0x220 [ 1306.036369] do_syscall_64+0x33/0x40 [ 1306.037126] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1306.037963] RIP: 0033:0x7f24f4026b19 [ 1306.038572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1306.041712] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1306.042980] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1306.044293] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1306.045540] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1306.046734] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1306.048047] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1306.072469] attempt to access beyond end of device [ 1306.072469] loop6: rw=0, want=147, limit=128 10:57:56 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 18) 10:57:56 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0x0, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1306.151086] attempt to access beyond end of device [ 1306.151086] loop4: rw=2049, want=276, limit=128 [ 1306.153117] attempt to access beyond end of device [ 1306.153117] loop1: rw=1, want=460, limit=128 10:57:56 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='blkio.bfq.empty_time\x00', 0x0, 0x0) r4 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000200)='ns/uts\x00') getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000300)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@remote}}, &(0x7f0000000280)=0xe8) mknodat(r3, &(0x7f0000000400)='./file0\x00', 0x80, 0x4) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x20, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB="2c63616368653d6c6f6f73652c64666c746769643d1ea4dddf152f548f604fdd7b2da64a457eb2c9adf5d915c5672cd551cd5e6715737f48ff0677f7889612b5d90edcbaf4899561d8b0f8de18a7858914f57821a108e874c77a2798b601d0f37c552034fa12855165a15a3edad46feb83d8332021eaf352b10060bf48dc838a3970bce08b8769d56338ffb7f88c570c5ac88c52b3f1584618eafeb5b3890b", @ANYRESHEX, @ANYBLOB=',privport,access=user,cache=none,mmap,defcontext=sysadm_u,uid=', @ANYRESDEC=r5, @ANYBLOB=',obj_user=vfat\x00,fowner<', @ANYRESDEC=0xee01, @ANYBLOB=',seclabel,\x00']) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 10:57:56 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0x20000) [ 1306.216807] FAULT_INJECTION: forcing a failure. [ 1306.216807] name failslab, interval 1, probability 0, space 0, times 0 [ 1306.218605] CPU: 1 PID: 9402 Comm: syz-executor.0 Not tainted 5.10.222 #1 [ 1306.219643] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1306.220898] Call Trace: [ 1306.221304] dump_stack+0x107/0x167 [ 1306.221864] should_fail.cold+0x5/0xa [ 1306.222448] ? create_object.isra.0+0x3a/0xa20 [ 1306.223148] should_failslab+0x5/0x20 [ 1306.223722] kmem_cache_alloc+0x5b/0x310 [ 1306.224361] ? ktime_get_coarse_real_ts64+0x15a/0x190 [ 1306.225147] create_object.isra.0+0x3a/0xa20 [ 1306.225816] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1306.226588] kmem_cache_alloc+0x159/0x310 [ 1306.227211] ? lock_downgrade+0x6d0/0x6d0 [ 1306.227855] jbd2__journal_start+0x190/0x7e0 [ 1306.228513] __ext4_journal_start_sb+0x214/0x390 [ 1306.229241] ext4_dirty_inode+0xbc/0x130 [ 1306.229862] ? ext4_setattr+0x2160/0x2160 [ 1306.230487] __mark_inode_dirty+0x492/0xd40 [ 1306.231159] ext4_setattr+0x125d/0x2160 [ 1306.231767] ? current_time+0x1e6/0x2c0 [ 1306.232407] ? ext4_journalled_write_end+0x1190/0x1190 [ 1306.233204] notify_change+0xc28/0x1160 [ 1306.233822] do_truncate+0x134/0x1f0 [ 1306.234388] ? file_open_root+0x440/0x440 [ 1306.235013] ? lock_release+0x680/0x680 [ 1306.235640] do_sys_ftruncate+0x4e2/0x870 [ 1306.236281] do_syscall_64+0x33/0x40 [ 1306.236850] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1306.237625] RIP: 0033:0x7fdb13aeab19 [ 1306.238188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1306.240981] RSP: 002b:00007fdb1103f188 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 1306.242125] RAX: ffffffffffffffda RBX: 00007fdb13bfe020 RCX: 00007fdb13aeab19 [ 1306.243193] RDX: 0000000000000000 RSI: 000000000000fdef RDI: 0000000000000003 [ 1306.244269] RBP: 00007fdb1103f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1306.245343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1306.246414] R13: 00007ffd9e9c2faf R14: 00007fdb1103f300 R15: 0000000000022000 10:57:56 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000300)=[{{&(0x7f0000000140)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001880)=[{&(0x7f00000001c0)=""/176, 0xb0}, {&(0x7f0000002b40)=""/137, 0x89}, {&(0x7f0000000500)=""/184, 0xb8}, {&(0x7f0000000000)=""/56, 0x38}, {&(0x7f00000005c0)=""/151, 0x97}, {&(0x7f0000000280)=""/14, 0xe}, {&(0x7f0000000680)=""/208, 0xd0}, {&(0x7f0000000780)=""/211, 0xd3}, {&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/121, 0x79}], 0xa, &(0x7f0000001940)=""/198, 0xc6}, 0x1}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000001a40)=""/4090, 0xffa}], 0x1}, 0x7}], 0x2, 0x10001, &(0x7f0000002ac0)={0x77359400}) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) open$dir(&(0x7f0000002b00)='./file1\x00', 0x100, 0x22) r1 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000380)=@IORING_OP_WRITE={0x17, 0x2, 0x4007, @fd=r0, 0x8001, &(0x7f0000002c00)="918c3c59558507a8f257a2505346e37549b0e6229c11522ae882e67a68757f4212ff5ca1250ea44594af6655c788eb17227ef93a51519bd5ded862fa8dd93f4e732820ca705fce2575b3740df5537c219a58a2bd4f236b59de71409e1f1a19f141652355afafc8f7df4120b6f554ad6f1e67883d9232e9b3866679f3dc41f3ef630b0b762406630154", 0x89, 0x13, 0x1, {0x0, r1}}, 0x3f) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1306.303377] attempt to access beyond end of device [ 1306.303377] loop4: rw=1, want=356, limit=128 10:57:56 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000004) [ 1306.369485] attempt to access beyond end of device [ 1306.369485] loop1: rw=0, want=147, limit=128 10:57:56 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) syz_io_uring_setup(0x11b7, &(0x7f0000000140)={0x0, 0xf243, 0x0, 0x0, 0x3d8, 0x0, r0}, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000), &(0x7f00000001c0)) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410402, 0x0) [ 1306.451987] attempt to access beyond end of device [ 1306.451987] loop1: rw=2049, want=276, limit=128 10:57:56 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0x0, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1306.486032] attempt to access beyond end of device [ 1306.486032] loop6: rw=2049, want=276, limit=128 10:57:56 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 14) 10:57:56 executing program 2: prctl$PR_SET_MM_AUXV(0x23, 0xc, 0x0, 0x170) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000000)="c0a7d732a7688925b790efaf2a16ee2beaf4ffafdf6b039403e4e21f08adee133385e4d3f12076dfa91edab0de7686b9124510f10786eb43c1e14413df9afa3f12850ce274b47bea880d0dbfa0df3c581bfd2c1936b1b060ec5c96ba230f42bac64e83e133ad7f65e3b75d0dbb03fe73233fb838d95030e3c3f059d869e1c5504dc8d05a015b38b7d1d53013e472219a182b85efdf6f17f802d27cfe99e397ae3bfe3f0c62625f208445f9406a4b1c574836e5cb47a000dbd86a5f00734748d934ec1a3a4a634a77", 0xc8) 10:57:56 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) setxattr$security_selinux(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), &(0x7f00000001c0)='system_u:object_r:usbtty_device_t:s0\x00', 0x25, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 10:57:56 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x800000, 0x40) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) [ 1306.717398] FAULT_INJECTION: forcing a failure. [ 1306.717398] name failslab, interval 1, probability 0, space 0, times 0 [ 1306.719180] CPU: 1 PID: 9429 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1306.720075] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1306.721226] Call Trace: [ 1306.721580] dump_stack+0x107/0x167 [ 1306.722064] should_fail.cold+0x5/0xa [ 1306.722564] ? create_object.isra.0+0x3a/0xa20 [ 1306.723161] should_failslab+0x5/0x20 [ 1306.723661] kmem_cache_alloc+0x5b/0x310 [ 1306.724205] create_object.isra.0+0x3a/0xa20 [ 1306.724777] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1306.725445] kmem_cache_alloc+0x159/0x310 [ 1306.725999] alloc_buffer_head+0x20/0x110 [ 1306.726541] alloc_page_buffers+0x14d/0x700 [ 1306.727115] create_empty_buffers+0x2c/0x640 [ 1306.727696] create_page_buffers+0x1bb/0x230 [ 1306.728281] __block_write_begin_int+0x1d1/0x19c0 [ 1306.728913] ? fat_add_cluster+0x100/0x100 [ 1306.729469] ? add_to_page_cache_locked+0x40/0x40 [ 1306.730104] ? __page_cache_alloc+0x10d/0x360 [ 1306.730692] ? remove_inode_buffers+0x300/0x300 [ 1306.731298] ? pagecache_get_page+0x243/0xc80 [ 1306.731896] ? _cond_resched+0x12/0x80 [ 1306.732414] ? wait_for_stable_page+0x92/0xe0 [ 1306.733006] cont_write_begin+0x472/0x980 [ 1306.733557] ? fat_add_cluster+0x100/0x100 [ 1306.734110] ? nobh_write_begin+0xed0/0xed0 [ 1306.734688] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1306.735359] fat_write_begin+0x89/0x180 [ 1306.735886] ? fat_add_cluster+0x100/0x100 [ 1306.736444] generic_perform_write+0x20a/0x4f0 [ 1306.737041] ? fat_direct_IO+0x1ef/0x380 [ 1306.737564] ? page_cache_prev_miss+0x310/0x310 [ 1306.738183] __generic_file_write_iter+0x2cd/0x5d0 [ 1306.738820] generic_file_write_iter+0xdb/0x230 [ 1306.739431] do_iter_readv_writev+0x476/0x750 [ 1306.740030] ? new_sync_write+0x660/0x660 [ 1306.740568] ? avc_policy_seqno+0x9/0x70 [ 1306.741093] ? selinux_file_permission+0x92/0x520 [ 1306.741726] ? security_file_permission+0xb1/0xe0 [ 1306.742368] do_iter_write+0x191/0x700 [ 1306.742873] ? trace_hardirqs_on+0x5b/0x180 [ 1306.743439] vfs_iter_write+0x70/0xa0 [ 1306.743944] iter_file_splice_write+0x762/0xc30 [ 1306.744561] ? generic_splice_sendpage+0x140/0x140 [ 1306.745225] ? security_file_permission+0xb1/0xe0 [ 1306.745849] ? generic_splice_sendpage+0x140/0x140 [ 1306.746481] direct_splice_actor+0x10f/0x170 [ 1306.747054] splice_direct_to_actor+0x387/0x980 [ 1306.747658] ? pipe_to_sendpage+0x380/0x380 [ 1306.748229] ? do_splice_to+0x160/0x160 [ 1306.748746] ? security_file_permission+0xb1/0xe0 [ 1306.749384] do_splice_direct+0x1c4/0x290 [ 1306.749921] ? splice_direct_to_actor+0x980/0x980 [ 1306.750541] ? avc_policy_seqno+0x9/0x70 [ 1306.751074] ? security_file_permission+0xb1/0xe0 [ 1306.751706] do_sendfile+0x553/0x11e0 [ 1306.752219] ? do_pwritev+0x270/0x270 [ 1306.752717] ? wait_for_completion_io+0x270/0x270 [ 1306.753325] ? rcu_read_lock_any_held+0x75/0xa0 [ 1306.753921] ? vfs_write+0x354/0xb10 [ 1306.754412] __x64_sys_sendfile64+0x1d1/0x210 [ 1306.754996] ? __ia32_sys_sendfile+0x220/0x220 [ 1306.755591] do_syscall_64+0x33/0x40 [ 1306.756076] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1306.756718] RIP: 0033:0x7f24f4026b19 [ 1306.757191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1306.759490] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1306.760407] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1306.761318] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1306.762225] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1306.763134] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1306.764041] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 10:57:56 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0x20000) 10:58:17 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) (fail_nth: 19) 10:58:17 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) fork() openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 10:58:17 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0x20000) 10:58:17 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) openat(r1, &(0x7f00000000c0)='./file0\x00', 0x0, 0x69) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 10:58:17 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0x0, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:58:17 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000005) 10:58:17 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x3, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 10:58:17 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 15) [ 1327.444761] handle_bad_sector: 10 callbacks suppressed [ 1327.444772] attempt to access beyond end of device [ 1327.444772] loop2: rw=2049, want=276, limit=128 [ 1327.472070] FAULT_INJECTION: forcing a failure. [ 1327.472070] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1327.473105] CPU: 1 PID: 9479 Comm: syz-executor.0 Not tainted 5.10.222 #1 [ 1327.473680] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1327.474374] Call Trace: [ 1327.474609] dump_stack+0x107/0x167 [ 1327.474924] should_fail.cold+0x5/0xa [ 1327.475264] _copy_to_user+0x2e/0x180 [ 1327.475593] simple_read_from_buffer+0xcc/0x160 [ 1327.475992] proc_fail_nth_read+0x198/0x230 [ 1327.476372] ? proc_sessionid_read+0x230/0x230 [ 1327.476763] ? security_file_permission+0xb1/0xe0 [ 1327.477225] ? proc_sessionid_read+0x230/0x230 [ 1327.477715] vfs_read+0x228/0x620 [ 1327.478019] ksys_read+0x12d/0x260 [ 1327.478322] ? vfs_write+0xb10/0xb10 [ 1327.478648] do_syscall_64+0x33/0x40 [ 1327.478962] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1327.479393] RIP: 0033:0x7fdb13a9d69c [ 1327.479711] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1327.481258] RSP: 002b:00007fdb1103f170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1327.481895] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdb13a9d69c [ 1327.482491] RDX: 000000000000000f RSI: 00007fdb1103f1e0 RDI: 0000000000000006 [ 1327.483088] RBP: 00007fdb1103f1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1327.483683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1327.484290] R13: 00007ffd9e9c2faf R14: 00007fdb1103f300 R15: 0000000000022000 [ 1327.518620] attempt to access beyond end of device [ 1327.518620] loop6: rw=2049, want=276, limit=128 [ 1327.520883] FAULT_INJECTION: forcing a failure. [ 1327.520883] name failslab, interval 1, probability 0, space 0, times 0 [ 1327.521834] CPU: 1 PID: 9472 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1327.522399] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1327.523089] Call Trace: [ 1327.523316] dump_stack+0x107/0x167 [ 1327.523628] should_fail.cold+0x5/0xa [ 1327.523950] ? create_object.isra.0+0x3a/0xa20 [ 1327.524344] should_failslab+0x5/0x20 [ 1327.524663] kmem_cache_alloc+0x5b/0x310 [ 1327.525013] create_object.isra.0+0x3a/0xa20 [ 1327.525381] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1327.525810] kmem_cache_alloc+0x159/0x310 [ 1327.526167] alloc_buffer_head+0x20/0x110 [ 1327.526520] alloc_page_buffers+0x14d/0x700 [ 1327.526892] create_empty_buffers+0x2c/0x640 [ 1327.527266] create_page_buffers+0x1bb/0x230 [ 1327.527639] __block_write_begin_int+0x1d1/0x19c0 [ 1327.528047] ? fat_add_cluster+0x100/0x100 [ 1327.528411] ? add_to_page_cache_locked+0x40/0x40 [ 1327.528816] ? __page_cache_alloc+0x10d/0x360 [ 1327.529201] ? remove_inode_buffers+0x300/0x300 [ 1327.529594] ? pagecache_get_page+0x243/0xc80 [ 1327.529973] ? _cond_resched+0x5d/0x80 [ 1327.530307] ? wait_for_stable_page+0x92/0xe0 [ 1327.530688] cont_write_begin+0x472/0x980 [ 1327.531043] ? fat_add_cluster+0x100/0x100 [ 1327.531398] ? nobh_write_begin+0xed0/0xed0 [ 1327.531766] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1327.532195] fat_write_begin+0x89/0x180 [ 1327.532536] ? fat_add_cluster+0x100/0x100 [ 1327.532894] generic_perform_write+0x20a/0x4f0 [ 1327.533286] ? fat_direct_IO+0x1ef/0x380 [ 1327.533628] ? page_cache_prev_miss+0x310/0x310 [ 1327.534027] __generic_file_write_iter+0x2cd/0x5d0 [ 1327.534446] generic_file_write_iter+0xdb/0x230 [ 1327.534839] do_iter_readv_writev+0x476/0x750 [ 1327.535223] ? new_sync_write+0x660/0x660 [ 1327.535573] ? avc_policy_seqno+0x9/0x70 [ 1327.535916] ? selinux_file_permission+0x92/0x520 [ 1327.536332] ? security_file_permission+0xb1/0xe0 [ 1327.536740] do_iter_write+0x191/0x700 [ 1327.537073] ? trace_hardirqs_on+0x5b/0x180 [ 1327.537440] vfs_iter_write+0x70/0xa0 [ 1327.537761] iter_file_splice_write+0x762/0xc30 [ 1327.538161] ? generic_splice_sendpage+0x140/0x140 [ 1327.538588] ? security_file_permission+0xb1/0xe0 [ 1327.538990] ? generic_splice_sendpage+0x140/0x140 [ 1327.539397] direct_splice_actor+0x10f/0x170 [ 1327.539767] splice_direct_to_actor+0x387/0x980 [ 1327.540159] ? pipe_to_sendpage+0x380/0x380 [ 1327.540543] ? do_splice_to+0x160/0x160 [ 1327.540875] ? security_file_permission+0xb1/0xe0 [ 1327.541282] do_splice_direct+0x1c4/0x290 [ 1327.541631] ? splice_direct_to_actor+0x980/0x980 [ 1327.542026] ? avc_policy_seqno+0x9/0x70 [ 1327.542367] ? security_file_permission+0xb1/0xe0 [ 1327.542531] attempt to access beyond end of device [ 1327.542531] loop1: rw=2049, want=276, limit=128 [ 1327.542783] do_sendfile+0x553/0x11e0 [ 1327.544516] ? do_pwritev+0x270/0x270 [ 1327.544836] ? wait_for_completion_io+0x270/0x270 [ 1327.545276] ? rcu_read_lock_any_held+0x75/0xa0 [ 1327.545872] ? vfs_write+0x354/0xb10 [ 1327.546194] __x64_sys_sendfile64+0x1d1/0x210 [ 1327.546621] ? __ia32_sys_sendfile+0x220/0x220 [ 1327.547075] do_syscall_64+0x33/0x40 [ 1327.547385] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1327.548001] RIP: 0033:0x7f24f4026b19 [ 1327.548412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1327.549917] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1327.550538] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1327.551122] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1327.551706] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1327.552299] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1327.552883] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1327.553457] attempt to access beyond end of device [ 1327.553457] loop1: rw=34817, want=148, limit=128 [ 1327.554037] attempt to access beyond end of device [ 1327.554037] loop1: rw=0, want=147, limit=128 [ 1327.560680] attempt to access beyond end of device [ 1327.560680] loop6: rw=0, want=147, limit=128 [ 1327.568025] attempt to access beyond end of device [ 1327.568025] loop4: rw=2049, want=276, limit=128 10:58:17 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x0, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1327.592983] attempt to access beyond end of device [ 1327.592983] loop6: rw=2049, want=404, limit=128 10:58:17 executing program 2: ioctl$CDROM_NEXT_WRITABLE(0xffffffffffffffff, 0x5394, &(0x7f0000000000)) 10:58:17 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) [ 1327.623766] attempt to access beyond end of device [ 1327.623766] loop4: rw=1, want=403, limit=128 [ 1327.629960] attempt to access beyond end of device [ 1327.629960] loop6: rw=1, want=403, limit=128 [ 1327.631258] Buffer I/O error on dev loop6, logical block 402, lost async page write 10:58:17 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x6f, 0x4, 0x0, 0x0, 0x0, 0x1, 0x80640, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4, @perf_config_ext={0x0, 0x4000000000000}, 0x2, 0x0, 0x0, 0x0, 0x0, 0xf9, 0x0, 0x0, 0x1, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000180), 0x6, 0x800) ioctl$BTRFS_IOC_BALANCE_CTL(r1, 0x40049421, 0x3) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, 0xffffffffffffffff, 0x0, 0x100000) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100170001000000190000e4", @ANYRES32=r5, @ANYRES32=0xee00, @ANYRES32, @ANYBLOB="2e3166690af4a5773cf8e21997d8e4c2e71607a9091e6c"]) r6 = signalfd4(r0, &(0x7f0000000140)={[0x9]}, 0x8, 0x80000) ioctl$PERF_EVENT_IOC_RESET(r6, 0x2403, 0x6) 10:58:17 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_ASSOCIATE(r3, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)={0xa4, 0x0, 0x800, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_VHT_CAPABILITY={0x10, 0x9d, {0x10, {0x7de, 0x8001, 0x9, 0x7}}}, @NL80211_ATTR_USE_MFP={0x8}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0xccbcf8056c019be8, {0x7ff, 0xb01, 0x6, 0x5}}}, @NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @from_mac=@broadcast}, @NL80211_ATTR_VHT_CAPABILITY={0x10, 0x9d, {0x8000000, {0x100, 0x6, 0x5, 0x3}}}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x388}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x5}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x363}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x1a}]]}, 0xa4}, 0x1, 0x0, 0x0, 0x100408c5}, 0x4008001) 10:58:17 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000006) 10:58:31 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x0, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:58:31 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000007) 10:58:31 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0x80000) 10:58:31 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x18c}}, './file0\x00'}) perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0x81, 0x9, 0x6d, 0x3, 0x0, 0xf6, 0x40422, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x0, @perf_config_ext={0xffff, 0x5}, 0x400, 0x3, 0x8000, 0x3, 0x7, 0x1000, 0x401, 0x0, 0x30, 0x0, 0x6}, 0x0, 0x2, r1, 0x1) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) syz_io_uring_setup(0x733b, &(0x7f00000001c0)={0x0, 0x3996, 0x10, 0x2, 0x9, 0x0, r2}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000240), &(0x7f0000000280)) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 10:58:31 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000ac0)=ANY=[@ANYRES16=r1, @ANYBLOB="b523010840ef87b093f3d700ce03ce776a52465f32fd32e5f11202a4672f81d7c556993f0a6e835373c7338c4564b6340042966c74f4c9f4f860005733f95cc8b622d56a6bc06ff4246af230cd51acda9be534c3aa37c2d94bea1c0a70b65aaea6e4ae2db097953f8235cf2e20bf1288be6c2fd39ecfdfd847119458ad42fb867580cab6d54282773cae8d70aeb5ca13dc0a1d79b74443732df1ac021e670db1e4024ff8e62796508f40198638e2c4fbf12deee95b12d8913e9bf6993abf85841930e78c691f9c8b53558f9cf2c37ac3dcd61e"], 0x34}}, 0x200000c5) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r2 = syz_io_uring_setup(0x3167, &(0x7f0000000380)={0x0, 0x8, 0x0, 0x0, 0x151, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)) pidfd_getfd(0xffffffffffffffff, r0, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) r6 = io_uring_setup(0x3, &(0x7f00000008c0)={0x0, 0x0, 0x1, 0x7, 0xad, 0x0, r2}) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_OPENAT2={0x1c, 0x3, 0x0, r5, &(0x7f0000000240)={0x20000, 0x80, 0x11}, &(0x7f0000000580)='./file0\x00', 0x18, 0x0, 0x9455775d04d35a6b}, 0x0) r7 = eventfd2(0x8, 0x0) ioctl$F2FS_IOC_DEFRAGMENT(r7, 0xc010f508, &(0x7f0000000040)={0x3, 0x2}) io_uring_enter(r2, 0x76d3, 0x80, 0x1, 0x0, 0x0) r8 = fsmount(r5, 0x0, 0x0) execveat(r8, &(0x7f0000000180)='./file0\x00', &(0x7f00000005c0)=[&(0x7f0000000400)='\x00', &(0x7f0000000bc0)='\x00\x80C\x107\xa64\xee\xbd*\xd4o\x8a?[\x98\xf29\xee\xc7\x90\x97\xaa\xc3\xc8Zq\xf3\x91\x04[S\\B2m=V\x89\x99\x96Q\xcaA\x18\xaf\xaf:\xf1\xab\x80\"\x7f\xb3\x18\xfe\xd7\xbd\xcd\xcdIf\xae\xb5\x87\xb8#\xe1\xbe\xec\xf0\t\xa1\xf7\xa7\xb1\x9d\xc7\xc2\xf0\x02\xaf\xc4\xd0@\xc2\x12\'\xb9\x9a\xea\x90e%\xe6\xd2E\x19E/\xc6\x17gB0Qim\x82u\x0fZ\xa9\x14\xf5\xc7X\xa9\x00\xb7\xaf\xcfouN\xbd\xb2\t^\xbe&~\xa7l\xfa\x036\x1c\"\x80\xfc/\x9b\x95\xf1!K\xc5{\xe7\xfdB[\xca\x87\x9bc\x98dg\x1a\xa1\xaa\xb4\x19\x7f\xa7\x90y\x9fq\xf5\x8a\xa9 \xa6\xdd\xf0+gb\xa6g\\\xec\tz\x06\xdf\x1a\x9c\xc9\xf7\xcc\x85\xb4G\xe9\xd3D\xf4\x8c\n\x17\xd5\x00\xf18\xb3T', &(0x7f0000000480)='\x00', &(0x7f00000004c0)='\x00', &(0x7f0000000500)='\x00', &(0x7f0000000540)='\x00', &(0x7f0000000a00)='\x009\x1c\xaf\x14\xe6\xeb\xe9\xf1\xccO@\xbd\xfc\xbdN\xfa\x93Z\x94\xfd\xc6]\xc3\x81g\x95\'\xb7\xf2\xe8\xbf\xd3\xf3\"\xf0Z\x93T\xa1\xc6\x10\x01\xba\xf0\x11\x01 \x94X\x7fQ\xa6\v\xfa\xc2\\$\xad\x96A\xd6\xdf|\x0e,c\xc4\x13\xfb\x91\xc5|{\xde\'xb\xcd\xb2\x177\x83\'\xdb\xf6y_\x10\x87\x01\xd4\xb1\x9b\xe4\xac\xf0D4\xe6v\x86\x02^bt\xbf!b\xd4k\x11\xf5Nj\x97P\b\xf2\xdd\r\xaa,g\xfc\x8f*\bq\x10wl\xe0\x02HG)\xa0\xb9%\x12\x9fx]\xf8Gz`\xfd\x00l\xe9<\xa5\xbd\x9f\x80\xa5\x0f\xd3\xf7\xc8\x98'], &(0x7f0000000840)=[&(0x7f0000000600)='[*\x00', &(0x7f0000000000)='\xff\xb1\xc2k\xc9\xbf1Q\x9e^\x9a\x9dOW\xa5\x0el\xd2~\xa7%\xa5 \rZ\x81l\xa6\x97\xc6\xb90S\x04\x9b\xcb', &(0x7f0000000680)='\x00', &(0x7f0000000940)=']\xadt\xe0\r\xa3\xd7\xe8\x91\x90\n\x03_\x85\xa9\'E\xae\"\xeb]DE\xa3w\x8b\x94\xf7Yf\x03\x00\xd2:-\xab7\xd0\xf6\x0e\x903U\xe1\xe2\x8cS*HC\x17\xa0}@\xf4.\x87]\xed\x1f\x1e\xe8;\xfd\xee$\x8f\xba\xa5@\"\x93\xf7yR\x95z\x95\xc4\x03{\x11\xbe\xb3e\xb8B\x13\xa3uh\xcf\x11\xc7{Y\x0fp\x031\xb1/b_mq\x96\xccc\xa7\xbb\xb4T\x00J\xd7\xb8\n\xd4\xd9B\xa9\xec\xc5\xb5\x0e\xf1Q\x03\xbcX\x8d\xb2\xf6^\xb9\xc8\xa5\xdc\xa5\xcb\xde\xd3\xd03\xcc\xbe\xed\x9b\xbd\xcbb\x91\x98\x80\xe1X(t\xda\xd3F\x02\xa9\xa0\x81\xce;{\xfa\xba\xa3,{\xe87\xf6\x0f\xf9M\xb5mz', &(0x7f0000000700)='\x00', &(0x7f0000000740)='\x00', &(0x7f0000000100)='!\x00', &(0x7f00000007c0)='\x00', &(0x7f0000000800)='\x00'], 0x1000) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000280)=0x2b8) r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) r10 = dup2(r6, r5) openat(r10, &(0x7f00000000c0)='./file0\x00', 0x200040, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa, 0x13, r9, 0x0) 10:58:31 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x67) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = openat$urandom(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0) ioctl$int_out(r3, 0x3, &(0x7f0000000180)) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 10:58:31 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 16) 10:58:32 executing program 1: r0 = add_key(&(0x7f0000000080)='syzkaller\x00', &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffa) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xfffffffffffffffe, r0, 0x0) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x8000, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000200)='./file0\x00', 0x22) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = syz_io_uring_complete(0x0) openat(r3, &(0x7f00000001c0)='./file0\x00', 0x5a1141, 0x11) add_key(&(0x7f0000000280)='dns_resolver\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x100000001) ftruncate(r1, 0xfdef) [ 1342.045556] handle_bad_sector: 4 callbacks suppressed [ 1342.045574] attempt to access beyond end of device [ 1342.045574] loop4: rw=2049, want=276, limit=128 10:58:32 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x0, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1342.117700] attempt to access beyond end of device [ 1342.117700] loop4: rw=1, want=403, limit=128 10:58:32 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000008) [ 1342.149629] attempt to access beyond end of device [ 1342.149629] loop6: rw=0, want=147, limit=128 [ 1342.154791] FAULT_INJECTION: forcing a failure. [ 1342.154791] name failslab, interval 1, probability 0, space 0, times 0 [ 1342.156617] CPU: 0 PID: 9523 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1342.157693] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1342.158859] Call Trace: [ 1342.159246] dump_stack+0x107/0x167 [ 1342.159790] should_fail.cold+0x5/0xa [ 1342.160348] ? create_object.isra.0+0x3a/0xa20 [ 1342.161014] should_failslab+0x5/0x20 [ 1342.161561] kmem_cache_alloc+0x5b/0x310 [ 1342.162154] create_object.isra.0+0x3a/0xa20 [ 1342.162785] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1342.163523] kmem_cache_alloc+0x159/0x310 [ 1342.164133] alloc_buffer_head+0x20/0x110 [ 1342.164736] alloc_page_buffers+0x14d/0x700 [ 1342.165377] create_empty_buffers+0x2c/0x640 [ 1342.166013] create_page_buffers+0x1bb/0x230 [ 1342.166661] __block_write_begin_int+0x1d1/0x19c0 [ 1342.167368] ? fat_add_cluster+0x100/0x100 [ 1342.167978] ? add_to_page_cache_locked+0x40/0x40 [ 1342.168672] ? __page_cache_alloc+0x10d/0x360 [ 1342.169327] ? remove_inode_buffers+0x300/0x300 [ 1342.170013] ? pagecache_get_page+0x243/0xc80 [ 1342.170649] ? _cond_resched+0x5d/0x80 [ 1342.171216] ? wait_for_stable_page+0x92/0xe0 [ 1342.171881] cont_write_begin+0x472/0x980 [ 1342.172492] ? fat_add_cluster+0x100/0x100 [ 1342.173123] ? nobh_write_begin+0xed0/0xed0 [ 1342.173766] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1342.174521] fat_write_begin+0x89/0x180 [ 1342.175100] ? fat_add_cluster+0x100/0x100 [ 1342.175730] generic_perform_write+0x20a/0x4f0 [ 1342.176408] ? fat_direct_IO+0x1ef/0x380 [ 1342.177021] ? page_cache_prev_miss+0x310/0x310 [ 1342.177735] __generic_file_write_iter+0x2cd/0x5d0 [ 1342.178474] generic_file_write_iter+0xdb/0x230 [ 1342.179162] do_iter_readv_writev+0x476/0x750 [ 1342.179821] ? new_sync_write+0x660/0x660 [ 1342.180436] ? avc_policy_seqno+0x9/0x70 [ 1342.181045] ? selinux_file_permission+0x92/0x520 [ 1342.181775] ? security_file_permission+0xb1/0xe0 [ 1342.182649] do_iter_write+0x191/0x700 [ 1342.183256] ? trace_hardirqs_on+0x5b/0x180 [ 1342.183893] vfs_iter_write+0x70/0xa0 [ 1342.184544] iter_file_splice_write+0x762/0xc30 [ 1342.185286] ? generic_splice_sendpage+0x140/0x140 [ 1342.186092] ? security_file_permission+0xb1/0xe0 [ 1342.186813] ? generic_splice_sendpage+0x140/0x140 [ 1342.187538] direct_splice_actor+0x10f/0x170 [ 1342.188182] splice_direct_to_actor+0x387/0x980 [ 1342.188878] ? pipe_to_sendpage+0x380/0x380 [ 1342.189520] ? do_splice_to+0x160/0x160 [ 1342.190102] ? security_file_permission+0xb1/0xe0 [ 1342.190818] do_splice_direct+0x1c4/0x290 [ 1342.191426] ? splice_direct_to_actor+0x980/0x980 [ 1342.192127] ? avc_policy_seqno+0x9/0x70 [ 1342.192753] ? security_file_permission+0xb1/0xe0 [ 1342.193473] do_sendfile+0x553/0x11e0 [ 1342.194049] ? do_pwritev+0x270/0x270 [ 1342.194611] ? wait_for_completion_io+0x270/0x270 [ 1342.195322] ? rcu_read_lock_any_held+0x75/0xa0 [ 1342.196002] ? vfs_write+0x354/0xb10 [ 1342.196564] __x64_sys_sendfile64+0x1d1/0x210 [ 1342.197225] ? __ia32_sys_sendfile+0x220/0x220 [ 1342.197908] do_syscall_64+0x33/0x40 [ 1342.198456] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1342.199204] RIP: 0033:0x7f24f4026b19 [ 1342.199738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1342.202400] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1342.203507] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1342.204571] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1342.205618] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1342.206666] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1342.207719] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1342.272327] attempt to access beyond end of device [ 1342.272327] loop6: rw=2049, want=276, limit=128 10:58:32 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000140)=""/162, 0xa2}], 0x1) [ 1342.333259] attempt to access beyond end of device [ 1342.333259] loop6: rw=2049, want=404, limit=128 10:58:32 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x802c2, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x1810c1, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)="af", 0x1}], 0x1) creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000480)) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x4000006}) sendfile(r1, 0xffffffffffffffff, 0x0, 0xebf) openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x100) fallocate(r1, 0x17, 0x7, 0x1000) openat(0xffffffffffffffff, &(0x7f0000000440)='./file1\x00', 0x10000, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000060b40)={0x7, [], 0x7f, "411ab0b7f6aaeb"}) r3 = syz_open_dev$usbmon(&(0x7f0000000080), 0x5, 0x10000) ioctl$BTRFS_IOC_RM_DEV(r2, 0x5000940b, &(0x7f00000004c0)={{r3}, "88b4dcf356409c0e365adee500856dbf966c72ab6068607eb7eae3e92e02c4959284d818a63ba9773ec5ac21089652ebd1cfbdbd14842f47cd41a7093f417899ec17ae50d51a0a70b46ded710aa4eaa98e51045ad55874376695bd0e4826251f2c37635563ee853727d9b7e686f6080165c446ef205de8d9d0d1e644e66081a49d52e61df6922dfe07d51ff891ab222d5b3708d21894d4c4743ba3b8e0bafd68ec5feca6b0beb60c966002a0b619fcabbb44a19042fe7cd3b3cffcba4ef7075eff874e8f98b76430ffd9df6b018db59671103703e87141cf1b4bcf21868b204bcce4a5c4d7b8ee1c0ab683ec02ae29c1bbd964e1a7423d51544d9e87dc20e007a2e75398f7cde9e306e4b3a26cc5ecb6cd1d24fd23bd507d5981b9e1bd2763d7b231ebe1a41dc1ba39af7c0d4250c39ca5604f9cd5822b8b9dccbc9a9fa194e9bda121cb09e9177a2a1fe3e9484de927b4b3337fa0bc81bc4e2426a747f43cdc82251724b709541c0e69a911f7de17336c47bdad5297ad217ebbd36cba03719d4b49ebb55e76f0c1296c7563e0191d170d608685db547c2faf187c1e0ac970f2577618c3436e772b635ab6aa7814784ba9b8f0aad996e7d085de3d68d55f6c658ff868597a9125d3d0764f266eda9bd660027204d6afe478123e31a75b5f92645967b0af5063441f3680809837c9fdb60827a4d6528fa88b155ccb708f439379f5f12cd3f18b75c3678a8f7ff29bb17094be145de1df1f7d36eef8f8a8f2db79f7f68fa958f4d40f8e0d7a7ad9df4759c0924702003b40d27324cc8a375e91f9d147a95f07afa46fb4ab30adb203c99014c0852c88f34e3175f7f66d570cda72db91a689c03ccbb7172d0a272db5b4d249f5d1778d18870b07f253d813bc74aab8445f63e9fb0eebe62adddc030def426c0807ff398dbdbe03d075b5a558b3092fbbb05b9fe5c4309c9c8987c2f473ff445cd0ed1bb8a6ddc02168fed09e33a5830c0e53995ecd0eaa3dc4c35fde60d12ad5e789b6636af6a4b7bb3586ef7f3928461f689604aeeb4d3237c2527d8ced9c613ac8432428b85bda3860523532e915f4ce5594089b3eeb18fc82898bef4ebe96816ed26d5f29926344dd77fafab1f8e34dad14460f1e571559fa865d884d892ffa771b99c4ef5b5e2e0006fa2a133d66571ebbef574b89f611cf38601f4dd3362851a14401f9bc53330cce920b6b7768597cfa72d654152999633344c2a78f008ec94710ba2438d00ec74e918c660334d676954fd2c1ba84ff9528d6581a0a08e134e61487acb8a3c47c7d97f6ade48dd410e85107e8dee6babe038f8067bc623b511720a21355c344d17cffd1f5245b8187f770d5b547693260dde8d19fec41ba60ea46804cca7ea97fc7d07bab1b158a4500a72494621a1b9b4fa4078c99aecbfbbd13335d04ca50418bc370e463b4247d37bb4f8c131284b174ca81dba2059ea7eb7cd9211d2880d2e1f6f17e4627effc00f840309fe28ab2b813d05ab36ae7245cf9be225c88bcb55918c1e2b439df4adb5fb9fa70dbf666ca03b1333be13ca9ae637a6da75566a112cbda153eff0a19dd170768834cd325a87f03a0298cc53b5b19f00c420e2141550ebdba9e1ea9e7be1b204831b24be8a695ea4df94b37d7b1d62245e6870e37f3b9d02a61b467e8e48a843c57e851778046270b6d69ba5d0337837de0d45312cbdd015bf963ecfb8de3d8ba405fea718630d21aeaf5d20fa07f7cdca79a41461c51938ae44ca5a35cf9326777a75aad8cb713e7b42214c4d3bd652765d8d0c0f402ae36484a0a6be08144d0fa8e511336fec2b44134a14036de980fad7b105550a87004e8b0593706b88b845ee2ece0b042c81b532eb0a65f6beee5e75b1710a1374cf9a0d3d37d280ae40c54944a0f33e5065d44ef02236f041815d4a93c489cfdedc7270a36d1b249a26686a4d7f02c011a99abc06edd873c409accc72a4a20a330fb837739d9826b3747229c08a89fdd5b46ea9996c581820b7ca760b351e3d1a927b35069f2c60821ab3cf75646981307a3608a06092ce58340908af51f098bb29f73c7e5b4cfda8b98a7793886578d85905b882d330c4807108b4f2639021397d64fc16c685e72403760a62f6a1c756b9d93c5818bb8e4a5eb0a3c24d8448364f7758932fd15daa6430e2096d34f746a6b99849b218b839599933e5fcd1208f4e70fc2bb98b10b93e079dfdced3d21485c45a311447e860455020861b4b02ceee331de74b04d840050ff02f667b5a9c4e5a86cce90915b68e9d6a5d5d6d2a3ca6911696c39debe902c27585bb1131dd98fcdc6b1224d8b6bbf8f0676b8e71e7f60c09bbd6fd5c76ce07c567ae25ef1fee4666a9b96d2408d94cfde5161c061c0107fc9e372253b7c7c579dc77e559404e509f0f918564176c901a3986812722846a36ba3e320344e078d63b09d9f0c2bdb2b380241cebfe7cea7c9bb8d95144823af056feb4f2d9138c3d638cdcfec61902186991d3e80b826be6ede2324eda0cd52faad66163c21fcd35bb3a41f6b8ed26130e7363498588618623362b050d064ce857f2804643dd6f97eb0e6fde422dfdde2d25b182ee73a7abb26f93fd0ac2ca9ea476e3db1ee7bfc5db5ee6cc313a30545a3476eb3ac6528d0c2eb6a63e00d2fb2d7af12d52b637727b80bd495580b9db3aaa31777ce3da838adab598321c14026feb8dbd90fc9a17ce727faaf3ad38f71421cdac3ad543b94671c1aaaeb9fb739e8c4a1b74ce2291aed8447c6bf04ff81ec52773e51512594e6637b425c2cef40c2ab62f9a7fc6dd894c56a2c0bd40612482b2060cf1aceb7aed041cf08af52651284ac0607096baf715b6bf15a32bd46cbf16e5aa9389977281c9f791414e18b795f26602cf41e15b576372b9001575803da4c9a7db187c87abc30d10a029946e5b611c031ff0050e88aef35e12cecfbb98c710c75c82520b8b2fa94ba71a1494b30ce596548e1aa26426eab6e3ff22a76ff52e29cf8b72036fa72d0bb892c3843b82215f7ba86bfa3125fd4ce7991cad46332a86fbfa2d7f5ca13c97c67cd594c5baeab57481d8426ebcda1e06765526a7c3fdf2e12d203309753e9926bb203228fa0db14ad5631fc1cc5de90930b86ca7a200aa12387fef0c0281130d16e6cbbca11076a78aa8145fa8155d129f3a1621037cdb83603e4917be4ea8dcc70c3811df28c404c70489a0cc13fb46e19eefbe5c53a9ad7e8bc1131bc2b02dafba0b9f12cead700d660f67db1a45f1e05dba3d0a09c2a2d97b77ec8e95f71346cfb3b230f9aa10a1437661ac95cad363a9c88b376f88fd9c9bcdd7e9e385990325ce708b90245389f5eed879f5b25dcf83a6689b1868024b7bfcd4a300f78c13aa0908d3b73df70546bc5556500a31cb9146e78517b9c0f1cb921546230399dff11f3d9c7707e693e52bef2af36a8594a9fb5648996e5d103437d65bc79ce8952acc0a82e2d5b2b6f87f29d5b678c98b1554b91434d403c7d191d667fa5ecbf46e335dd504c6d184a400ac555801cce84180fd342df4512b1582c9e7da317124ff1593de9479759b2ea0c8c2a1ebe1c3db2e05ce1a0e17ce1d864b5b7acde6ca702b29d9c121dc4f2d64158f87c30025ce8f3302f7d3cfc95bcc471bf0dd04e5ec78605c9489998052c7de8f5f4347846b4265c84deb570c2c208a7ead20bff9b4d2135b97d02fa883a174970f96a16d7fe4d5563623adeb0c77a8c01b370066771998ceadd7a9e396d360576c110cf193d7adc27b9246739cf28f52770023c639eca7f38837b9c600543118a445c2599b99d64e63c39a489f604b8876aa849a295d083bdefdec77c2986ec102bb9c0b3c8ab138acb25134ca582646d17f0b9d0f50e6da63a07c6fc202b7c3b4e1f7d8a1b466885bf0b0ff03f0a1e8ed1e7ea27d173be7e99276396d743fa405e0a7c64ba6e981d1759695de3825f75bd8a70205f428137f54d37adddf429944740e9f2727cd2a73e35a5c2e2966969284d9e6f18b3053799f6e67edab645c79136c4f0c1d8bed3817f9d7c97a761d282c0a43cc8d219e8c52a25b85dcfcae69e4024ee9732e7705455eab79a6cd47472d366b790ef7a403a63103fa6442b3060d175e10a413a29140b1256b8351f64e7f57cca55618a77c9c3399f9fe9f151d4a73dd9ec524178c75c44583e84e249e3d48f8180c256672b75d802777ea413ad46a083081f82093e1396874a74b7fb89ecf3604455e7866a3b7a7e11fbe8651034aacd3f6d60e9424a24801d748ead74eb1e8f7ef50ed803294a62ae32ba54362b328add35fd54646b2ba7143c00740ee75c2824629cc67943c8f14f80dec701553bc66bf085ce7832ca51cb4374cf800787cc274fcc1e155680e5cda8ece986f6d2b67febf5e47daba73eaa7934e8dea385b54affc1056adb31888923d27f909ffe561d25b3b9ca410cfe1d128677c40ae826a035cff98d1847c1f8f26450a575304fabc01ef77c37f8cd0418043901af303d68100a83c3ac113ed3a02a1498603c31f1b1e6682c3986fca747d3c45cd4438afa210bbf7bc1e57f7087f4dbb3faac8dced525b9a10a25a07d03805883b3ad111d95095f84dc4d03bd4fea780b590631db207da0abd27449a7072258684d984997bea5e364dfaa29c32efed2099984d72ce3db4a11a7b2416666ba24fd80cdc75a60f3ec322be7552e004d2c2dcf9b25d437ed67eb8d8f6e73b4eef6b8ba2630d5d997bfd63f2eeb7d477fc2eefe91a31390d58c2a2546c0f0eb36bed1711ea32a3d698f0ce0427e82a5b993f35a074023e31dd95ed438150be8988f0901bf5d999e5da90601efe9f247a6ceb7aefc5aa373dd0d2f33db2a58625c8d9d43e44802b0f8b8ee63b5d3844adf956fc69ff21526e38c026029a8e63473add43d9c05040a9aab9352f2e3cb722e710481c2dbbde1925f1466787feb44fc66af1ab23c7c4815601db249cce5a934e02af995b85358bf1e6b97330538dcb3d16d88245b9265974664e47114339959f600a626849bd9376d3fa837e9ada578e2a7991a0599834a07c0eaaa29bf0b79676a9d03d6e6dd6a3100c8b231c9e5fbd7182030df7abbbe58a3660ca1695b19ff2a6287659e35c2da09fabf4c600cf5f3ae0d8d10982268d8b57587f5f3aa406de904fbfcd92891cdfb388756bb8319c87a50822ca2c0a9971c27c68895eab099e545c82a4e1e6dd6dbd153ba2d661727d53f7b24aa6f92f264b018a8d2444ce3846ffa6333f895756495a1604cb932bd39f57beaf1d72c4e6734e8b2cbb8b4044cd394b92bb7c364ec9f500ff652e9f37ceca863108cdb1f775c2771715094a1dbdf695dfd9a409298167f4de4e9e2368f5a36fec95ddb82cb7cd606a663f04c32aaba150d79cec47febe1195b065db6ca433121a6a698b22e2527a771a1812cdd5426e9dbbf3dec11e68a272d3f63fd1b17af216cf03cef0e4dcc6f80b35d07301f520b00f75c692a17b0b3a88bb4824cc3ac1f24431926b9b424827b5fdffe8d33e5b9f4746d7a8068b6ee5baece3dedb7cb565ccc15c4f9e38db55709af46981575576390279524ac95393d83e068530b769d03e6de43150abcd002ac29052567e28fb57ffcbd17ab71089308021d54a21225a09d88a255a6142405064c261841359fcd0fb08b22a049f39b6348bd060b312d588861ca66db8942579d21a0a179474bd7ed9a0b5252867fd3cedd32e5c0286b0df5522ef54de90398c47f51fc2f4c4c24ace9dde2f425"}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1, 0x2}) 10:58:32 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x0, 0x4}) [ 1342.429380] attempt to access beyond end of device [ 1342.429380] loop5: rw=2049, want=276, limit=128 [ 1342.447769] attempt to access beyond end of device [ 1342.447769] loop6: rw=1, want=403, limit=128 [ 1342.449473] Buffer I/O error on dev loop6, logical block 402, lost async page write 10:58:47 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 17) 10:58:47 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f00000000c0), 0x200c40, 0x0) unlinkat(r1, &(0x7f0000000180)='./file0\x00', 0x0) r2 = fsmount(r0, 0x1, 0x90) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ioctl$LOOP_SET_FD(r2, 0x4c00, r3) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 10:58:47 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r1 = fspick(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x1) dup2(r0, r1) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 10:58:47 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000009) 10:58:47 executing program 2: ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) write$P9_RSETATTR(r0, &(0x7f0000000180)={0x7, 0x1b, 0x1}, 0x7) r1 = syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x40004, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000170d0000000001", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x800}, {&(0x7f0000000100)="ed4100000093b200dff4655fe0f4f128e0f4655f0000080000000400045539545cee", 0x22, 0x2100}], 0x0, &(0x7f0000000140)=ANY=[]) r2 = getpgid(0x0) fcntl$setown(r0, 0x8, r2) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={0x24, 0x1a, 0xc21, 0x0, 0x0, {0xa}, [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @nested={0x8, 0x3, 0x0, 0x1, [@generic="02180000"]}]}, 0x24}}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000007280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000007200)={&(0x7f00000071c0)=ANY=[@ANYBLOB="00001000", @ANYRES16=0x0, @ANYBLOB="100027bd7000ffdbdf25020000000800080002000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4840}, 0xc080) symlinkat(&(0x7f00000001c0)='./file1\x00', r1, &(0x7f00000002c0)='./file0\x00') perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x100000001) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r3) sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000640)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000600)={&(0x7f00000003c0)={0x224, r6, 0x400, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_PROBE_RESP={0x20e, 0x91, "f9966256aa5927f0e92a90d8412ff491048ef7965b0f4bc9c62883db204eb760d81042cf84291a5b022baca636349992a43299b9372c5ddb439033e369b6e0626befac352fd40a751cb095ec93fec1f9577dac300e695257a0c08246fe18b569d3c7907f29955ed15d63d9352af00a2ee4339addbcda6eebbeb795cbb771220b394ab958f4d04219953658233b84ae6a1199e8c55a14fee092cd58b00c0c30706c6b03a4bbcb300697d097c1096ed4dc42a4992f82097538ef8872a9110855d21179c746fca02706cd2da1527657c83bef1c3ce27f495bcd05938bf9bc66f25a458f7e67f3acf8dc678b286a139881b432e0b7ba4c17091ca62ffe7712f5806b3510474090946690f45cb07c2fef50e3cfcb5b6e10e0e7bfc0b4ba00b31f34949d0a788c58b8026fbfa3ac6c06e601c072b728f6b6cb9212b1a69523b23de20caa538b01d1ad2b3af9c2cfb3aeebfdf508740e2cb383fcdca39127a54935c1b1dcbb8bd6f6d05607a417cd7ba4788f4aa227c1022213e2a54f15abd9471d01c339198a8f4125ac1e6aad51fcdfd4eefba6cd4209baa750ad2c6f6f0928dda085534d15b0bd077e0c5e5cf38c556378d29485ab95847ce78648edfe91957d7032f833422d1c86cd4d23ab7f3d349ddff19bf76f61472b8915b891867a13010af31c78884fbc21f099a848e7cc8162b38dcad34ebb2aced01cb3ba4f944658062d9f6c1ed3727d07436154"}]}, 0x224}, 0x1, 0x0, 0x0, 0x84d}, 0x800) umount2(&(0x7f00000000c0)='./file0\x00', 0x0) 10:58:47 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x0, 0x4}) 10:58:47 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = syz_mount_image$nfs4(&(0x7f00000000c0), &(0x7f0000000200)='./file0/file0\x00', 0x80000001, 0x6, &(0x7f0000000680)=[{&(0x7f0000000300)="b0c983a08a5e63127d49f98b56bc39e3466f6f2679f301e1d4b16256cf3b7eeba1197d43a3dfd420af80b2aa7f9d872091472786869df39ab4927c1737e58c0eb33991784e62f20777fc97fb98c7aeeca8ed6e2e76f5d3fd1f0b512f8524e348ac77a91d6613b1ffbbeb5baacfa1afc77a5d5300bff22a1f128f3c87758d1cf9acd13a20bd6a4d88e25b8a3313807e44f9c398f1d9328d716275e904", 0x9c, 0x2}, {&(0x7f0000000280)="b3a1d4a8ae5228d291fe", 0xa, 0x1}, {&(0x7f00000003c0)="b713b3442014dbef7ebcccb134b3d8deda986068e75c8519f01a33336ea4f6410bf0aa14227017204188cddfc78ec4e765e47262617dd3b10ee15c1072", 0x3d, 0x1}, {&(0x7f0000000400)="6b2562e755006d46b7e03d0f55a085531f139086405013d7c2fd6557041e6405fe182b03d334649611245a28690ab06b421ea37826f6417aa6f8418aed8329d33f187383ff0e8b9a22ecd71879f1d705223aef0205e6810d004cea6f01e94887e378995b5c817feb85f4627dd7fcec5ba163beb90b0e905e53f2df8784a095475a9d499445eeb30fcb0260c4d1b801f0085fdfc6fa6ae574c298032ae1cf6e472b09f2fa27", 0xa5, 0x9}, {&(0x7f00000004c0)="09facf33f356df9811079b727f9642f2f5e835bb4e50ff83b0b7afec9c0f46a7691dba72f8144c853f8b5834f3a7c96915dbe84a55a545868e10338f417952dc7ede57920bcd0c3554f7b26758b964ad3870072b3e8e225ee53f320cf1058e333e3e63a3b93acf11d99032152613a0be5846e3dea2a73fca254f549f2875b8a39f99764e3cd8d578d98ecdb14f4088757315b2f8e571a0bce4c0765c9879b2df32adae1409d4790c8cd0e363603ca941bdbcc2203c6d6d8e042a8232d783ed75ce64fbc5d0dd04f0189665c55af51bdc70d9dec10d04ba8ef589fa3178d136826758c044c70d47c931cd0f4456f288e661c553b6", 0xf4, 0x3f}, {&(0x7f00000005c0)="5411528dd4d6e644c2058bc2d5510382d678b3e9dcf8ee3f448565bdf45048e929b3a905a7e7f0a6aaface24607e2a4af0100599933dcd01349bc2135b8505052ec786d36364cba5dfd859070c552d52d96a2b0e0b50b908f5d14e8932529c86636c0682e11f5a54111f21248e9318393d434547f18284b894294ecda54266c9fef27b57b9afca3a28c030e55882c2441fb6c39449ad98bf53f81600a66d943f1428ed59e6781375b923ae9e40", 0xad, 0x4}], 0x1, &(0x7f0000000740)={[{'('}, {'vfat\x00'}, {}, {}, {'\\'}, {'vfat\x00'}, {':'}], [{@fscontext={'fscontext', 0x3d, 'user_u'}}, {@func={'func', 0x3d, 'FILE_CHECK'}}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x30, 0x30, 0x61, 0x63, 0x30, 0x38, 0x62], 0x2d, [0x35, 0x63, 0x39, 0x32], 0x2d, [0x66, 0x63, 0x38, 0x66], 0x2d, [0x65, 0x64, 0x0, 0x38], 0x2d, [0x64, 0x64, 0x63, 0x65, 0x63, 0x63, 0x64, 0x35]}}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0xd, 0x4848ebd441345afa, 0xdb8a7286e287fa0, 0x32, 0x35, 0x35, 0x32, 0x66], 0x2d, [0x66, 0x38, 0xc, 0x30], 0x2d, [0x34, 0x66, 0x65, 0x36], 0x2d, [0x33, 0x33, 0x37, 0x6], 0x2d, [0x37, 0x61, 0x31, 0x31, 0x61, 0x31, 0x34, 0x37]}}}]}) r3 = syz_mount_image$vfat(&(0x7f0000000800), &(0x7f0000000840)='./file0\x00', 0x9, 0x4, &(0x7f0000000a80)=[{&(0x7f0000000880), 0x0, 0xffffffff}, {&(0x7f00000008c0)="ce37f872071ccc13c2c32a8e96459d0c8df21a6e7eca75714b19910adfb64ed5ba710dcc1cc53cb59115a7115006caa3f9a71ba6907d9caf5ce67e2c29ef52da239cd50f662493f042b7511dcc7e88954d4ad7a76e8efbe5725b0ad5a74319a422b930", 0x63, 0x2}, {&(0x7f0000000940)="40a0cf66b034c72dc45f2adf63d5193c6aba0aa8e447d9b65b95453a9ea6c20a40f2a4e5ae371a137f614f9429baaa43427dbb66c8c1b83c9780e986003244d27213f34ea17e574a3ba1a5d93da061b45df58f5cda49a37c7280f5fc4a70ab74c438a341f9caca7461d4876d90e060847812ad8ee4b42e0ba172e503f35c", 0x7e, 0x3}, {&(0x7f00000009c0)="90a554162e566567b9da500ccd7b8dd4d70be0a4a9c48fa8d8c3a1c6df307928783cf4b325e9f2d2ea98a9e46fae76f51aed122a1f0ea984d19451aabd0b3cf1df1c922e75fd4ef347b7684e72864078521ff6d4af1f751560c197bbdae688cd713c2fde97e65f09e640f28d89b71f7c8627c198294ba957ad1ebcf5f817353358e4e0919fa02b70d41a4318c3e5fc47abc9f42594a7c8e9bc7e6f7e164adf3fbf", 0xa1}], 0x80, &(0x7f0000000b00)={[{@shortname_mixed}, {@numtail}, {@fat=@showexec}], [{@appraise}]}) sendfile(r2, r3, 0x0, 0x4) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x100000001) ftruncate(r0, 0xfdef) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, 0xffffffffffffffff, 0x0, 0x1) fsconfig$FSCONFIG_SET_FLAG(r6, 0x0, &(0x7f0000000b40)='dirsync\x00', 0x0, 0x0) flistxattr(r6, &(0x7f0000000180)=""/76, 0x4c) openat(r3, &(0x7f0000000880)='./file0\x00', 0xc00, 0x40) [ 1357.831988] 9pnet: p9_fd_create_unix (9583): problem connecting socket: ./file0: -111 10:58:47 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x8000, &(0x7f0000000500)={'trans=unix,', {[{@debug={'debug', 0x3d, 0xffffffffffffffff}}, {@version_L}, {@version_9p2000}, {@version_u}], [{@fowner_lt={'fowner<', 0xffffffffffffffff}}, {@uid_eq={'uid', 0x3d, 0xee01}}]}}) r3 = getpgrp(0xffffffffffffffff) r4 = syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f0000000400)='./file0\x00', 0xd, 0x5, &(0x7f0000001880)=[{&(0x7f0000000480)="c47eb9f34637004be7b55f0c5704e2ed7253538ff44d67dd9ead17125e634a2e157bb0c5347a6c4ed65b730bd6316a610d7e47b54c7b633fe70d8e6d919398e7ba36194a6240f7c6067dd8079274fd1276ff185047b4cca75d6b0ff8864a3c4777944af2858fd1f9", 0x68, 0x400}, {&(0x7f00000005c0)="ee61a7204ece53b032b614605ab8af3201b0c0cfa8bc8bc615b6bc147e3a5dab818b634308c50026b19c9427fac0eb9fa8b0c98ce7ac4471eb1b77748d13fa2edde42e85d2110a8481ed917e2177cef825ef9c47bd734adbf9da30b85d7f1ba7c68040fb22bad63eea1b6644ff1e9d85b0c1110eee4f1219b9137bb5cb0378bbd4243171b830e7a8a26a318758c7e05ee87ae9710d3d41a4a021eefbdea038d8038796f47e9a4a4251daebfd279b65b73221779d18385afde210c26ee7b7e406781e51a1946ff82c51acf5367005fe6f64b088b954b64ff2680e2b32c8302a946007a5ea421c2f4c", 0xe8, 0x4}, {&(0x7f00000006c0)="4749b0cda51542dd70ad586aec544ef49969d38e4af9a441dcaf9c1a4c0213000fef3fc7ed5b7c90673ec88f04374632a9eb2407c9fed8e7d2aa5bafd4abf9a5bd9d185c760a8c516b6fb64c3267dc1540bf812bf6224c4041826e3ef9abfe65a5747e9fc57d1c696f7b1b56c1a9274919f1bff2f8d26d5f322409198ad4907f66ddc174", 0x84, 0xffffffffffff8000}, {&(0x7f0000000780)="93822c4b6e71ebd131fdf5281607bdb817ad5716e04a26e91820fd91a14533a14e1a0edd95ab2f1436f26416c55c8e931413a584cea6a69d75a1bdbacbbdf1e44bb4281a8b22512aa5c1972d6fd859cfe8f98c91a0aa4a58eec13e4575ab0eabb99bbd021f506beca7c6989927caf8c430f4a84e544ddcea8d03e5ac9d5a1f30a320d89ad8a51b0df2e18a87c0b7cd3683636f492e0809b7477a9d4fba734bb764207e56a48b42509b639df5ab5a239d1e0168c3368647c1c4de65abb1ed23d1be70a5d6ee5f1042b2e9bc7a673d966faf53aa8bb107bbc81b1a7a3b1598e04355e753061c9eee93d0cc9b25907cb17959594ac9b28e9ab45e3375e9e01d98c4313b00f240047c9ad212f91cf31ff5e275322add14fb589816a3e811a08a94d1b2468b3b44651c37f49da1eb232067ab704640fd7adc68a25e11eb3e477eba0daebcda26c4cac96073b38bd9200fbc0f81d165e92c9a10a03dbf7baaa925a45d47a4ceb0c211627b3f9663a977fd03d58b188338ec905ea82e4c66ba8723a999fd09f730e448cc7734d055bf979a81bb955a53f91276bd5367f0c39b492e9e851a89dc8e9bd09c78af74cc4945f0e351b6d3852edf5de0f9a08dcbac21dd2253c7b2626f6820c964f0116f68c6ffa3d15605b956a39374531f229715e45392e56348bd7e19fb005f0af7c91756629af44364d693cd09fa6a24370b64b595b3f8ab02456fd07b8d739c30ddd098b5c9926aeed9184eb70f08ec3d81b0692686d1f8b6f1ac090b1da4d85825564f9936933658bb09db0ae338a16319bd41e5c98ef48937ffef73afd5019135f558d1534a8c15999b9a9a9cb5a8f41383d3429a4f92ae1cd45b186b429e33e792b266ddbc0b9ebaaefae9fb7b9c3d2805efab9e52ef9af618e31ba4949b93632c1715b7beada38ec6d78ae54118f18a207c897fcd70bd75df1c63a16315ff1e3273a3fe877fa61a7c38e5298a39edba42f5539b9dec74d6a47f4a4a87c03927f3771aa253487000b6bd450a5767d5be0cc3e52f46f12e9f92fbbea06734aaa958ccb2891548d392ec8622b248daa747838aa219fe15c1ba7b1f105a96cec22db6bed832d2fa13c57bf6183c525202db8fbdbb8687020fc5c7785ef9c1f2a8b7e9ee00963525a241a3b3c4d439bf53933aee30dc8b7a8a5ed7a8ca9eb4053d89aa3af35e22e73f53ea8e8a270d08777b1613f09584868c07daa017356ec8a21107a3c9251081bd8b31cfb3b082e58645871d4737900296daff141721f0193d284c2556560f982f9770f54bbd03a587d2aaabd223667a87ca5291a0eb59f5a4cbab303898019ed5a7a1792d04df2291aac7571801452b4d57dd8e9a6169219d97313ff92827b56facc234ddf379d326f3af1621b3a05c40a1e5ff8abc3f27bd9456a744a1c4a14527b209b9120857f745f3866b37a49e25612dbc239a61bca6f18c746ef3d0d29af09ad9ff0afa239a6e4f93e02cfa845c832e9bbf7c2d64c16aa18e618cdd8cbc66685aecb119e389be9c3d80e5f97ee3215a9eb423de31886ae99c892420ef501d2ce1a334c2ec10a13e40edeb0a252daf23651cfdc43de64713cbdc82ff735fa55591af1f21ab4a537a2d2a9a1dc67369943dec5889da0add952053da6ee8bea0b609f850c35332fb6a31efe44b99d02f87e4a521bf95db7c2a7bfe1caf7b142265ed2d56944e08289eeeca872bafbba902bae46fa21209235c2d35d50ce4e6fc51c78a16fda64aa386dcde4b18c1ab888fddd9718e0c36530ac5cddf6143ea077870e4ccd531b2de11df2712118117244415aa1c27077529b99784f3b64bb9a19a13e5aed44f77e8e6e0100bdf44a83e70e42387ca334b8de6693633746b85134173a617e40222ce2e87bea87e0b2c4e6127fb53e5c48de28a4fc7952dcd11cfa77c51fdfd85780cf58cb6873ae2aacc3c3d3b39038419c7601673c0e51eeaa8a53ca26f4fc6197605cf5264840f38271db48b7012ca6333417ac460c0c007161d58112517dd6e45ccc5fdde54f847954880a8ac5600dcdd355d9011cc8aecbabe120cb22a3610f2901a1183a33c83eec27c229b1e365f10cc6813db09e83bed78b56a665429579040a465c6d8a3bfe61069e87a2f3bcf96c8dd33ede348591c7edb9bdd1716dee1fedde8345ae80d3d98185b3ec17afc5d0f497828b1e628b89d7119893eb9b13c81d198ca1f04a2973035754ecf71e7a828e00837c04ff06b734dd89c5bf126faa4071dd690b40c6b12cb2fe53ea197787673288249c333de571a3903abdc098168f6866b34522e3e8ccb17b3baa4770580637f8659d4d344a53c47365d9ef3685a40426e4542a1194465b8cfd31131bb04665b30f04075a1820a65a5549c880071c25fbedea3e162b5d27bef57a04758e255ea1dcea5157377ecb56a9867a11b1d23499a36f9391020da0fd0f0107e24be6d9c11f603e2d880729c4347688ada3ef60331a17d52cf2a650ef4415e06edb1937ed4af964375f008b9abcd62363ac8b8c17e86b378e10023fc5b73f393085dfdf997af6f0a732bc66eef8ccaa29a4cd9d1a3d86d902a7282e0bc9c47dc0e6ab6a7a4af0500f45eba4b72f519146d84062b21f96cd87f484cbf67a9924431bf72e77e1a7bbb85dbf6970516f080a9589d853a0461e877f40236610b2006c218ede93db7eef4c9527179ec02318c5ee5906e5fca02134329c9c41269a92bdad29174b7d9cb55e28cea7c9dd2f6e05f42c20eda3b1d8fd7c87d5e4b69e17e124f38578d8bef7288df06cf7975cfac3de498dd2400787152b0b326b9efb22e013290e32fb921a2df4cc2495f96098683f311d121212f2a008d0ce2ae0eaa9ccb540256c3f1a9946f283b8b25d1afa4d2b2ae72d3ccf62b8cf698b50facaa3f6b9759c98e08726e36f30cd6279183e523236e809dd4335dcdef4d628d26ebda6e0360b4db8b135a08e0dde934e5f4d81cb2d07d7f476fec115d47347aaec5b0dd4bb8f30f695388565ae429d77d8773430ea8a6426627b9549d3635597f124e8ff3d0c636202c1985e80e8c741abd5d8794b0b80842598525fec7c0485dead9b53eeec72faeba6d869102661f0390a3d0e1ef67056be63667aebbcfbb3e6a6f56d26b45589e6ffce7f101810a287363e709d6a48ce0ba2efe54f7b98a1decd52ca0631f37f9d3bd168ff8e98357e21b894275fe28715a3ae64504921d71c7c58be94f41c26297d0ad0af2b1374a96aa0d8db4c03566d20b4941a32ae2c6190786279dcc4079e26aa378ac024d774dc65d8ee1f4008842828e1103ddc73710a8a390c08077a1b60bde3f8b91a9f5b0c6196506925659dde3856defd22a93ebe189b031a42c158ae5dc1a17f302dce4ff78950d367ac3e134897a573f9cca1090d040084056b1719be41b0c26c12421ad9b69c4739ea4b1578c08c9ca28bcf6cbc73e3b55670e424de4df493ab66272575ebb6a0fc19b863ab6d250690fb248c26342c96d8181276b115e45c0e5acbf13c7f457a549b986e7f0e928638d2a2e367bd4f2135b7ad5838170cde3bcbbaa4ababd0fc2ea390c17e7e0530a522c83bced1ab72cd8f3c73dc7d0c2a164135127074ef82a7ddff16e992b693e1b19c8a9f946e5424b25d95beb50111da0b17257ec1f05c2ccb9ea341b569e65f1ffa54ff8ee7210ad222a22ce515b6274d1be939bb561e1a1a6ccb699ea22399f54927c1b1bbbc983ffed4d0bc0f914a4da37be9337220570224116db74cf279fad1c5097d15f9b3fed31182796507ed120b033b43fc1a614890f3f8a327d9a4cadff90b0fb1ea0ffb2ffb9386af1fdb01c94137e98bbbb9dd6fb54ab2b14c3e87b1250a316af79781424dc959afc28e697258cd00ce90bd4a93b7b0947939f40f8fa4e0697ba8ec676d30cd0ff759c7d4a88b5ca2b8dfb55b500fa8148311640a6955f88a8853e71a5a792a8e946730de3d0539edc82bd97bf292eeb82a07de0cf82a8f9729351c8eddcd8609aac73668e7cb0b2cfeb72230553d8afe20a9c3b8c869ff74f3e3cbb9f7601c4133f22bcd41a2e926ded9a82075d1067d3e478d33b964a7debf62443387779c18c9c598436fe9f09cfdbf030560b368fafebdbdbbde2bee63103627e538de48f88771d9eed7379df78c560238270bf292a7317b6e1c854c474c03847cb95ed7f16c3278ffc7318f5b68d74f9dd958427273c1c919cfd1dc3af3ce7d028bbd76fc21f17a0cd7a8be5b04d293c5a48ad57edd998f2f728f6ccd94c3fbc46441f96166d55c462a596b8cb0a593377ce601499c99d59741650f30681f50a9803e5daca83e778b3fef41bf2b846daf8df5d64f953552556a53495674a043ebe2a3b8d31438629a0e24a9d5117dc0b4fd4cdc188fd3a9e94c4f784a5e346edf989d4497dc5c758e6d7415c06122875c7b65ee1171e924e3f9108484999c58e494524e12975498c25639d987615730334a710a42acab7734ddff8e5ef1227150ab1f787a1cc8c8c4d14ceddebf3d01b6988a83b2ded691d433c6c68518973824da43f11848de7e975746409265561df13822ed8a14f637b21788e33b1801174e62aa045213ce1f6c95a9155e6b4ad0a123f974c3fe9bec4bc1e115d454b8c176d727043a76caab9a22bdc368e7f61c8cb85cf5214b0ba03c3f25592d66b0a0b323106cb06977abaed8794e8aec21ecc05edae10ee8e6b628b03a10bca6c305afed575f861213aec4be276407e731ead7a3a348221d1837e24eee8e158e0de52df5ba4cc37257b84264a8f2312a139fcedf30a1d7a93066ded4560eae14584ce1d5a5f47288b2c761f932fe4cb073185b87830a782a756180fce5c102bc7de60e00d07ab519e3146effd92c8d061362d69e261d9913d081813ec0c1d1c27af6f926a4cbc7b4faa3d3872ced955ec0b7ae05e0c12f5fd61237fbff250ff4a999a568c43ba74fbd4997ac1825e0fa2b167801db94f31fc179fd88741c25949330097f6ce1fc35c88ab3836fd8a23a56f0e872d9c9bb7bf228c82f6ef50f6c6c72d5eb904e5163c40b676dbe80c204b65e7a1b6592e08222916b70b4b442496924688dd5c7130052f39dd17e95258f4a88ba3ab2c62d1f913311541af508dbe2f65f299d04bf07695e524baa6b4ecb11355203f703e96d57eef9b763e96a407abd2ffd2ced5a0610cb96ce26052a2271f7cad7abf589b7db0821b5329972ecf46efb0f30562eb08d0f6fa596bae2808d32d35adcf8fa98b3cc50be78237ab174e2fb63e2bdf9e5895eef054481330459d7726f04c64da0d9ee9ce40bb18731b7b55c0053f35883e8a87861d576866734ece4167316e842c6f217973a7717136b8bb1977a55b1cbd8964b4a6652cb629649c894032fb0d2c7acce8a59f4f139628bcb3c63f21299ea89700e7ff16a658a5daaf8c91a63579b7622f050f9a8d31bf4c1141fb7a6ae918f270486032f9d2a0a5851f299b5beecaec57ef742e9de50b16fd13efd3ce7cb3b65cf1773dd0ee86fbeac2ece5fbab7958d8794d7d1ff6bd4586270b76d6108f6c77305eed58c3d3b0bfaee3bc630cc498bd0eee2bbfd3821d5123732079d56afc649294a70a4d7cc02ae47627336f87f5e5e33bc38e065bb289da7906b5241062109a0b94d8e5143c22c05ba572a5c68333503e2958b413bad1853874ef0783bd7cfe25861fa4a033cdf1acc2ddde569955e32d833044d32edb4912820db5725e1e0b3b78d3a763229d7a51379824d69c51c0c481546599f706d5fcad4bb76ab23eb67ef43c1f11081a", 0x1000, 0x800}, {&(0x7f0000001780)="37ff603ff2fc67f34605a209133223b2641e3c3e99406acb912d768288f17ab20bba7b2cd3389b533fecf8e39a0323557a97d40cf3924499afa793f10835ad4c426e04971be4b4efa702213c62f034c1866dc885dd5ffbe0551398ff264777c3758383eb095b8d1b1f13c29245a2afa660461f685e25c97d85441a8d067f3d14e221663ab26f5afa2f669dc854abb08b972775a15c7cf2f9180fdc3413abd94e31b09b84b7130ef195fc077f5f326594a2e1517730c03590ded3f2a0899f11a696545566945026d35398caaed451f3c191568b037209dbaad9bb0d497b7d46a043e78f21d61a60c95af0902e12c6f199d3f4", 0xf2, 0xd3}], 0x9, &(0x7f0000001900)=ANY=[@ANYBLOB='user_xattr,resgid=', @ANYRESHEX, @ANYBLOB=',lazytime,auto_da_alloc=0xfffffffffffff000,nojournal_checksum,resuid=', @ANYRESHEX=0xee01, @ANYBLOB="2c6a6f75726e616c5f696f7072696f3d3078303030303030303030303030303030302c7063723d3030303030303030303030303030303030efa0f75ac0"]) openat(r4, &(0x7f0000000440)='./file0\x00', 0x42500, 0x181) accept(r0, &(0x7f0000000180)=@rc={0x1f, @fixed}, &(0x7f00000000c0)=0x80) r5 = inotify_init() openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000280), 0x20040, 0x0) kcmp(r3, 0x0, 0x6, r5, r6) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) statx(r6, &(0x7f00000019c0)='./file0\x00', 0x0, 0x80, &(0x7f0000001a00)) [ 1357.867616] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem 10:58:47 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x0, 0x4}) [ 1357.954807] attempt to access beyond end of device [ 1357.954807] loop1: rw=0, want=147, limit=128 [ 1357.980902] FAULT_INJECTION: forcing a failure. [ 1357.980902] name failslab, interval 1, probability 0, space 0, times 0 [ 1357.982009] CPU: 0 PID: 9581 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1357.982618] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1357.983350] Call Trace: [ 1357.983594] dump_stack+0x107/0x167 [ 1357.983919] should_fail.cold+0x5/0xa [ 1357.984264] ? create_object.isra.0+0x3a/0xa20 [ 1357.984674] should_failslab+0x5/0x20 [ 1357.985024] kmem_cache_alloc+0x5b/0x310 [ 1357.985394] create_object.isra.0+0x3a/0xa20 [ 1357.985787] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1357.986243] kmem_cache_alloc+0x159/0x310 [ 1357.986618] alloc_buffer_head+0x20/0x110 [ 1357.986988] alloc_page_buffers+0x14d/0x700 [ 1357.987379] create_empty_buffers+0x2c/0x640 [ 1357.987774] create_page_buffers+0x1bb/0x230 [ 1357.988165] __block_write_begin_int+0x1d1/0x19c0 [ 1357.988602] ? fat_add_cluster+0x100/0x100 [ 1357.988986] ? add_to_page_cache_locked+0x40/0x40 [ 1357.989419] ? __page_cache_alloc+0x10d/0x360 [ 1357.989822] ? remove_inode_buffers+0x300/0x300 [ 1357.990236] ? pagecache_get_page+0x243/0xc80 [ 1357.990630] ? _cond_resched+0x12/0x80 [ 1357.990977] ? wait_for_stable_page+0x92/0xe0 [ 1357.991379] cont_write_begin+0x472/0x980 [ 1357.991758] ? fat_add_cluster+0x100/0x100 [ 1357.992137] ? nobh_write_begin+0xed0/0xed0 [ 1357.992523] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1357.992970] fat_write_begin+0x89/0x180 [ 1357.993328] ? fat_add_cluster+0x100/0x100 [ 1357.993704] generic_perform_write+0x20a/0x4f0 [ 1357.994116] ? fat_direct_IO+0x1ef/0x380 [ 1357.994478] ? page_cache_prev_miss+0x310/0x310 [ 1357.994902] __generic_file_write_iter+0x2cd/0x5d0 [ 1357.995343] generic_file_write_iter+0xdb/0x230 [ 1357.995753] do_iter_readv_writev+0x476/0x750 [ 1357.996151] ? new_sync_write+0x660/0x660 [ 1357.996520] ? avc_policy_seqno+0x9/0x70 [ 1357.996887] ? selinux_file_permission+0x92/0x520 [ 1357.997315] ? security_file_permission+0xb1/0xe0 [ 1357.997741] do_iter_write+0x191/0x700 [ 1357.998087] ? trace_hardirqs_on+0x5b/0x180 [ 1357.998476] vfs_iter_write+0x70/0xa0 [ 1357.998821] iter_file_splice_write+0x762/0xc30 [ 1357.999246] ? generic_splice_sendpage+0x140/0x140 [ 1357.999691] ? security_file_permission+0xb1/0xe0 [ 1358.000117] ? generic_splice_sendpage+0x140/0x140 [ 1358.000549] direct_splice_actor+0x10f/0x170 [ 1358.000934] splice_direct_to_actor+0x387/0x980 [ 1358.001352] ? pipe_to_sendpage+0x380/0x380 [ 1358.001738] ? do_splice_to+0x160/0x160 [ 1358.002088] ? security_file_permission+0xb1/0xe0 [ 1358.002525] do_splice_direct+0x1c4/0x290 [ 1358.002892] ? splice_direct_to_actor+0x980/0x980 [ 1358.003317] ? avc_policy_seqno+0x9/0x70 [ 1358.003681] ? security_file_permission+0xb1/0xe0 [ 1358.004117] do_sendfile+0x553/0x11e0 [ 1358.004465] ? do_pwritev+0x270/0x270 [ 1358.004813] ? wait_for_completion_io+0x270/0x270 [ 1358.005246] ? rcu_read_lock_any_held+0x75/0xa0 [ 1358.005655] ? vfs_write+0x354/0xb10 [ 1358.005991] __x64_sys_sendfile64+0x1d1/0x210 [ 1358.006389] ? __ia32_sys_sendfile+0x220/0x220 [ 1358.006804] do_syscall_64+0x33/0x40 [ 1358.007131] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1358.007581] RIP: 0033:0x7f24f4026b19 [ 1358.007916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1358.009539] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1358.010201] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1358.010834] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1358.011459] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1358.012089] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1358.012726] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1358.021157] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1358.043899] attempt to access beyond end of device [ 1358.043899] loop1: rw=2049, want=276, limit=128 [ 1358.046654] attempt to access beyond end of device [ 1358.046654] loop6: rw=2049, want=276, limit=128 [ 1358.069893] attempt to access beyond end of device [ 1358.069893] loop6: rw=34817, want=148, limit=128 [ 1358.073971] attempt to access beyond end of device [ 1358.073971] loop6: rw=0, want=147, limit=128 [ 1358.093429] 9pnet: p9_fd_create_unix (9583): problem connecting socket: ./file0: -111 [ 1358.106312] attempt to access beyond end of device [ 1358.106312] loop5: rw=2049, want=276, limit=128 [ 1358.111627] attempt to access beyond end of device [ 1358.111627] loop4: rw=2049, want=276, limit=128 10:58:48 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) r2 = dup2(r0, 0xffffffffffffffff) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x100000001) r7 = socket$inet6(0xa, 0x3, 0xa0f) poll(&(0x7f0000000000)=[{r0, 0x5200}, {r2, 0x4814}, {r4, 0x4015}, {r1, 0x111}, {r6, 0x8}, {r7, 0x308}], 0x6, 0x7f) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) mount(&(0x7f0000000340)=ANY=[@ANYBLOB="cf8ffc328acae16109f5d12f6465762f72723000"], &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='jffs2\x00', 0x2000080, &(0x7f0000000300)='@\x00') perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0xe5, 0x66, 0x60, 0x1, 0x0, 0x823, 0x4, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x401, 0x1, @perf_bp={&(0x7f0000000140), 0x1}, 0x184c2, 0x40, 0x2, 0x8, 0xfffffffffffff000, 0x6, 0x37, 0x0, 0xde, 0x0, 0x9}, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0xd) 10:58:48 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600), 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setpriority(0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={0x30, 0x10, 0x1, 0x6, 0x0, {}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @nested={0x11, 0x0, 0x0, 0x1, [@generic="487fec864b245e0f3f9be149f8"]}]}, 0x30}}, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000180)=@abs, 0x6e, &(0x7f0000000500)=[{&(0x7f00000002c0)=""/160, 0xa0}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000380)=""/139, 0x8b}, {&(0x7f0000000040)=""/63, 0x3f}, {&(0x7f0000000440)=""/136, 0x88}], 0x5, &(0x7f0000000100)=[@cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x40}, 0x40000000) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000005c0), 0x80000) r4 = eventfd2(0x200, 0x80001) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f0000000640)={{0x1, 0x1, 0x18, r3, {r4}}, './file0\x00'}) r5 = syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) lseek(r0, 0x1, 0x4) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r1, 0x40082102, &(0x7f0000000680)) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000000)={r6, 0x1, 0x6, @local}, 0x10) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f00000000c0)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x2f}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000001340)=ANY=[@ANYBLOB, @ANYRES32]) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)=ANY=[@ANYRESOCT, @ANYRES16=r5, @ANYBLOB], 0x100}, 0x1, 0x0, 0x0, 0x4804}, 0x0) unshare(0x48020200) 10:58:48 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x82) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 10:58:48 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = fork() ptrace(0x10, r2) rt_sigqueueinfo(r2, 0x1d, &(0x7f0000003800)={0x31, 0x8000, 0x80000000}) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/iommu_groups', 0x4000, 0x22) r4 = getpgrp(0x0) sendmsg$nl_generic(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f0000003880)=ANY=[@ANYBLOB="142200002a00000327bd7000fbdbdf25090000000500590000000000ae00758008000000", @ANYRES32=r2, @ANYBLOB="e56ca5a3e47761cbb03d8708014000", @ANYRES32=r3, @ANYBLOB="a66269ca513d9c409886bbde1ccfe2a013e04408008b00640101010400790008002a00", @ANYRES32, @ANYBLOB="9026e7a0dee4b2e8470bfd2a5b1535880a2715d31a67ceb11abcf4c75931c1b66195a77351552c382429a02453b2a46231354da19c860f53fd3ac758b3ca8f7df6c38a8fea305af65d417f68a6c7a5849c491e1f6d3d6ad76ce83c43f95dab3bf493aeab66fcbd26d6ce274c0d80568103c89500001352c23e63af41baa8ac39e5e336b03c1538c4f950db59d3a0620dd232487184fefdb10c40c11b69e70d09dfa548340a510ce1e36187ede0498b47f676ab5ad7f5a7aec1905fa00b48f77081948eb808672eaf360786addbc035771698018e82356f48045982bd24280be90e6abfc9d7e0165730bdd51f6dc633c0a4b0cbe8ef54e35f185cf5cdb84c00ac4d978e0c597536b22019800c003300050000000000000008007900", @ANYRES32=r4, @ANYBLOB="0c003900060000000000000008000800", @ANYRES32=r0, @ANYBLOB="090028007666617400000000ee844ec5c45f6651ac1d52820276cb25b47a152813b8cedae5bb024c81e9ad7cf7e1c0afa5d1c633a0961e027959d3af482d8969b5fdb6d5f963632830d53984c0d9b683e34a44bde4be8771dfb77992bde2a98fd012aa5a2ba6b18ae63aa5fea85d6e88a8427547c63199b4a06f6f50832f54a4a3939af3888cc6926537dde25d0d947cfe0af36021f67dc3a53803d85533cd7fcd82e2682ec08103697e78aa67e9e8ab9b1ebcf471b4f39f603df17524c77466815241eb1001cfb290104cd15ab536fb515859a34ee52c51f9a7e311e9ec68c2ff32b3439fbf1c76076521930e6c60b260525329ca466e8cd1e6b0d32b0197ee2b8662eb0185c48b38f7f6f5df31da06c1f36ddff940f099df3f4f77afb6dd80867bc0fcf91f6fa7ae3a9bf4c6d9cdc8cd76e904278757895cd4e6e74350958b3e22c789bd2f814f5c70b7142eb1d3500e399a00f318d0a093084122c104d2142f1e3ed76c9024842f068e47b90af02ae5521573efe9719969a8ccb9516b9bd237eafd1df300167cea50ab84884728a47ffd673a56955ef9dad7bcdbdf0f19d43d1a73db6d2bd6230bd94354e437162f07ba632cf476b7f7afc3556e5116aa780b3c2a04ebe136872e194658a3d3fd7bec2f2e0121881767b31f928241a2b98f7e0e7c81ae37f49610c27ec327411c25981f9f79776063cd41ef5475766d84bca72e0b9f297794051bdd3f2509f54350a95bb846ebd175c1f7c62e2397ee4e94245d6acbda85aa7db9a9cba18cf6c60e3aefddbe688d9f366caf4412b923881b99b489eac550e9eaeb368d43745c08a75c033cad6f64b690fe4552be931f3c3eb3c61d07d6262a5ed54ec22fa610c997739670eaf5bf1327fafa2c43c2cf3204e2b42dfb2ef236f3831625c49a111a41a3fd1d9db4110290d6be00f4b211b1dea236d2609db9be8fce135c7db49693fc1f81d8589af49cb6da856c00378ec6e742b1148ed3a5009e3154c2fecbc09e52ba8083f1368596d6f79d69c988f877a10e8623b68ee81a7d9f9001ef8fd51fb89a726e9e782cfb99cf149bd4f7f5c0e9a77a88cd3af863cd4bba9abc5e5f1920db63227d541c17f4430d5364ed7e5cc4a2ea47c948ba8305d1439788d8cde99fec7d01b9b006d6a3249dbab58df4b8c640ee337d7d8503a69b8d42527e1ad6e86eecdd543133ddbad09b09b8450b4a332ebeef3e3234f0ef87f43a31f06d26fd3120a61747c6c0099d25c572e684904f1234926a0a6467c26195eff21c8f97ff7bccb95482857b93c769fe6915309d58636b87dbcd35605f018ed32ea68562c0173c37c6796d5952970f361d8187aac21b5e5945e8be78cbbd69cd260a28b8ac3958240478443f6946fe0d146a6792d63cb89e77f24c028027a322f111b09df79e76c1794cece2f4545b6be1ffa8aa5dd20e4ddcc94e4f067313687f0b0d25c7a40ba77c44f1ef1291a128ebd309d7245d06680e5e8aa4450d8965f737eaf948f4d0ec68515f22362463c5d92b915d68ad69ffaff1a59de765a361e2f6aa1a50e5e067aadde1524496f002b9c003d77d17798c07ccc539f99810c113ae885cf38fe605da0fa8f5e7b5b517d21f3e014a5b9cec809cf1437ab369c65268ac92cb3ff0f2faf7aa9ad371a5a8a916a5ab30b305b67ea56c7067c955ad72c51dd7f95ca019f74083c55ea5534c664ee2c3158635430deda3cb2fa05a3fdc2d4a1f1e588b494e04fbe573c6e9ac8ff53d2c9a61665353f6af37c2806cc3a82684a836d35a555288f5ddd83e2797d402c28f3f2e71d65e320a7cb008b0d8207792a4c9dfab66e7d066052a8ce0149f0ed2f56779b9997a214490216754a0f4ac715b92a5e1f89e93f4609be37753edf0af8b08cf17877a516cddc1c6265354ae4b49f8da1c0878dbec3f6cfb007758d7b694c1cb6daea1a241ae9eff30ac6118d924b2e139f7e024e3ba7c06ec74ae910a4dffded6b04d9593adc62b4d3eef9f09deeec85c569d86739568176d1e54462072d3b9736d707ffa513661b4f827c3ec8d191d9159e7b282274002d20df27e0f5106b84bdf4c2b30724c53e0853dd375e0f5362d4c8bd3aeac695466cc2560be993152ebf553b36bbe4708b5dbc81f8d3da8661abbd6d97142ff2c7ed5d8d8c3dd0ca25b362387e954de6712563d5a6482a67c65374fcc8c5d13c03ece5aa82254bf2738f04fa64931c29359061ec7c77e2fbf9dbe12be60aed71f75680a5b3e48984a4458eaeb9575883e0668649e8da72a7f9090d3663361311d320752fd59a81c0628f8d2c72bf3b27f64808266fc7e39cd72e9f29392543f3f281c7f6af0fe81b94947556bc829c8066ce4ab998b5341cfca3f02adb7c9d22af0266a80fd718b58c80b4742235bfb0b795014ff617057b3211d4a51d23fe726646db82a9a69a593a99826aceb7cbf51c4e6bc7bdb03e0edbe25eef4201728026ab2a57bd5c03b9222ade97d172860d31bb834d2f38ad92145e6edfd4d3f30ecb15ef26ecabef1ad1d99614349d80b54d9f19af6b0bd39acbb5276a64d47f932b378a5201d7a09dcbf7225f298bbfd6e001bfca4c740ad4b7087f44b8cbcf7ab40e8fc5cf462df9613f1b4c1f6232e43e31e8f8e04751cf3a096e0e0c86eb4afd6db6a262dccd59b55efc3dee3e469e2f6527fe4a22287c76d10c938cc567f9393048f545b64f7f266ec0b3724b3bb94df1cc8f1c682a363b1e8db4acc640d3f5959d45b259422595644906e8a7990f87d45d5b5caf54ca86040e734819056fc83d227cb93223cc562c3c08c00703e18d3c586924e4d4bde8a8abc09666782acc57378c6c9dae1b79d0bbb82a2e74275415951ae59c48898e8c0345c127f40cef26fff5544c6444c8fb565e84e83a1e4e4d821defbe3db8207054be46a8adbde62cc70aa48b675848b077ea6199a9ad9b8f14c1a0113b136294b46d39f020f633b267bbb3ef8939941c43a6009d3c5ac8709078a999cc9fa51eaca2603f64fac19bbf6526b10177729c31ec934a7d5c6061435cfa8d4483ad3a5bb4f3bf7a5a8b150faa139624ac0b7bdb712698eead89ab2cc56d38a2395b178ab6ce5fbd331fcea7807395fcde8bb9cd370bf54a313a7bdf862024f13b3e92aabc4d0bc96c3ffd0422e5ee6fb74a0320713283410bb7c0538234acdf0aeae555752e040b0663453307690d0069526dff685332e6eee91710c03190ba9abf6a0b9724b7411339bacda4e20e51c51a4300258b70d8bba1e076f60c69c7a656ada07382736aa05529d03bc48a077841b2db236602adba0c51e474bae28a333aa7afb9ebe419c058c5d6d22da3da5d4e412c85efbffd62a1c6ff86e45171ad97f2ec2889f3ac0770b7977d1488a4ae693b22d13ff0f4a289eb3b2a70fa5bdd2caa06a6c112eda893fab35524ab2b108adf897540b3865a6c3adf4c2e2e7adbb47ab0843cf613a2ac0960fc0b9b3203786653aa28f133fb6508c787c7c55536d7f9c7c9cdf74047aee12e4262fd7ea69a2ac088ea8399f8d167eb5e551e5ae6985696bd369a7c8a4bf0c5a948841bf569aba8c7b069cd49083fc44f6f93433b87d012ac2ea406ec74865cc32983c6400ef870f43ebdc6c8f797062a5436c8e7d918b6484e80e090e8c45d302830262dd292a6607a9664e7dcbd82f520a937f010fd837189ee2d6a1133de4112590e0413f65fc9d8601b7de5fdd0cc6e663d58e94186fdade3ccdc89a1cc43d358963aa8fe516110c401ea54f2d5873b5230d51ebdf96979ddbeeadf40e5efa5e852949da48468406ac08927a8bc53766fbe8da53f4cb37561a9ca0cc3e6932bb7680ef7f820c1217950ec233c820a95d82ae7221508c3d98dfc0587246dee48d94cd7c319e66b144b43b0a8e23e18cfb7712bd0e5efc43854ee250dd1120ee479ba565263c7cd462548062578b632e1fabd771cf46267176dacdd17afc037e56c61def545172ea178d54158540c7cf81acf04e2a9a4bdf00829f6c60bc9fc08c3fe12eb0989f8cb8f8c98614c5691dcf73b01132807d464859cd82d1fc4fc0221128a5e1055d6a470cd167122041fe1ccf3bd6e1f9d848129834528a392c2cac02b479be967127e769f6ebcf097c8bdaafefce84961d3e47b646704252e9a0142ca8297f9d15f6c1797bb3cb3c590c2301b9d4c4d5e705c6a2b194f0e7ada0740ccfcded1c52c7372c45b810c5adae4ad54fff1d410bab4cd70c193caa9a6934a86841254e648b4de3075e0b24eeee894a66971d9c0a78e01e3e7ab5c4762c3eac80c0b6a6b3077bebf4a5fed2d303d6f456ed112f7f4c369c7e41f8664c1ce140e35dd60ae8b685b5911d5df37980d4a9349c8cd1ed515e1b0742276967f7a76c1592fa3229f4189f0fb6eb15a1f0a53aa967981b6c0934809d89926f59f15e8fca4bcbbefb84e21ce9517f15f248f556c9a6a60bc847abb5d319cddf53d93b80d02b5df03cc4257e28adc3ecdf70993a804505231a5935f1788231a20c008d3c8d19f8ea9ec6a59634114972a5f434932eb701b7b6b4d9981a8ff0b04e7e9d0343f93ac1736d067d811072fcae9403499a63e55df6300404f5e0d4d503e338ae80dfe4345317ec6b7d5c46941e508d41fa5421bce601663b90fc6d6a1f4c73b39440df63201024e8b1b9057bfbdd272787d4b481dd0922188bc1e467058e7956e4d6701d4296e2445fb209190faa9e8fb205ae62478095460d03643bd80614a126663af28232069925966609f5626eba2a23f1f776ae42fbf0ecc70c03e88b4ba0d0a315f0ce5db4e3f415f59d789d36009a91f230725eb0ed644d8394490f13461ef719f5dfd5ffcb585a95aed4852bcffbc6a9cf3d46c5eb886962ad6bb07a6930dea5b0d352ff778d479abfdc733e4ebf997631e61f7319050e9833c7055c390fbd5f21fec0aa002cb031af6a4ed9da24f2130985063acf0b4a9f285b96b8c359fa5784de9afaf0c4ea5160de92287c047502739ace32dcbfaf3035327c356b79f237b3a77be2ef5b39c677424e2d885816c668e6b3d67da1a1b31b6fe9f6f475f00749153668d09c8692164f64c95602187bc98f6eef5e9b5da483445207d1d85312ee95639da41928532a61517b394302446b62504413da5add35340eef7ae0caa4fef19936a0efbf9a0fdadde238b2002362266bdcf5db5b62117fb98193d7a479a8b628efce4b57c60468f343afd2efe56a54fadc42f3c1c18c56419bbec92eef9de8dc557bd69d0b5353a659e1024c4baee454ef8909fda18c1e6c3d89197e95fa140309c5991b01e1291ecf02e01b85a7cdb494c4cd0c030beaeb1e0437152fd72f042ee893f8290fc19617fec87c15b1bacf137d2267f751ed1b204175ef14c8193102442532542469c5abed6c30a9eb8c409572df0c874514469126c3198a346e6434e6f09d4f471fb9835adad2e6384d1a2b49a5718a754efee4a83b366b92b5fbeb4ba4307bf410864c5cf294391455d0f399118447a09e15e5bc19a723548f4b02fd195556ba5d5c95c32f62a8ae210925f88457c4288930c1b8a8cf43ba446acb8efff56b0caf0e6b86423aecfa3dfc36f333872fcd190a19aae9c5721770ed1f72a8fcb724fb106bbfb0c1a49edfe3cd4242e2a1f3de9e462a85183c1a0b9937e49eff9b1a2a546dd81a0baf0859c5f16e121caf4af03c65edfaf911647ccc80ed1e63bbd89116ba19cbe1e56c1ef4efb652f6a595bf3c0047dd6d2de903b946a1c4bd26d3c52b69dfdbeb20fae88d4a0852be661c2ac5ffbaabcc52a8ab3740c22311bbf208004b0000000000041056000af033f7d16908767ae81e3daa0560e8d7abfbd565ad7145f1c54f2947e18f37bf4fd3d8fc89eecb9e3ed3e010090866c8a39ecd71c5a354500ab436abbde489dac17f176d148d5387c3d02399d22833c866eba378af5eb7df44d95428815edaa1501b87b1911e94445dac2e30d468b501facd8532ec32eb8b4b8954c095371684bc01ddf17bd1c1d7f82aa87a6285e88f133f00101ad3abe8457c94b3653049943cc6d921183d34ec37dddf63655e590e73afe0f011192cd48447bb7ece497370c5545d49f83b191e0393281c113ef343509e6649454003b5835d71e635fdf252e32453a0903bf9c8dfd630731f5d3ffb0ece271ca6deb1f258cb48ad53146992c7385b9f8742f5d6455a6ae21194e6c52d572a48bf8428b8f0d83206c437632dfdde4fface731c335df6f815d32125aa9f5c5b1d10cf7ff261585d157f6d3c4db940ee14907f27ae2bdd9b6ff9d710d28032098cbc1271fbc2fa3bb64fce147f6d9766978935ab13d2d813697d525274b3d462274fa704515d04cf82c01f6ab31b4f233f8f48c8afbaad3103e19f5d0f0913c6067bac927980c86d62bfcc50768e09aa0dc0283f312a7f688ff162673cc8c3f6a63a2357ded5fd4ff7d4537eccb7706604eb2184ec8445eb595eb216b6b3a8f55128978243a31bcf4228ab76d8e14f3980739aaddbd08e0d7940faef616500d49e90cda0e7c3d8e794efecdd2c1a7189ffaebc98cabd39b0b5cb48041fe4bedef05fc4423db3b38753e6cbda878aea7dfe0eebee0793dbf82def51816b7fbc446b249472d7de2949a1c00b61e7cdb1184eb0fef0350b387b6e5028a27c7e48069af368fc04035d34604242e2000678047394338d5a1a00a5411637a5bf7a42fc1408ce267162fc1ff5f8b511a2488bd0ec151b4642243e15d98a26e80e52e8c0e9e3e399d363f159eee86a7a1e8e2081da93ce33564aa362408bf295b7613282596b7808830b7fa8e9edcc04b7574f7588c5ce67b48b032d2460895478993ca35337d7accf75d90581917536d3b8909a7122e96e7b6e4c9632c8103a8a17e25f53531e82f257644273aa898f2b273e21ecdbc5b9d8c4a23c4cf348fa51dbfa619b19da911d1279b77efe3fb8c9744207d72c78e245d1dbcf9892da0e2a26f034c33f11a1716504c22e2be2a46490d35cd5a71e5d52ad0e9d69ff00066fb6f4cebe2c62f0480154e6cf82b9ba69b5d9e88edce93e415e6e4045f528070f5731c0c4f8bceb7d324c0769787964a39ec93dcb88250284675b11f3171d5fb1fea4a9e1bc950ea79a82539447c773a24f41fd51680a92c5b0fe6053c5f83dfb5198ac3eed04caf651855ab10ea071024ec8ca0b8e168bdb5b1ee8263b3f40b78cba76c530c91fc5b95b86ed43cb3d6fc8bd7c339c0086677da7dce720ee8440e67f96151db563ee44dcaf55fe1986c993c2ef207c9250ad72bff333d512c557ef1de55b1032a48fd5149a109f7215b1c242ff4dbd9ec71563fdd2153014f66b726a93306eaebc8661a11ef74408b2f07a5f70a75dedec71ff727e02291a4309646471eda24705202a94a38d55dd2d21e13ff47c7bc52dae81b109b21786d99f2793ca47521e26f1f5e5c12611d0b092f9d530cfb0e6c47f592b79f7bbf9e5e45fe3356160fbfce0aeb1fdd2fe79052c6317f25adfaccb19e016f0a3bde943f2eb56dbf0b9650f9622e55fa295a7f84373560b41727a5fe4f6f7c770e8b460eb454bddd3dab587eed87b14e1db4de189435da78ce1760c4404ce3411142cd98f5789a6601735d3e958d696c4529b0d1260685929e3510cad92a61c3b4794d1e8fb161b5b9885155b2d1aa9e1ffd9c91da665a6ab2977e62f930338fb9af3eaaeee65963724696e3cef697e648a67e7affc0cdbb61add292bd3f7d3e6077e92cad3d9b3c3c6e0e043d542e5298cb8466b4886504db25c1fcac367e097d5502e091c43da0d570ce23f28393007f1d0504de12f6af6c03564f8cdc47e53011ffbd6822d986fe0515829841b59a5d95f5e76b8bbb8dc80bd4da9ef4b1afcd305e9bb2131d51ebcd0f5cc6ec6e5735c7853f9ccd3e4b7daf7a76e04622b54cb9cb75075341a03fd5df79130fe613fea4d57feb5821766f8dc39ef49e96f2bff3bffe02dec3f6321ef1ea6c657627cd988ce29d055da0f6aa9fb84e8b9295cbd8f965eaa0da7472ead475e33ec572bdbb9971fb1c622aa722460717a1640e520409156d81d2ad674493d9f8b1af17cc6d763b26b6b983237abd1ebe4cb509f520ea7ce2e9221f96c7ecb6d07824cd2008e47268cc2fa3056168e5203c975bb3b521035892ee1618057ebf4de5d778009ea02f04c1b9098ab1e22453dfa4f611ce83cc3b77560d9a57cbcc599ebbcc35cb3107536f3d5f55cccc2589c021e83bf1d69c3da2aa85b2485de783d93d86fd90027cafb15ae51e3ea7f777e7778fcf936177b8c961a37d601e99c54c6893c247b2fb025a503cae9c1dd51bcaaf51c39d032b7e1ebe47761f4bde7a047bc6da5046862f71f471f10ed08febdb7fb1f651c7ab97fab4694747a3f1d69485cbf04b6d309b4b54e19c28d913e55fa5d40e03ba5dc6b8f99fc60fa1238ec8ef71c3202c9d4b47fa90c4c808e416ebf2b05a8a067bb3c12cbaf680b952ac27a90a23b5f21083788bc054b792b5e1423be9467d176433ca81e93b56b72bb6dacab7595056fb69b2fd90bd867877ef717591274f499f056e253b501195b11aebc5edac9049738cf932c7bb6cfa88fbd6dd2c441ee7ee34feab69cd53c0f989a822bab3b0588b1492b785bb74350a1df1e2baebf080a430dd623055dc629a7b0ae7f6acc4a83f9aaf78dda6d3af9b660d3198a5b1f51b1debd14e31c42eb616d164fcf7c9846eb729ac86535af9dad33ba448f738ebf8994cd3e03ef05b977c4a22a5898b916468c6463208c1be84380959d275cbb06483dcfb94b77ba1ec23db63a488e373a5b5f82f591d999ea5c225bbaf65731e2f7c1f3e2cbfb6a275499d03c058d77c9371017223659638f7de3ecd64e32d1becb15decfeab293d75f4b6b4f994dfef128095e5391b716ddecd2ad91cbb5265b48d4c6054e5516071298e8931fe9d7a7055cee148a60d30540ddff5bb1e970d2c6cbf08c99f9823caf120a40d25289140aa6491a0db3648f13620f3e66fd4b3b12e02b8cf8b2a2382fff579e3499c1f9565f9e6ecf24800c66a2ff109c52080d3b6f0bd03257290093a11d96763d6b9588a4b4b371afde9a88648b9a0fece65c20151bf5eceb1327db400b2a1e909a58bb9f421e22ee6f7c37ee3c9f248eaf34a2dca79b392175b73c0909d1c1a28b6b2ced4099a30d540bdb6d32d37418c1ef1b4644fa568597818ba3dfc95ffbbf94d9170812f2b80469e40c94f0a121073148e356ab96b09880f9c63fabda0405db728163f7917844d22c59a8ac2fd5f3da5cb7a25bb38bc94fca7ac9c9c4ce7ffb0fc77ed252cfe35875d1c4ee3cbf5192e318279e7c95f5fdc7ba6ea197110a780a4e87f6d81225e050d3d09ea7a3c9cc50b3c4dcd0782520fcc00d85d36b6d02d641b936655f392130465869122833b24f39b25470e98091bb2201d9d9a0ea41ddce9c868701ffb9bd0173e1d764bb4ee4725b5089aebf77340b9037d5157598a54b8e77ad303bb507f96bbae9269add6691c3477ce817172ce66ea66c6f12a9df9a6a8109731a2b181023932de1f43c4ae90224b6e5f9b678f2bd014f0c5fac61b60ea92f052344b445e76e3dedbb4828a6550c02f8727b2d8736ed885a384ebead467637b299dc018e636607960b4e19413aaf6f4b96070fe294f13a670f4e3adfac34354d7626722635c021f6b077bc03a949cdbdf638f1450dc97cb38988a3fa3a5df7e02573e0b491bcd469cfd58ee81e72a96be9842bbc226aeca595f1d6af065594e75611f2aa52d93bfac7b5d79c47078b7b664bba19d97853ead0380e3e4d3db443eec06fba7eb2c24a73b00cce5b3580093eaeccc74146336178c6f42e8c6803ed3dd3d94449f73421508878d0d8862a4f696ab55e97a053aa20f13d05ff926cfcf47eba2cf70af9757c4d19ea6a9cd83274aecd35a699d198767ce1fe9c73d3957f821b048cccee36687fc27dabfb94432dfe85c06f05fed74676e86ac477fa7274aa6a6a265a7b388fda2b65487f97ac6ad5e60a6025099202373c59dbddbdc357727441b50809fc562b947ed902baccce01c951ef94bce08a898ec5159c02d126db448636afeb84e5d26cf9a5d00e8f611f39205f6cc0da444257f1e0afeaed3d16ded468523fdf80f1a8790abae15d36208cbb7416a7baf5d77c556e99d66ed3db1d7f081537a57cb35035dccad2aa40b67bdd5c15c4cdc37dff93c43347a6e98f829c66e8e9fc2ec979b90a5de1290d3a93e7c91d63a12426c932073de564719ab00dc8aac9865d702aef596f7bec8eb0a1bb06d1aae4b65a1cb571f29ed8ec31af41167efe8de75aee3d4e2522930cb38dab3b62e164ce0ecb50f4592ccff834f8f07b592c99b5ad07abb241601289a191d81092c98ee16e7495e752f3b2d882e50a9d8d06fdcf4c203e7d91c2b67acf653243051468a8b8e1a3280808de118346b1bf2d827728b330e3d11794744d53627a73be0a23d2a47fb270dd83a76c62ae9d866703cc285d8391a14ffb81f54cf872c5a3b94f2dbad055ad3f075783a946c17c950d5831b2da269f3c57cda6c4212b4884c9c02d20ae8a93d4aaf81d216b0d99307e93a251661d066d9e312a154ba407528e7fed0479800f9e44383affe4e5c104172a57fcc3113992b84cb02bb489851c9499bf6bae782c0eb26aacfd6a1f6ec91b1d94c22877eaf2fbdd87b8f9f0874adf7753dc887ba652135f66e6f8d7a3708432ec46dfa3d61fa8953aad939091ce044c8af2b2063d1e3d559043cd88e20a0746dbfa58df32c0846860a5b88ca46e267d7ab04bbdb25127423995d3f2ff323b7de86a368d9ebc4b35dc9644b6b7be05c9ee111ef55bcc8a091eb7be89d5eff699fefd0ac832088aed7c526c0ec290f9050365b75f6e5e1352f36a8eae7acf9f107ac239a957680cd6584dfa3656387598e1c078f0c3a10d7da9eb4b57db3408ae939919545ba1640b185741cb795a0ac3d5f94347cdf05bdb4709eab4f746320e70967e833af1fc7b58c6bb58fc68bf0d02d35131ab10018b28cdaabc9ebdc1114c10a08b42ffb8f22127dac7353296df9b9456ecab3198e56c09555fd971460d40cd9693d9887b2099f9cec1f40612a958b678e6e0bc831a2feabb5c3a5a5561bdb4e20c75b90acc0531ffd4598deebea0f8b0cad2d198719a10e7cf0aa2fb0dd869ed9ae3d4e433f5c6410f54e096098cb4bb2be6ca8c446ad587bf10e457ba76f5bcd036bbde13aaaf8fcf1c9f7dd8077393f11a26ba6270625d0a9bc88dc95123a435f131158e22599cd2b38f3848c95c6562b260461d599fffba63d8b09e4b12a34a0857155bd10c65be16e558db52124c8a31de48d06ec6f4c8327c263320598be496c97150283f7cb058b1965fc941eb2bc3414880249e8837ed0ac1f1c0dcfaf06d02dea75049f9f341687eef31fb9b335fedf8d6138d3474f7b4c5383001b15c5a4a63c3fbb8ad5cb268f03412b94da5321dc0b61f7edf8fc60c3169a51bc7b27999083346e4744179cff315cc6b2d0f1a2824b7c970516d9d75ab8381c96f9abccdae1f2993016e19ea194fea61e594ecf6344a1aed9de47fd91282506c58924a8f60c6f2fd65188e1431e2ad2857783872d924e558d36053c6b29f8e1b0828ef0178c14608799de1578618734e23f64b9b04ef0d21b3ffea041efe9622b49e56b67968a19eaf6a07fe16926134128f953bad0d7f56d85cda7e92bbcbc523dad5b7582c822a99d8b8fa42aa1c65bbb6eef780f7c1112203eb4393d000000000"], 0x2214}, 0x1, 0x0, 0x0, 0x2404080c}, 0x4800) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x100000001) r8 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x105142, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r8, r9, 0x0, 0x100000001) sendfile(r5, r8, 0x0, 0x10100000001) ftruncate(r1, 0xfdef) [ 1358.207856] attempt to access beyond end of device [ 1358.207856] loop1: rw=1, want=340, limit=128 [ 1358.224586] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. 10:58:48 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 18) [ 1358.301112] attempt to access beyond end of device [ 1358.301112] loop4: rw=1, want=380, limit=128 [ 1358.356771] FAULT_INJECTION: forcing a failure. [ 1358.356771] name failslab, interval 1, probability 0, space 0, times 0 [ 1358.357760] CPU: 0 PID: 9622 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1358.358315] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1358.358994] Call Trace: [ 1358.359233] dump_stack+0x107/0x167 [ 1358.359540] should_fail.cold+0x5/0xa [ 1358.359862] ? create_object.isra.0+0x3a/0xa20 [ 1358.360242] should_failslab+0x5/0x20 [ 1358.360562] kmem_cache_alloc+0x5b/0x310 [ 1358.360913] create_object.isra.0+0x3a/0xa20 [ 1358.361278] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1358.361714] kmem_cache_alloc+0x159/0x310 [ 1358.362068] alloc_buffer_head+0x20/0x110 [ 1358.362411] alloc_page_buffers+0x14d/0x700 [ 1358.362782] create_empty_buffers+0x2c/0x640 [ 1358.363155] create_page_buffers+0x1bb/0x230 [ 1358.363528] __block_write_begin_int+0x1d1/0x19c0 [ 1358.363919] ? fat_add_cluster+0x100/0x100 [ 1358.364264] ? add_to_page_cache_locked+0x40/0x40 [ 1358.364643] ? __page_cache_alloc+0x10d/0x360 [ 1358.365011] ? remove_inode_buffers+0x300/0x300 [ 1358.365373] ? pagecache_get_page+0x243/0xc80 [ 1358.365737] ? _cond_resched+0x12/0x80 [ 1358.366044] ? wait_for_stable_page+0x92/0xe0 [ 1358.366396] cont_write_begin+0x472/0x980 [ 1358.366740] ? fat_add_cluster+0x100/0x100 [ 1358.367072] ? nobh_write_begin+0xed0/0xed0 [ 1358.367418] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1358.367832] fat_write_begin+0x89/0x180 [ 1358.368145] ? fat_add_cluster+0x100/0x100 [ 1358.368484] generic_perform_write+0x20a/0x4f0 [ 1358.368850] ? fat_direct_IO+0x1ef/0x380 [ 1358.369187] ? page_cache_prev_miss+0x310/0x310 [ 1358.369565] __generic_file_write_iter+0x2cd/0x5d0 [ 1358.369969] generic_file_write_iter+0xdb/0x230 [ 1358.370335] do_iter_readv_writev+0x476/0x750 [ 1358.370698] ? new_sync_write+0x660/0x660 [ 1358.371026] ? avc_policy_seqno+0x9/0x70 [ 1358.371347] ? selinux_file_permission+0x92/0x520 [ 1358.371740] ? security_file_permission+0xb1/0xe0 [ 1358.372123] do_iter_write+0x191/0x700 [ 1358.372448] vfs_iter_write+0x70/0xa0 [ 1358.372750] iter_file_splice_write+0x762/0xc30 [ 1358.373143] ? generic_splice_sendpage+0x140/0x140 [ 1358.373555] ? security_file_permission+0xb1/0xe0 [ 1358.373931] ? generic_splice_sendpage+0x140/0x140 [ 1358.374322] direct_splice_actor+0x10f/0x170 [ 1358.374670] splice_direct_to_actor+0x387/0x980 [ 1358.375040] ? pipe_to_sendpage+0x380/0x380 [ 1358.375384] ? do_splice_to+0x160/0x160 [ 1358.375720] ? security_file_permission+0xb1/0xe0 [ 1358.376102] do_splice_direct+0x1c4/0x290 [ 1358.376437] ? splice_direct_to_actor+0x980/0x980 [ 1358.376811] ? avc_policy_seqno+0x9/0x70 [ 1358.377145] ? security_file_permission+0xb1/0xe0 [ 1358.377555] do_sendfile+0x553/0x11e0 [ 1358.377865] ? do_pwritev+0x270/0x270 [ 1358.378175] ? wait_for_completion_io+0x270/0x270 [ 1358.378565] ? rcu_read_lock_any_held+0x75/0xa0 [ 1358.378929] ? vfs_write+0x354/0xb10 [ 1358.379239] __x64_sys_sendfile64+0x1d1/0x210 [ 1358.379589] ? __ia32_sys_sendfile+0x220/0x220 [ 1358.379967] do_syscall_64+0x33/0x40 [ 1358.380259] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1358.380662] RIP: 0033:0x7f24f4026b19 [ 1358.380966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1358.382382] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1358.382988] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1358.383542] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1358.384113] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1358.384689] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1358.385260] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1358.458548] Zero length message leads to an empty skb [ 1358.467019] attempt to access beyond end of device [ 1358.467019] loop5: rw=2049, want=276, limit=128 [ 1358.730082] FAT-fs (loop6): Unrecognized mount option "./file0" or missing value 10:59:01 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000000a) 10:59:01 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8}) 10:59:01 executing program 6: syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x9, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c246d6b667322888b2400020801000470000000f801", 0x17}, {0x0, 0x0, 0x40000000008000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 10:59:01 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ftruncate(r0, 0x1000003) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0xc02, 0x0) write$eventfd(r0, &(0x7f0000000140)=0xfff, 0x8) ioctl$TIOCGPTPEER(r1, 0x5441, 0x0) write$binfmt_elf64(r1, &(0x7f0000000a00)=ANY=[], 0x98a) readv(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000001340)=""/4096, 0x1000}], 0x1) fcntl$setflags(0xffffffffffffffff, 0x2, 0x1) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/rcu_expedited', 0x22902, 0x0) openat$cgroup_procs(r0, &(0x7f00000001c0)='cgroup.procs\x00', 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETQUEUE(r3, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) r4 = accept4$bt_l2cap(r2, &(0x7f0000000180), &(0x7f00000002c0)=0xe, 0x80000) ioctl$BTRFS_IOC_QUOTA_CTL(r4, 0xc0109428, &(0x7f0000000300)={0x3, 0x2}) r5 = accept$inet(r2, &(0x7f0000000340)={0x2, 0x0, @multicast2}, &(0x7f0000000380)=0x10) fcntl$setflags(r5, 0x2, 0x1) dup3(0xffffffffffffffff, r3, 0x80000) syz_emit_ethernet(0x1a2, &(0x7f00000004c0)=ANY=[@ANYRESDEC], &(0x7f0000000200)={0xfffffffe, 0x1, [0x7a8, 0xf17, 0x3f7, 0x9a2]}) unshare(0x4a060400) 10:59:01 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) syz_io_uring_setup(0x2, &(0x7f0000000180)={0x0, 0xa1d0, 0x30, 0x1, 0x1c1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000200)=0x0) write(0xffffffffffffffff, &(0x7f0000000380)="5899a2945a377f3cc314802bb600104b8c24a3de11de3260bb7b7c75cb5426661dc55257beb16111ee8c17147f3bdd2c1812ec61311a6f61cc5c9f2f1e72f7374ba5634b46e8b2c52ca27d6f2bd14fba39bbb46e60d78ab069fbb8a37d3fff9a8dcfcc71333b5c32ac35a251e182a87a655d4bf05ad422f8ba887976d7d5ef26d730e2b02d09d81a1512cb843fd5efc73f97ad368871c18970bf4f71a273143428434e47fc7ccfbd95290a78fd3961df9057dbfccbbd5eabeb24fc393c284fc2639e4f9fc0336ff4a8d83733e9ff18c7c70282e8929cc1fc96eb1e5c0460aeeba4bfd23a31ab87c7c0dba12dc2c1e1bdc2d9", 0xf2) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x100000001) syz_io_uring_submit(0x0, r3, &(0x7f0000000280)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000300)=@ethernet={0x1, @link_local}, 0x0, 0x0, 0x113c6eee53f9a3cd}, 0x5) ftruncate(r0, 0xfdef) 10:59:01 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x80, 0x0, 0x0, 0x0, 0x80, 0x640, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000400), 0x2}, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10001}, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x1, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x902008, &(0x7f00000001c0)={'trans=unix,', {[{@afid={'afid', 0x3d, 0xfffffffffffffffd}}, {@msize}, {@debug}, {@afid}, {@fscache}, {@debug={'debug', 0x3d, 0x8}}, {@loose}, {@cache_mmap}, {@privport}, {@version_9p2000}], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@fowner_eq={'fowner', 0x3d, 0xee01}}, {@smackfshat={'smackfshat', 0x3d, 'hugetlbfs\x00'}}]}}) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc018937e, &(0x7f0000000600)=ANY=[@ANYBLOB="0100000001a900001800000073585886c3d5e8fe0745912d6b1b653ea41cf48380260da7c1410f30bd06fd724d835c99b932ca144714d534ea91c4c6eaf58f6e59e476c4b2e34d1c9d09a5afabcfac", @ANYRES32=r0, @ANYBLOB="01000000000000002e2f66696c653000"]) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x3, 0x12, r2, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, &(0x7f0000000380)={{0x1, 0x1, 0x18, r1, {0x9}}, './file0\x00'}) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x100000001) getsockopt$sock_buf(r4, 0x1, 0x37, &(0x7f0000000500)=""/223, &(0x7f00000003c0)=0xdf) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000340), 0x10000, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f0000000300)=0x8000000000000) 10:59:01 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 19) 10:59:01 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x10a) syz_read_part_table(0xfdf1, 0xa, &(0x7f00000017c0)=[{&(0x7f0000000300)="5d20152d7f05006cf009135cd47e7789534eab4884022d9c32a2e7e1a1a164fc7c3242fe9a40f6637a8e0ebdbb28861c5f66064ff3df1339fb344d503e6b2961107502a77a6a9e79dec676351b1c4723f337ce56067dec9ca834a2e6b4b272cbaa6b8023ce552c0979422f17f4c01aa2c6afc7d5af650beecaf2acad65dce101eac15469caaf9f4052e59ab612437745a2fc9ba7059dba625b1da67f21e6ad0c236b06b5febe4b1b86f217a7b12f67d0da276ea222040adc16c1e80fd8d14a8c631f47a43d", 0xc5, 0x6}, {&(0x7f0000000180)="f53b8885e11372ff08e046b53ff47ada94e3d75550e54005869f412695963b7804c48fbb95833ca0f19210df39549cc5743606454f50d40764d3a13f6860a63affaaa5ac79bb16a4895a4ea4e9628909591fef23fd18864e897dccf81093776e4e3281c581f445f08c7ff5246e1b01f3c0ae85b5c0e08bd52d9470b98e1263a4b6a62503b21c427e354e41a959836f3bc5c4f50bc4ba17ffcf2ef5", 0x9b, 0x6}, {&(0x7f0000000400)="9c0b748fda2f9ac46f191ca3613ec07892aff3706dd212a0442880f967aafc5824986a3834dbaa4302be372695ba2c28a439dd5ed78230d30ff6923ab58cde2bcceeffb1f5bdd47b4472dd1e1c635109dc868ccf1f85d7565deebca760883b48a564cf7ce32ca185ea8a100f403863def807f46029bdde489f8e4d58f1cd985e50f23d386576", 0x86, 0x4}, {&(0x7f00000004c0)="6ffa6143ac548f622706abefa1704a674dd77b1be5ec25276393b88f8871d8757eed6b4f4d646e1b11a366e4e7897ebcce3aec6494705eb977589600e3d1390212436083c384667f0f3fb37cb2404a0936c7c22c6276d3f6bdf814b395be2238d0a8016b8224c74ac28335bb32b36ce043b93c4d495970029b01fcca28cb783efb2d3d83193eb78d75709027eaa82a601c674695f116fabf60b226d9405cce49a51625b9350d6ddfae4548bce184ae5cb1d7744c9870acb4dd", 0xb9, 0x401}, {&(0x7f0000000280)="51f6765980d4c3130085bdb40c3511246caba33653a5cfeae24427e16955c5651c4a902624e5addc41c53c70abc5537cdb249a048f082f5b99abfbabf3d813", 0x3f, 0xfffffffffffffffc}, {&(0x7f0000000580)="34056f624faf766b9f62321dd3c231842c108805625959401e21077f0434ca64a254d4793402736ab975f03060d76d24f1e91c23dc035951b11142b57ab1633f1799bd967a0db206d6d31c1946c00770a14f92b507dc107e6cce077cb24bda5a919a541b", 0x64, 0x71dc4320}, {&(0x7f0000000600)="d31cd2daa4943c763a62a95f4b62e0bf8b19cef4dbbb43e78c2daf02050e83a719f465b59606a91d20cbecfb56d2a1cfedf522df6852c072ff4b3b296b5150ec14fd87f21564f3e92175cd7f115288ab830cf646011485c1f8f0dc5c6b0533b06f87821aa160154bf68ab61b9f13a326b76f2f0bc5204814511e8ab5b4c85a008ff0defffd630565f27b211501f9db1238026a8f3e356080b63e80336b255301c2df78774c816b13c8747ce9beedf34709db89ff45adc3e19589c486d7fbe7616be98ddfe588753bd749b17ce4918a954c6c9177697cced1f1b0020480ede0271d93f3f65565337cac681a7f70a8a9e70d1b90f103006f2ae7f988b3f4a1daae6e132022c5f46ce34aa2ca9c1253594d0f3a00ba6323510bb027c73dd0a91b57172219b2c615bd552becb172866b8d92e7cd7018f5e00fe0e5e2f84e7229c85ec702a8b89e8a8a901b01b7be4d339b12704ab8b9a5824537a35dc216d9815423ad7fd71e117a5281ef3574f59a2392a820ffae6dc2ccc032b23c1fa83199d204d9dd496f679369ee2a77d7bfc322a80946d7adc084abbfb63d66c7b986adadb812557322ba7355cac00835f78cebf91614c265362b59b77c3734201f1f1292c232ec1fb0e0ae038947b2d354acfbe0953dacafc94f904ec9b7b36e4c817499b9f0e5188c235d54e185371c7661c4db445b2302554504dc9f1c0f9a375333da2e131ea396545c5aaf48080107b8286b3e51c3e79a57c768d79dbf92fbfdeac07d3ff9562497677da3bdc2697cb8820c5b6fb1dfb02cd3c7c42cfe09cab94673fd3436602620d2f18e4cb3ea7401bd0423ef6156c4af03e7c20b69af9cfc889f6f2f43255c4ee1f8809a4cbd0d78b941e03d7c74b2d95561dfae9e3879041ecbac9d86b545736be9e1fd9e38757ad368c0f9fbbdb2c22805693966a04310130ebc06cdc9c3257895e02b0ae5d80c0e5931c5089b753640354eba9c65a0fcc09b689e97dc079641a4ad06ee50c032c2394a3262f7e4d129c355a7d267881c07fc6f861cacad2d55f64045d8c86f455c86d1bc5a7456c184de0b1f056a879bb5c59d24d49a4ed7b017a41498f85924467be4099d1ee944173eef390d8ed802a089d728dfa2cc22cd0240204e3c778c877f0cead070bfa165386e53bfc6e96a98a92aef62a734156050742d467e7973622e8119c42763268ffcd887d567df16db6c733610841bb91be73165d506c2ef55d6aea930fd88809feca9a7628a8eb694115803572e3ac897aa8dcc6011bee592b0b27a0e9eaa25834ccec4f6edaa9f433130c2a2b45b3c4cb8216af124ee77ac267e07be876f456ab0393eee20be5a613206b19c27adef89c124832e92ffc48f68bc684d049fd3577356e92696825905c612287cd15f773b17eecc7f912aaac511424733dd3159ed0b33a60d924e1df31498272f7d2fca174e9e1355fcf67395cbda60890ac6a78e2d4fd834b7176bb709aed0284efe9748a086a10c623bd4e235c783d8a9f25d7097baf38e9bbdeb254170f2025c941df546bda56f3528ae45dc054df1b8ec39f1006c83c77ed1ad4e9141a0bd5b7bc0803f44e189dc1f08811abd361eabdce321f285f1f8d003acb0d215a7005594f0fd42a96b11df4210c3ef800ae3075b0d8f5cd78bd52acb045890e4e9da34be7c17119981ae6aee67a46621921866635f240fc38b1a8d2077161c55c12c1bd5513eeb4a86fcfb99789b426f82254f010251686fc3bba7961e8f3c06421d92780abd3871f5229b1155c2c5c00ee52e93877da551546dc3a23db881171011f602a9eece373d8ce69e5c7624daa1c3a4b36fff65083a78f5f9b70efe69713c91a1074c3c343d29f4eadaa4023c10c80d1f275b9d485809957f43d052bce43085d64753b1dc93bcfee11971f7fdca66591e18fb0166c310f7d0dd73e201d9e7408f9d519614047c21a21828339adfbea6a093ff7078527061dec09258429cd9ebcdaae56113d42e6f5c8b2cbcbde518bff6f9296b966832fb49dabaeddfe3b1171dbc5d04891d094f9e2e33daa9a9113d5b4e78ef996ee98e81cad3179d321633207f4755749991dc7c764dc5c586bfb59b753de892ad118bb22d89f445c7b15f1799adde34d0d47a8c28cf42b614e0c8b8fb568bfc67e2cc3b5487f38762c2416be0409e1042795b3a4f643789d697803c6c59280c255e4b40008e7dd576c971943d3024e937cc78ba891fca66b676db64f87aa2265ad3ab4ef0a0b72ab9e227855b3f4a6ac7ea334044541399efc161dec3528758e9260a1cd42e0a1e2c48962335669914bbc0076a65a94e428be4aee81ecaa06f48bc948c5a22d603c32dbd3ee834861184b4ab36c1f65adc1b46cb483e41a055a26fec5a81cc9caebf42adddec40e711069e5aa98eb7bf3ad19c9d510ebcca88519bdbfcedbf757a66058dfedb8dbdd0224a089602e4914dbcddf3164171cc466c6995892c49626dc5dc53a699b7e754a38c539c761d0afe28ce0c6da7f5846a0afaa07fe5b8b42b90499f44cf0cef0dabd2d133dfbba985a0c926a08fef04292acf9ad2506bbaf8b6f26cd17b57a4ae0921f8c3dc42fe00fac6ca74e6a5a0e7a5df639649c6260d8448efe62131eb9848f6e50011b561c510e876af0300909ed78a8c71f9c56c23abe6c30acd918ac5e5d0c56793f808ace2d1fc05239b6fd48db1b9be796312bf7f1c86b5345afede983da66e315c5ee6ccd04de599857cde1a1a33ef0713b23f0ca01c139cef1e3411a15006cc79c967151960c5d8eda7aa22fd6e381d71b89922112b3ba3a5d0ce04723ef324205954380da520fe4c050f408429c9285b272e27a7ab9dfca385a075dcc620b5e906478585d34dcf054e50869fd52e5663fcedaf40ebc8caab7fa2735999ceb2bf625d3ccea4eebdbea55ef639539b07f658dc9bd3e9a5e7e5649dbb074c101f153040b76b8ee10f63ea51bf95d4254dd088c5b15add6321c4da70bc1f6c8c658b7d3aee4c01ea3dad2d537b14313987043dc387515356efa110d21833c4dbd5304f43ba2b233064f59eaf233011c5f610ce7f75536639364784a7a0056b43de44cac9365b807e30d78059b2438b960fe88717c8f456a824e3f044c84e5a77441aada2006e7ee0662348085a1cbd2434d697f6afab3c962c7202626a2968d4e16bb3447ed0fa4a054414188b99ff9915fb241d81f54b8d55845d8ac3ecbaeabf82374274f2f0e9de9df82710613648ed5198c6893263bf8eb61654efe14863e6169ece894d92fa849533d03e4f55868d2739c963c9cd807b7b8fc7a8ffcf5580984414b98eea2b17b42cd107509179598182f61d0b112799f7b78edd13314a4357cfb094bdc78559a62ee56b5c9e514519b60e838d91d0f72dbad8254c4810f43189dd8dadf1e346f3cb3ba2b30515468f28053527fd9e8808a4a8d11cf4ed07f411c94540c74cdfd72f2a86049bb50904514e122541a2af1b6fc84f97449d4c70ae97ff3fa359a8b482c8cf55bf533db13d5988c4784c72f0e82dd81f83511d3d837ac8abb160319c468f1424e7e137f42b336004862ea50422ad55310831f674e2f0edcedae513d26278a4f7dcc1fe71c144e290058cd9fcd10ac8606703c1b7b9aedfeaf83bad356039515d1965d59fb0c1dfb58935a0556438437d427aa6e77b72d608eacbcc818bcf4bd1c8f8b1a7c66bbc652ce6cf9c55a1adcd71466260c9087cf059e12ce7473e2db24288ae40447ff180869230d848a23e052a5111a777f3dd277b4f8e9c8bb11278e84f074d0d25b17653d9c9ab918742eec3252b77d0df71c4090c02735a643da54141be8fbac22323a4e910b948eb49f3900140873e3f9b13107f4fdd6febdd81d0cca18a3435e8539593fab8879bfb943095838cf4f884abf5dd4211a00c5de9e57962ecbcf8ce2ee4e8a8b643e7948068c62502be618ee183b606255dd4f1e1c8181a7d8cabe44377ffc903162bc6ff6e20dcac13c2b261716baf21042c2686859bd959ad68591c8024aeaf98cb62ba32fbd088e32e92daff8e79b56defd142165875cb04fd6722953f4f2a0b4fbc06bc887ae8ea3a5dac4e0b84c8c36602e4155e98fb26523bdfafe797433b361f7616289f4d0ececc837a0b2764a987f1948bb8784a70dabdaaa8f7ca1d6434b1e1ce68e74b61c7b49ba26a8ef57c98d7d3671da7ad6eedea83eba203ba0137786fef85988d404f80eaa8fd8f3f9fb347e845d51af795c2cd2ce307ad0ab694372592c5fd2b68c1e3da37dc87c6f3294e01aa7725ac922a1f814a7ee6e6b9712852d6ec6e73b50239957ac3bfd7e0caeb303572ca7750d087d08332d276eead6c357e1589c8148bea889c1fb44ccbe6808653abd11a059c872baee35c984edd4ba9d7a3d95cd375130b7cb1c1f43eacf04a9b69effbbc44331808a5939c62c321d9740ccc58bbf2cc4207a811b2a2b04698c8bbfa3c2dcccb6338280855d28bc669e7d61551a9053d331b5d1cf87c8d9439dbebc84f0eee8356b91b608b9ced04340e32a0f4bc47e2a775747856edb0067ad97f10aeb61e2ce0827106e3972a66481aca7d70b6ebdd4464178a4bf82feabaf89ec5dd0c32cf067cd9d6d8e2ddb87239567d92eb72ea497c72a338bbc80d207499120a511a3837b30087184d36181226d5eff58b04ef288e4df1404bf7166a93957c2935d925dd7f8b7d07c22abd7c3175f909b7ece4984fd2104161cc2e3c0120a0bdfefddf801b97d83be7c67bb11cd638c6128a487d08f0f4fca5acc6302339909655a1a3f8f3256804dbd32c5811c16cad5d4a25b6cf0fcbf07053a5eaf18e895803a0364342d1ac28dd69b0b4b8a4670dffdf2e3ccfe8490d81f8114c05c130c2ba0321bd58c90cb5c4df47c634ac74ab7ea1c883e432d0ce7a6d301a8c84fda4f2246978e6c59e83a5a9b6c2025468fae814ca7bec0639c9499a0f7ba7b3c5a3c3f1ca8d2bfc5bc58218a501e397ebd3abd9b54a11a33d805fd371442bb2a1ed6ca81d92404790086d6da9db895ce474d105b6daa142f604b1250a7f2fcd835de37687dacb9207f377c36706ef2c22bd78b5c3cedb0fca1cbb0a1202514c6d8fcc8419c79ffcdcc6d599f1c002ff4c087fe1d7175ca25ecc6536c725284182caf1320c92fbeed7ae6dcefe9d1d91ac45988f371ebcb3fc48cfc70461cbdb39bc7ee51aa8e9a285b99edd8924ff7a569ee4ed29d363f61d770e5df003608abe6daa860bdc202b8198eacda2e9f0df1e0338cd0f9e6f19be4b61b42ae33024a830efb1bad12877cf32929c47a42659dcb997be677121f8774134eb417e7efc9195c7b47803a3f45c0c551004f652bc056fa90025e6ea48f4d753175181ecabe7f9c22f2f6f65722fd96e64088077cba65e354f4f9307b99d7db873e7835b990a9b92fde6384ca7258e2f176d2449ad3e3948c0baecf255deff23627e60a4b50a2fef47bc40a7b2e8acfa747c4c59cfdf5801b6ce953a4335988ee2b9665914099d22b7188b17e4bbac027d48eefa17360ecee05b9adfed2f22a6843992329abae11fbe6db7a93abbbe738d4335d7c4e5f0a9627d6a7bf9e3e686cc198b459f38549bc46d446b3b32053e8a0e0cda9851d1f7f20413cd15282744b0fec522807574a5dcc603c3d71e9a1f8e0d3ba49cd2057b156789e0f368408637863932b0b2e059cd02a942cd2055abe4a0fa22e60a9075f5f147eced01de04675d0ab8827fbf72cbbd7db0f7fdb8b79ade862d6157659a8ab314a13540aa479e7e9505746f98829e", 0x1000, 0xfffffffffffffff8}, {&(0x7f0000001600)="36ead7c394f3af5d79d23f86716f283e9215d80f51012a134ee6e84d1a6018c86361f78f89b609a591cee4e53348806cb8a7fefabc4b001f480edcca4ba20538be43c23e88dba3d892bacd0ee96cd10cfc78bc7e75198556bb262de7e1a7e60d8a28bf55583297e28d48c6745676", 0x6e, 0x9}, {&(0x7f0000001680)="b174c22a1d6758bfb980788c1b8a91a8b73672dbcae7c907973c05af374d5c6343030485ff02a4c495f5424e1c57cec60e03ddfa82b6c020ed6123f0d817de5950eb95bd502b66ad061d105c85b4894f96cd82", 0x53, 0x5}, {&(0x7f0000001700)="9be70184e153b51780d211736e85ebaca6504ee9d786b88d816a2d966e435f6de17e0eabd5914716545cdc8c7168d2468e42a5eee22d0657ea10ea2fd0e7712e68edb4e768595ba727601cc79c92c7802c34e5d1dd7efa014ffa382edd256e78694a500ddf894be63914f74013bea1ac88ed2f73a558f29b50b24fc87a480415edbb19ddccd91bd98a11de62f39c18833f314626fab7beda4043ad7b0be60409646d2edec984487a532335fbae2051ea45d1", 0xb2, 0x3ff}]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) dup(r3) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) utimes(&(0x7f00000000c0)='./cgroup.cpu/cpuset.cpus\x00', 0x0) ftruncate(r0, 0xfdef) preadv(0xffffffffffffffff, &(0x7f0000001bc0)=[{&(0x7f00000018c0)=""/135, 0x87}, {&(0x7f0000001980)=""/38, 0x26}, {&(0x7f00000019c0)=""/115, 0x73}, {&(0x7f0000001a40)=""/137, 0x89}, {&(0x7f0000001b00)=""/161, 0xa1}], 0x5, 0xfffffffe, 0x5) chmod(&(0x7f00000000c0)='./file0\x00', 0x10) [ 1371.847627] FAT-fs (loop6): Unrecognized mount option "vfat" or missing value [ 1371.916891] attempt to access beyond end of device [ 1371.916891] loop1: rw=2049, want=276, limit=128 [ 1371.933041] FAULT_INJECTION: forcing a failure. [ 1371.933041] name failslab, interval 1, probability 0, space 0, times 0 [ 1371.934794] CPU: 0 PID: 9656 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1371.935786] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1371.937162] Call Trace: [ 1371.937489] attempt to access beyond end of device [ 1371.937489] loop1: rw=34817, want=148, limit=128 [ 1371.937662] dump_stack+0x107/0x167 [ 1371.939176] should_fail.cold+0x5/0xa [ 1371.939770] ? create_object.isra.0+0x3a/0xa20 [ 1371.940500] should_failslab+0x5/0x20 [ 1371.941104] kmem_cache_alloc+0x5b/0x310 [ 1371.941751] create_object.isra.0+0x3a/0xa20 [ 1371.942459] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1371.943228] kmem_cache_alloc+0x159/0x310 [ 1371.943825] alloc_buffer_head+0x20/0x110 [ 1371.944432] alloc_page_buffers+0x14d/0x700 [ 1371.944826] attempt to access beyond end of device [ 1371.944826] loop1: rw=0, want=147, limit=128 [ 1371.945069] create_empty_buffers+0x2c/0x640 [ 1371.946502] create_page_buffers+0x1bb/0x230 [ 1371.947176] __block_write_begin_int+0x1d1/0x19c0 [ 1371.947864] ? fat_add_cluster+0x100/0x100 [ 1371.948490] ? add_to_page_cache_locked+0x40/0x40 [ 1371.949223] ? __page_cache_alloc+0x10d/0x360 [ 1371.949867] ? remove_inode_buffers+0x300/0x300 [ 1371.950570] ? pagecache_get_page+0x243/0xc80 [ 1371.951235] ? _cond_resched+0x12/0x80 [ 1371.951798] ? wait_for_stable_page+0x92/0xe0 [ 1371.952468] cont_write_begin+0x472/0x980 [ 1371.953102] ? fat_add_cluster+0x100/0x100 [ 1371.953737] ? nobh_write_begin+0xed0/0xed0 [ 1371.954401] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1371.955202] fat_write_begin+0x89/0x180 [ 1371.955787] ? fat_add_cluster+0x100/0x100 [ 1371.956403] generic_perform_write+0x20a/0x4f0 [ 1371.957058] ? fat_direct_IO+0x1ef/0x380 [ 1371.957652] ? page_cache_prev_miss+0x310/0x310 [ 1371.958344] __generic_file_write_iter+0x2cd/0x5d0 [ 1371.959041] generic_file_write_iter+0xdb/0x230 [ 1371.959714] do_iter_readv_writev+0x476/0x750 [ 1371.960364] ? new_sync_write+0x660/0x660 [ 1371.960958] ? avc_policy_seqno+0x9/0x70 [ 1371.961563] ? selinux_file_permission+0x92/0x520 [ 1371.962256] ? security_file_permission+0xb1/0xe0 [ 1371.962964] do_iter_write+0x191/0x700 [ 1371.963520] ? trace_hardirqs_on+0x5b/0x180 [ 1371.964159] vfs_iter_write+0x70/0xa0 [ 1371.964717] iter_file_splice_write+0x762/0xc30 [ 1371.965415] ? generic_splice_sendpage+0x140/0x140 [ 1371.966148] ? security_file_permission+0xb1/0xe0 [ 1371.966849] ? generic_splice_sendpage+0x140/0x140 [ 1371.967556] direct_splice_actor+0x10f/0x170 [ 1371.968197] splice_direct_to_actor+0x387/0x980 [ 1371.968868] ? pipe_to_sendpage+0x380/0x380 [ 1371.969505] ? do_splice_to+0x160/0x160 [ 1371.970077] ? security_file_permission+0xb1/0xe0 [ 1371.970782] do_splice_direct+0x1c4/0x290 [ 1371.971377] ? splice_direct_to_actor+0x980/0x980 [ 1371.972076] ? avc_policy_seqno+0x9/0x70 [ 1371.972702] ? security_file_permission+0xb1/0xe0 [ 1371.973414] do_sendfile+0x553/0x11e0 [ 1371.974008] ? do_pwritev+0x270/0x270 [ 1371.974557] ? wait_for_completion_io+0x270/0x270 [ 1371.975286] ? rcu_read_lock_any_held+0x75/0xa0 [ 1371.975949] ? vfs_write+0x354/0xb10 [ 1371.976519] __x64_sys_sendfile64+0x1d1/0x210 [ 1371.977171] ? __ia32_sys_sendfile+0x220/0x220 [ 1371.977871] do_syscall_64+0x33/0x40 [ 1371.978402] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1371.978609] attempt to access beyond end of device [ 1371.978609] loop1: rw=2049, want=404, limit=128 [ 1371.979155] RIP: 0033:0x7f24f4026b19 10:59:02 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000140), 0xcbf7, 0x208241) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x100) sendfile(r1, r2, 0x0, 0x5) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x100000001) faccessat2(r3, &(0x7f0000000000)='./file0\x00', 0x0, 0x200) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1371.979175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1371.979185] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1371.979211] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1371.985543] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1371.986600] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1371.987652] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1371.988713] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1372.025492] attempt to access beyond end of device [ 1372.025492] loop4: rw=2049, want=276, limit=128 [ 1372.036480] attempt to access beyond end of device [ 1372.036480] loop5: rw=2049, want=276, limit=128 10:59:02 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8}) 10:59:02 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 20) [ 1372.176688] attempt to access beyond end of device [ 1372.176688] loop4: rw=1, want=403, limit=128 10:59:02 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000000b) [ 1372.223147] FAT-fs (loop6): Unrecognized mount option "vfat" or missing value 10:59:02 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0xb40}}, './file0\x00'}) openat(r1, &(0x7f0000000180)='./file0\x00', 0x2000, 0x11e) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x91) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) execveat(r3, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000380)=[&(0x7f0000000200)='vfat\x00', &(0x7f0000000280)='vfat\x00', &(0x7f0000000300)='\x00', &(0x7f0000000340)='vfat\x00'], &(0x7f0000000500)=[&(0x7f00000003c0)='vfat\x00', &(0x7f0000000400)='vfat\x00', &(0x7f0000000440)='@[/%!#$\x00', &(0x7f0000000480)='vfat\x00', &(0x7f00000004c0)='vfat\x00'], 0x100) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r5, 0x0) syz_mount_image$msdos(&(0x7f0000000540), &(0x7f0000000580)='./file0\x00', 0x3, 0x7, &(0x7f0000002880)=[{&(0x7f00000005c0)="426b2b6ac56e7ced82b7ef10c5cc6d8a1c1074c36048760f900c176c97a130f8fa96deec6a0be4fc213ff8e5a88757fc2e624686608aebfa5660d168abccbe14533d0c619d9b524c17a466814bbcdf6f1c32a22df4324294533193c35d327b3f79538ffb92bcbec90758fc41fd1cb97825b6bb1a3bac9834670c41f25a0af34499362dbf359bbed46d55a8bcbbe51b916c756148fce82b4fd1c5c9ddd5204e9f2b80ccb30742e4bab68c6da1da85c392b35d0093de7bdeb92ad9dc4233e47b58435631cb1adbe0a0f318d8603b0c6a25e48a4a700860f21e9f9f605b64e4d7960d6cc903c56e7d12ac03c45b9881baa0e26d8a3536c783e483aefeb7723238881e254fee355b2134bd23796ba142684cdaeb7f61e71b02ea7f17a66ccda229aa089be66f873658ed617467cde03f90cf5135d1bd80f85c16fc4e3fe512b213063bf21e4ff4ec0d860728ebb429e29c9e5cda72314534bc09d9ca0db41dfb18b012db831439fbeb96acedfa9c890ff3efb7ea2c8d48ca63eeefacd464f24bd049c2da31b4439c4a72ce02940e0181bf8cb86c3bb6e2443cafdbefbeaa21252ee29ce229a8fc2ec72cf509403ed865b8b085c5b3b8c81d7be3208e39e4602bd9f91b2b5c2c2806a38e09c6c0dfa1754da2bf2d842dd9a95ae20b24871ee0e1a0880886cbfbc6b37714eb979522bf3b6b305a51653950261a43dc7382f18826e0706d903d10fe2fcc56b5ddd7094a33148c699c915c4ac7af3ba20995594cd54de748342ebf9c9c08a70a7c41b3def3e44041d9e1bc9ca30be232120142c95cf5fc0c5e83eeb1c7698ae528572d0c6fc465070d43c9455464e6b1df28dd97c30adf0a8845389fc2213fc1c9dbd3808a8634c0869ee35db00a7ba3c45a913eb907ed8596d797982cc6842ee8927deb4948ffac0861923e2f96a1d29f6b3fdbc09512cac4cdd8523490545342700a6701954b143e0f1ddb3ec21b5e88cc9d7054a5310315c1467486e6823b1dd0370019a3ffafd74597d8c03b0b9b4bb81be995b9e7d9ececb9c8987ec837b3e14203fb720dfd6acec8e4f20249dab4756a420edb97b026046c7c34e1d0cf49145c764cb893ce6e231c8bdde9f62f911f0aeec68b57e29b67ac372b68a3537a6ad165b7fb317292a5361f8ebaa7466bd8a597b68af2ac0bdda62b19b5b8e6f66e99c484fcd7699694b9b534aced39e3e0c95f44f8e28a57fc7824678921092a4bca1f0010e5ca89e92c53a1aca1576836a875a9358fd0a7f6251ab59d6bef0b923bd1ce8859235654588ff543c2d36ecda42ffe5083f1cb57557e4cb69ecabd549422775ff2ec3cf5130c0e3e6a1e61f68d0680b1a72697534918c6d46f09582555ac63435c1c30a20910d775d62f1081c282d16266d9e18b89342332090d2f5aba9ca921715314a3cefd04475ab7f65e036832dd0ff02713caf6ab1ef8521af24dd0fabe605c64dfcc8af717015f092d74875045d3be2b9a4c232f6cf3bdf070c1803b684b8566c84156920d73c7db984ab2064004b73d8e6bea97a3a53fdb8d97e103e6e44312442dcd465d922b68e8f6c0a4f46968a7a693e9828b61ca10ec2bfc74d0627e1cb34640d3a22c2a9f8497a06ce85819f94885c85b49b61e981b159c5aea7768b16392c92597d07ef04d5b97c6ca94b8a645051ff87f28eb2a9cd914f364579135949daae333677df29aec582d57697a317494d52e4eff34f93476188cb4722dc47bb0f92342783364e9630fb451c8f2f3c73a36d75ca4bec18d6c0ccad00e6f3a74cab9cac505a9786f357b32bbec3621edf5038e599b9c2800c504fd7df14dff44ee09b9c77c801fb863a1752cc2751eaa5353717a531e2f402e8e2b4ff5ab04c3730c5e3a073e760b5a563a234137722091d9d45b4426a81d9c4625143d6e8605725dece07d5ab546d0a5bc9b960b477fc162ae162ddc40c45e437837c3d78cc33270d279bbf3ea1bdaf188ccb2fde6c8eb71a876f5a79570ea4f9c9e5aebbf30681483038f22f63eb3cb264c978245588fab7fde7ec6ec8a11df949e342b4c60fa39cce6b90bcbf3fc1d0cd6efae8daeb80434043d92c8bdbaed681221f2645dc73681cfa5676aa2aa204d1b851924ea9666978f3183c59fbb32970d741f464b572f79992f138c65bc6b5c4ec2dac790f3176f698fc3fe0d91adda25a8282b34fa0441f878fc93b60746b5a5a489a1495db5de28d0d4a67565c7e5d248f31827bb2bc948a9639ff2c200f09129d6378ef7973f6848379831a80378ac7656da411d96212e133b85ac86ce243404648251fc1e7ce433974d0317cb641df7fbeb1409b879b075360ab44caf884cf6ef72d8e761dcc537ab63ab9c165ad35118c6271e7e7f1b3ed040df22f08fa056987a2b1a00b728436bb08e1fb6b10b90a9c77326d5091109e6aee34ab6d4fd07dcd2df497dc52db0caf7f7f070ee6f540b62d3ef8ca7602fdc16605d27d5c12c1b3bea26237f38ee3e837f3e050ac484377db6b4bcfe670d22d1213781fd2cc51b644c6b50afa18459af667ab0cfb4dff86e643bd64ad6e6825eea65bf0443a0da9dc00a2852412c71300ace93fb28d36805524281f7565c35be0a841919adc43cba535e92876e076bf00cff8dd0ff00644b0247c25c4512c1a6ceacdabe64e29743d044acefbccb3b3c4bb0834c158204a9705ab5e5f9655350b0a58df7269315a63e687b32cdcfa576394277fe7ef8fbb2e6e5469ce404adb6bd01d6399b0ac4385701f3d9c442e7eedc254705cc0fdd9eec8906e03583f9b28034dc524817d72888d5d5ec36ee49ab0d26c3ed97d5949f04501bf780209ae5d2e8783ca06d3bd44d4598029c07c44c01aff9c530adeb4ba3fea9270f5ae47c364b6452a147c98f0d62339a7c2efaade300cb203157117b5f86373669ad504dac848786bf626ca726696fdb8769af3f19d7cdd12636043865f68cf8f8a99714db2a1caf8041f7539bb8d91029da22d4793c1c268ecd0b871283d72cb78293d1ad775bdb93d9c7f43e19b72beb0810ce387b8700678d0ecc3dd486a467b95ff243916628f09f234d072638deb6cd0cc9b5788a5f4019ab3d616932c3dc316e983939330928542f89aa7d24aee41b9cdf5ec07982b0f2e50556ed2222edffc79374ab4a7b0a31912e9a0a05eb14cdd0fcc94c98fa494302ec32404f85626cf8fef7bcaf10e487486c87662de12e2b844581e8424b8eb93462f3ccc4b4416d47a46ff13e9a1cc8271665a3b6d26b7b0a739cedfd6fe24a0e3cb6e26b45a363ddddf799d5c9280d2af0c5dd4b65e633a4473d1c72f6dbcbc54096b310cf0a637f109d40ad8ffd4171ee5e8876c4e6362c1752e035e033b7beae0757b6411e4bac430cfb3949eca93158f2623379b11032f94b5d470fba8c482c2f14638e126d67fb34f77fcba0412aced66627c8d1d9ea69c1d78c8efb58a47590881d8e3aec8c164ece9138247cd4ff9cf4f1a1cb47217b97c60a330a8ca031d16cd96ac1a5c16b8c397fdd644836b64a02dddfed293c1343f8f75ffe0edb028850f0fe51671d81a25743be8d5fe94055ad731c5408e231416fbb2d08df392e52cd0211e5dce241465722de5652f28b64e7a588f6285c24cab7f70ba9f967139f6c84eb55642d8ba7793f4586ba7296128bcfa133ed0eea04bb876d9fbcad2f40e0d4cc8681187730b6581363179f12862fb6add7cfb080bf9706dd3ce98c15ed07b0851fcbb36362b632d727fc47cb103af1326f18f88f44d81c6ba1fd2591de2a989c26025ede7ed2e4067227336e959fefeaf7c2ad80d202c8a602a5798fc5625e207168edc594dd860ccff3ac402d6a9846695dc106526af41f053003e6827421a8235e19cff2f3a19e0dd281de4a8998c573d274f9e6133ae66a7215748bd1a744994d1b7fa4a921e7ff215ce228c12ea7cc5d31d2f92cb683d8399d4baa8871504dc3a01c6a7578e3823769e3ab777ce72c82bb4102c0dad3d13c57497987099388bebbd1cf1433013d3b27011ea55899b82561f7d74074898989a7a4d76110310e2bec06a6b4cb6bf4e82934956ec103f80ac69a607201e7cd977993df4ae3f71b1f732072fe3122a663fff2b9a3d91b012a3e50505f2614213639fdae7c8095954cf6f0291aa24479cbeeea6e298f7fcfcb499bfbf0c8c0d13768ca22a66efa4e77d24ac18091c6e77494d7183c2745569e7f3fa6cabeb9c38ea1b397e3abb69215a1cd028cb4e0c93688f649b5edd2b95658642d3a035c2a55feb1f3ad17ab33dacda8f166dfda289541ebdab299781d83b6dc5630371d40a497ed6a4550699359747fa08a64daffac3939409c293c976f3e38e275a9827022683b5085e13d8deeed477a829d3e1b07f2a14c5667f7bcc4d1fec9c6743110183db0520fa4aa01d5a6034e1bfe01e973cafc524b7e6539f15c2d7662e1d34b2d167b01987fa7dfda4c0df282515839bf23de7a84d3da1f78433ed76a09db1b0d779f5e3e8e2f802eb5e6c990a5adce94cc4c887e1eb383a436fbabb187410126fa2fcb43f61500e8427a5154032cd7714aeff9d85446c9fff892e2c75dceaf748981dfc8c246100a01e2f6d8a1e5b60a5ab2ee89161bcf8aa5e6a61ef755deeec76621e15114d41734d637114076845dc49450e3980e6de05ba0aab90ce180a124074e39d20be10b484bb9dc3d0710ece4c457038cb9c6545fc7ea95aa6a0a0393bbad61454d9bb13e312b8413b654f201b2c4e84a540f01e8d35bb56808b1307b7d73f39b0044d74376a8eaae73526dfa657180b7700832a8a02f059ed73b87bf7585c39bcc28da0dc7a3ee45640ab411c2f27d7fac299b1b4ecdcc55229590089d6584185b98db4912520a6c4716430f9645b7d74654e1268d263e1a2f367539a4ad99b02cdf6fabddaf761d7c2a2a5b8f9d8d46ee20c782a2ec533bd0c451052939dccf6f653d206b9013e90432af664324b9e4c3714f5a52421cedc31cef08082e6e1eac67c57acf0048637120cdd93690b06121e01eb32fc600d212aeed27e63bbfdde7853f2b1c203c7ff45614793d43767e29a9604aee1578950095b19f7ca803b91ecf672261539e7674a092fadc719b33ffa4f3156b6b2ee03d0c53a3f460db937d2fdcaad93a3a8f919df31c56300c6cb983fbb49aa6e007ee18e95a65abc1ea4bc97cb1482b94df9e8374c0ff11ae00333b6712ef3c4c71b68673ef6148d4bb0d9a16e396d16b0b712a873255f4cc7bd4206ada12d9c63b7d5f53f461a6e961d81cfbe475a8254003a300728cef2cffe91d3b9d213f904a68a941a65d281c3426c86cd475253eac7490e83080ae0db7efe7a87bf7d59aee0512a94ec581b2e864f2263524e3e7c9bc58e83c90874c21a1509ec02680888a65981afca47986c6610922980584ca2daa83f8dc21be8f05a7e77dd20de37e0a2f69e095580505bd8f33ab4341c7b65d4c0bef638d05bf1e88a8754ec8804bf3556368f91bbec3af0716d8c94c7daca5659ad0e7f4d7f9e9015e8a7c5493461c1032c2fa6b8f03174dc4cc466e77e3e717dbfcaeb268377bb09f29439cded5feeaa216306e6057fc9be47a993e744f02c5a88726b44a9328ca0e82e93e4b3a74bda2a505a5488fcdc0ac64e082fd873a8eea5ab865e25d5a690bc49b147a47fc7b8a6275f7508bf828c42b03401085f5541dbb0399dba8c95dc1e4bba2427b60410599869504c66950ca30bbcd0141e104492140947c59f93d4518b45c62fd170032918de92a37790111fc7b709c9d04b490f3", 0x1000, 0x100000001}, {&(0x7f00000015c0)}, {&(0x7f0000001600)="fe8efe6be407e86221cd823cded023ba11eac82edf8e", 0x16, 0x531e}, {&(0x7f0000001640)="236b854e23444e10e3bc13223c9f89cc1fe49026ca08904c50be5352c2b722b4b4e16f4189a79d90133b7324abff3de10e2dc1ae0fbb5be60ce47dc97a7857b522554a18c28a963a544a9f7d9cf3a20a9456a08efae6046d558c0f184c7c878fdd1157a7b85c2379dbcb12b0bffc36b2b54850bb60fe87630576527745c06327cca824e5bd0dc6a85ae580f04b6287a650be338fd71b3f8c813b7bc80d1d4c6d96b56373a57b8c0d4eed8bc938ee7a62809b89baa44395943dbf41583d83e67dde321539298e5c82a200bb00a41e7d152921963dae1ebb01e606aef53651d2b766e63d53fd01ebc305332cda2b08d123b57ee6145ffebefc0fd394e52c95a46dfa4eba5415b3e16d2771d16278a480de1dc5bc230f4ac4d69a48542e1fe118109281edb2becf8c5b7afa414c2fe476b2ba5bc8ed13978b1b9a42a453ba0405439e9e616df15082124458f06d2d087d16d3abfebf668a0ae12da9ad0876b7b165ba9c6d79584664b012ba27df0040538079df6fe2240def6a96ebfdd4ab2a8c39ca020d1d02cf756b4b1d514f26f7289ba37d484d2859eb9ca745889621bac3dea3eba2ae28158f8f8f47e403eec167df9661c3e65de3c7c6820b8f30cfde37092f4047ed9b27411dcecba99c10a36544d8473ddad43e08a37e1e8b1e769c6e080e52e5c240ee2e41f63b2369f9d02c7b80c3a8210f9f4467244639c660c10c988d054817d02d0000de141cb626c112fe663794d3087115de8427a363f062cfb7581ed6b89f7fe662db4fd848d8b913d88479aa797843284bf76cf6ca6f45e204b02540d0d675b8589dd62074767415ef0bcd7def6b76ae378cbe940466bf04a18158fa2204b59bee9e41cceaa70084d1494ac23782e993b46f650dea9623f50862e820f989c19e02a60910a9d4e80c9b668bb11dd85db58250c8e6ccc77dac4bf1ed950ad8bf9340e646c22489c3c45834437a9c942d82e41c9e60307f755045f0ee097c42815da29294bc4e2d0590ec5280fca7ec238a46932143ef5c74ca32edfc2cfbe79be66389fe0fd680fd43bec641e2bcdd807aaf7d71033086453ec230e3364d9c9cad9254af1071b4da248d3317c0ed5b65c23ebf1f6c59390d3ef0307c70be6265f3b8df402848816d78f9d8ef5b85d65b80cd6889440f99ab7079bec1cda77b64062e7f234622d2406997829739a0cf9472c82b32bc4d0a1be10f3ec62192a24ce4d6a95d210da8e69e22673e7c096cc98c3536f26febcbc010165237fd81060f450dafb0b13cce0cd5af642bd6339114dc39444b5ccaadda2cab39c8f8a36e5b70fadb403614d5459480f6f0adfc95e3a1c1ea944f39dc3b287ef4a1bdd3e3f8de949f437e6171d3f6ca2460d02d8a32ebf38e8f696779b93f5aef609dfe77618fd664e5706ae685106daf354a5554d3388ea91295309044dce6aa68f00bd16c0f0af76175f2f1ee25d424f4ca943063632f9ee3e0df4fece454ce7b055c149c82900969bb7dfc9f5116376d5645fc6b0972d76a5e9ee4ef75864bbeb19c73059c77098cf33edfc526f13c67e3dd47bfcb2b74b8e9a7e4dfd9f69dcbae09cecf9450dd48e8e30e1d194847d29a2a03b82b69fe4cc1116f789df6413ef71c89532b67850f3a47a4de989590fdb176c42f5a3c79a67a2081b11186d4a4fbaca8496d7a1065c0d33fc3ca3778b6b763191c93fcb870459dd3dae715d8f013b2b230d14002b67ef63a600c72c8b7d93fbd77ad4df9ac2e148467db58b3445a5aef283492fd9e393d508655a6e6a17d755c2ce4df9f4bb138e893d0015b45402315e8131fd46c361ef4549c112a2505843853512ca85792f467423316c22d710c158e06f5c35a320de5e0d937d5ca23f17f9fe315b24d5818f2c7d13f1364693ee1e2ce9370e640de9c27ae3cc82d7a8e1ceeb519e80cbc7a841d8857d573b4807af4521fda85299e82096c0d0e5db8096f900e54704aa121f04d0e49c5b790fc90f7710aa92694437ee77176e59dc3cd770a2194f1c91ed4f3155757565ea52cdacb5dda60c0c84d61eb49941d0e45ca411b1299accdb2caee21d308fe9a495ab0fef33c5ad97ded8371fc4e5455fa7f7b3e66083271a14ab74a775fa9c638e04e02855cfeabe9fc215a163f838977eb6fcb6179dd5969e6187c318e6edf44ebd1cc26bf20d55f877d7c13c7f20941d506b7a9fdb424a5135a1cd391b3e7f9e87d17e8f06f26b804c75e0c5777935bfb3e018194852dc2acc7243ac89772c99a530e7547fb22b73f9d023480755ebabd111a7177a50616d123790e59a4b8384cfa2cf8ac7b5dffae68a9f2ad4b9f07e5e4dd24f003bb64798a675e3b8813b9cda6f12118bd2bc79ec1426346b71cfd8d679969487407c57932f46dbc34963937d313812a20e408fe991a0794be3a3bececa6f6d2934a68ad2c3ae1e660cc18139ad66bf0e195b0c0e8086a1adb99c54d13db67f1881bebec6621673e8d4b7184d3a6a6eb186db946284fdf085c5a3cfd0fa93ffe0379cb6bad33e1ebe47f362035dc4671de9d2da8a9e2b4aa4526435e0864c9df30657232616592ecb805bbf405d8f7abb4321ae074668f9c498c27b65f2a65e29d9e3b3d6ba3b7bf9bd1ee4a2373937e33be6b13321ccb216a15e826c637ee1492ac5a9fd36e0490c6b581d0a5253a45e3dc250b26c08b387eaa3d71a04c58a1030d5267f19bc0b5dabcac1c73ead3e84b36c94959639e3305ab05396d8907d3651543ba65928277ab205adf70362dda2eb5e662a1e13035eaaf245625882d6a37dd5e8c1c2271dc0773bab6e13fc6d157bce8eab69948f04318d587a3a82adb3a83b7a10df6522fd26c95554484e510181d5e6ad4d7974ddb5019e88ef43a97b53742ad5c80a73666018717c86d849fbfcbc62d56f6c7fefa2949773b4875f23e90681bca7cebb3448e80f35cfca023b9ad53f6a45db4e641b38536326be1291d567cd12aebc53962816c76b8e487648d869a5d9781e33b4913bc5d1585ec70d89ca4839063ab3900ae00b9f3edf70feaf134d81ce636f699088b87874f23ee6989ef7f28f9523e207893ba88883cc8c8bc111ac5fef2374936b8eb1df47f58150ee2906e942c35a5cf455848e3d102f51d55e1bc9a13f7d565de6cf9e1aed2e0458609dcaf3bd5ee22fb1f831e34a8c8368bc7350ecfbd7c0f589e930630c98dbc36735114d4d003fde67c79c4c0e707022278e4713d094bd0f9fdefaecd5a18dd96915e4194cbe31587ecfc0f1f5b7cbd35dcc763146670a2ee74bdbf3f17e92779f36838dd27cb123de34da7385788ef5150243497c64c0adb94cfc3ed293ea49ab9170c9b4131b33758ddd957fa97d69da5210af322949f7f7c1ff7e38add59f24890786cc7ba7f33f23a5cf7cb0d06454e65440df060430c091dbccc27745d24953daed3eefc55fc90607efbd721846964e5b7969bcb472ef3e5ee6ad96604f97dbd7cbd8e093780db5eb073b217802114ad3ab5964a8ef50c9036f863af50bd284fc12bd9ac56358491332791af0550adca67e7b9802b949c6bdbc038b61a9d7d62f6c3aa7a282bcb8966ee7c0056068fd7ef48da7c09365405809725fd4bbc870b66e9e82aa5af69341d89fb10fe4038738f777e7a086bad742a7a5638db4952fe39401cd92b58d0b4839197d4d212308db0282140a19ae08b788273da3f905e4776636933e2602019b5d405469d0e6e91af5977914a9cc54d18710c31d983f926c9415a231cb647e9a497a356a486483f587766f104f76f3ab04e365b75210fcb50f8527fe0376805bedf85d5c853c9f3f29415a1818c2efc41a8182d9e569450abf0f91d38bde6d86d52f860016191fea0b807a1c59596614b214c4ebc03b2785873b6444b48e8f98846e255e329d90f85b7c5e138debcd3b422901b9f8579a61ca6073113e51c24a8a488f4c834637b552d0de0321449bf08bf048ae2e775240425eeaac1617f38d6838d43532c79221e5dbe4d0912a84be2ef6a4196081ce7ae6565a17627eecca8d2428dc4a27f60cef7bc2b31c9ecd6e44d1e540a46634562812c1e271d13a54b608975fcb875d08480ae392de04fcfe60fece3dd2f6daf257a3d8c193699d56c73edca67b54b5d3b2fb2fc1290730729bb81cbcf98ef801c8042792ee745167207d725acc646446217445c5a75062cf3e71e2a6f826ad58e33c6c8d9da6907543b3fefca43789f43cd85989cb5dddebbf83051524af20a6b687386d4b8cff258172e52940a69f68649d4fa515566a5c6b0bb407a786787e274b41addc83e3bcf8c431585036a303db7724f6006cb0b8f820b8cee45f2e039e33644610e73fa33bad684acf694afda9b707c9fcef2b6303a32dd017b7c3a4ef80a15838da3dc72749e709243d283cf68e590351293ca8ce1895d2a410575247971e557fc5253c5604d745a9a1e538d3dfd35557c22943c715ed53284c3dbb96cab54e897146c58e220ea2315a2fc27a4f545f7c6abc34fc3abc913b9b4859e5709dd55e244f698c18f53dd00269fa93dc1e4140f73bd98e5e216b60b0dbca7cc4b27bc7b8ebc01f92ebc38de13192f06c410659e288179606d1973c46a42e09df1a14ee49f82755f4ed5d89b894b82d25a777d44f280418e72a474a3d6baefd8c8b431ba5b24854c858393436b591cf81635a70cc580e3e7b9e16c1a53162136d5aa0d47de385d88e20dee804492984084fcd9f76fbf1c800992885e6fed2390e0bcc488c77bfc138f1507da8a02f213da42f3406158fe038f3df50beaee2ad69af87652373c6f14d651928dbc5aa33159a3f9a1bc5b12c9eb2f5ccfbe22797be7bf97d4b4f917cab5b101aba7e23977bab46691e2f65cc323b7f340fd50618c466c6de692549691506f6c931a837c5b833aa641b92943b715999a41458821d55ce90128b4be1d225bdece2bdb923c560578070c4a74cceddc0ceba58e39946c92de47fe7495f5672bd4cfbe22a571929a0331c2ebc83df62a1e6dc81ca6cbc54c895ec25a658718b41f6bbae738d13435232a38e64e0ca376f505fd19fa8ce2c0ef1010141abc22d78425e4b997e4a6ce7260eb259a308eda3557e08bb0fb0bc759b4a9e9c8d64ad29d9df255f537f78a31112b2e8e2bb7530a8e6e626d77a62eb80b327b30e442181541603c27a69c26fafe415ec7be7ba1c597846ef63dda76bab26d9bf016e94e9826f07e98bdeaf8878d8a8ae5334aa8b62c7ee6f5da448d3e420a6e546afb33b6fac5c4ccb8461c7c7e01b11f351fef7bb172093ffced40da37f9947e89902c6f33b894d2c61f0bb16624bcf1307bf78d63920794fee7aaee0f1b79a356ecd800218da2b5dd8ab18aa5f2c1c358a1303f8e8443c0fc7b70efe676b88489cc4a081e9468c5e48da96098d180f34a6a2f6b2b78768f041d5bf29eb8f4e7473a60afd31917490051f3268e38928d7b2a3c4a498f269a34d5471d56ff6d9bf97f63b3d0e12b0d835582459da7292b5749ef474173ac44cdffacbceb6c4fb3dbb13be74dfac77f658ddcd5c4d1b35e189e23852f94775d5e7c473441dc79bb4fa1888f45db170636c2d750b2212cb7701f7bd6f795dea1289da6bc10550587f9c360af91b781d909b587817ea3636d57fa3929c1e5b4eea3523e92ceb53d20330b7181096eccac7156913a7bf455a74775c0883ff1db0e4daddea2861b1dd4bbe62df9390b74410cb99b117ff112d6667aa3cb401fdd034123f61f7138465855a9109dd2a907c01b7fb617319f9ffc3b9f65e549631d899b4077", 0x1000, 0x20}, {&(0x7f0000002640)="96070ab3e50a9563ffe92dc0d524464b556152acb5932f3b2402cd88f4a6ff0b096b34982dcfd979df42c7aa91249dd17bec88f7d2cfdfe107f80cb1430b695a0129ac7e780323d6f4d2bb5c5752a640e567f45362267dece6d9eb7081ef234969e92b5b042deea71f6676a94a29d7e070d18c1212fe1b8cf99cea020243bd18c84d8a1599b3cfb7e83ee3313e4dcdee1df325f880386d93b4fad447af6f107a89fe0d5b8ac94d3dd32d7dfb9cd5d0080577640a87e71043a717e46b90950de779be8a99f845356c2c1100511f639c5a7820014f869af7de1cee457dd19a309e9105eb964a5ea0752022577c774424c20fdbe803ad5c5aed11c51d298d67", 0xfe, 0x3}, {&(0x7f0000002740)="a6f2ddce453fc11a0d33ac909e9c099a90f8a57f788d84acae2468d8f7162f36671dd52ee6c5262925e58d8f4d2c31149dbfbff098c75177dc2cbc65e3b26c857c3077b388eb571b727694d378b8b09bd4f6c28ee8b90297b7017a5afcb0f5a5554c0b247967669abd396cd8908360304c4a44a68c027028addca8c29bde0f689443b93323c7414bf28aff8c75925815456fba2438f2bfe279341be8e4738a865c0e32656858ece6", 0xa8, 0x3}, {&(0x7f0000002800)="d7d2fe8e1a4de8cc9d246516e31d7e9bcc5e38c365d3cf558a0b6c057c5760b3369e0245c13298fa157f132d11f9f90a040d1b75817f5b9c780ac3f28345f38fe989f16f2b5d438b87e9c52e30dc885a593f97d6e2666c659f4ef04e8b79ec8490874979f8ec1afaa747066d", 0x6c, 0xaf}], 0x800000, &(0x7f0000002940)={[{@dots}, {@nodots}], [{@context={'context', 0x3d, 'staff_u'}}, {@smackfsfloor={'smackfsfloor', 0x3d, ')'}}, {@fsname}, {@func={'func', 0x3d, 'PATH_CHECK'}}, {@obj_type={'obj_type', 0x3d, '+.\x82{\xb9:$\\%.-\\@'}}, {@euid_gt={'euid>', r5}}, {@hash}, {@uid_gt={'uid>', 0xee00}}]}) ftruncate(r2, 0xfdef) [ 1372.296061] FAULT_INJECTION: forcing a failure. [ 1372.296061] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1372.297354] CPU: 1 PID: 9681 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1372.298138] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1372.299102] Call Trace: [ 1372.299327] dump_stack+0x107/0x167 [ 1372.299699] should_fail.cold+0x5/0xa [ 1372.300018] __alloc_pages_nodemask+0x182/0x600 [ 1372.300491] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1372.301083] ? find_get_entry+0x2c8/0x740 [ 1372.301511] ? lock_chain_count+0x20/0x20 [ 1372.301853] alloc_pages_current+0x187/0x280 [ 1372.302296] __page_cache_alloc+0x2d2/0x360 [ 1372.302738] pagecache_get_page+0x2c7/0xc80 [ 1372.303167] ? unlock_page_memcg+0x96/0x170 [ 1372.303520] grab_cache_page_write_begin+0x64/0xa0 [ 1372.304018] cont_write_begin+0x448/0x980 [ 1372.304440] ? fat_add_cluster+0x100/0x100 [ 1372.304869] ? nobh_write_begin+0xed0/0xed0 [ 1372.305311] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1372.305887] ? generic_write_end+0x20e/0x3f0 [ 1372.306331] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1372.306838] fat_write_begin+0x89/0x180 [ 1372.307239] ? fat_add_cluster+0x100/0x100 [ 1372.307594] generic_perform_write+0x20a/0x4f0 [ 1372.308062] ? fat_direct_IO+0x1ef/0x380 [ 1372.308418] ? page_cache_prev_miss+0x310/0x310 [ 1372.308907] __generic_file_write_iter+0x2cd/0x5d0 [ 1372.309409] generic_file_write_iter+0xdb/0x230 [ 1372.309886] do_iter_readv_writev+0x476/0x750 [ 1372.310341] ? new_sync_write+0x660/0x660 [ 1372.310767] ? avc_policy_seqno+0x9/0x70 [ 1372.311100] ? selinux_file_permission+0x92/0x520 [ 1372.311601] ? security_file_permission+0xb1/0xe0 [ 1372.312097] do_iter_write+0x191/0x700 [ 1372.312498] ? trace_hardirqs_on+0x5b/0x180 [ 1372.312941] vfs_iter_write+0x70/0xa0 [ 1372.313347] iter_file_splice_write+0x762/0xc30 [ 1372.313768] ? generic_splice_sendpage+0x140/0x140 [ 1372.314283] ? security_file_permission+0xb1/0xe0 [ 1372.314773] ? generic_splice_sendpage+0x140/0x140 [ 1372.315258] direct_splice_actor+0x10f/0x170 [ 1372.315710] splice_direct_to_actor+0x387/0x980 [ 1372.316176] ? pipe_to_sendpage+0x380/0x380 [ 1372.316603] ? do_splice_to+0x160/0x160 [ 1372.317012] ? security_file_permission+0xb1/0xe0 [ 1372.317516] do_splice_direct+0x1c4/0x290 [ 1372.317937] ? splice_direct_to_actor+0x980/0x980 10:59:02 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8}) [ 1372.318360] ? avc_policy_seqno+0x9/0x70 [ 1372.318906] ? security_file_permission+0xb1/0xe0 [ 1372.319385] do_sendfile+0x553/0x11e0 [ 1372.319698] ? do_pwritev+0x270/0x270 [ 1372.320008] ? wait_for_completion_io+0x270/0x270 [ 1372.320399] ? rcu_read_lock_any_held+0x75/0xa0 [ 1372.320771] ? vfs_write+0x354/0xb10 [ 1372.321073] __x64_sys_sendfile64+0x1d1/0x210 [ 1372.321443] ? __ia32_sys_sendfile+0x220/0x220 [ 1372.321820] do_syscall_64+0x33/0x40 [ 1372.322119] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1372.322527] RIP: 0033:0x7f24f4026b19 [ 1372.322833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1372.324296] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1372.324901] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1372.325472] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1372.326033] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1372.326598] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1372.327160] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 10:59:02 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = accept4$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000140)=0x14, 0x800) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000180)=0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r1, 0x40089416, &(0x7f00000001c0)=r2) r3 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r3, 0x0) syz_io_uring_submit(r6, r5, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_submit(0x0, r5, &(0x7f0000000300)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345}, 0x6) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000240)={{0x1, 0x1, 0x18, r1, {r0}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r7, 0xc018937c, &(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="04000000000000002e2f66696c653000"]) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000280)='team_slave_1\x00', 0x10) [ 1372.351826] attempt to access beyond end of device [ 1372.351826] loop5: rw=2049, want=276, limit=128 [ 1372.425687] attempt to access beyond end of device [ 1372.425687] loop4: rw=2049, want=276, limit=128 [ 1372.439104] attempt to access beyond end of device [ 1372.439104] loop1: rw=0, want=147, limit=128 10:59:18 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 21) 10:59:18 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000000c) 10:59:18 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 1) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:59:18 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000140), 0xcbf7, 0x208241) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x100) sendfile(r1, r2, 0x0, 0x5) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x100000001) faccessat2(r3, &(0x7f0000000000)='./file0\x00', 0x0, 0x200) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 10:59:18 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) fchmodat(r1, &(0x7f0000000180)='./file0\x00', 0x100) sendfile(r1, r2, 0x0, 0x100000001) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) r5 = getegid() fchownat(r4, &(0x7f00000000c0)='./file0\x00', 0xee00, r5, 0x1000) ftruncate(r0, 0xfdef) 10:59:18 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) ftruncate(r1, 0xfdef) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x100000001) r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r7 = syz_open_dev$vcsu(&(0x7f00000004c0), 0x6, 0x2000) epoll_ctl$EPOLL_CTL_MOD(r7, 0x3, r1, &(0x7f0000000500)={0x40000002}) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r6, r8, 0x0, 0x100000001) r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r9, 0x0, 0x100000001) write$binfmt_elf64(r9, &(0x7f0000000540)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x2, 0x7f, 0x3, 0x440, 0x2, 0x3e, 0x8, 0x7f, 0x40, 0x28c, 0x5, 0x1, 0x38, 0x2, 0xffff, 0x2, 0x124}, [{0x1, 0x3f, 0xa4e, 0x0, 0x0, 0xb03, 0x3b, 0x8}], "ea7d34533efe94290e89711bf557c5fd", ['\x00', '\x00', '\x00']}, 0x388) r10 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_submit(0x0, 0x3, &(0x7f0000000480)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x8, r4, &(0x7f0000000180)="e6d8cae967f7c0fcef3c57ae1e2c58dc4395de603dce126cb53ec210db7e1aa18bf4aa465587a294645263cfbb73d6abddf3687039142a617868d02cab820b17b70b5a51fd9056bb", 0x48, 0x7, 0x0, 0x1, r3}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x3, 0x5, r0, &(0x7f0000000300)="99544209131d6b504a3b45df72c052428d8ca3aa9f666e289793f4601817bdab54e769dedd00daa1a13063c999cb457afa353201b651b434222b333180ef7937b2cb363c57442ba3207493c1960dc5678d750e7e037e737a408d846accf7e7bbf7c30e6a0e3ece5cbc25d09ef4e6fd0bf5bb2fa3f1a9e548f08f11a3963c529bf2c8f22bb7fbf6965b1908295843ffe455e40b149c13f9c674510b9c", 0x9c, 0x1ff, 0x0, 0x3, r8}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x8, 0x7, r10, &(0x7f00000003c0)="4ee0214a05b16567bcfc75b80e59794efb9984f1fc5ba2b618ee00a953725c204bbec2b29476e1a2395ed3edbbed8add3ecf3095263e10cead674837598ada25d203299be7bf384b76c728586380d5d2d2c3088218f2dd195f4a11512bbb94befb1347a1e7527972e673ec7f5e2a3861708de88995c95b74bff401d0ccf82687c4", 0x81, 0x9, 0x0, 0x1, r3}]) 10:59:18 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) r3 = syz_io_uring_setup(0x1e63, &(0x7f0000000140)={0x0, 0xe1cf, 0x4, 0x2, 0xdc, 0x0, r0}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f00000001c0)) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000005, 0x13, r1, 0x10000000) r6 = signalfd(r2, &(0x7f0000000240)={[0x100000000]}, 0x8) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x4282c0, 0x99) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r8, r9, 0x0, 0x100000001) close_range(r8, r3, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000280)=@IORING_OP_EPOLL_CTL=@mod={0x1d, 0x5, 0x0, r0, &(0x7f0000000200)={0x80000002}, r6, 0x3, 0x0, 0x1, {0x0, r7}}, 0x9) 10:59:18 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0xce}}, './file0\x00'}) r4 = syz_open_dev$hiddev(&(0x7f0000000180), 0x6, 0x121001) sendfile(r3, r4, 0x0, 0x7) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) [ 1388.573819] FAULT_INJECTION: forcing a failure. [ 1388.573819] name failslab, interval 1, probability 0, space 0, times 0 [ 1388.575920] CPU: 0 PID: 9708 Comm: syz-executor.7 Not tainted 5.10.222 #1 [ 1388.577084] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1388.578513] Call Trace: [ 1388.578975] dump_stack+0x107/0x167 [ 1388.579610] should_fail.cold+0x5/0xa [ 1388.580263] ? iovec_from_user+0x36c/0x400 [ 1388.581003] should_failslab+0x5/0x20 [ 1388.581670] __kmalloc+0x72/0x390 [ 1388.582266] ? __lock_acquire+0xbb1/0x5b00 [ 1388.583000] iovec_from_user+0x36c/0x400 [ 1388.583709] __import_iovec+0x67/0x590 [ 1388.584380] ? SOFTIRQ_verbose+0x10/0x10 [ 1388.585089] import_iovec+0x83/0xb0 [ 1388.585740] vfs_writev+0xc1/0x620 [ 1388.586363] ? vfs_iter_write+0xa0/0xa0 [ 1388.587046] ? __fdget_pos+0xf1/0x190 [ 1388.587969] ? lock_downgrade+0x6d0/0x6d0 [ 1388.588744] ? mutex_lock_io_nested+0xf30/0xf30 [ 1388.589551] ? ksys_write+0x12d/0x260 [ 1388.590214] ? __fget_files+0x2f8/0x520 [ 1388.590919] do_writev+0x139/0x300 [ 1388.591531] ? vfs_writev+0x620/0x620 [ 1388.592200] do_syscall_64+0x33/0x40 [ 1388.592836] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1388.593719] RIP: 0033:0x7fbbbec6fb19 [ 1388.594356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1388.597455] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1388.598752] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1388.599967] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1388.601181] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1388.602448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1388.603654] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 10:59:18 executing program 2: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) pivot_root(&(0x7f0000000080)='./file2\x00', &(0x7f0000000180)='./file0\x00') creat(&(0x7f00000002c0)='./file2\x00', 0x8) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) getsockname(r0, &(0x7f0000000100)=@alg, &(0x7f0000000000)=0x80) creat(&(0x7f00000001c0)='./file2\x00', 0xe2) r1 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e6661740002080100", 0x10}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f00000003c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r2 = openat2(r1, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)={0x40040, 0x82}, 0x18) getsockname(r2, 0x0, &(0x7f0000000280)) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x200000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="140000000000a39acdb8dfc3b5aa8af998e6a79856ebc1d30b6e3cf44dd8a608cb41d5c7498e3c137418e845e56b13f6575957e33115789b0a22ce96a04a7bbdc2e0b44e4e2805baca77d834d9444757fa6418dc3bd47063c05800"/110], 0x18}, 0x0) ioctl$sock_inet6_SIOCDELRT(r3, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xfab, 0x8, 0x3fd1, 0x100, 0x1d, 0x20}) pwrite64(r0, &(0x7f0000000340)="deb4d49813533bdb4a61f38571ec5f1ee3a320db42e46acdf9f3430896f75d1450320bcf128ed71546bb07ef234f0e9b70b04418e01fba27325e9811e1ec6e31449dfa92d621d1d184e212c48916702c401b023b97d0e319a21f9cd0f7a619ea1e", 0x61, 0xfff) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000001ac0)={'gre0\x00', &(0x7f0000000540)=ANY=[@ANYBLOB='syztnl2\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="8000010000000d79000000014a01002800000000c2299078ac1414aaac1414aa4410d5800000000000006e3400000e40940400006629f8652af26b617f04c17441634abb23dd578c36460d1857da72c0bdd61f220dca771f509c9736cfd231fdc62a0eafae287a1313e49b1941fc4c3f996296c3a97b40fef678c764d6cfe0ea93ecaa869234d3ab2da4b135ffc0fcd971b94a40fcd9a2a081ff22370ab5cfe379a1183cea66bb64bb5f3440124ebf6a956572e46809fb369cf0d28c7fe1c72ea883aea139e2de11d265b078493d00"/219]}) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0) dup3(r0, r4, 0x0) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000300)=0x6) [ 1388.741022] handle_bad_sector: 3 callbacks suppressed [ 1388.741041] attempt to access beyond end of device [ 1388.741041] loop1: rw=0, want=147, limit=128 [ 1388.751259] FAT-fs (loop2): bogus number of FAT structure [ 1388.752128] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1388.806605] FAULT_INJECTION: forcing a failure. [ 1388.806605] name failslab, interval 1, probability 0, space 0, times 0 [ 1388.808643] CPU: 0 PID: 9720 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1388.809808] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1388.810899] FAT-fs (loop2): bogus number of FAT structure [ 1388.811208] Call Trace: [ 1388.811242] dump_stack+0x107/0x167 [ 1388.811274] should_fail.cold+0x5/0xa [ 1388.812084] FAT-fs (loop2): Can't find a valid FAT filesystem [ 1388.812492] ? xas_alloc+0x336/0x440 [ 1388.812526] should_failslab+0x5/0x20 [ 1388.812558] kmem_cache_alloc+0x5b/0x310 [ 1388.816593] ? SOFTIRQ_verbose+0x10/0x10 [ 1388.817300] xas_alloc+0x336/0x440 [ 1388.817931] xas_create+0x60f/0x10d0 [ 1388.818595] xas_store+0x8c/0x1c40 [ 1388.819209] ? xas_find_conflict+0x4b5/0xa70 [ 1388.819953] __add_to_page_cache_locked+0x708/0xc80 [ 1388.820817] ? file_write_and_wait_range+0x130/0x130 [ 1388.821682] ? memcg_drain_all_list_lrus+0x720/0x720 [ 1388.822545] ? find_get_entry+0x2c8/0x740 [ 1388.823267] add_to_page_cache_lru+0xe6/0x2e0 [ 1388.824020] ? add_to_page_cache_locked+0x40/0x40 [ 1388.824836] ? __page_cache_alloc+0x10d/0x360 [ 1388.825618] pagecache_get_page+0x38b/0xc80 [ 1388.826351] ? unlock_page_memcg+0x96/0x170 [ 1388.827097] grab_cache_page_write_begin+0x64/0xa0 [ 1388.827935] cont_write_begin+0x448/0x980 [ 1388.828661] ? fat_add_cluster+0x100/0x100 [ 1388.829386] ? nobh_write_begin+0xed0/0xed0 [ 1388.830134] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1388.831092] ? generic_write_end+0x20e/0x3f0 [ 1388.831813] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1388.832658] fat_write_begin+0x89/0x180 [ 1388.833318] ? fat_add_cluster+0x100/0x100 [ 1388.834017] generic_perform_write+0x20a/0x4f0 [ 1388.834784] ? fat_direct_IO+0x1ef/0x380 [ 1388.835464] ? page_cache_prev_miss+0x310/0x310 [ 1388.836261] __generic_file_write_iter+0x2cd/0x5d0 [ 1388.837080] generic_file_write_iter+0xdb/0x230 [ 1388.837865] do_iter_readv_writev+0x476/0x750 [ 1388.838607] ? new_sync_write+0x660/0x660 [ 1388.839294] ? avc_policy_seqno+0x9/0x70 [ 1388.839964] ? selinux_file_permission+0x92/0x520 [ 1388.840774] ? security_file_permission+0xb1/0xe0 [ 1388.841591] do_iter_write+0x191/0x700 [ 1388.842232] ? trace_hardirqs_on+0x5b/0x180 [ 1388.842957] vfs_iter_write+0x70/0xa0 [ 1388.843597] iter_file_splice_write+0x762/0xc30 [ 1388.844390] ? generic_splice_sendpage+0x140/0x140 [ 1388.845235] ? security_file_permission+0xb1/0xe0 [ 1388.846032] ? generic_splice_sendpage+0x140/0x140 [ 1388.846844] direct_splice_actor+0x10f/0x170 [ 1388.847565] splice_direct_to_actor+0x387/0x980 [ 1388.848349] ? pipe_to_sendpage+0x380/0x380 [ 1388.849067] ? do_splice_to+0x160/0x160 [ 1388.849725] ? security_file_permission+0xb1/0xe0 [ 1388.850533] do_splice_direct+0x1c4/0x290 [ 1388.851203] ? splice_direct_to_actor+0x980/0x980 [ 1388.851998] ? avc_policy_seqno+0x9/0x70 [ 1388.852692] ? security_file_permission+0xb1/0xe0 [ 1388.853538] do_sendfile+0x553/0x11e0 [ 1388.854196] ? do_pwritev+0x270/0x270 [ 1388.854831] ? wait_for_completion_io+0x270/0x270 [ 1388.855636] ? rcu_read_lock_any_held+0x75/0xa0 [ 1388.856407] ? vfs_write+0x354/0xb10 [ 1388.857030] __x64_sys_sendfile64+0x1d1/0x210 [ 1388.857818] ? __ia32_sys_sendfile+0x220/0x220 [ 1388.858596] do_syscall_64+0x33/0x40 [ 1388.859223] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1388.860067] RIP: 0033:0x7f24f4026b19 [ 1388.860685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1388.863721] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1388.864982] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1388.866158] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1388.867332] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1388.868506] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1388.869698] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1388.885267] attempt to access beyond end of device [ 1388.885267] loop1: rw=2049, want=276, limit=128 10:59:18 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:59:18 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000008, 0x4010, r0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1388.943861] attempt to access beyond end of device [ 1388.943861] loop6: rw=2049, want=276, limit=128 [ 1388.945903] attempt to access beyond end of device [ 1388.945903] loop6: rw=0, want=147, limit=128 [ 1388.962396] attempt to access beyond end of device [ 1388.962396] loop5: rw=2049, want=276, limit=128 [ 1388.966461] attempt to access beyond end of device [ 1388.966461] loop4: rw=2049, want=276, limit=128 [ 1388.989362] FAULT_INJECTION: forcing a failure. [ 1388.989362] name failslab, interval 1, probability 0, space 0, times 0 [ 1388.991324] CPU: 1 PID: 9747 Comm: syz-executor.7 Not tainted 5.10.222 #1 [ 1388.992290] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1388.993462] Call Trace: [ 1388.993873] dump_stack+0x107/0x167 [ 1388.994389] should_fail.cold+0x5/0xa [ 1388.994924] ? create_object.isra.0+0x3a/0xa20 [ 1388.995572] should_failslab+0x5/0x20 [ 1388.996108] kmem_cache_alloc+0x5b/0x310 [ 1388.996687] create_object.isra.0+0x3a/0xa20 [ 1388.997315] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1388.998055] __kmalloc+0x16e/0x390 [ 1388.998568] iovec_from_user+0x36c/0x400 [ 1388.999147] __import_iovec+0x67/0x590 [ 1388.999702] ? SOFTIRQ_verbose+0x10/0x10 [ 1389.000293] import_iovec+0x83/0xb0 [ 1389.000477] attempt to access beyond end of device [ 1389.000477] loop1: rw=2049, want=396, limit=128 [ 1389.000814] vfs_writev+0xc1/0x620 [ 1389.002669] ? vfs_iter_write+0xa0/0xa0 [ 1389.003243] ? __fdget_pos+0xf1/0x190 [ 1389.003783] ? lock_downgrade+0x6d0/0x6d0 [ 1389.004385] ? mutex_lock_io_nested+0xf30/0xf30 [ 1389.005049] ? ksys_write+0x12d/0x260 [ 1389.005613] ? __fget_files+0x2f8/0x520 [ 1389.006203] do_writev+0x139/0x300 [ 1389.006705] ? vfs_writev+0x620/0x620 [ 1389.007260] do_syscall_64+0x33/0x40 [ 1389.007794] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1389.008510] RIP: 0033:0x7fbbbec6fb19 [ 1389.009039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1389.011597] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1389.012674] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1389.013678] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1389.014686] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1389.015676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1389.016668] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 10:59:19 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801002070000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="a6327613a3fe3f2d522132f61324a885e7077a5a7e43e4a5b3a2985ec505ee8268a6ce9eaaa24e42e415fc02e75f8e9b0d4c1f5278564d897c265fea485f75085092e350504ed6166df992b352c1f234f926067ed4ec17a7ac68f3007a0011fc5af17e513f89118aa7d76332c26ccc0f395ac02292e6540264a70edba9", @ANYRESHEX, @ANYRESDEC, @ANYRESDEC]) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) openat(r1, &(0x7f0000000280)='./file0\x00', 0x240000, 0x4) chdir(&(0x7f0000000040)='./file0\x00') r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ftruncate(r2, 0xfdef) [ 1389.085290] attempt to access beyond end of device [ 1389.085290] loop6: rw=2049, want=404, limit=128 10:59:19 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x28, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000200000006000000000008000080000020000000e2f4655fe2f4655f0100ffff53ef010001000000e2f4655f000000000000000001000000000000000b0000000001000008000000d2420100128300000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e30323537333639353800"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000009b94b11e46934f5489a26265ae170793010040000c00000000000000e2f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000040000005900000000000000", 0x40, 0x540}, {&(0x7f0000010300)="0300000004000000000000000000000000000000010400"/32, 0x20, 0x640}, {&(0x7f0000010400)="02000000030000000400000016000f000300040000000000000000000f00c5d7", 0x20, 0x1000}, {&(0x7f0000010500)="ff030000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000e2f4655fe2f4655fe2f4655f00"/8224, 0x2020, 0x2000}, {&(0x7f0000012600)="ed41000000100000e2f4655fe2f4655fe2f4655f00000000000004008000000000000800050000000af301000400000000000000000000000100000010000000", 0x40, 0x4100}, {&(0x7f0000012700)="20000000b4253260b425326000000000e2f4655f00"/32, 0x20, 0x4180}, {&(0x7f0000012800)="8081000000180000e2f4655fe2f4655fe2f4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000030000000", 0x40, 0x4200}, {&(0x7f0000012900)="20000000000000000000000000000000e2f4655f00"/32, 0x20, 0x4280}, {&(0x7f0000012a00)="8081000000180000e2f4655fe2f4655fe2f4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000040000000", 0x40, 0x4300}, {&(0x7f0000012b00)="20000000000000000000000000000000e2f4655f00"/32, 0x20, 0x4380}, {&(0x7f0000012c00)="c041000000400000e2f4655fe2f4655fe2f4655f00000000000002008000000000000800000000000af301000400000000000000000000000400000020000000", 0x40, 0x4a00}, {&(0x7f0000012d00)="20000000000000000000000000000000e2f4655f00"/32, 0x20, 0x4a80}, {&(0x7f0000012e00)="ed41000000100000e2f4655fe2f4655fe2f4655f00000000000002008000000000000800030000000af3010004000000000000000000000001000000500000000000000000000000000000000000000000000000000000000000000000000000000000005bcc129100000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000", 0xa0, 0x4b00}, {&(0x7f0000012f00)="ed8100001a040000e2f4655fe2f4655fe2f4655f00000000000001008000000000000800010000000af3010004000000000000000000000001000000600000000000000000000000000000000000000000000000000000000000000000000000000000005f43fa2400000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000", 0xa0, 0x4c00}, {&(0x7f0000013000)="ffa1000026000000e2f4655fe2f4655fe2f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3032353733363935382f66696c65302f66696c6530000000000000000000000000000000000000000000006561281700000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000", 0xa0, 0x4d00}, {&(0x7f0000013100)="ed8100000a000000e2f4655fe2f4655fe2f4655f00000000000001008000000000000800010000000af3010004000000000000000000000001000000700000000000000000000000000000000000000000000000000000000000000000000000000000002a20390700000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000000002ea06015400000000000600000000000000786174747231000006014c0000000000060000000000000078617474723200000000000000000000000000000000000000000000000000000000000078617474723200007861747472310000ed81000028230000e2f4655fe2f4655fe2f4655f00000000000002008000000000000800010000000af30100040000000000000000000000030000008000000002000000010000008200000002000000018000008200000000000000000000000000000033142f1800000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000", 0x1a0, 0x4e00}, {&(0x7f0000013300)="ed81000064000000e2f4655fe2f4655fe2f4655f00000000000001008000000000000800010000000af301000400000000000000000000000100000090000000000000000000000000000000000000000000000000000000000000000000000000000000eaaaeb6900000000000000000000000000000000000000000000000020000000b4253260b4253260b4253260e2f4655fb42532600000000000000000", 0xa0, 0x5000}, {&(0x7f0000013400)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c653300000011000000940f090166696c652e636f6c64000000", 0x80, 0x10000}, {&(0x7f0000013500)="0b0000000c0001022e00000002000000f40f02022e2e00"/32, 0x20, 0x20000}, {&(0x7f0000013600)="00000000001000"/32, 0x20, 0x21000}, {&(0x7f0000013700)="00000000001000"/32, 0x20, 0x22000}, {&(0x7f0000013800)="00000000001000"/32, 0x20, 0x23000}, {&(0x7f0000013900)="111fc0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x30000}, {&(0x7f0000013a00)="0200"/32, 0x20, 0x30400}, {&(0x7f0000013b00)="0300"/32, 0x20, 0x30800}, {&(0x7f0000013c00)="0400"/32, 0x20, 0x30c00}, {&(0x7f0000013d00)="0500"/32, 0x20, 0x31000}, {&(0x7f0000013e00)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000700"/96, 0x60, 0x31400}, {&(0x7f0000013f00)="2719c0d901000000803a0900803a090000000000060000000000000005000000", 0x20, 0x40000}, {&(0x7f0000014000)="0200"/32, 0x20, 0x40400}, {&(0x7f0000014100)="0300"/32, 0x20, 0x40800}, {&(0x7f0000014200)="0400"/32, 0x20, 0x40c00}, {&(0x7f0000014300)="0500"/32, 0x20, 0x41000}, {&(0x7f0000014400)="0000000000000000010000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000700"/96, 0x60, 0x41400}, {&(0x7f0000014500)="0c0000000c0001022e000000020000000c0002022e2e00000d0000001000050166696c65300000000e000000d80f050766696c653100"/64, 0x40, 0x50000}, {&(0x7f0000014600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x60000}, {&(0x7f0000014b00)='syzkallers\x00'/32, 0x20, 0x70000}, {&(0x7f0000014c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x90000}], 0x0, &(0x7f0000014d00)) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = creat(&(0x7f0000000080)='./file1\x00', 0x10) sendfile(r2, r3, 0x0, 0x100000001) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x5, 0x0, r1, 0x0, r2}, 0x1000) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r5, 0x0) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r4, 0x4008941a, &(0x7f00000001c0)=0x2) mount$9p_unix(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file1\x00', &(0x7f0000000180), 0x8a448a, &(0x7f00000005c0)={'trans=unix,', {[{@posixacl}, {@access_uid={'access', 0x3d, r5}}, {@access_user}], [{@euid_lt={'euid<', 0xee01}}, {@measure}, {@subj_user={'subj_user', 0x3d, 'ext4\x00'}}]}}) ioctl$EXT4_IOC_GETSTATE(r3, 0x40046629, &(0x7f0000000640)) 10:59:19 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 22) [ 1389.105280] attempt to access beyond end of device [ 1389.105280] loop6: rw=34817, want=404, limit=128 [ 1389.108947] attempt to access beyond end of device [ 1389.108947] loop6: rw=0, want=403, limit=128 [ 1389.196431] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1389.282592] FAT-fs (loop1): Unrecognized mount option "¦2vŁţ?-R!2ö$¨…çzZ~C䥳˘^Ĺî‚h¦ÎžŞ˘NBäüç_Ž›LRxVM‰|&_ęH_uP’ăPPNÖmů’łRÁň4ů&~Ô짬hó" or missing value 10:59:19 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0xec100, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 10:59:19 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index=0x3, 0x71babea0, 0x0, 0x6, 0x0, 0x1, {0x0, r3}}, 0x5) sendfile(r1, r2, 0x0, 0x100000001) ioctl$MON_IOCQ_URB_LEN(r1, 0x9201) ftruncate(r0, 0xfdef) 10:59:19 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000000d) 10:59:19 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ftruncate(r0, 0x1000003) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x105142, 0x0) r2 = creat(&(0x7f0000000000)='./file2\x00', 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_submit(r3, 0x0, 0x0, 0x5) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) r5 = accept$packet(r2, 0x0, &(0x7f00000000c0)) syz_io_uring_setup(0x2a7b, &(0x7f00000004c0)={0x0, 0x3, 0x8, 0x0, 0x18c}, &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000480), &(0x7f0000000140)=0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000180)=@IORING_OP_FILES_UPDATE={0x14, 0x3, 0x0, 0x0, 0x6, &(0x7f00000000c0)=[0xffffffffffffffff], 0x1, 0x0, 0x0, {0x0, r7}}, 0x6) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd=r5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r7}}, 0x1f) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x104, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000040)}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lseek(r1, 0x0, 0x2) r8 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x4000, 0x12e) copy_file_range(r8, 0x0, r1, 0x0, 0x200f5ef, 0x0) 10:59:19 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1389.410008] FAULT_INJECTION: forcing a failure. [ 1389.410008] name failslab, interval 1, probability 0, space 0, times 0 [ 1389.412355] CPU: 1 PID: 9766 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1389.413607] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1389.414970] Call Trace: [ 1389.415500] dump_stack+0x107/0x167 [ 1389.416101] should_fail.cold+0x5/0xa [ 1389.416720] ? create_object.isra.0+0x3a/0xa20 [ 1389.417539] should_failslab+0x5/0x20 [ 1389.418117] kmem_cache_alloc+0x5b/0x310 [ 1389.418727] create_object.isra.0+0x3a/0xa20 [ 1389.419539] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1389.420291] kmem_cache_alloc+0x159/0x310 [ 1389.420578] FAULT_INJECTION: forcing a failure. [ 1389.420578] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1389.421072] ext4_alloc_io_end_vec+0x1f/0x120 [ 1389.423402] ext4_writepages+0x17a5/0x3350 [ 1389.424010] ? unwind_next_frame+0x13ef/0x1a90 [ 1389.424693] ? find_held_lock+0x2c/0x110 [ 1389.425328] ? __ext4_mark_inode_dirty+0x770/0x770 [ 1389.426021] ? __is_insn_slot_addr+0x14c/0x290 [ 1389.426708] ? __kernel_text_address+0x9/0x40 [ 1389.427543] ? unwind_get_return_address+0x55/0xa0 [ 1389.428218] ? create_prof_cpu_mask+0x20/0x20 [ 1389.428873] ? stack_trace_save+0x8c/0xc0 [ 1389.429606] ? stack_trace_consume_entry+0x160/0x160 [ 1389.430438] ? kasan_save_stack+0x32/0x40 [ 1389.431022] ? kasan_save_stack+0x1b/0x40 [ 1389.431738] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1389.432525] ? __ext4_mark_inode_dirty+0x770/0x770 [ 1389.433348] do_writepages+0xee/0x2a0 [ 1389.433957] ? page_writeback_cpu_online+0x20/0x20 [ 1389.434740] ? lock_acquire+0x197/0x470 [ 1389.435412] ? create_object.isra.0+0x3ad/0xa20 [ 1389.436063] ? lock_release+0x680/0x680 [ 1389.436649] ? find_held_lock+0x2c/0x110 [ 1389.437403] __filemap_fdatawrite_range+0x24b/0x2f0 [ 1389.438102] ? delete_from_page_cache_batch+0xa30/0xa30 [ 1389.438862] ? mark_held_locks+0x9e/0xe0 [ 1389.439505] ? trace_hardirqs_on+0x5b/0x180 [ 1389.440316] filemap_write_and_wait_range+0x65/0x100 [ 1389.441123] __iomap_dio_rw+0x552/0x1110 [ 1389.442066] ? iomap_dio_bio_actor+0xef0/0xef0 [ 1389.442860] ? ext4_orphan_add+0x253/0x9e0 [ 1389.443629] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 1389.444550] ? ext4_empty_dir+0xae0/0xae0 [ 1389.445289] ? jbd2__journal_start+0xf3/0x7e0 [ 1389.446059] iomap_dio_rw+0x31/0x90 [ 1389.446593] ext4_file_write_iter+0xb26/0x18d0 [ 1389.447277] ? ext4_file_read_iter+0x4c0/0x4c0 [ 1389.447928] ? kasan_save_stack+0x32/0x40 [ 1389.448525] ? kasan_save_stack+0x1b/0x40 [ 1389.449122] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1389.449890] ? iter_file_splice_write+0x16d/0xc30 [ 1389.450595] ? direct_splice_actor+0x10f/0x170 [ 1389.451239] ? splice_direct_to_actor+0x387/0x980 [ 1389.451944] ? do_splice_direct+0x1c4/0x290 [ 1389.452580] ? do_sendfile+0x553/0x11e0 [ 1389.453141] ? __x64_sys_sendfile64+0x1d1/0x210 [ 1389.453855] ? do_syscall_64+0x33/0x40 [ 1389.454422] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1389.455209] do_iter_readv_writev+0x476/0x750 [ 1389.455865] ? new_sync_write+0x660/0x660 [ 1389.456463] ? avc_policy_seqno+0x9/0x70 [ 1389.457049] ? selinux_file_permission+0x92/0x520 [ 1389.457760] ? security_file_permission+0xb1/0xe0 [ 1389.458475] do_iter_write+0x191/0x700 [ 1389.459032] ? trace_hardirqs_on+0x5b/0x180 [ 1389.459673] vfs_iter_write+0x70/0xa0 [ 1389.460233] iter_file_splice_write+0x762/0xc30 [ 1389.460941] ? generic_splice_sendpage+0x140/0x140 [ 1389.461685] ? security_file_permission+0xb1/0xe0 [ 1389.462395] ? generic_splice_sendpage+0x140/0x140 [ 1389.463107] direct_splice_actor+0x10f/0x170 [ 1389.463752] splice_direct_to_actor+0x387/0x980 [ 1389.464441] ? pipe_to_sendpage+0x380/0x380 [ 1389.465061] ? do_splice_to+0x160/0x160 [ 1389.465663] ? security_file_permission+0xb1/0xe0 [ 1389.466375] do_splice_direct+0x1c4/0x290 [ 1389.466977] ? splice_direct_to_actor+0x980/0x980 [ 1389.467688] ? avc_policy_seqno+0x9/0x70 [ 1389.468289] ? security_file_permission+0xb1/0xe0 [ 1389.468999] do_sendfile+0x553/0x11e0 [ 1389.469596] ? do_pwritev+0x270/0x270 [ 1389.470158] ? wait_for_completion_io+0x270/0x270 [ 1389.470881] ? rcu_read_lock_any_held+0x75/0xa0 [ 1389.471555] ? vfs_write+0x354/0xb10 [ 1389.472109] __x64_sys_sendfile64+0x1d1/0x210 [ 1389.472784] ? __ia32_sys_sendfile+0x220/0x220 [ 1389.473486] do_syscall_64+0x33/0x40 [ 1389.474033] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1389.474790] RIP: 0033:0x7f24f4026b19 [ 1389.475335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1389.478002] RSP: 002b:00007f24f157b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1389.479109] RAX: ffffffffffffffda RBX: 00007f24f413a020 RCX: 00007f24f4026b19 [ 1389.480139] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 1389.481173] RBP: 00007f24f157b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1389.482204] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1389.483255] R13: 00007ffc75df54bf R14: 00007f24f157b300 R15: 0000000000022000 [ 1389.484327] CPU: 0 PID: 9770 Comm: syz-executor.7 Not tainted 5.10.222 #1 [ 1389.485357] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1389.486583] Call Trace: [ 1389.486988] dump_stack+0x107/0x167 [ 1389.487536] should_fail.cold+0x5/0xa [ 1389.488109] _copy_from_user+0x2e/0x1b0 [ 1389.488712] iovec_from_user+0x141/0x400 [ 1389.489336] __import_iovec+0x67/0x590 [ 1389.489932] ? SOFTIRQ_verbose+0x10/0x10 [ 1389.490549] import_iovec+0x83/0xb0 [ 1389.491096] vfs_writev+0xc1/0x620 [ 1389.491628] ? vfs_iter_write+0xa0/0xa0 [ 1389.492216] ? __fdget_pos+0xf1/0x190 [ 1389.492779] ? lock_downgrade+0x6d0/0x6d0 [ 1389.493599] ? mutex_lock_io_nested+0xf30/0xf30 [ 1389.494294] ? ksys_write+0x12d/0x260 [ 1389.494868] ? __fget_files+0x2f8/0x520 [ 1389.495481] do_writev+0x139/0x300 [ 1389.496007] ? vfs_writev+0x620/0x620 [ 1389.496579] do_syscall_64+0x33/0x40 [ 1389.497125] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1389.497890] RIP: 0033:0x7fbbbec6fb19 [ 1389.498450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1389.501128] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1389.502249] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1389.503286] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1389.504321] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1389.505361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1389.506407] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 10:59:19 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r0, 0x0) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x100, 0x8, &(0x7f0000001680)=[{&(0x7f0000000180)="414049384ee824bd13ac5d8839fcaa71d38dad5de324", 0x16, 0x3}, {&(0x7f0000000500)="29a39c61f416f62aabb9ac1d6d29748221e03d2c51994a76a57a1d36ddd820d773c5fc880e969edd2b22dbf8f2dc6d8f81faff8748f721f2e44e3032996f8673bc379db565e48e22508b95cf5bea8b632450f3c85cce62a24b70a91942dd3a2dd01bff913e47c8e1deab8fd384a6b2bb5c6ff7a2d14084afe9b9d9621d03c3f1b2835eecdba6f04eaaf5abb6824b442d9373da26bce999b9273fcf1adffc8ce6e105609b05092cdae5f2cc0aa43b3bb141ac84cf8acd0823a93b87c0a1a0e0cf3da6782ef9c04d2567f68cd373c1b6b56679d9b91e9ea7568631951cefa266bcae638da87b671e21b0f930fb482edcb1adf2fdaf279dacfe8d13995394a24ba42a1163153a0cdb92de608ee487cad15d002bb5ea3bdd85b75a4a0d602b71315b65a52580b78bf206c1f309b636118c4d846de5880319384a28f029eda77d616bd49a23b30a85ef02fcee91b5414e4ea2f7e01d08587077bb87be707d1ddaf6bf59a6706160e59f275cce24d06c58e79d72e3b2f08478331102a96a7e8677adc6eb1523fde4624da7873dfaaf60777427281da31002f18e868f67ac71e60ab446bcdc4d3d641a16f30c3f96165683743fd951f58ff971fd438b1bfdaf3fb817e46db396b0ab6f67ed22d8a3aa29a0e6831bd67e3c4e626f5ca8e6fbc92ea512b3e33132c9d495cbff891848abeae2a6df7069e94c38c448fe711c49898668216ea2350d7af65791ee1dc0157956659c7bf91e2772d9d2e494dab44d1163ea85567a36d9fbd21b079b78870708a79934d8993637d48e92a7b799e21bc8dab150b13b9baf25d23c68206fe604d54b30b65d16456eb161686913271142e32c57aa77459341111f4e9b237434dcdea7915c18a096d2c1fbab5c45a1790402a98c305a626e6cc08722565f34dda15c5bf4062ec0eb9c6bf5065531f6b770941ee7eb315fc6d209f49113de112536085b716ed997b0a4a90cc6bd6163b659d8f391b1455bd9e334d6c152dcee1bef8156f2747354655567f12f1e51a6fb3bc1aeed9199067ac35ae33fb11951549c7e1473d3a527bd57efb26e4ef33e593227a776c988e5d104ee55649f2ef03d26edc5c21a631b26059847ff7a3b29a481b71a3634da21714c213226f84c8a6788c0d219a0eccf53f0f79a7a728ecd0da3f6ab0d56e23c27deb33bacb457b0c9de63f7b663fda3384bd6c37e3af5340939987896d4e06e7a5aa8be3cfa4773b6f6c9adfeb4aba3fb7e7cefa406f56e8294074fd8edc1bec5178a4ceeb21d38aa2f3b1336dab5c748f76fd9bf6d7e505dcb49dabc60dac9e39ea7f1e4085120876db2e26c89e3117ccf2b796c4c9a9d82a253e25231c87f0711058facee19308886c531da2e23280eca67ac09d35586599976f904b85f8977633aca3ed7a58fa0ab9b382314bab6aa8ac54b71c54181fec58388c9ba8f8175fbbc0ac8615b32d46f89aa1cb6a3d9da60fe6053a82b49eeed66a6dca78716b2d6b008afec9d13cd4faa5700b950b0a0ae9b84a283a1328630b766e5cd841d021cc58d6579fba615b88dd951edc74b2573167784ab2574f95265cb18250533b1b2412e546c57b64a8290fe1512cdfe96ec347ba3d0d5fcc1c759b433542fe27cf75098f7407e7c758a3ba183b187f8f599a61df4a54bff53730aec64e81550766ec9ab41e0dc6554331679901976203795000f5af72f63636a9a098de4cf76538eee7a1590c0cf7a6049e53e6bd15f52c90cb1ebf28f93358a30526134919195ce518a0268073327b6f56aff32784a25e258401f70cd5d0034ca832454748189b37f575f50d766b70621f5f7a3513f261f0883c72ac5118bac621b5c61117cbc0e37c0b2309746387043581b50fbec6c19c7e0260192984e8efd97e99ac0cb73fa91da36bbd5f5cf04452a398af54275f2ce34dc58b754d93d5f03a3dad2985014c87b16b29c639be71727e57b412c384afa41a99096fc37019cc632ef343f4ab71f5a73ef5b3c84819a73551f2482d37491ca0a850d8b1f6c3549f765eeaed6a8d453d14b5615deb76ac04f618c4d9c4d3248e53714e59fedabad4e7187f07bdf533c0aa16be6592c1898be3887caf4cf7d93800afe436381b022d300299776dd15fb63092a3ac3709e662c16fcda8804a710f781b965fe7190b1cadafb5ce9cdd33c49719154cab317360c0765f050b42deba3f9ed59080be97426bf2259512baeb571e15a4e9751dd3d4a7f8a204624bb419308b6f1e0ae6a47107ad9724fa7e406b7cc913344eac720aca3506a55394602a0773dd3bb528d0fe5c80c6b3d31fc9796378b8bc362e87cb946b3adf94e741c2442fb8b50018ef4ce6d92f303e952aa2d46a3644be1589d8083a0d5eee63cc1de1422e16d3be77f40d93d279f9801f744052c2344ac468736beb11322ed2059fef7c05068438282e655953d00de7b86b53ded5e6730ebc1c01b701dddaf5bf60ddf9e2cadb2e14beded1a04c1456875d4ff8774cd9f2234d45af81f301cfa09a0af097eadcd5c024e4267724952b0e9f0d3e70d9814ea21ca41fa32f1e9dc2e3379d4f4bf64bca41bdb7eb97f3f2f427b64c867ba52f128dff81e75225edd9aa700748fd8c8a43f72db111fee97aebeaa9b3bdda7d519697a89c5ff55a8e80376852991680e6deb752025da1ed590a55378ddf4dadc4784b23707328a46b4c3c15b481738267e44ddcbc370bc310e274cbb8834fb9359a944c95aff0dcac979acc0dff2f249794137414e13d07fc0727db30af1e6b366210a361cb2196eccdd50fb5a0561a4b0e96109570128eb68370b9a5a5b37806b68fe2781ce88fb1f25164b39245f04f61eb1f45bbbd5fc0acee6681c22ae4725366a1270ed78531072fae28aa6e003e81a9ac209cec7056fcc55f6c4e735178dac64da9003c07b9a952005b987fb44c23892523175124526e6d09f5f2e21d7fc7adca2a67388fcd3af4d7aa72ce96b74c428088f9452385940a3d13b37ff772ed1566eb6992396a8a54063003a4e3886e44475e5aecc29e4327407daf4447f457af3da11758f4bc0339f40d2e600c3506e43d590585e39fb25a51ca9e0691663c8c467eb09947772a22f02ac69e365db6a241d3ca9a6f1d181463df423ddba6a25e588aca44c168261eaba86c54373c24be916a159e415066315dc871e684920692f15b651509c078c790625aa5cc67439d6911b84b7daa64d6bbaaf8506b8a277a251c949a112bee8e3084a895e96c66610a7391086794b54782605cf53268b1fd94bd62bbce85e6dc415462c2bb79a7401f91891e13c014fd30e6321b7e605825402700e246d3b33c66ecc0de00222ea68f7a667b8f171a7aed4ee75cb0c9f481f2127c0b14d42f9efac4fe9045c797d13bde1ffebd37f98792770994f395951253fa8d698a85718ab48fc995801236056719390b5be8d3c9768a88c38f2eb3066624ab3b63bd3a22619ac82a80d55d6a4d587d9a143361c3d6be0543efccf55f3e91d92518ff447076fcf5c314ba5df460a62ca79dcbcd5d9c8af61a28af87482f0492ca098d9c8be5df3c044e68efd34f28672825ec45348023b213eb670b9033091284f8154520d4aada2ce7ffad9b9f0649ac962843c9beef9313dc4b7d09d2d5a537e53579b50d32b66730310ed29314dfe16241f6a081e707ead9620999b83c8a18c0161189b0d32c325ae05b677afbd450b2f3c219ce3907a5406398dfcd8e41fbac8646c89397acf79b427390b28f0efc6201a97f0b39484019209dd58a4c1a17a8669a09d32af6cdd1171eba456b4ba1bbe8f27b70b761d71557cff02fce41c8c886edab63f9592f8adb61438f6f69dec0f7c77746251abf9d7dfab445a6eaa6f49e876803ea52f8cc5e013cbd898e9bb36c1684fe16414db76c699ba5780f2153a105c16acaeb024f2f83c4a1349a8659bbe7ee4683e5cd6a8ae526520fc1beaf500f356f56b1e87192194d640da381920039a8f016e8a5c38a4df626594b1b14cc36ff621b33da4ff0fa0e73f863e6984b66c77d7f193b0946c4003df829d9a1eb198702ec9cd4421d0f62bb607807c324eccd34b92387bc725a70740f95f57c9171f2ae76dee101a6d4a3536e86b98051ddc928f09cef504d30084e153acd7258edead36e0c03c9c060bd77135a3dd7cd53dae01536652e293c6ee1465d92857f2569583185720933fe5f7a9639d0efe301daea5b4609e97f6d53560b7a7eb2e096b24c34b55087254f36926595a7eefe2619ef1d7f468e517055273af3192134e6db14c7bbc15ffd61c0a4de735b0a376a7c5bf39e7a210235f9e95c700e3393ee59890ebe76a2b7e5228ecf99e5e20123e5f3749aa1a576e147ef3d22bc70e680a0a5f5e9fd60218ebe9c42f0e8e6e219d37a68355c89d749291306b26d7424d75ca6b97357a3f92a132895205fc5f72f99bac500784b5dad426bcdf5602d0845b1781ee61b776a1df986cdbc2c1dc06b20d2418aab3c8eb0a778f8a67bef0a16dafbef67dd106f1fc32d2df6ad0f68f97fd1eb58d565d35a28e9f12c1a43f94714ae0c5791458990a76ac5a710864798f3926fe6c5e5a213cbddbc81e65726bba5729742d14c5d001fe25507ec805c5f91fb9484ce81150ad972bc8d3e0e88f80934d5db405dad1bb5c072ecbf0223b06782869ec1292ffd918ee6a74be1f7e2de75a51319559245b569533b30f60b1b248e93ce4be49d7c3ad969769e74797927c0466d56ffb6b3aed17dd8e628877b8ec6e733a169c9bd24269b645489eca3849e657a748c1d9bea6dbd9d1c295c131de09c76dde2891f7c12fa53cfafc52c8ee06cad721a549b11501f4f977056a145d850b4b9a5c5503442c1e8c0e854cfcd4c161bdaac368d34afecdf3ec745d1945a152a6113e46f4dcb46f7a88818f00c5c6ebfaaf2754605995208ef4f30b68bddd1941413affa14b6f0bb23b1f84a376a6150e87cba55673a6466124834ffe4960f76a32e8c655e252d127a356e37230007985e8ef1d271ecccea550b6253d82e7b4b09799a0bfcfc2e15723e278d18991808a805277f6837c8b7872ef3d2dd39bbbefc88b2f5abc0d3c1ee119cbd676933f4557133c40e907f11659caa8368353f8cfbb8601bead9d496fa1b0f52904672a8939edb8a61f299f67e8bf468ff782cef9b86b2077546ddbbd0a007b5ac2c9f031995d7bbae4bbcd045d0c3ab1ff37b0e52f90b9c8a5e72dbb07e0107473bb25e14eb2473fc8743bacfa302383a35717295a1e55fa03b525a43539ea2884dcd6cde6a3df787e2eba6bd9fa7b2aac16ce6faf8afb7b1d39ec225e784f23e9ab3fd1b7e219970e2632cd8f41d292c78e50c9d673d61de5fd0e0552c6f0febc40ddc97023e5f827c2bca21e33ede090e58dd0e21e92abc7308d73e5e528701e4760c90831a4166b2a33eabb9c71b2f788fddee5a18e35d24c9bf1ebddaa945648c9cfb5998c2d7f0c8c0524a712eb8fbfe02757a8c0d36cb1dbd2ffe84b3c84e108fea98c425ec5dc683991dcb76e516e533c1b38c7d1958a9d5e8766ed2dea49b36352ddc7760c8720eb1dbbb3c343ffaeae7a712129507c25b54bf49fb7b6660d20e19acaa7e082768f447f98fce2e7f53c7ee9848aa97fb9834bc5696c6afaff5fea34ddfcd5dd86e83af76bc8314b4ab5f5789ba1a8246bb4682cc3693177eeef15f93c117c11326328c98daca9f5f6d92e0ce65ec42cb34152db3ea653294bfb8c3f46201bb3f0fa7aafdf35a00fe7ef07b618c2ad973c4523ae33b3a77cdf3df7367fec40e7bf", 0x1000, 0x5c}, {&(0x7f00000001c0)="0308d2f08676dc6e0a4040e7580d9685aa8af702dc19aec0753adcf4f54eb2fbb87bef6f8051342f5b081943eb0844c91774cfde9f3b572b892526cd243891a0984a4b1220a7338b1b0aad40ffd2f8d38e932f4a4e2103104ec493c1c9a5397cee8237848449a50204e8922957834406c2b7b20a3042927e80f42b220baf35c9a6e258784429f218403aa89c630d702f293690a4b348e7a243915561ef39f4b7ca", 0xa1, 0x20}, {&(0x7f0000000300)="522d91217de41371327f5c7528c8c1a3dec2a1e15c1d7fcfc1e1f8a9cd3a43383d0168cfd7448c764bafd2ffd8ad72755fe1fd6b53a619e2394ad64158263464d7641276dccd92e62f97f0670316409ed8e0c975ec8ec7f3b29c252d0a1dfab51437908d093f841da0e117b8446bb0dcd20876a9d66df981a7dd00ea1e008665399834d317231f9e7317313df3526249e9aa2878d927e7a91f970f2dae3d10b1954515840199d13d60b73c5491ef288dbca5c9fdb0de", 0xb6}, {&(0x7f0000000280)="efeef858ea099275ee167bafb790104ecaa9", 0x12, 0x7fff}, {&(0x7f0000001500)="8a1ebc0b159167cb31af0413aedf55e9411e54ac6284f5f7a8fa0bb64a8c67f108252f51a76e0831bf3faaa39c47959282b8b98a9bb74d9b7a962d3fd0f855349a83fb812b74bd605a9429af013eb74a76a1646f3811b9dc3420e95e0b552e1100f42f8c832472dbe2cadcfdca3edaf7de0e275d29931e9f2c09af5d2cd2452e87d8", 0x82, 0x1}, {&(0x7f00000003c0)="0957b76501880304", 0x8, 0x2}, {&(0x7f00000015c0)="62be2c8767374c6a7c640dcafa9647ee822632c1a463ad3fa2c390f0e598b0669bd9a81bc21ed9376021ae6e82170096fc902608b6d05e6695607fceaf152e5d97e37d9d2505a2a42de72e19c39b2f697515b35f825b686c20a51a45a98729caec4e38bb8d2d6a05eb2f08c540aad2c35abe2a2d00c2107e612a5914369eb78e9955e795b34629a1", 0x88, 0x1}], 0x1, &(0x7f0000001740)={[{@unhide}, {@sbsector={'sbsector', 0x3d, 0x2}}, {@map_normal}], [{@euid_lt={'euid<', r0}}]}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 10:59:19 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r4, 0xf505, 0x0) sendfile(r1, r2, 0x0, 0x100000001) r5 = ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r5, {0x7}}, './file0\x00'}) ftruncate(r0, 0xfdef) 10:59:19 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 4) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1389.784562] FAT-fs (loop1): Unrecognized mount option "¦2vŁţ?-R!2ö$¨…çzZ~C䥳˘^Ĺî‚h¦ÎžŞ˘NBäüç_Ž›LRxVM‰|&_ęH_uP’ăPPNÖmů’łRÁň4ů&~Ô짬hó" or missing value [ 1389.840827] FAULT_INJECTION: forcing a failure. [ 1389.840827] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1389.842704] CPU: 1 PID: 9793 Comm: syz-executor.7 Not tainted 5.10.222 #1 [ 1389.843682] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1389.844873] Call Trace: [ 1389.845259] dump_stack+0x107/0x167 [ 1389.845813] should_fail.cold+0x5/0xa [ 1389.846385] _copy_from_user+0x2e/0x1b0 [ 1389.846962] comm_write+0xbf/0x2a0 [ 1389.847496] ? proc_pid_permission+0x300/0x300 [ 1389.848163] do_iter_write+0x4f0/0x700 [ 1389.848759] vfs_writev+0x1ae/0x620 [ 1389.849281] ? vfs_iter_write+0xa0/0xa0 [ 1389.849878] ? __fdget_pos+0xf1/0x190 [ 1389.850444] ? lock_downgrade+0x6d0/0x6d0 [ 1389.851043] ? ksys_write+0x12d/0x260 [ 1389.851615] ? __fget_files+0x2f8/0x520 [ 1389.852230] do_writev+0x139/0x300 [ 1389.852740] ? vfs_writev+0x620/0x620 [ 1389.853317] do_syscall_64+0x33/0x40 [ 1389.853878] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1389.854606] RIP: 0033:0x7fbbbec6fb19 [ 1389.855153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1389.857781] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1389.858878] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1389.859916] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1389.860907] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1389.861958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1389.862996] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 10:59:19 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 23) 10:59:19 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xff, 0x4, 0x1, 0x79, 0x0, 0x2, 0x67cf47c9c7c4b7c5, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0xb9, 0x2, @perf_bp, 0x4008, 0x9, 0x10000, 0x6, 0x2, 0xfffffc00, 0x1f, 0x0, 0x9}, 0xffffffffffffffff, 0x5, r0, 0x3) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0x9}}, './file0\x00'}) fsetxattr$trusted_overlay_nlink(r3, &(0x7f0000000200), &(0x7f0000000240)={'U+'}, 0x16, 0x3) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 10:59:19 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) statx(r2, &(0x7f00000000c0)='./file1\x00', 0x800, 0x4, &(0x7f0000000300)) ftruncate(r0, 0xfdef) [ 1390.058859] FAULT_INJECTION: forcing a failure. [ 1390.058859] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1390.060356] CPU: 0 PID: 9799 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1390.061131] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1390.062083] Call Trace: [ 1390.062395] dump_stack+0x107/0x167 [ 1390.062822] should_fail.cold+0x5/0xa [ 1390.063270] __alloc_pages_nodemask+0x182/0x600 [ 1390.063806] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1390.064498] ? find_get_entry+0x2c8/0x740 [ 1390.064983] ? lock_chain_count+0x20/0x20 [ 1390.065468] alloc_pages_current+0x187/0x280 [ 1390.065978] __page_cache_alloc+0x2d2/0x360 [ 1390.066489] pagecache_get_page+0x2c7/0xc80 [ 1390.067002] ? unlock_page_memcg+0x96/0x170 [ 1390.067499] grab_cache_page_write_begin+0x64/0xa0 [ 1390.068066] cont_write_begin+0x448/0x980 [ 1390.068549] ? fat_add_cluster+0x100/0x100 [ 1390.069030] ? nobh_write_begin+0xed0/0xed0 [ 1390.069530] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1390.070184] ? generic_write_end+0x20e/0x3f0 [ 1390.070680] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1390.071267] fat_write_begin+0x89/0x180 [ 1390.071710] ? fat_add_cluster+0x100/0x100 [ 1390.072197] generic_perform_write+0x20a/0x4f0 [ 1390.072714] ? fat_direct_IO+0x1ef/0x380 [ 1390.073178] ? page_cache_prev_miss+0x310/0x310 [ 1390.073725] __generic_file_write_iter+0x2cd/0x5d0 [ 1390.074281] generic_file_write_iter+0xdb/0x230 [ 1390.074810] do_iter_readv_writev+0x476/0x750 [ 1390.075317] ? new_sync_write+0x660/0x660 [ 1390.075779] ? avc_policy_seqno+0x9/0x70 [ 1390.076241] ? selinux_file_permission+0x92/0x520 [ 1390.076791] ? security_file_permission+0xb1/0xe0 [ 1390.077343] do_iter_write+0x191/0x700 [ 1390.077801] ? trace_hardirqs_on+0x5b/0x180 [ 1390.078298] vfs_iter_write+0x70/0xa0 [ 1390.078735] iter_file_splice_write+0x762/0xc30 [ 1390.079274] ? generic_splice_sendpage+0x140/0x140 [ 1390.079862] ? security_file_permission+0xb1/0xe0 [ 1390.080421] ? generic_splice_sendpage+0x140/0x140 [ 1390.080981] direct_splice_actor+0x10f/0x170 [ 1390.081493] splice_direct_to_actor+0x387/0x980 [ 1390.082034] ? pipe_to_sendpage+0x380/0x380 [ 1390.082534] ? do_splice_to+0x160/0x160 [ 1390.082994] ? security_file_permission+0xb1/0xe0 [ 1390.083543] do_splice_direct+0x1c4/0x290 [ 1390.084015] ? splice_direct_to_actor+0x980/0x980 [ 1390.084565] ? avc_policy_seqno+0x9/0x70 [ 1390.085031] ? security_file_permission+0xb1/0xe0 [ 1390.085587] do_sendfile+0x553/0x11e0 [ 1390.086025] ? do_pwritev+0x270/0x270 [ 1390.086466] ? wait_for_completion_io+0x270/0x270 [ 1390.087016] ? rcu_read_lock_any_held+0x75/0xa0 [ 1390.087536] ? vfs_write+0x354/0xb10 [ 1390.087974] __x64_sys_sendfile64+0x1d1/0x210 [ 1390.088486] ? __ia32_sys_sendfile+0x220/0x220 [ 1390.089012] do_syscall_64+0x33/0x40 [ 1390.089423] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1390.090003] RIP: 0033:0x7f24f4026b19 [ 1390.090428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1390.092445] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1390.093279] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1390.094076] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1390.094878] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1390.095669] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1390.096458] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 10:59:34 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 24) 10:59:34 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$BTRFS_IOC_INO_PATHS(r1, 0xc0389423, &(0x7f00000001c0)={0x7, 0x8, [0x1, 0x2, 0x6, 0x311f], &(0x7f0000000180)=[0x0]}) acct(&(0x7f00000000c0)='./file0\x00') sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) lsetxattr$trusted_overlay_upper(&(0x7f0000000200)='./file0\x00', &(0x7f0000000280), &(0x7f0000000300)={0x0, 0xfb, 0xc9, 0x4, 0x40, "eb419704c854e6db54a140329bc7ea09", "134d0bbed061466954a138574cac041e6d36f2a9681b9044fbf4828e1c611744071984bdd994ba3bb80c8e4a5af5418a9c6a2e18aa5d7ab1354ab793a0da3f7d581da7b4fa6ab07f28a17edaf806567465edde431047ea82377eb9f06182b740326d79b4c90b4eae16ec368af36ef04d300fc15bfc5c8540e1c3ba6cb209c72ba653e3fb3968808e6552dbc208c7eedc6f50bcf93428ab1c9394aae3b9102c4ba57d15fd7d9aab1841ac37bf547587332fbbe3c4"}, 0xc9, 0x0) 10:59:34 executing program 6: chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2, 0x30, r2, 0x9f4a1000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x100000001) setxattr$security_evm(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), &(0x7f0000000140)=@v2={0x3, 0x3, 0x4, 0x0, 0xb0, "1460d5b5368c0efa46bcfbde0abdf845dc00ee1f78f76dfa5879f7c5d1d4c7950c041416733bfde1fbe7fde9c35cc2c27e495509428028ab626ef0ed88e8f0b20561190b251be64fb89f2bd7fee12d59581cbf88a40593f68d9f1618975e155bbea31d9c318dc12119142ed4e56c9f48c2ce504e4331e4ecd43a0ce0fbec380f96e915c9b89452db74bdbad40adf904249de83e5838b835df830c0737e2e51c6819cfd283f6da2c0a76905416af6bb61"}, 0xb9, 0x6) ftruncate(r0, 0xfdef) 10:59:34 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x315940, 0x4) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 10:59:34 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000000e) 10:59:34 executing program 2: ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x400, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x0, 0x4}, 0x0, 0x0, 0x0, 0x3, 0x1, 0x41}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000140)=0x7f, 0x4) sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000240)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, 0x0}, 0x404c008) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$inet6(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000bc0)='+', 0x1fc0}], 0x1}, 0x0) write(r1, &(0x7f0000000380)="071e9f7358ec922343d9786f7c2147c81e6890a8016fb53a5ffc4951d0a6a9f38dda8a9bae8f6f3750405ca0111cc8069cb8ebd8c8564cc6aff4e3631e4eb8ebf43b0e3a61bb5878257df934ab1c2df75a49f4d39cf7effe02c00c95f02860e708", 0x61) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) readv(r0, &(0x7f0000000800)=[{&(0x7f0000000000)=""/83, 0x53}, {&(0x7f0000000080)=""/63, 0x3f}, {&(0x7f00000000c0)=""/11, 0xb}, {&(0x7f0000000400)=""/218, 0xda}, {&(0x7f0000000500)=""/254, 0xfe}, {&(0x7f0000000300)=""/102, 0x66}, {&(0x7f0000000600)=""/230, 0xe6}, {&(0x7f0000000700)=""/249, 0xf9}], 0x8) mount$9p_unix(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x173000, 0x0) umount2(&(0x7f0000000200)='./file0/file0\x00', 0x4) 10:59:34 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 5) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:59:34 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000001c0), 0x6}, 0x0, 0x8000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x55, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r1 = openat(r0, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x84100, 0x0) openat(r2, &(0x7f0000000140)='./file0\x00', 0x40, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f0000000180)={{0x1, 0x1, 0x18, r4, {0x10000}}, './file0/file0\x00'}) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x200400, 0x102) 10:59:34 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) sendmsg$unix(r0, &(0x7f0000000200)={&(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000000)="779ee96e33acaa90468e794024fe8d690044c4352060dc28987e1587217d60262f7618964f478e61fbbc709c2c257ffe6b", 0x31}], 0x1, 0x0, 0x0, 0x4801}, 0x40) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1404.168337] handle_bad_sector: 7 callbacks suppressed [ 1404.168349] attempt to access beyond end of device [ 1404.168349] loop1: rw=2049, want=276, limit=128 10:59:34 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x100000001) openat(r5, &(0x7f0000000480)='./file0\x00', 0x1, 0x181) syz_mount_image$nfs(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0xe41, 0x2, &(0x7f0000000280)=[{&(0x7f00000001c0)="6f24deeddf7086f08d21cc919a1c82e50d8a2f4f6061103851c33409fc508b1dd34eb8c727868222405f14180ed467e04cbd70056bc8a3db6da233634ee2a4ff540e7501c6607aa0dbc39e613b", 0x4d, 0x8000}, {&(0x7f0000000300)="1d880786a8b7f882e7c6cc8978f71e9220f1d9bc8a1e251d1faf4b030dc1073d8618de82481000af32d4b7e5dae31bcff9870d1e912a2bf475ec1d6d956e5393400767d2fcf60fab50eb4b056e508f35258081f82ef1a4ccc942c6838f4a561cc99928b21fe7968f1fe3badeefbbd2bc6ecffb015fc80eaa3135341c99fa08899b99b77cd2644304a1146ca49310eef40c775c2a33", 0x95, 0x8000}], 0x80f010, &(0x7f00000003c0)={[{'vfat\x00'}, {'vfat\x00'}, {'vfat\x00'}, {'vfat\x00'}], [{@uid_gt={'uid>', 0xee00}}, {@euid_gt}, {@uid_gt}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@fsmagic={'fsmagic', 0x3d, 0x8}}, {@smackfsroot={'smackfsroot', 0x3d, 'vfat\x00'}}, {@obj_user}]}) ftruncate(r3, 0x6) [ 1404.186273] attempt to access beyond end of device [ 1404.186273] loop1: rw=0, want=147, limit=128 [ 1404.191708] FAULT_INJECTION: forcing a failure. [ 1404.191708] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1404.194006] CPU: 1 PID: 9829 Comm: ó Not tainted 5.10.222 #1 [ 1404.195014] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1404.196239] Call Trace: [ 1404.196731] dump_stack+0x107/0x167 [ 1404.197379] should_fail.cold+0x5/0xa [ 1404.198135] _copy_from_user+0x2e/0x1b0 [ 1404.198757] comm_write+0xbf/0x2a0 [ 1404.199297] ? proc_pid_permission+0x300/0x300 [ 1404.200143] do_iter_write+0x4f0/0x700 [ 1404.200878] vfs_writev+0x1ae/0x620 [ 1404.201430] ? vfs_iter_write+0xa0/0xa0 [ 1404.202137] ? __fdget_pos+0xf1/0x190 [ 1404.202821] ? lock_downgrade+0x6d0/0x6d0 [ 1404.203517] ? ksys_write+0x12d/0x260 [ 1404.204106] ? __fget_files+0x2f8/0x520 [ 1404.204747] do_writev+0x139/0x300 [ 1404.205405] ? vfs_writev+0x620/0x620 [ 1404.206248] do_syscall_64+0x33/0x40 [ 1404.207023] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1404.207825] RIP: 0033:0x7fbbbec6fb19 [ 1404.208605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1404.211726] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1404.213035] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1404.214315] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1404.215625] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1404.216996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1404.218065] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1404.259477] Process accounting resumed [ 1404.264506] attempt to access beyond end of device [ 1404.264506] loop1: rw=2049, want=277, limit=128 [ 1404.287472] Process accounting resumed [ 1404.291616] attempt to access beyond end of device [ 1404.291616] loop1: rw=1, want=278, limit=128 [ 1404.292639] Buffer I/O error on dev loop1, logical block 277, lost async page write [ 1404.293519] attempt to access beyond end of device [ 1404.293519] loop1: rw=1, want=279, limit=128 [ 1404.294553] Buffer I/O error on dev loop1, logical block 278, lost async page write [ 1404.296612] FAULT_INJECTION: forcing a failure. [ 1404.296612] name failslab, interval 1, probability 0, space 0, times 0 [ 1404.297974] CPU: 0 PID: 9840 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1404.298746] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1404.299491] Call Trace: [ 1404.299748] dump_stack+0x107/0x167 [ 1404.300091] should_fail.cold+0x5/0xa [ 1404.300450] ? create_object.isra.0+0x3a/0xa20 [ 1404.300878] should_failslab+0x5/0x20 [ 1404.301233] kmem_cache_alloc+0x5b/0x310 [ 1404.301605] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1404.302074] create_object.isra.0+0x3a/0xa20 [ 1404.302462] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1404.302904] __kmalloc+0x16e/0x390 [ 1404.303222] ext4_find_extent+0xa3d/0xd30 [ 1404.303593] ext4_ext_map_blocks+0x1c8/0x5830 [ 1404.303995] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1404.304450] ? SOFTIRQ_verbose+0x10/0x10 [ 1404.304810] ? perf_trace_lock+0xac/0x490 [ 1404.305173] ? SOFTIRQ_verbose+0x10/0x10 [ 1404.305536] ? __lockdep_reset_lock+0x180/0x180 [ 1404.305951] ? ext4_ext_release+0x10/0x10 [ 1404.306319] ? ext4_map_blocks+0x5cd/0x1910 [ 1404.306698] ? lock_release+0x680/0x680 [ 1404.307046] ? ext4_es_lookup_extent+0x48d/0xaa0 [ 1404.307457] ? lock_downgrade+0x6d0/0x6d0 [ 1404.307823] ? __unwind_start+0x523/0x7e0 [ 1404.308199] ? down_write+0xe0/0x160 [ 1404.308525] ? down_write_killable+0x180/0x180 [ 1404.308927] ext4_map_blocks+0x63f/0x1910 [ 1404.309303] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 1404.309690] ? trace_hardirqs_on+0x5b/0x180 [ 1404.310074] ? kmem_cache_alloc+0x2a6/0x310 [ 1404.310458] ext4_writepages+0x19bf/0x3350 [ 1404.310828] ? unwind_next_frame+0x13ef/0x1a90 [ 1404.311236] ? find_held_lock+0x2c/0x110 [ 1404.311613] ? __ext4_mark_inode_dirty+0x770/0x770 [ 1404.312048] ? __is_insn_slot_addr+0x14c/0x290 [ 1404.312448] ? __kernel_text_address+0x9/0x40 [ 1404.312837] ? unwind_get_return_address+0x55/0xa0 [ 1404.313261] ? create_prof_cpu_mask+0x20/0x20 [ 1404.313699] ? stack_trace_save+0x8c/0xc0 [ 1404.313981] attempt to access beyond end of device [ 1404.313981] loop1: rw=1, want=280, limit=128 [ 1404.314169] ? stack_trace_consume_entry+0x160/0x160 [ 1404.314222] ? kasan_save_stack+0x32/0x40 [ 1404.315587] Buffer I/O error on dev loop1, logical block 279, lost async page write [ 1404.315949] ? kasan_save_stack+0x1b/0x40 [ 1404.315970] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1404.317965] attempt to access beyond end of device [ 1404.317965] loop1: rw=1, want=281, limit=128 [ 1404.318056] ? __ext4_mark_inode_dirty+0x770/0x770 [ 1404.319658] Buffer I/O error on dev loop1, logical block 280, lost async page write [ 1404.319983] do_writepages+0xee/0x2a0 [ 1404.320005] ? page_writeback_cpu_online+0x20/0x20 [ 1404.322003] ? lock_acquire+0x197/0x470 [ 1404.322360] ? create_object.isra.0+0x3ad/0xa20 [ 1404.322767] ? lock_release+0x680/0x680 [ 1404.323120] ? find_held_lock+0x2c/0x110 [ 1404.323488] __filemap_fdatawrite_range+0x24b/0x2f0 [ 1404.323926] ? delete_from_page_cache_batch+0xa30/0xa30 [ 1404.324395] ? mark_held_locks+0x9e/0xe0 [ 1404.324761] ? trace_hardirqs_on+0x5b/0x180 [ 1404.325147] filemap_write_and_wait_range+0x65/0x100 [ 1404.325596] __iomap_dio_rw+0x552/0x1110 [ 1404.325977] ? iomap_dio_bio_actor+0xef0/0xef0 [ 1404.326388] ? ext4_orphan_add+0x253/0x9e0 [ 1404.326762] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 1404.327199] ? ext4_empty_dir+0xae0/0xae0 [ 1404.327564] ? jbd2__journal_start+0xf3/0x7e0 [ 1404.327969] iomap_dio_rw+0x31/0x90 [ 1404.328290] ext4_file_write_iter+0xb26/0x18d0 [ 1404.328697] ? ext4_file_read_iter+0x4c0/0x4c0 [ 1404.329092] ? kasan_save_stack+0x32/0x40 [ 1404.329455] ? kasan_save_stack+0x1b/0x40 [ 1404.329825] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1404.330268] ? iter_file_splice_write+0x16d/0xc30 [ 1404.330356] attempt to access beyond end of device [ 1404.330356] loop1: rw=1, want=282, limit=128 [ 1404.330686] ? direct_splice_actor+0x10f/0x170 [ 1404.330704] ? splice_direct_to_actor+0x387/0x980 [ 1404.332089] Buffer I/O error on dev loop1, logical block 281, lost async page write [ 1404.332412] ? do_splice_direct+0x1c4/0x290 [ 1404.332423] ? do_sendfile+0x553/0x11e0 [ 1404.332435] ? __x64_sys_sendfile64+0x1d1/0x210 [ 1404.332443] ? do_syscall_64+0x33/0x40 [ 1404.332462] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1404.335731] do_iter_readv_writev+0x476/0x750 [ 1404.336121] ? new_sync_write+0x660/0x660 [ 1404.336484] ? avc_policy_seqno+0x9/0x70 [ 1404.336841] ? selinux_file_permission+0x92/0x520 [ 1404.337266] ? security_file_permission+0xb1/0xe0 [ 1404.337696] do_iter_write+0x191/0x700 [ 1404.338045] ? trace_hardirqs_on+0x5b/0x180 [ 1404.338418] vfs_iter_write+0x70/0xa0 [ 1404.338748] iter_file_splice_write+0x762/0xc30 [ 1404.339164] ? generic_splice_sendpage+0x140/0x140 [ 1404.339602] ? security_file_permission+0xb1/0xe0 [ 1404.339958] attempt to access beyond end of device [ 1404.339958] loop1: rw=1, want=283, limit=128 [ 1404.340029] ? generic_splice_sendpage+0x140/0x140 [ 1404.340043] direct_splice_actor+0x10f/0x170 [ 1404.340058] splice_direct_to_actor+0x387/0x980 [ 1404.340074] ? pipe_to_sendpage+0x380/0x380 [ 1404.340093] ? do_splice_to+0x160/0x160 [ 1404.341507] Buffer I/O error on dev loop1, logical block 282, lost async page write [ 1404.341856] ? security_file_permission+0xb1/0xe0 [ 1404.341877] do_splice_direct+0x1c4/0x290 [ 1404.344977] ? splice_direct_to_actor+0x980/0x980 [ 1404.345390] ? avc_policy_seqno+0x9/0x70 [ 1404.345753] ? security_file_permission+0xb1/0xe0 [ 1404.346183] do_sendfile+0x553/0x11e0 [ 1404.346523] ? do_pwritev+0x270/0x270 [ 1404.346855] ? wait_for_completion_io+0x270/0x270 [ 1404.347273] ? rcu_read_lock_any_held+0x75/0xa0 [ 1404.347673] ? vfs_write+0x354/0xb10 [ 1404.347823] attempt to access beyond end of device [ 1404.347823] loop1: rw=1, want=284, limit=128 [ 1404.348007] __x64_sys_sendfile64+0x1d1/0x210 [ 1404.349538] Buffer I/O error on dev loop1, logical block 283, lost async page write [ 1404.349836] ? __ia32_sys_sendfile+0x220/0x220 [ 1404.351351] do_syscall_64+0x33/0x40 [ 1404.351671] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1404.352103] RIP: 0033:0x7f24f4026b19 [ 1404.352439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1404.354015] RSP: 002b:00007f24f157b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1404.354665] RAX: ffffffffffffffda RBX: 00007f24f413a020 RCX: 00007f24f4026b19 [ 1404.355265] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 1404.355868] RBP: 00007f24f157b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1404.356476] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1404.357079] R13: 00007ffc75df54bf R14: 00007f24f157b300 R15: 0000000000022000 10:59:34 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f00000002c0), 0x1e1200, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x44, 0x3, 0x8, 0x201, 0x0, 0x0, {0xa, 0x0, 0x3}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6006}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x4000800) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) r3 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000480)="eb3c906d6b66732e66617400020801000470000000f8015141898f577216b4f70858ea23915c014009b2cb7aa9242bc99c0b2747ffcd6ab08fe03551aa85111773623ac997229d5072", 0x49}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f0000000440)=ANY=[@ANYRESOCT=r1]) chdir(&(0x7f0000000040)='./file0\x00') r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x100000001) sendmsg$SOCK_DIAG_BY_FAMILY(r5, &(0x7f00000006c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000500)={0x160, 0x14, 0x1, 0x70bd26, 0x25dfdbfb, {0x2b, 0x5}, [@INET_DIAG_REQ_BYTECODE={0x68, 0x1, "c09b2648698695b38cebd022b3e2892abbcc44a5cf872926081dbc49b865685d6bb2fcc153a7687b290de89013cd8c436484299e1650d5745d5e73d1ffaa30c3bddc06091063dd8366658ef6f3f3cf516612472b207e91d56dafa044dad504ed79c8e938"}, @INET_DIAG_REQ_BYTECODE={0x9b, 0x1, "194d5fad678e9b65366a61388bcb32ee9f2ca6d9164cb6c70940ce7a7717f2fc5f828fa6ddb76a0331d813f2364fd9f594007bb16b90b98b9d931b2053d598da4d54c5c9db648a643dd333d962ac50e45b899fc62d728012fe80230c204d328160277167233f874c1077a5222d8041fc42e41016c6432acc3c161ebed6b73c8e9517ec4b82cc61b3727dcde3474319cdd442c13450ad35"}, @INET_DIAG_REQ_BYTECODE={0x45, 0x1, "47688e78d283049ffb8bcae59b2e1920662a32d9b833f003adf463900ee3ce2a4b5546b1110b0571ad73ba16c144c27a979fb6752e4e41732aa293859d4387ed55"}]}, 0x160}, 0x1, 0x0, 0x0, 0x4000}, 0x40064) r7 = openat(r3, &(0x7f00000000c0)='./file0\x00', 0x0, 0x48) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(r8, 0xc0189377, &(0x7f0000000180)={{0x1, 0x1, 0x18, r8, {0x30, 0x1}}, './file0\x00'}) getpeername$unix(r9, &(0x7f00000001c0)=@abs, &(0x7f0000000280)=0x6e) sendfile(r7, r8, 0x0, 0x100000001) ftruncate(r4, 0xfdef) 10:59:34 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x576d2e94de6fd62a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x0, 0x10000000}, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x8001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 10:59:34 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 6) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1404.528035] FAULT_INJECTION: forcing a failure. [ 1404.528035] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1404.529333] CPU: 0 PID: 9856 Comm: Not tainted 5.10.222 #1 [ 1404.529870] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1404.530537] Call Trace: [ 1404.530760] dump_stack+0x107/0x167 [ 1404.531055] should_fail.cold+0x5/0xa [ 1404.531373] _copy_from_user+0x2e/0x1b0 [ 1404.531700] comm_write+0xbf/0x2a0 [ 1404.531992] ? proc_pid_permission+0x300/0x300 [ 1404.532377] do_iter_write+0x4f0/0x700 [ 1404.532704] vfs_writev+0x1ae/0x620 [ 1404.533001] ? vfs_iter_write+0xa0/0xa0 [ 1404.533335] ? __fdget_pos+0xf1/0x190 [ 1404.533650] ? lock_downgrade+0x6d0/0x6d0 [ 1404.533994] ? ksys_write+0x12d/0x260 [ 1404.534305] ? __fget_files+0x2f8/0x520 [ 1404.534639] do_writev+0x139/0x300 [ 1404.534924] ? vfs_writev+0x620/0x620 [ 1404.535239] do_syscall_64+0x33/0x40 [ 1404.535539] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1404.535949] RIP: 0033:0x7fbbbec6fb19 [ 1404.536253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1404.537716] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1404.538332] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1404.538899] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1404.539470] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1404.540038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1404.540618] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 10:59:34 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1404.578410] FAT-fs (loop1): Unrecognized mount option "00000000000000000000004" or missing value 10:59:34 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000000f) 10:59:49 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="06000000000000002e2f66696c653000d417a6c1ef22d76a4d1b1c055596c615361f12456ce9601fb56e2bcaad2814b8f0bf175c8bfc0f07757493f4b735c0f66009e5e8cd5983e1dfb46151a65fcfc5ccc5921c765d1e869e528799fbd0"]) r2 = perf_event_open(0x0, 0x0, 0xa, r1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x88000, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) r4 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r4, 0xc0189378, &(0x7f0000000140)={{0x1, 0x1, 0x18, r2, {r1}}, './file0\x00'}) r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x100000001) r8 = accept4(r3, 0x0, &(0x7f0000000180), 0x80800) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r7, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r8, {0x1}}, './file0\x00'}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x13, r5, 0x0) 10:59:49 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) ioctl$FS_IOC_GETFLAGS(r1, 0x80086601, &(0x7f0000000180)) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0xc0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) sendmsg$NL80211_CMD_NOTIFY_RADAR(r4, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000cf092b5fe71ccd67dfcbb8561b276146e2115bbc28a9935c79a20224bc0ea809006f35e052be531c21d3adfaec8b34006beae0975799334fa788a4bc469a3efc47b355e1596b22f1d7fe67f54aed9af1fa854a505d868e7372771843f4143ce6a1395e53ed8859925134fb7b7c0aa6d0535daaa2950bf5dc9721a8775030e885bd713d5a1b4788", @ANYRES16=0x0, @ANYBLOB="000427bd7000fddbdf25860000000800220149030000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000800}, 0x4040000) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 10:59:49 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 25) 10:59:49 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000010) 10:59:49 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 7) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 10:59:49 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r3, {0xab3, 0x1ff}}, './file0\x00'}) creat(&(0x7f0000000040)='./file0\x00', 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x100000001) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x42000, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r5, 0xc018937c, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r7, {0x4}}, './file0\x00'}) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r8, 0x0, 0x100000001) ftruncate(r1, 0x4000000000009) 10:59:49 executing program 2: r0 = openat(0xffffffffffffff9c, 0x0, 0x46e2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYBLOB="9f04cd16b2f4dc73a49328916b685feda945324d89ba3f463ba563448011c0dc5812329889db0e227836d11c45f6ec015fbd01f3500dfad421c8e886845a3733e8a55a070905146b5f281503e88332ecc048ac05ecf5a03c9c383617688df59a34d3900b3b256396c4933b47e26dbd72037a94f1e4570ef5bdfe373007dc8144d88f283c8bda20169eb4a949fd223f8f0667d34cedf493172a6e7ecaaf228a305fd20ff746c97f39ecfb12ad0b65ee3fafc118e0e25a8337ec8f0aa5a07e2e143cc529f0fa7882f0a0b05536e2d641d34d7bc5f351d8594dffc37480277b484640f3cc4020232acb1d9bb939511ea355c4736fefbc57f8145d463abc6f", @ANYBLOB="7c9fe20c234c23fd18304ec3a73702000000203d431d707a6b67aec2293d6fe909"], 0x98a) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000080)={0x0, 0xfdfdffff, 0x102, 0x0, '\x00', [{}, {0x800, 0x0, 0x400000000000000}], ['\x00']}) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_LISTALL(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x4) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r2) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r5) r6 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000540), r5) sendmsg$NLBL_CIPSOV4_C_REMOVE(r2, &(0x7f00000006c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000680)={&(0x7f0000000580)={0xcc, r6, 0x20, 0x70bd28, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_MLSCATLST={0xb0, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x15d4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd243}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1232}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc42a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x637d7300}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe504}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1d81e93}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1a90dd3d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30e7a6ff}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7daf9584}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x60ecc07e}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x40b51ef2}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xedba}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x265a3c2c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3d26f69a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2b78088d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7242b55b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x564d23a3}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x661a}]}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x80}, 0x180d) sendmsg$IEEE802154_LLSEC_DEL_KEY(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[@ANYBLOB='8\x00', @ANYRES16=r4, @ANYBLOB="010400000000000000002800000005004800020000000a0001007770616e3100000008010200", @ANYRES32=0x0, @ANYBLOB="0600060003000000"], 0x38}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000001c0)={'rose0\x00', &(0x7f00000002c0)=ANY=[@ANYRES16, @ANYRESDEC=r1, @ANYBLOB="fed9d65efc537b729e3f6e1d4cc9f64e98fe84a0908920548ab86a15e37072dd21a5a0ecb656aa1dce807d0d489e79f76e4833dca2f9e0377526", @ANYRES32=r3]}) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1) ioctl$SCSI_IOCTL_STOP_UNIT(r0, 0x6) unshare(0x48020200) 10:59:49 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x8000, 0xad) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0xa, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0xfffffffa, 0x2, @perf_config_ext={0x4, 0x7}, 0x3044, 0x3, 0x3, 0x8, 0xfffffffffffffffa, 0x80, 0x6890, 0x0, 0x9, 0x0, 0x6}, 0xffffffffffffffff, 0xd0, r0, 0x3) [ 1419.855528] handle_bad_sector: 4 callbacks suppressed [ 1419.855544] attempt to access beyond end of device [ 1419.855544] loop4: rw=2049, want=276, limit=128 [ 1419.869385] FAULT_INJECTION: forcing a failure. [ 1419.869385] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1419.871305] CPU: 1 PID: 9890 Comm: Not tainted 5.10.222 #1 [ 1419.872125] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1419.873325] Call Trace: [ 1419.873718] dump_stack+0x107/0x167 [ 1419.874268] should_fail.cold+0x5/0xa [ 1419.874830] _copy_from_user+0x2e/0x1b0 [ 1419.875420] comm_write+0xbf/0x2a0 [ 1419.875943] ? proc_pid_permission+0x300/0x300 [ 1419.876630] do_iter_write+0x4f0/0x700 [ 1419.877219] vfs_writev+0x1ae/0x620 [ 1419.877754] ? vfs_iter_write+0xa0/0xa0 [ 1419.878347] ? __fdget_pos+0xf1/0x190 [ 1419.878903] ? lock_downgrade+0x6d0/0x6d0 [ 1419.879521] ? ksys_write+0x12d/0x260 [ 1419.880083] ? __fget_files+0x2f8/0x520 [ 1419.880678] do_writev+0x139/0x300 [ 1419.881198] ? vfs_writev+0x620/0x620 [ 1419.881776] do_syscall_64+0x33/0x40 [ 1419.882330] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1419.883068] RIP: 0033:0x7fbbbec6fb19 [ 1419.883614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1419.886271] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1419.887349] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1419.888381] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1419.889404] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1419.890442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1419.891471] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1419.945767] attempt to access beyond end of device [ 1419.945767] loop1: rw=0, want=147, limit=128 [ 1419.958426] attempt to access beyond end of device [ 1419.958426] loop4: rw=1, want=364, limit=128 [ 1419.988427] attempt to access beyond end of device [ 1419.988427] loop6: rw=34817, want=148, limit=128 [ 1419.992309] FAULT_INJECTION: forcing a failure. [ 1419.992309] name failslab, interval 1, probability 0, space 0, times 0 [ 1419.994307] CPU: 1 PID: 9896 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1419.995285] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1419.996462] Call Trace: [ 1419.996852] dump_stack+0x107/0x167 [ 1419.997386] should_fail.cold+0x5/0xa [ 1419.997962] ? create_object.isra.0+0x3a/0xa20 [ 1419.998631] should_failslab+0x5/0x20 [ 1419.999181] kmem_cache_alloc+0x5b/0x310 [ 1419.999781] create_object.isra.0+0x3a/0xa20 [ 1420.000415] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1420.001182] kmem_cache_alloc+0x159/0x310 [ 1420.001791] alloc_buffer_head+0x20/0x110 [ 1420.002415] alloc_page_buffers+0x14d/0x700 [ 1420.003073] create_empty_buffers+0x2c/0x640 [ 1420.003717] create_page_buffers+0x1bb/0x230 [ 1420.004359] __block_write_begin_int+0x1d1/0x19c0 [ 1420.005077] ? fat_add_cluster+0x100/0x100 [ 1420.005717] ? add_to_page_cache_locked+0x40/0x40 [ 1420.006436] ? __page_cache_alloc+0x10d/0x360 [ 1420.007107] ? remove_inode_buffers+0x300/0x300 [ 1420.007800] ? pagecache_get_page+0x243/0xc80 [ 1420.008448] ? unlock_page_memcg+0x96/0x170 [ 1420.009077] ? wait_for_stable_page+0x92/0xe0 [ 1420.009729] cont_write_begin+0x472/0x980 [ 1420.010370] ? fat_add_cluster+0x100/0x100 [ 1420.011000] ? nobh_write_begin+0xed0/0xed0 [ 1420.011652] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1420.012504] ? generic_write_end+0x20e/0x3f0 [ 1420.013159] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1420.013924] fat_write_begin+0x89/0x180 [ 1420.014527] ? fat_add_cluster+0x100/0x100 [ 1420.015146] generic_perform_write+0x20a/0x4f0 [ 1420.015834] ? fat_direct_IO+0x1ef/0x380 [ 1420.016438] ? page_cache_prev_miss+0x310/0x310 [ 1420.017127] __generic_file_write_iter+0x2cd/0x5d0 [ 1420.017866] generic_file_write_iter+0xdb/0x230 [ 1420.018568] do_iter_readv_writev+0x476/0x750 [ 1420.019242] ? new_sync_write+0x660/0x660 [ 1420.019847] ? avc_policy_seqno+0x9/0x70 [ 1420.020435] ? selinux_file_permission+0x92/0x520 [ 1420.021142] ? security_file_permission+0xb1/0xe0 [ 1420.021852] do_iter_write+0x191/0x700 [ 1420.022458] ? trace_hardirqs_on+0x5b/0x180 [ 1420.023118] vfs_iter_write+0x70/0xa0 [ 1420.023686] iter_file_splice_write+0x762/0xc30 [ 1420.024406] ? generic_splice_sendpage+0x140/0x140 [ 1420.025169] ? security_file_permission+0xb1/0xe0 [ 1420.025875] ? generic_splice_sendpage+0x140/0x140 [ 1420.026616] direct_splice_actor+0x10f/0x170 [ 1420.027263] splice_direct_to_actor+0x387/0x980 [ 1420.027965] ? pipe_to_sendpage+0x380/0x380 [ 1420.028621] ? do_splice_to+0x160/0x160 [ 1420.029224] ? security_file_permission+0xb1/0xe0 [ 1420.029954] do_splice_direct+0x1c4/0x290 [ 1420.030583] ? splice_direct_to_actor+0x980/0x980 [ 1420.031282] ? avc_policy_seqno+0x9/0x70 [ 1420.031907] ? security_file_permission+0xb1/0xe0 [ 1420.032622] do_sendfile+0x553/0x11e0 [ 1420.033214] ? do_pwritev+0x270/0x270 [ 1420.033799] ? wait_for_completion_io+0x270/0x270 [ 1420.034517] ? rcu_read_lock_any_held+0x75/0xa0 [ 1420.035213] ? vfs_write+0x354/0xb10 [ 1420.035766] __x64_sys_sendfile64+0x1d1/0x210 [ 1420.036420] ? __ia32_sys_sendfile+0x220/0x220 [ 1420.037092] do_syscall_64+0x33/0x40 [ 1420.037662] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1420.038410] RIP: 0033:0x7f24f4026b19 [ 1420.038964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1420.041664] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1420.042775] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1420.043796] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1420.044851] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1420.045916] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1420.046988] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1420.061513] attempt to access beyond end of device [ 1420.061513] loop6: rw=0, want=147, limit=128 [ 1420.061902] attempt to access beyond end of device [ 1420.061902] loop1: rw=2049, want=276, limit=128 [ 1420.090735] attempt to access beyond end of device [ 1420.090735] loop5: rw=2049, want=276, limit=128 [ 1420.099700] attempt to access beyond end of device [ 1420.099700] loop6: rw=2049, want=276, limit=128 [ 1420.197040] attempt to access beyond end of device [ 1420.197040] loop6: rw=2049, want=404, limit=128 [ 1420.199420] attempt to access beyond end of device [ 1420.199420] loop6: rw=2049, want=403, limit=128 [ 1420.200940] Buffer I/O error on dev loop6, logical block 402, lost async page write 11:00:05 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x400, 0x108) 11:00:05 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000011) 11:00:05 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/../file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:00:05 executing program 2: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) ioctl$FS_IOC_GETFLAGS(r1, 0x80086601, &(0x7f0000000180)) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0xc0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) sendmsg$NL80211_CMD_NOTIFY_RADAR(r4, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000cf092b5fe71ccd67dfcbb8561b276146e2115bbc28a9935c79a20224bc0ea809006f35e052be531c21d3adfaec8b34006beae0975799334fa788a4bc469a3efc47b355e1596b22f1d7fe67f54aed9af1fa854a505d868e7372771843f4143ce6a1395e53ed8859925134fb7b7c0aa6d0535daaa2950bf5dc9721a8775030e885bd713d5a1b4788", @ANYRES16=0x0, @ANYBLOB="000427bd7000fddbdf25860000000800220149030000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000800}, 0x4040000) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:00:05 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 8) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:00:05 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x180c0, 0x112) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:00:05 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 26) 11:00:05 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000000)='./file0\x00', 0x4, 0x0, 0x0, 0x20802, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1435.367570] FAULT_INJECTION: forcing a failure. [ 1435.367570] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1435.369475] CPU: 0 PID: 9933 Comm: Not tainted 5.10.222 #1 [ 1435.370310] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1435.371497] Call Trace: [ 1435.371892] dump_stack+0x107/0x167 [ 1435.372428] should_fail.cold+0x5/0xa [ 1435.372993] _copy_from_user+0x2e/0x1b0 [ 1435.373582] comm_write+0xbf/0x2a0 [ 1435.374104] ? proc_pid_permission+0x300/0x300 [ 1435.374792] do_iter_write+0x4f0/0x700 [ 1435.375384] vfs_writev+0x1ae/0x620 [ 1435.375920] ? vfs_iter_write+0xa0/0xa0 [ 1435.376504] ? __fdget_pos+0xf1/0x190 [ 1435.377064] ? lock_downgrade+0x6d0/0x6d0 [ 1435.377681] ? ksys_write+0x12d/0x260 [ 1435.377858] attempt to access beyond end of device [ 1435.377858] loop4: rw=2049, want=276, limit=128 [ 1435.378239] ? __fget_files+0x2f8/0x520 [ 1435.378284] do_writev+0x139/0x300 [ 1435.380706] ? vfs_writev+0x620/0x620 [ 1435.381273] do_syscall_64+0x33/0x40 [ 1435.381813] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1435.382561] RIP: 0033:0x7fbbbec6fb19 [ 1435.383109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1435.385718] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1435.386825] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1435.387853] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1435.388889] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1435.389909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1435.390945] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1435.480439] FAULT_INJECTION: forcing a failure. [ 1435.480439] name failslab, interval 1, probability 0, space 0, times 0 [ 1435.482193] CPU: 1 PID: 9924 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1435.483220] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1435.484436] Call Trace: [ 1435.484854] dump_stack+0x107/0x167 [ 1435.485416] should_fail.cold+0x5/0xa [ 1435.486001] ? create_object.isra.0+0x3a/0xa20 [ 1435.486697] should_failslab+0x5/0x20 [ 1435.487273] kmem_cache_alloc+0x5b/0x310 [ 1435.487900] create_object.isra.0+0x3a/0xa20 [ 1435.488561] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1435.489332] kmem_cache_alloc+0x159/0x310 [ 1435.489970] alloc_buffer_head+0x20/0x110 [ 1435.490606] alloc_page_buffers+0x14d/0x700 [ 1435.491271] create_empty_buffers+0x2c/0x640 [ 1435.491943] create_page_buffers+0x1bb/0x230 [ 1435.492610] __block_write_begin_int+0x1d1/0x19c0 [ 1435.493320] ? fat_add_cluster+0x100/0x100 [ 1435.493947] ? add_to_page_cache_locked+0x40/0x40 [ 1435.494656] ? __page_cache_alloc+0x10d/0x360 [ 1435.495313] ? remove_inode_buffers+0x300/0x300 [ 1435.495995] ? pagecache_get_page+0x243/0xc80 [ 1435.496654] ? unlock_page_memcg+0x96/0x170 [ 1435.497288] ? wait_for_stable_page+0x92/0xe0 [ 1435.497950] cont_write_begin+0x472/0x980 [ 1435.498573] ? fat_add_cluster+0x100/0x100 [ 1435.499192] ? nobh_write_begin+0xed0/0xed0 [ 1435.499823] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1435.500661] ? generic_write_end+0x20e/0x3f0 [ 1435.501308] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1435.502058] fat_write_begin+0x89/0x180 [ 1435.502646] ? fat_add_cluster+0x100/0x100 [ 1435.503274] generic_perform_write+0x20a/0x4f0 [ 1435.503946] ? fat_direct_IO+0x1ef/0x380 [ 1435.504537] ? page_cache_prev_miss+0x310/0x310 [ 1435.505231] __generic_file_write_iter+0x2cd/0x5d0 [ 1435.505957] generic_file_write_iter+0xdb/0x230 [ 1435.506655] do_iter_readv_writev+0x476/0x750 [ 1435.507312] ? new_sync_write+0x660/0x660 [ 1435.507914] ? avc_policy_seqno+0x9/0x70 [ 1435.508503] ? selinux_file_permission+0x92/0x520 [ 1435.509218] ? security_file_permission+0xb1/0xe0 [ 1435.509928] do_iter_write+0x191/0x700 [ 1435.510515] ? trace_hardirqs_on+0x5b/0x180 [ 1435.511151] vfs_iter_write+0x70/0xa0 [ 1435.511714] iter_file_splice_write+0x762/0xc30 [ 1435.512413] ? generic_splice_sendpage+0x140/0x140 [ 1435.513155] ? security_file_permission+0xb1/0xe0 [ 1435.513899] ? generic_splice_sendpage+0x140/0x140 [ 1435.514646] direct_splice_actor+0x10f/0x170 [ 1435.515340] splice_direct_to_actor+0x387/0x980 [ 1435.516031] ? pipe_to_sendpage+0x380/0x380 [ 1435.516667] ? do_splice_to+0x160/0x160 [ 1435.517258] ? security_file_permission+0xb1/0xe0 [ 1435.517971] do_splice_direct+0x1c4/0x290 [ 1435.518591] ? splice_direct_to_actor+0x980/0x980 [ 1435.519293] ? avc_policy_seqno+0x9/0x70 [ 1435.519899] ? security_file_permission+0xb1/0xe0 [ 1435.520614] do_sendfile+0x553/0x11e0 [ 1435.521187] ? do_pwritev+0x270/0x270 [ 1435.521751] ? wait_for_completion_io+0x270/0x270 [ 1435.522471] ? rcu_read_lock_any_held+0x75/0xa0 [ 1435.523149] ? vfs_write+0x354/0xb10 [ 1435.523705] __x64_sys_sendfile64+0x1d1/0x210 [ 1435.524359] ? __ia32_sys_sendfile+0x220/0x220 [ 1435.525038] do_syscall_64+0x33/0x40 [ 1435.525582] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1435.526333] RIP: 0033:0x7f24f4026b19 [ 1435.526882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1435.529523] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1435.530670] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1435.531700] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1435.532733] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1435.533767] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1435.534814] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1435.572482] attempt to access beyond end of device [ 1435.572482] loop6: rw=1, want=275, limit=128 [ 1435.592234] attempt to access beyond end of device [ 1435.592234] loop1: rw=2049, want=276, limit=128 11:00:05 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x1fc) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ioctl$FS_IOC_ENABLE_VERITY(r3, 0x40806685, &(0x7f00000001c0)={0x1, 0x2, 0x1000, 0x36, &(0x7f00000000c0)="7c3765c9017cd785e6d5a4f3ca136da452cecdaeb32dbd158b274df18b74b2c71d273849d810abfac89ad4fb1894347dc0d83d2e4ac9", 0x29, 0x0, &(0x7f0000000180)="8cdd7d081887893ce96eb6c2a92b996fabf9f85ef627d41cfcc1b636532ac919fbc0e82f2b4af1d925"}) rmdir(&(0x7f0000000280)='./file0\x00') ftruncate(r0, 0xfdef) [ 1435.616490] attempt to access beyond end of device [ 1435.616490] loop1: rw=0, want=147, limit=128 [ 1435.621031] attempt to access beyond end of device [ 1435.621031] loop2: rw=2049, want=276, limit=128 [ 1435.623436] attempt to access beyond end of device [ 1435.623436] loop2: rw=34817, want=148, limit=128 11:00:05 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xfffffffffffffffd, 0x0, &(0x7f0000000240), 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x400000, 0x15) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f00000001c0)='/proc/self/exe\x00', 0x40, 0x49) sendfile(r3, r4, 0x0, 0x100000001) fcntl$dupfd(r1, 0x605, r0) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x100000001) sendfile(r4, r5, &(0x7f00000000c0), 0x1) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r7, 0x0, 0x100000001) r8 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400400, 0x0) sendfile(r7, r8, 0x0, 0x6) 11:00:05 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 9) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1435.649455] attempt to access beyond end of device [ 1435.649455] loop2: rw=0, want=147, limit=128 11:00:05 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) ioctl$BTRFS_IOC_SET_FEATURES(r0, 0x40309439, &(0x7f0000000000)={0x0, 0x3, 0x1}) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1435.670897] attempt to access beyond end of device [ 1435.670897] loop4: rw=1, want=403, limit=128 11:00:05 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000012) [ 1435.725699] FAULT_INJECTION: forcing a failure. [ 1435.725699] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1435.727513] CPU: 0 PID: 9958 Comm: Not tainted 5.10.222 #1 [ 1435.728329] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1435.729501] Call Trace: [ 1435.729897] dump_stack+0x107/0x167 [ 1435.730434] should_fail.cold+0x5/0xa [ 1435.730991] _copy_from_user+0x2e/0x1b0 [ 1435.731564] comm_write+0xbf/0x2a0 [ 1435.732079] ? proc_pid_permission+0x300/0x300 [ 1435.732749] do_iter_write+0x4f0/0x700 [ 1435.733332] vfs_writev+0x1ae/0x620 [ 1435.733856] ? vfs_iter_write+0xa0/0xa0 [ 1435.734433] ? __fdget_pos+0xf1/0x190 [ 1435.734981] ? lock_downgrade+0x6d0/0x6d0 [ 1435.735587] ? ksys_write+0x12d/0x260 [ 1435.736143] ? __fget_files+0x2f8/0x520 [ 1435.736737] do_writev+0x139/0x300 [ 1435.737254] ? vfs_writev+0x620/0x620 [ 1435.737817] do_syscall_64+0x33/0x40 [ 1435.738359] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1435.739089] RIP: 0033:0x7fbbbec6fb19 [ 1435.739627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1435.742204] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1435.743292] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1435.744298] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1435.745285] attempt to access beyond end of device [ 1435.745285] loop6: rw=2049, want=276, limit=128 [ 1435.745306] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1435.745326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1435.748688] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1435.751938] attempt to access beyond end of device [ 1435.751938] loop6: rw=0, want=147, limit=128 11:00:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="2400000010000100000000000000000000000000050000000000000005"], 0x24}}, 0x0) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000000)=@default_ap_ssid, 0x6, 0x2) [ 1435.828453] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1435.845305] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 11:00:06 executing program 2: ioctl$TIOCL_SELLOADLUT(0xffffffffffffffff, 0x541c, &(0x7f0000000040)={0x5, 0x7, 0x4, 0x4, 0x6}) openat$sr(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$KDGETLED(r1, 0x4b31, &(0x7f0000000180)) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x20a002, 0x0) ioctl$KDMKTONE(r2, 0x4b30, 0x4) 11:00:06 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 10) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:00:06 executing program 6: chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0/file1\x00', 0x242880, 0x182) lseek(r0, 0x1, 0x1) r3 = openat(r2, &(0x7f0000000000)='/proc/self/exe\x00', 0x105000, 0x0) sendfile(r1, r3, 0x0, 0x100000001) ftruncate(r0, 0xfdef) syz_io_uring_setup(0x10e4, &(0x7f0000000300)={0x0, 0xd6a, 0x10, 0x1, 0x2f0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000380)=0x0, &(0x7f00000003c0)) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x50, r0, 0x10000000) syz_io_uring_submit(r4, r5, &(0x7f0000000440)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000400)={0x77359400}, 0x1, 0x0, 0x1}, 0x41b6) copy_file_range(r0, &(0x7f0000000480)=0x1ff, 0xffffffffffffffff, &(0x7f00000004c0)=0x1, 0x100, 0x0) r6 = geteuid() stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) r8 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r8, r9, 0x0, 0x100000001) ioctl$AUTOFS_DEV_IOCTL_READY(r9, 0xc0189376, &(0x7f0000000280)={{0x1, 0x1, 0x18, r1, {0x1000}}, './file0/file1\x00'}) setresuid(0xffffffffffffffff, r7, 0x0) mount$9p_unix(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000140), 0x101000, &(0x7f0000000180)={'trans=unix,', {[], [{@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@fscontext={'fscontext', 0x3d, 'root'}}, {@fsuuid={'fsuuid', 0x3d, {[0x31, 0x35, 0x38, 0x31, 0x63, 0x5, 0x35, 0x66], 0x2d, [0x38, 0x66, 0x33, 0x63], 0x2d, [0x66, 0x66, 0x62, 0x31], 0x2d, [0x31, 0x32, 0x31, 0x35], 0x2d, [0x35, 0x34, 0x37, 0x38, 0x30, 0x36, 0x32, 0x62]}}}, {@subj_role={'subj_role', 0x3d, '[*-'}}, {@fowner_eq={'fowner', 0x3d, r6}}, {@uid_eq={'uid', 0x3d, 0xffffffffffffffff}}, {@euid_eq={'euid', 0x3d, r7}}, {@uid_lt={'uid<', 0xee00}}]}}) 11:00:06 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x10, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105342, 0x0) openat(r0, &(0x7f00000000c0)='./file1\x00', 0x103201, 0x90) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r5, 0x0) chown(&(0x7f00000001c0)='./file1\x00', r5, 0xee00) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r6, 0x0, 0x100000001) openat(r6, &(0x7f0000000180)='./file0\x00', 0x101402, 0x80) ftruncate(r1, 0xfdef) 11:00:06 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 27) [ 1436.151538] FAULT_INJECTION: forcing a failure. [ 1436.151538] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1436.153439] CPU: 0 PID: 9986 Comm: Not tainted 5.10.222 #1 [ 1436.154247] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1436.155432] Call Trace: [ 1436.155821] dump_stack+0x107/0x167 [ 1436.156352] should_fail.cold+0x5/0xa [ 1436.156909] _copy_from_user+0x2e/0x1b0 [ 1436.157482] comm_write+0xbf/0x2a0 [ 1436.157999] ? proc_pid_permission+0x300/0x300 [ 1436.158672] do_iter_write+0x4f0/0x700 [ 1436.159254] vfs_writev+0x1ae/0x620 [ 1436.159776] ? vfs_iter_write+0xa0/0xa0 [ 1436.160349] ? __fdget_pos+0xf1/0x190 [ 1436.160897] ? lock_downgrade+0x6d0/0x6d0 [ 1436.161503] ? ksys_write+0x12d/0x260 [ 1436.162053] ? __fget_files+0x2f8/0x520 [ 1436.162656] do_writev+0x139/0x300 [ 1436.163166] ? vfs_writev+0x620/0x620 [ 1436.163725] do_syscall_64+0x33/0x40 [ 1436.164254] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1436.164980] RIP: 0033:0x7fbbbec6fb19 [ 1436.165506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1436.168102] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1436.169168] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1436.170167] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1436.171180] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1436.172230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1436.173307] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1436.215615] FAULT_INJECTION: forcing a failure. [ 1436.215615] name failslab, interval 1, probability 0, space 0, times 0 [ 1436.217683] CPU: 1 PID: 9984 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1436.218953] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1436.220312] Call Trace: [ 1436.220719] dump_stack+0x107/0x167 [ 1436.221277] should_fail.cold+0x5/0xa [ 1436.221853] ? create_object.isra.0+0x3a/0xa20 [ 1436.222695] should_failslab+0x5/0x20 [ 1436.223266] kmem_cache_alloc+0x5b/0x310 [ 1436.223890] create_object.isra.0+0x3a/0xa20 [ 1436.224545] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1436.225321] kmem_cache_alloc+0x159/0x310 [ 1436.225961] alloc_buffer_head+0x20/0x110 [ 1436.226598] alloc_page_buffers+0x14d/0x700 [ 1436.227412] create_empty_buffers+0x2c/0x640 [ 1436.228287] create_page_buffers+0x1bb/0x230 [ 1436.229019] __block_write_begin_int+0x1d1/0x19c0 [ 1436.229860] ? fat_add_cluster+0x100/0x100 [ 1436.230495] ? add_to_page_cache_locked+0x40/0x40 [ 1436.231201] ? __page_cache_alloc+0x10d/0x360 [ 1436.231853] ? remove_inode_buffers+0x300/0x300 [ 1436.232530] ? pagecache_get_page+0x243/0xc80 [ 1436.233188] ? unlock_page_memcg+0x96/0x170 [ 1436.233823] ? wait_for_stable_page+0x92/0xe0 [ 1436.234499] cont_write_begin+0x472/0x980 [ 1436.235119] ? fat_add_cluster+0x100/0x100 [ 1436.235739] ? nobh_write_begin+0xed0/0xed0 [ 1436.236372] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1436.237201] ? generic_write_end+0x20e/0x3f0 [ 1436.237845] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1436.238603] fat_write_begin+0x89/0x180 [ 1436.239185] ? fat_add_cluster+0x100/0x100 [ 1436.239809] generic_perform_write+0x20a/0x4f0 [ 1436.240484] ? fat_direct_IO+0x1ef/0x380 [ 1436.241079] ? page_cache_prev_miss+0x310/0x310 [ 1436.241783] __generic_file_write_iter+0x2cd/0x5d0 [ 1436.242541] generic_file_write_iter+0xdb/0x230 [ 1436.243230] do_iter_readv_writev+0x476/0x750 [ 1436.243887] ? new_sync_write+0x660/0x660 [ 1436.244492] ? avc_policy_seqno+0x9/0x70 [ 1436.245084] ? selinux_file_permission+0x92/0x520 [ 1436.245798] ? security_file_permission+0xb1/0xe0 [ 1436.246519] do_iter_write+0x191/0x700 [ 1436.247098] ? trace_hardirqs_on+0x5b/0x180 [ 1436.247877] vfs_iter_write+0x70/0xa0 [ 1436.248441] iter_file_splice_write+0x762/0xc30 [ 1436.249135] ? generic_splice_sendpage+0x140/0x140 [ 1436.249969] ? security_file_permission+0xb1/0xe0 [ 1436.250851] ? generic_splice_sendpage+0x140/0x140 [ 1436.251695] direct_splice_actor+0x10f/0x170 [ 1436.252376] splice_direct_to_actor+0x387/0x980 [ 1436.253181] ? pipe_to_sendpage+0x380/0x380 [ 1436.253963] ? do_splice_to+0x160/0x160 [ 1436.254788] ? security_file_permission+0xb1/0xe0 [ 1436.255619] do_splice_direct+0x1c4/0x290 [ 1436.256368] ? splice_direct_to_actor+0x980/0x980 [ 1436.257187] ? avc_policy_seqno+0x9/0x70 [ 1436.257920] ? security_file_permission+0xb1/0xe0 [ 1436.258812] do_sendfile+0x553/0x11e0 [ 1436.259388] ? do_pwritev+0x270/0x270 [ 1436.260074] ? wait_for_completion_io+0x270/0x270 [ 1436.260927] ? rcu_read_lock_any_held+0x75/0xa0 [ 1436.261798] ? vfs_write+0x354/0xb10 [ 1436.262436] __x64_sys_sendfile64+0x1d1/0x210 [ 1436.263234] ? __ia32_sys_sendfile+0x220/0x220 [ 1436.264042] do_syscall_64+0x33/0x40 [ 1436.264782] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1436.265705] RIP: 0033:0x7f24f4026b19 [ 1436.266399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1436.269665] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1436.271138] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1436.272372] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1436.273401] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1436.274694] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1436.275933] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1453.568747] FAULT_INJECTION: forcing a failure. [ 1453.568747] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1453.570329] CPU: 0 PID: 10007 Comm: Not tainted 5.10.222 #1 [ 1453.570969] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1453.571868] Call Trace: [ 1453.572162] dump_stack+0x107/0x167 [ 1453.572567] should_fail.cold+0x5/0xa [ 1453.572990] _copy_from_user+0x2e/0x1b0 [ 1453.573437] comm_write+0xbf/0x2a0 [ 1453.573822] ? proc_pid_permission+0x300/0x300 [ 1453.574333] do_iter_write+0x4f0/0x700 [ 1453.574781] vfs_writev+0x1ae/0x620 [ 1453.575181] ? vfs_iter_write+0xa0/0xa0 [ 1453.575615] ? __fdget_pos+0xf1/0x190 [ 1453.576024] ? lock_downgrade+0x6d0/0x6d0 [ 1453.576477] ? ksys_write+0x12d/0x260 [ 1453.576896] ? __fget_files+0x2f8/0x520 [ 1453.577351] do_writev+0x139/0x300 [ 1453.577733] ? vfs_writev+0x620/0x620 [ 1453.578152] do_syscall_64+0x33/0x40 [ 1453.578553] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1453.579108] RIP: 0033:0x7fbbbec6fb19 [ 1453.579507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1453.579578] handle_bad_sector: 8 callbacks suppressed [ 1453.579595] attempt to access beyond end of device [ 1453.579595] loop4: rw=2049, want=276, limit=128 [ 1453.581425] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1453.581443] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1453.581452] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1453.581464] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1453.581472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1453.581481] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:00:23 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f00000001c0)=[{&(0x7f0000000300)="eb3c906d6ba30b0a54c39e4d13c895090000000083c92a4569534d4e3a8b5340d078cf0000000154d73121e73f3cd49f0e036002dbaa8cd388cef8e23c00e977d61ad5e3c0f5b17e973324eb393a99e6af5a03d4dc5ff0", 0x57, 0x2}, {0x0, 0x0, 0x8003}, {&(0x7f0000000140)="a6f015f0512ff6a21f193e7c9f2d2047ac95e3706dc5b028771a09c80605a26cba1d8cd6b6cfc57ba7", 0x29, 0x5}], 0x80000, &(0x7f0000000180)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0x80200, 0x0) r2 = openat(r1, &(0x7f0000000240)='./file0\x00', 0x100, 0x20) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) openat(r3, &(0x7f00000000c0)='./file0\x00', 0x4400, 0x11) sendfile(r3, r4, 0x0, 0x100000001) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x100000001) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189373, &(0x7f0000000280)={{0x1, 0x1, 0x18, r6, {0x1}}, './file0\x00'}) ftruncate(r0, 0xfdef) 11:00:23 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3740, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0xffffffffffffffff, 0x400000000000, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 11:00:23 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 28) 11:00:23 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @ipv4, 0xffffffff}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a64485f108d23b76be", 0x9}], 0x1}, 0x0, 0x4000000}, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r4, @ANYBLOB="00000000550000002e5155283af3625151026f4c022f66696c5c3500"]) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 11:00:23 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000013) 11:00:23 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 11) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:00:23 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f00000000c0)) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:00:23 executing program 0: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="9f35d16f394dc497695ecb4114339b323fe9ca18c09b7b63d24276120ba219274e80af8fd676affcaf87205424a92c0de6b7707b3a04d0ce4ce5fd8939c36fec36e7549d5f2e7eb5229cb455249571e3f408", @ANYBLOB="25e670e3167a04f2d089d833b410ebb2f53e8e31f437adc2ff", @ANYRESHEX, @ANYRES64=0x0]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) ftruncate(r1, 0xfdef) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x100000001) semctl$IPC_RMID(0x0, 0x0, 0x0) getresgid(&(0x7f00000010c0), &(0x7f0000001100)=0x0, &(0x7f0000001140)=0x0) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000001200)={{0x0, 0xee01, r6, 0xffffffffffffffff, 0x0, 0x4, 0x2}, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f}) clone3(&(0x7f0000004100)={0x20861000, &(0x7f0000003e00), &(0x7f0000003e40)=0x0, &(0x7f0000003e80), {0x8}, &(0x7f0000003ec0)=""/216, 0xd8, &(0x7f0000003fc0)=""/246, &(0x7f00000040c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0], 0x7, {r1}}, 0x58) r9 = gettid() r10 = syz_open_dev$ttys(0xc, 0x2, 0x1) r11 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000043c0)=[{{&(0x7f00000003c0)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000000580)=[{&(0x7f0000000440)="ca9433a55b84d241bb172d85866f0eb492755866ff197b1a06e929216f15a37cf41d8d7c721a599d0d568eef24fba425331001634fbfceab77a86cea7faf37a33dc51cb746f684eb3942e1e0a6eb57c886f6ba3e87c5491f1e3c29dfdf106e56547e526da7acaa267ae8df7198930f6bfb8e964e641f0c0a8376b224224ade4b3de68b3f7f98e521214b3540b8f77c0becea8d397372d6a2d2fe5ce90225a0ea3a57fe5577325ca8b6d0e89656b8ff1973abb523d780fdd7bf628425ed38553ba82884669e21da80", 0xc8}, {&(0x7f0000000540)="d1f3e9faf6a7726b606fa1e5", 0xc}], 0x2, 0x0, 0x0, 0x44044}}, {{&(0x7f00000005c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000880)=[{&(0x7f0000000640)="f1bed3776c523f1ab84a49cbe2e6717338ad5ddd24ebe674d4c6ea67c15893ff3ea4576c95f0084c6c13969b729100e4aed638adafecfc2b4db310c640b0ff29b42df3da14e2c0121720f8565ef132a42c5e984eb36a70ae22da9e7915465e2563616b4a9777b5639750b040d90dc092fc8137992254c1bd21131e27316aa386aa2b3a7477f8bde6d3fd3ad7e1a06c64288b28905b5ccf6d", 0x98}, {&(0x7f0000000700)="730f05d0cbadc94a3df565b51cc61d304b4aae168e2675f912c00e53e8191720c9adacf50fd5dbaa2462074524ccfecdafbba0d206d8fb70adc1c6f339e8b1f215805e69b6eb870cba6157a53a2cf88a0b30d75c951a08a345807e1b8b3cf6cd7b30d2be0ce2fd2113eb23ef83a984671b7af74aa2c847e45b6f5c1735ebc1d570ff49c635b8374fd5f93dce1e", 0x8d}, {&(0x7f00000007c0)="56b728fdd32d1e2651e8c1662ccc4824c476935a9afc2fbf1089bc82c77b89fff218c8b3ea60ab4f3f8469fd0737a0b814e11a6fb7c9620294663e39e877ed6fd21f71ca30661f7998d01ee6c41829c608a6d8263cac026a60bb9269643a1531aba3a484fc23b782c8639cf4620c060d3c3b30603b0f9f34957bdb0b06113fa8aa2b55fc54b7e60c2b1e9c500ce54d14eb89d2745fae45b223f29f1fc23f6e9573375558a03550c38995fa9b548f", 0xae}], 0x3, &(0x7f00000037c0)=ANY=[@ANYBLOB="18000000000000000100000001000000", @ANYRES32, @ANYRES32=r0, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000200"], 0x70, 0x5}}, {{&(0x7f0000003840)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000003ac0)=[{&(0x7f00000038c0)="6af767c4de1a331ed8a571527f63b4377cad4b4659d09cc0cfacb23bff890ce8c21272075f0233171691e31cd5bba97c6bcef01cddcae60b3df384debd4cbb62b97f91d299b50b06e323f6e822149c816ffe6b9ababcbbb979df38c5df32abef44c52cca7e2e10c4d1813ba5ac9d40831b7f470bcc35145798b9aa4251e829c901f7e498dd591aa4a495eb5be339d2a54d26e5ec0d4b71e924269a4517989102e66e3690f4b37ef96eb9", 0xaa}, {&(0x7f0000003980)="f7a4367b17eb1d7539f52bda316a968975c8355f5ce3c92e33b639c6e4e0dc5d00f7812141bee91a50f306a9d377c18cdbf5fa364b27e6e4ebc005bb669b5a34b3e0ef8b598f9f07a5c7ac211e8525c592f217dc8a2971bd8bfe203cac02636b02fe42b19eff8148343a8ba6afec1c7556c12b86c5fd2c4b2ce4003ee754c83dd100938f0b53665a2f872c8a62b8f36c0b781a2470fd", 0x96}, {&(0x7f0000003a40)="5def30e8307b9fbe093a", 0xa}, {&(0x7f0000003a80)="1f34cc32d4403cbab0057df3cdc8069a8264766c3a7306d2713c23a0779d1e4918b6ec8b", 0x24}], 0x4, &(0x7f0000003c40)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff, r1]}}], 0x28, 0x24008885}}, {{&(0x7f0000003c80)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000003d40)=[{&(0x7f0000003d00)="2f48eedc2db6c1d215", 0x9}], 0x1, &(0x7f0000004180)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r8, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xffffffffffffffff, 0xee01}}}], 0x60, 0x1}}, {{&(0x7f0000004200)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000004300)=[{&(0x7f0000004280)="c27a05144f6a450f648554e57223dd10992a6f3fd28d379bdcea20ecb915ccb37ce0e6482c3f", 0x26}, {&(0x7f00000042c0)}], 0x2, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r9, @ANYRES32=0xee01, @ANYRES32=0xee00, @ANYBLOB="0000000028000000000000000100000001000000ff2d261ccf1abad9d357ae388da3a2c1b7306f01e475796020d24f87c17acf8f6c2d933c276cf76c813c0bd2016dc5173e221f000000e12c8de3f3306020ba0f9e2f2c705fea50eac68e9b7411f7e512326446ea8b9ef7b42ad86053e83aa7ce7656fedfc53ea6b7d79c1444a3d4fdfdb7cca52cee065793b3bba56afa5396049dda2f28bc6dd70955c0beb4229b0d45bef5c4fdb6e1b44b2a1c1d40d1ce52ff9614a86a233b01fc1367e68d0e9eec1e24baa5cebd4caaabb5728314653c73883431397626451841e9685c5dd9bde3560b2dffdfee2fb2c5243384f9b997aca5c39882e71cd91d61be73e4d47cbddb15cdff62ae83db13568f9660f4ece819d14d22c0200bf7908f08052a9d549df90a454a604d7735920359f8bfd0d4992075c4ddde296ac9fd3f445351c279fceaa3d612c18eab20ea442a45118083bef457fb17f8169524a85043579d1b2dc692678be9e7153cb8476f7ec88d2e10862198eeb0a4d01ba3d16e30779700"/402, @ANYRES32=r2, @ANYRES32, @ANYRES32=r10, @ANYRES32=r11, @ANYRES32=r2, @ANYRES32=r3], 0x48, 0x4000}}], 0x5, 0x8000) sendmsg$NL80211_CMD_REGISTER_BEACONS(r4, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="40001200ac0b0002007a764d93d486d9fe7e5397e89fefc2b38527314c46a5bf8f6a92e303246d9681741abd9983cb92053b0f86000000000000ffff0000000000000000000000bf8313475e85b83c3df793fe", @ANYRESOCT, @ANYBLOB="080028bd7000ffdbdf2555000000080001008a00000008000300", @ANYRES64, @ANYBLOB="0c009900400000002f000000", @ANYRES16, @ANYRES32=r7, @ANYRESDEC=r5, @ANYBLOB="4a88f22be5b3d44b9561874e2919a88d777cfedee9b91b5fb43312f914d17dbab1b35de8577267d6db6fd79a9f53ee23d5ad49745b5288bbaafa814023c1c0d6d815e19584e9121524e46934099f08a0bc65f51153b251be571b1835d3a6f78219b8258dcf847e0273b94928677434ca73a27387a47c5526eb49ef5671a3ec8b337e77eac35ac64204f192843f50caf9c34c8174a9b2e457f111473214d0ffb4640c0f9d7ac3e1e4f8903f38cafd694909e3c78b4e3fe2b7a10f9e69f6138a3c09a7905c90f66ee3e3cde5e4206a605683b6e2c14fabc666aad98d9702ea4fe55dd77b9569cb039d8a6fc991f64c"], 0x30}, 0x1, 0x0, 0x0, 0x4048800}, 0x4048040) 11:00:23 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 12) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1453.749573] FAULT_INJECTION: forcing a failure. [ 1453.749573] name failslab, interval 1, probability 0, space 0, times 0 [ 1453.751056] CPU: 0 PID: 10018 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1453.751744] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1453.752561] Call Trace: [ 1453.752833] dump_stack+0x107/0x167 [ 1453.753200] should_fail.cold+0x5/0xa [ 1453.753582] ? ___slab_alloc+0x155/0x700 [ 1453.753985] ? create_object.isra.0+0x3a/0xa20 [ 1453.754440] should_failslab+0x5/0x20 [ 1453.754822] kmem_cache_alloc+0x5b/0x310 [ 1453.755232] create_object.isra.0+0x3a/0xa20 [ 1453.755663] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1453.756166] kmem_cache_alloc+0x159/0x310 [ 1453.756584] __es_insert_extent+0xed1/0x1370 [ 1453.757042] ext4_es_insert_extent+0x45d/0xf10 [ 1453.757503] ? ext4_es_scan_clu+0x2e0/0x2e0 [ 1453.757937] ? lock_downgrade+0x6d0/0x6d0 [ 1453.758377] ? do_raw_read_unlock+0x3b/0x70 [ 1453.758821] ? ext4_es_lookup_extent+0xc4/0xaa0 [ 1453.759290] ext4_map_blocks+0x80b/0x1910 [ 1453.759718] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 1453.760169] ? trace_hardirqs_on+0x5b/0x180 [ 1453.760332] FAULT_INJECTION: forcing a failure. [ 1453.760332] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1453.760612] ? kmem_cache_alloc+0x2a6/0x310 [ 1453.762727] ext4_writepages+0x19bf/0x3350 [ 1453.763144] ? unwind_next_frame+0x13ef/0x1a90 [ 1453.763609] ? find_held_lock+0x2c/0x110 [ 1453.764034] ? __ext4_mark_inode_dirty+0x770/0x770 [ 1453.764522] ? __is_insn_slot_addr+0x14c/0x290 [ 1453.764973] ? __kernel_text_address+0x9/0x40 [ 1453.765416] ? unwind_get_return_address+0x55/0xa0 [ 1453.765891] ? create_prof_cpu_mask+0x20/0x20 [ 1453.766353] ? stack_trace_save+0x8c/0xc0 [ 1453.766766] ? stack_trace_consume_entry+0x160/0x160 [ 1453.767276] ? kasan_save_stack+0x32/0x40 [ 1453.767677] ? kasan_save_stack+0x1b/0x40 [ 1453.768080] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1453.768585] ? __ext4_mark_inode_dirty+0x770/0x770 [ 1453.769061] do_writepages+0xee/0x2a0 [ 1453.769443] ? page_writeback_cpu_online+0x20/0x20 [ 1453.769917] ? lock_acquire+0x197/0x470 [ 1453.770320] ? create_object.isra.0+0x3ad/0xa20 [ 1453.770786] ? lock_release+0x680/0x680 [ 1453.771176] ? find_held_lock+0x2c/0x110 [ 1453.771588] __filemap_fdatawrite_range+0x24b/0x2f0 [ 1453.772074] ? delete_from_page_cache_batch+0xa30/0xa30 [ 1453.772599] ? mark_held_locks+0x9e/0xe0 [ 1453.773002] ? trace_hardirqs_on+0x5b/0x180 [ 1453.773440] filemap_write_and_wait_range+0x65/0x100 [ 1453.773937] __iomap_dio_rw+0x552/0x1110 [ 1453.774363] ? iomap_dio_bio_actor+0xef0/0xef0 [ 1453.774818] ? ext4_orphan_add+0x253/0x9e0 [ 1453.775244] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 1453.775724] ? ext4_empty_dir+0xae0/0xae0 [ 1453.776126] ? jbd2__journal_start+0xf3/0x7e0 [ 1453.776584] iomap_dio_rw+0x31/0x90 [ 1453.776944] ext4_file_write_iter+0xb26/0x18d0 [ 1453.777412] ? ext4_file_read_iter+0x4c0/0x4c0 [ 1453.777853] ? kasan_save_stack+0x32/0x40 [ 1453.778268] ? kasan_save_stack+0x1b/0x40 [ 1453.778679] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1453.779175] ? iter_file_splice_write+0x16d/0xc30 [ 1453.779646] ? direct_splice_actor+0x10f/0x170 [ 1453.780089] ? splice_direct_to_actor+0x387/0x980 [ 1453.780561] ? do_splice_direct+0x1c4/0x290 [ 1453.780975] ? do_sendfile+0x553/0x11e0 [ 1453.781367] ? __x64_sys_sendfile64+0x1d1/0x210 [ 1453.781817] ? do_syscall_64+0x33/0x40 [ 1453.782194] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1453.782730] do_iter_readv_writev+0x476/0x750 [ 1453.783172] ? new_sync_write+0x660/0x660 [ 1453.783582] ? avc_policy_seqno+0x9/0x70 [ 1453.783980] ? selinux_file_permission+0x92/0x520 [ 1453.784463] ? security_file_permission+0xb1/0xe0 [ 1453.784941] do_iter_write+0x191/0x700 [ 1453.785332] ? trace_hardirqs_on+0x5b/0x180 [ 1453.785758] vfs_iter_write+0x70/0xa0 [ 1453.786130] iter_file_splice_write+0x762/0xc30 [ 1453.786603] ? generic_splice_sendpage+0x140/0x140 [ 1453.787106] ? security_file_permission+0xb1/0xe0 [ 1453.787581] ? generic_splice_sendpage+0x140/0x140 [ 1453.788060] direct_splice_actor+0x10f/0x170 [ 1453.788500] splice_direct_to_actor+0x387/0x980 [ 1453.788956] ? pipe_to_sendpage+0x380/0x380 [ 1453.789386] ? do_splice_to+0x160/0x160 [ 1453.789774] ? security_file_permission+0xb1/0xe0 [ 1453.790251] do_splice_direct+0x1c4/0x290 [ 1453.790662] ? splice_direct_to_actor+0x980/0x980 [ 1453.791124] ? avc_policy_seqno+0x9/0x70 [ 1453.791533] ? security_file_permission+0xb1/0xe0 [ 1453.792013] do_sendfile+0x553/0x11e0 [ 1453.792402] ? do_pwritev+0x270/0x270 [ 1453.792772] ? wait_for_completion_io+0x270/0x270 [ 1453.793247] ? rcu_read_lock_any_held+0x75/0xa0 [ 1453.793699] ? vfs_write+0x354/0xb10 [ 1453.794070] __x64_sys_sendfile64+0x1d1/0x210 [ 1453.794515] ? __ia32_sys_sendfile+0x220/0x220 [ 1453.794977] do_syscall_64+0x33/0x40 [ 1453.795343] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1453.795838] RIP: 0033:0x7f24f4026b19 [ 1453.796203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1453.797943] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1453.798687] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1453.799368] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 1453.800042] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1453.800724] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1453.801409] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1453.802123] CPU: 1 PID: 10037 Comm: Not tainted 5.10.222 #1 [ 1453.803128] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1453.804524] Call Trace: [ 1453.805077] dump_stack+0x107/0x167 [ 1453.805615] should_fail.cold+0x5/0xa [ 1453.806180] _copy_from_user+0x2e/0x1b0 [ 1453.806776] comm_write+0xbf/0x2a0 [ 1453.807300] ? proc_pid_permission+0x300/0x300 [ 1453.807972] ? do_iter_write+0x40e/0x700 [ 1453.808577] do_iter_write+0x4f0/0x700 [ 1453.809165] vfs_writev+0x1ae/0x620 [ 1453.809703] ? vfs_iter_write+0xa0/0xa0 [ 1453.810281] ? __fdget_pos+0xf1/0x190 [ 1453.810847] ? lock_downgrade+0x6d0/0x6d0 [ 1453.811456] ? ksys_write+0x12d/0x260 [ 1453.812023] ? __fget_files+0x2f8/0x520 [ 1453.812624] do_writev+0x139/0x300 [ 1453.813148] ? vfs_writev+0x620/0x620 [ 1453.813719] do_syscall_64+0x33/0x40 [ 1453.814262] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1453.815011] RIP: 0033:0x7fbbbec6fb19 [ 1453.815556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1453.818192] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1453.819300] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1453.820323] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1453.821349] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1453.822380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1453.823414] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1453.838099] attempt to access beyond end of device [ 1453.838099] loop4: rw=1, want=292, limit=128 11:00:23 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000014) 11:00:23 executing program 2: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x10, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) r0 = dup(0xffffffffffffffff) io_submit(0x0, 0x2, &(0x7f0000001680)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r1 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SG_IO(r2, 0x2285, &(0x7f00000003c0)={0x53, 0xfffffffffffffffe, 0x6, 0x0, @buffer={0x300, 0xae, &(0x7f0000000580)=""/174}, &(0x7f0000000040)="4feb7dc9066b", 0x0, 0x0, 0x0, 0x4, 0x0}) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r4 = clone3(&(0x7f0000000cc0)={0x80004800, &(0x7f0000000540), &(0x7f0000000b00), &(0x7f0000000b40), {0xc}, &(0x7f0000000b80)=""/34, 0x22, &(0x7f0000000bc0)=""/175, &(0x7f0000000c80)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff], 0x5, {r3}}, 0x58) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, &(0x7f0000000d40)={{0x1, 0x1, 0x18, r0, {r2}}, './file0\x00'}) perf_event_open(&(0x7f0000000a80)={0x1, 0x80, 0x8, 0x20, 0xe5, 0x0, 0x0, 0xfff, 0xc1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x1, @perf_bp={&(0x7f0000000500)}, 0x40, 0x3, 0x6, 0x6, 0xf9, 0x3, 0x2, 0x0, 0x6, 0x0, 0x1}, r4, 0xf, r5, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0xd4a40, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280), 0x2400c0, 0x0) syz_io_uring_setup(0x4d4e, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x106}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000200), &(0x7f0000000140)) preadv2(r0, &(0x7f00000009c0)=[{&(0x7f0000000440)=""/151, 0x97}, {&(0x7f0000000340)=""/119, 0x77}, {&(0x7f0000000640)=""/204, 0xcc}, {&(0x7f0000000740)=""/174, 0xae}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000000800)=""/186, 0xba}, {&(0x7f00000000c0)=""/4, 0x4}, {&(0x7f00000008c0)=""/233, 0xe9}, {&(0x7f00000001c0)=""/23, 0x17}], 0x9, 0x3, 0x3f, 0x12) [ 1454.176411] audit: type=1326 audit(1722078024.236:210): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10042 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa99019b19 code=0x7ffc0000 [ 1454.207293] audit: type=1326 audit(1722078024.267:211): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10042 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa99019b19 code=0x7ffc0000 [ 1454.215916] audit: type=1326 audit(1722078024.276:212): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10042 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7ffa99019b19 code=0x7ffc0000 [ 1454.220892] audit: type=1326 audit(1722078024.280:213): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10042 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa99019b19 code=0x7ffc0000 [ 1454.242712] audit: type=1326 audit(1722078024.288:214): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10042 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7ffa99019b19 code=0x7ffc0000 [ 1454.260805] audit: type=1326 audit(1722078024.289:215): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10042 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa99019b19 code=0x7ffc0000 [ 1454.295294] audit: type=1326 audit(1722078024.289:216): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10042 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa99019b19 code=0x7ffc0000 [ 1454.310113] audit: type=1326 audit(1722078024.300:217): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10042 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ffa98fcca04 code=0x7ffc0000 [ 1454.321737] audit: type=1326 audit(1722078024.300:218): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10042 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa99019b19 code=0x7ffc0000 [ 1454.325716] audit: type=1326 audit(1722078024.300:219): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10042 comm="syz-executor.2" exe="/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa99019b19 code=0x7ffc0000 11:00:38 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) ioctl$FS_IOC_READ_VERITY_METADATA(r2, 0xc0286687, &(0x7f0000000180)={0x3, 0x2, 0x1000, &(0x7f0000000300)=""/4096}) chdir(&(0x7f00000000c0)='./file0\x00') 11:00:38 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) openat(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x40) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) ftruncate(r1, 0xfdef) 11:00:38 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000015) 11:00:38 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 29) 11:00:38 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000640), &(0x7f0000000680)=0x4) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r1, 0x80047210, &(0x7f0000000000)) 11:00:38 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x0, 0x8, &(0x7f0000000800)=[{&(0x7f0000000300)="86fe4858d2a3c0fbc503438b7d813ace1b30f0af2e4ffe1502a38da9426803d0a8ba6441faa1ae964709216affbbebe2573a98383cfd12417358852c8f6ca1796bd74261f1d535ec448e9bd5951d05ffafb02c4272b1d51cb0f5713d52850d44df29c5add74f8d8546b7831f7371f63009710254a7fbbdf5d5b081d2f41f9d773aeff7255e08e7082d87a162c9", 0x8d, 0x32}, {&(0x7f00000001c0)="84db352ce73fad8ece73cf099ad560fd058278", 0x13, 0x9421}, {&(0x7f00000003c0)="9d91fca55e536bcce2228af486b8399517db94d445401ef471ded523afc82453d69b5d5cce21433117906825fabbe088f1308aa174d9477fdd7b65a2cc9560be76e6455be1dbfcc38384afebc1df9e3d9aa8ed3a0936efaf19b16284c47e4a4dc7df5652a31667aa395daa78bfa6307cc3bb8423667fe12aa66d132909969068c57528bd6ee3d6", 0x87, 0x81}, {&(0x7f0000000480)="e0d59bb3448b0a206210e5f2fb22ffc700ef2f3922f7ba44f4047ac2c7aef57e28e1cb1cb5c93f11beabced52c603d3084803a8445b7e6e5a651d8dc28523d63ce0c95b9046b21d487fec3299d6d9aa6826e4051c462936946da2efc445722f6c7617b4e4e2899151182a87dff965d8bf5b132b3b106e588b3d12182f7bf57aeb1e68bf0672e0ca0429ac6fb30539df635594e9207fba4b9", 0x98}, {&(0x7f0000000540)="008e011b0d04fbb4fa8f54b7a0fe5ccb2cb4a144b4a125271521f9509e4099d35af102fb16bcddbd14c118a355c021df5176b827d970dd38d608242a468237d105045b4292494066e051f12c2ddd2c204d2272f33d48d0abb54f081dd651b2472a30b412428aa5a241d64db3679ebb45e86adf83127f390c5ae68b9e6bf1437ad26ac1ebf53c658237c52ed296f3b85e23cd27f7cec043738179c17c768f91a137d23216828d6722e6a192343016c18a7a60e14d09128a98b14029772f01e0ce8c7bb75b85e0603829874bd9ddac709995a79d7d2c44c065eb9a1ec788a7c5", 0xdf, 0x8}, {&(0x7f0000000640)="352558faa9012af4f913ffa96edc60a0e80001c0df1201ea2879fcff1d627c1aa95d6d53402fd86137c7631412dc503aeb3a62885ec887a998322c2aba24bc679a9c2e89a07790f2272071eceda75a6a27aa9f364b0c290ef9b7f72c0a8d6c198fd2a9b4dd47da0fa78aa7", 0x6b, 0x6}, {&(0x7f00000006c0)="7e70ba1626e9bdb4127ead1467168f4f8931b4aaea6cb171be11760ff31d876825c6853975463cf8df9158198d486fe8250b491062ea3c9041b2c1138f0ba30fbc9470a7923c233422df514b5d4da26d1aef8ceb850d20f967adfaf08566637daef77305c0addc5a6b4ffc9491951dabfb", 0x71, 0x1}, {&(0x7f0000000740)="cf7babf07d7c9aa42c2e010da18ca2efc17673b933f583d1249769f3f4e9e4f5c8b415087c31521bccaad386297d325ce20b3f28e1ccc2bd88ff8409af6e85cefb6b406e26deae13a348813c732f832d8ec590612a78d3004be431dcc71d062428dd5c6dd6c34d2350ffab236e5049d5d25877de0f8877c8ed3afd463c7dabf0ec517b9d9468be489230ff9cd413eea719a9bc6fbc0d688701d2285a1483b5ea69b4c362b58d3e", 0xa7, 0x3f}], 0x82, &(0x7f00000008c0)={[{@huge_always}, {@huge_within_size}], [{@mask={'mask', 0x3d, 'MAY_READ'}}, {@dont_hash}, {@context={'context', 0x3d, 'sysadm_u'}}, {@smackfshat={'smackfshat', 0x3d, 'vfat\x00'}}]}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:00:38 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 13) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:00:38 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1468.820508] FAULT_INJECTION: forcing a failure. [ 1468.820508] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1468.822388] CPU: 1 PID: 10079 Comm: Not tainted 5.10.222 #1 [ 1468.823242] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1468.824444] Call Trace: [ 1468.824847] dump_stack+0x107/0x167 [ 1468.825385] should_fail.cold+0x5/0xa [ 1468.825956] _copy_from_user+0x2e/0x1b0 [ 1468.826545] comm_write+0xbf/0x2a0 [ 1468.827085] ? proc_pid_permission+0x300/0x300 [ 1468.827773] do_iter_write+0x4f0/0x700 [ 1468.828365] vfs_writev+0x1ae/0x620 [ 1468.828904] ? vfs_iter_write+0xa0/0xa0 [ 1468.829494] ? __fdget_pos+0xf1/0x190 [ 1468.830059] ? lock_downgrade+0x6d0/0x6d0 [ 1468.830678] ? ksys_write+0x12d/0x260 [ 1468.831251] ? __fget_files+0x2f8/0x520 [ 1468.831865] do_writev+0x139/0x300 [ 1468.832397] ? vfs_writev+0x620/0x620 [ 1468.832976] do_syscall_64+0x33/0x40 [ 1468.833527] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1468.834275] RIP: 0033:0x7fbbbec6fb19 [ 1468.834827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1468.837485] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1468.838610] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1468.839659] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1468.840687] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1468.841719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1468.842750] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:00:38 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) r4 = signalfd4(r1, &(0x7f00000000c0)={[0x7]}, 0x8, 0x800) ioctl$AUTOFS_DEV_IOCTL_VERSION(r4, 0xc0189371, &(0x7f0000000180)=ANY=[@ANYBLOB="010030000000000018000000", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) ftruncate(r1, 0xfdef) [ 1468.912934] FAULT_INJECTION: forcing a failure. [ 1468.912934] name failslab, interval 1, probability 0, space 0, times 0 [ 1468.914740] CPU: 1 PID: 10065 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1468.915748] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1468.916944] Call Trace: [ 1468.917336] dump_stack+0x107/0x167 [ 1468.917879] should_fail.cold+0x5/0xa [ 1468.918443] ? create_object.isra.0+0x3a/0xa20 [ 1468.919147] should_failslab+0x5/0x20 [ 1468.919482] attempt to access beyond end of device [ 1468.919482] loop6: rw=2049, want=276, limit=128 [ 1468.919706] kmem_cache_alloc+0x5b/0x310 [ 1468.919736] create_object.isra.0+0x3a/0xa20 [ 1468.921712] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1468.922465] kmem_cache_alloc+0x159/0x310 [ 1468.923093] alloc_buffer_head+0x20/0x110 [ 1468.923704] alloc_page_buffers+0x14d/0x700 [ 1468.924345] create_empty_buffers+0x2c/0x640 [ 1468.925000] create_page_buffers+0x1bb/0x230 [ 1468.925650] __block_write_begin_int+0x1d1/0x19c0 [ 1468.926356] ? fat_add_cluster+0x100/0x100 [ 1468.926988] ? add_to_page_cache_locked+0x40/0x40 [ 1468.927686] ? __page_cache_alloc+0x10d/0x360 [ 1468.928341] ? remove_inode_buffers+0x300/0x300 [ 1468.929019] ? pagecache_get_page+0x243/0xc80 [ 1468.929673] ? unlock_page_memcg+0x96/0x170 [ 1468.930306] ? wait_for_stable_page+0x92/0xe0 [ 1468.930978] cont_write_begin+0x472/0x980 [ 1468.931596] ? fat_add_cluster+0x100/0x100 [ 1468.932216] ? nobh_write_begin+0xed0/0xed0 [ 1468.932860] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1468.933700] ? generic_write_end+0x20e/0x3f0 [ 1468.934341] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1468.935099] fat_write_begin+0x89/0x180 [ 1468.935682] ? fat_add_cluster+0x100/0x100 [ 1468.936311] generic_perform_write+0x20a/0x4f0 [ 1468.936994] ? fat_direct_IO+0x1ef/0x380 [ 1468.937592] ? page_cache_prev_miss+0x310/0x310 [ 1468.938298] __generic_file_write_iter+0x2cd/0x5d0 [ 1468.939033] generic_file_write_iter+0xdb/0x230 [ 1468.939727] do_iter_readv_writev+0x476/0x750 [ 1468.940394] ? new_sync_write+0x660/0x660 [ 1468.940995] ? avc_policy_seqno+0x9/0x70 [ 1468.941597] ? selinux_file_permission+0x92/0x520 [ 1468.942318] ? security_file_permission+0xb1/0xe0 [ 1468.943046] do_iter_write+0x191/0x700 [ 1468.943627] ? trace_hardirqs_on+0x5b/0x180 [ 1468.944271] vfs_iter_write+0x70/0xa0 [ 1468.944838] iter_file_splice_write+0x762/0xc30 [ 1468.945547] ? generic_splice_sendpage+0x140/0x140 [ 1468.946293] ? security_file_permission+0xb1/0xe0 [ 1468.947014] ? generic_splice_sendpage+0x140/0x140 [ 1468.947729] direct_splice_actor+0x10f/0x170 [ 1468.948383] splice_direct_to_actor+0x387/0x980 [ 1468.949062] ? pipe_to_sendpage+0x380/0x380 [ 1468.949706] ? do_splice_to+0x160/0x160 [ 1468.950290] ? security_file_permission+0xb1/0xe0 [ 1468.951023] do_splice_direct+0x1c4/0x290 [ 1468.951626] ? splice_direct_to_actor+0x980/0x980 [ 1468.952336] ? avc_policy_seqno+0x9/0x70 [ 1468.952942] ? security_file_permission+0xb1/0xe0 [ 1468.953670] do_sendfile+0x553/0x11e0 [ 1468.954243] ? do_pwritev+0x270/0x270 [ 1468.954812] ? wait_for_completion_io+0x270/0x270 [ 1468.955528] ? rcu_read_lock_any_held+0x75/0xa0 [ 1468.956211] ? vfs_write+0x354/0xb10 [ 1468.956766] __x64_sys_sendfile64+0x1d1/0x210 [ 1468.957429] ? __ia32_sys_sendfile+0x220/0x220 [ 1468.958108] do_syscall_64+0x33/0x40 [ 1468.958663] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1468.959407] RIP: 0033:0x7f24f4026b19 [ 1468.959963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1468.962598] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1468.963715] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1468.964756] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1468.965795] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1468.966836] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1468.967882] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1468.975200] attempt to access beyond end of device [ 1468.975200] loop6: rw=0, want=147, limit=128 [ 1468.998689] attempt to access beyond end of device [ 1468.998689] loop1: rw=0, want=147, limit=128 11:00:39 executing program 2: r0 = creat(&(0x7f00000001c0)='./cgroup/cgroup.procs\x00', 0x0) open_by_handle_at(r0, &(0x7f0000000000)=@ceph_nfs_fh={0x0, 0x1, {0x5}}, 0x327300) creat(&(0x7f0000000040)='./cgroup/cgroup.procs/file0\x00', 0x1ad) [ 1469.029974] attempt to access beyond end of device [ 1469.029974] loop4: rw=2049, want=276, limit=128 11:00:39 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') creat(&(0x7f00000000c0)='./file0\x00', 0x90) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:00:39 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x470002, 0x1c3) [ 1469.049688] attempt to access beyond end of device [ 1469.049688] loop1: rw=2049, want=276, limit=128 [ 1469.079005] attempt to access beyond end of device [ 1469.079005] loop5: rw=2049, want=276, limit=128 [ 1469.103866] attempt to access beyond end of device [ 1469.103866] loop1: rw=2049, want=403, limit=128 11:00:39 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 14) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:00:39 executing program 2: readahead(0xffffffffffffffff, 0x8, 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @out_args}, './file0\x00'}) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0x0) r0 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r0) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0xfffffffffffffffd, 0x2, &(0x7f0000000080)=[{&(0x7f0000010000)="01434430303101004c494e55582020202020202020202020202020202020202020202020202020204344524f4d2020202020202020202020202020202020202020202020202020200000000000000000b8000000000000b80000000000000000000000000000000000000000000000000000000000000000010000010100000100080800180000000000001813000000000000000000001500000000220017", 0x9f, 0x8000}, {&(0x7f0000010900)="8800170000000000001700080000000008007809140b2a3a0802000001000001010053500701beef005252050181505824016d4100000000416d03000000000000030000000000000000000000000000000054461a010e78", 0x58, 0xb800}], 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00']) 11:00:39 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) fcntl$setstatus(r2, 0x4, 0x4800) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) sendmsg$ETHTOOL_MSG_FEATURES_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000006e80)={&(0x7f0000006ec0)={0x34, r4, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @ETHTOOL_A_FEATURES_WANTED={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x10}]}]}, 0x95}}, 0x0) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000500)={0x454, 0x12, 0x200, 0x70bd28, 0x25dfdbfc, {0x18, 0x4, 0x3f, 0x40, {0x4e22, 0x4e24, [0x5, 0x7, 0x800, 0x2], [0xf8, 0x4, 0x200, 0x3], r6, [0x4, 0xfffffffc]}, 0x1000, 0x6}, [@INET_DIAG_REQ_BYTECODE={0xf4, 0x1, "12b63adb7f44a41a14257b1f96faa1d7336a1db29bed48b6d0637a594a887e010666ce9c53c9d759b5239bad89961f99e80f2c23bc4c0312a4360b9904077d00b7138b2a3f7841038ff1c85a846c17e656496d3b8f182ab44f8bbac1f3b91eb36840f3815f764e1761048924c977c2dc599694396d482e664e06aa66191822da5b4ea6fc2009a27f2a67203525703d84006aba420a895b0c1e3568435056578a2c5dbab3031aa82bdc7cf33d033f629f17ac8210057c9cea8e0990fb00989c34a4f78d2bf414c566ba09acafdfa4b9daf25170c711d963f9b8c840ca55c734e45db3aa155841ffadd870578966bd9d46"}, @INET_DIAG_REQ_BYTECODE={0xcc, 0x1, "e47f8eb29c67972bc00bfbce3f3420b921ed06eaff253d748d8e281dc58d3800ba774efcc7f05ea3e41cc0ad0d608c2d2a77ab9608cbd1d945523ace3ad736ac2ce31ce1871f25b70b9f3eb99a93b1edc8593bdb144911bc0cfefcd3c326f3b4a35b01b0036a9f7678b2b2131c94d54cc5ce6f96777ea68ba4c7bf8d29a9191b96c878efb0d9420a0a9d1d74b51efc5d9c8cce61cd6aab9aa04a605472eef3be0dc58fc223b27ec714e00809da621ca3e73f01508fc637246acb67ead88e6648b58cd4c3af1cbbef"}, @INET_DIAG_REQ_BYTECODE={0xa8, 0x1, "44e9e0de0e3607a00faa29dbf05e0f69e2157c6ce7351bb105b3f56bb5266d4ed28301c03aa6153baba479c4276b319777579bc7d2b401a518af1d9278714e68c0d104e7794e3087dbeffc723b951c4ab2ab9dcc688606477b908ec3c3ad4ffb444857aaefd5e157cdf107915e25f1366a696ae55aa07b8221acdf24b30c8c2eb735b6c51f95f5b7725e6079dfa28ed70061e713d21a948fd322ac1eb437ae426b98ceb8"}, @INET_DIAG_REQ_BYTECODE={0x45, 0x1, "4dab1dcfc6b7821d029532e9f0c206258cab2d8d297d73f1744cec149d396f62a4f2ac4997716bff7040c2dafbd172289a575dec7eb26635c19db6571da71e95ae"}, @INET_DIAG_REQ_BYTECODE={0x7e, 0x1, "465737cabb12828056d7d20c5a6c3805b48117905ee879937ecc1906730041ec734f2ee4b89c21b83285852a975b2f738594a6d4076b40214337f5d56f6878d82d901ff6a2ea6692022fa522e21e35b220837744c5f105e47b4e343ffa8253e45dbc93f00a4a30207724a169c8c0105f771258d51436e5eb356a"}, @INET_DIAG_REQ_BYTECODE={0xd8, 0x1, "a8420f722f9f371e02d66445093b4a776a164355b22ae13fbef23ddd793a09f79bb44477bcfd8de233695b481ed7af90224eeefdd240d10460b0d53c7ac4e74226101db4486e2e3d495d0e592a3052e5ac95ad2b3bb5c19c4c77c77a6764602a9fd4912e7334c3f07b01e2ac46dd485e3358ab1cd7240c8d7e27972a201272660990c34eb9c2bd1d9648617f460a1ab63f14c7ce4239b90d251d965f360386539b7dd80640372b849e1be98dbb92fc9e89ff1e90b12348bb597ce6d99c854eed804a2469f7bae908362440ffb0d2851cbf6c9170"}]}, 0x454}, 0x1, 0x0, 0x0, 0x48}, 0x20000841) [ 1469.226185] attempt to access beyond end of device [ 1469.226185] loop6: rw=2049, want=276, limit=128 11:00:39 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000016) [ 1469.233864] attempt to access beyond end of device [ 1469.233864] loop6: rw=0, want=147, limit=128 [ 1469.246548] attempt to access beyond end of device [ 1469.246548] loop4: rw=1, want=403, limit=128 11:00:39 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000180)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) openat(r2, &(0x7f00000000c0)='./file0\x00', 0x90500, 0xa) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ftruncate(r0, 0xfdef) [ 1469.296596] FAULT_INJECTION: forcing a failure. [ 1469.296596] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1469.298450] CPU: 1 PID: 10114 Comm: Not tainted 5.10.222 #1 [ 1469.299296] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1469.300502] Call Trace: [ 1469.300896] dump_stack+0x107/0x167 [ 1469.301441] should_fail.cold+0x5/0xa [ 1469.302011] _copy_from_user+0x2e/0x1b0 [ 1469.302602] comm_write+0xbf/0x2a0 [ 1469.303135] ? proc_pid_permission+0x300/0x300 [ 1469.303821] do_iter_write+0x4f0/0x700 [ 1469.304415] vfs_writev+0x1ae/0x620 [ 1469.304953] ? vfs_iter_write+0xa0/0xa0 [ 1469.305552] ? __fdget_pos+0xf1/0x190 [ 1469.306112] ? lock_downgrade+0x6d0/0x6d0 [ 1469.306727] ? ksys_write+0x12d/0x260 [ 1469.307308] ? __fget_files+0x2f8/0x520 [ 1469.307915] do_writev+0x139/0x300 [ 1469.308439] ? vfs_writev+0x620/0x620 [ 1469.309014] do_syscall_64+0x33/0x40 [ 1469.309561] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1469.310304] RIP: 0033:0x7fbbbec6fb19 [ 1469.310849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1469.313532] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1469.314643] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1469.315690] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1469.316720] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1469.317744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1469.318774] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:00:39 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 30) [ 1469.397643] FAULT_INJECTION: forcing a failure. [ 1469.397643] name failslab, interval 1, probability 0, space 0, times 0 [ 1469.398597] CPU: 0 PID: 10122 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1469.399155] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1469.399810] Call Trace: [ 1469.400033] dump_stack+0x107/0x167 [ 1469.400328] should_fail.cold+0x5/0xa [ 1469.400637] ? create_object.isra.0+0x3a/0xa20 [ 1469.401004] should_failslab+0x5/0x20 [ 1469.401312] kmem_cache_alloc+0x5b/0x310 [ 1469.401654] create_object.isra.0+0x3a/0xa20 [ 1469.402007] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1469.402421] kmem_cache_alloc+0x159/0x310 11:00:39 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x4, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000180)={'veth1_to_bridge\x00', &(0x7f00000000c0)=@ethtool_wolinfo={0x5, 0x8e4b, 0xf7a6, "5f910db5cbd3"}}) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) creat(&(0x7f00000001c0)='./file0\x00', 0x98) ftruncate(r0, 0xfdef) [ 1469.402869] ? mempool_free_pages+0x20/0x20 [ 1469.403222] mempool_alloc+0x148/0x360 [ 1469.403618] ? mempool_resize+0x7d0/0x7d0 [ 1469.403638] ? __test_set_page_writeback+0x160/0xbb0 [ 1469.403655] bio_alloc_bioset+0x36e/0x600 [ 1469.403668] ? bvec_alloc+0x2f0/0x2f0 [ 1469.403678] ? invalid_page_referenced_vma+0x570/0x570 [ 1469.403698] ext4_bio_write_page+0x9ba/0x1390 [ 1469.403720] mpage_submit_page+0x14b/0x260 [ 1469.403735] ext4_writepages+0x1f2e/0x3350 [ 1469.403777] ? __ext4_mark_inode_dirty+0x770/0x770 [ 1469.403789] ? __is_insn_slot_addr+0x14c/0x290 [ 1469.403805] ? __kernel_text_address+0x9/0x40 [ 1469.403817] ? unwind_get_return_address+0x55/0xa0 11:00:39 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x80002, 0x40) 11:00:39 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 15) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1469.403828] ? create_prof_cpu_mask+0x20/0x20 [ 1469.403865] ? kasan_save_stack+0x32/0x40 [ 1469.403875] ? kasan_save_stack+0x1b/0x40 [ 1469.403885] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1469.403900] ? __ext4_mark_inode_dirty+0x770/0x770 [ 1469.403909] do_writepages+0xee/0x2a0 [ 1469.403923] ? page_writeback_cpu_online+0x20/0x20 [ 1469.403933] ? lock_acquire+0x197/0x470 [ 1469.403942] ? create_object.isra.0+0x3ad/0xa20 [ 1469.403956] ? lock_release+0x680/0x680 [ 1469.403965] ? find_held_lock+0x2c/0x110 [ 1469.403982] __filemap_fdatawrite_range+0x24b/0x2f0 [ 1469.403993] ? delete_from_page_cache_batch+0xa30/0xa30 [ 1469.404002] ? mark_held_locks+0x9e/0xe0 [ 1469.404017] ? trace_hardirqs_on+0x5b/0x180 [ 1469.404034] filemap_write_and_wait_range+0x65/0x100 [ 1469.404047] __iomap_dio_rw+0x552/0x1110 [ 1469.404070] ? iomap_dio_bio_actor+0xef0/0xef0 [ 1469.404081] ? ext4_orphan_add+0x253/0x9e0 [ 1469.404091] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 1469.404104] ? ext4_empty_dir+0xae0/0xae0 [ 1469.404112] ? jbd2__journal_start+0xf3/0x7e0 [ 1469.404129] iomap_dio_rw+0x31/0x90 [ 1469.404142] ext4_file_write_iter+0xb26/0x18d0 [ 1469.404163] ? ext4_file_read_iter+0x4c0/0x4c0 [ 1469.404173] ? kasan_save_stack+0x32/0x40 [ 1469.404182] ? kasan_save_stack+0x1b/0x40 [ 1469.404192] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1469.404202] ? iter_file_splice_write+0x16d/0xc30 [ 1469.404211] ? direct_splice_actor+0x10f/0x170 [ 1469.404219] ? splice_direct_to_actor+0x387/0x980 [ 1469.404227] ? do_splice_direct+0x1c4/0x290 [ 1469.404237] ? do_sendfile+0x553/0x11e0 [ 1469.404246] ? __x64_sys_sendfile64+0x1d1/0x210 [ 1469.404255] ? do_syscall_64+0x33/0x40 [ 1469.404264] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1469.404280] do_iter_readv_writev+0x476/0x750 [ 1469.404293] ? new_sync_write+0x660/0x660 [ 1469.404302] ? avc_policy_seqno+0x9/0x70 [ 1469.404312] ? selinux_file_permission+0x92/0x520 [ 1469.404328] ? security_file_permission+0xb1/0xe0 [ 1469.404346] do_iter_write+0x191/0x700 [ 1469.404358] ? trace_hardirqs_on+0x5b/0x180 [ 1469.404374] vfs_iter_write+0x70/0xa0 [ 1469.404386] iter_file_splice_write+0x762/0xc30 [ 1469.404409] ? generic_splice_sendpage+0x140/0x140 [ 1469.404435] ? security_file_permission+0xb1/0xe0 [ 1469.404448] ? generic_splice_sendpage+0x140/0x140 [ 1469.404460] direct_splice_actor+0x10f/0x170 [ 1469.404473] splice_direct_to_actor+0x387/0x980 [ 1469.404488] ? pipe_to_sendpage+0x380/0x380 [ 1469.404501] ? do_splice_to+0x160/0x160 [ 1469.404513] ? security_file_permission+0xb1/0xe0 [ 1469.404529] do_splice_direct+0x1c4/0x290 [ 1469.404540] ? splice_direct_to_actor+0x980/0x980 [ 1469.404549] ? avc_policy_seqno+0x9/0x70 [ 1469.404565] ? security_file_permission+0xb1/0xe0 [ 1469.404583] do_sendfile+0x553/0x11e0 [ 1469.404602] ? do_pwritev+0x270/0x270 [ 1469.404615] ? wait_for_completion_io+0x270/0x270 [ 1469.404627] ? rcu_read_lock_any_held+0x75/0xa0 [ 1469.404636] ? vfs_write+0x354/0xb10 [ 1469.404652] __x64_sys_sendfile64+0x1d1/0x210 [ 1469.404664] ? __ia32_sys_sendfile+0x220/0x220 [ 1469.404682] do_syscall_64+0x33/0x40 [ 1469.404692] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1469.404699] RIP: 0033:0x7f24f4026b19 [ 1469.404709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1469.404715] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1469.404727] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1469.404733] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 1469.404739] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1469.404745] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1469.404751] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1469.557795] FAULT_INJECTION: forcing a failure. [ 1469.557795] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1469.557811] CPU: 0 PID: 10138 Comm: Not tainted 5.10.222 #1 [ 1469.557817] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1469.557820] Call Trace: [ 1469.557842] dump_stack+0x107/0x167 [ 1469.557855] should_fail.cold+0x5/0xa [ 1469.557873] _copy_from_user+0x2e/0x1b0 [ 1469.557891] comm_write+0xbf/0x2a0 [ 1469.557902] ? proc_pid_permission+0x300/0x300 [ 1469.557924] do_iter_write+0x4f0/0x700 [ 1469.557944] vfs_writev+0x1ae/0x620 [ 1469.557957] ? vfs_iter_write+0xa0/0xa0 [ 1469.557968] ? __fdget_pos+0xf1/0x190 [ 1469.557980] ? lock_downgrade+0x6d0/0x6d0 [ 1469.557996] ? ksys_write+0x12d/0x260 [ 1469.558011] ? __fget_files+0x2f8/0x520 [ 1469.558034] do_writev+0x139/0x300 [ 1469.558046] ? vfs_writev+0x620/0x620 [ 1469.558066] do_syscall_64+0x33/0x40 [ 1469.558077] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1469.558084] RIP: 0033:0x7fbbbec6fb19 [ 1469.558095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1469.558101] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1469.558112] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1469.558119] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1469.558125] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1469.558131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1469.558137] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:00:53 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) preadv(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f0000000180)=""/192, 0xc0}, {&(0x7f0000000280)=""/38, 0x26}, {&(0x7f0000000300)=""/90, 0x5a}, {&(0x7f0000000380)=""/218, 0xda}], 0x4, 0x600000, 0x393) ftruncate(r1, 0xfdef) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x100000001) ioctl$AUTOFS_DEV_IOCTL_VERSION(r5, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) 11:00:53 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000017) 11:00:53 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) openat(r1, &(0x7f0000000300)='./file0\x00', 0x4022c0, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) futimesat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:00:53 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:00:53 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 16) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:00:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 31) 11:00:53 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) openat$cgroup_subtree(r3, &(0x7f00000000c0), 0x2, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:00:53 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) statx(r1, &(0x7f00000001c0)='./file0\x00', 0x800, 0x4, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f0000000200)={{0x1, 0x1, 0x18, r2, {r5, r6}}, './file1/file0\x00'}) recvmmsg$unix(r7, &(0x7f0000001e00)=[{{&(0x7f0000000240), 0x6e, &(0x7f0000001a40)=[{&(0x7f0000000680)=""/134, 0x86}, {&(0x7f0000000740)=""/4096, 0x1000}, {&(0x7f0000000400)=""/55, 0x37}, {&(0x7f0000001740)=""/100, 0x64}, {&(0x7f00000017c0)=""/164, 0xa4}, {&(0x7f0000000480)=""/12, 0xc}, {&(0x7f0000001880)=""/236, 0xec}, {&(0x7f0000001980)=""/170, 0xaa}], 0x8, &(0x7f0000001ac0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0xe8}}, {{&(0x7f0000001bc0), 0x6e, &(0x7f0000001d80)=[{&(0x7f0000001c40)=""/181, 0xb5}, {&(0x7f0000001d00)=""/72, 0x48}], 0x2, &(0x7f0000001dc0)=[@cred={{0x1c}}], 0x20}}], 0x2, 0x40, &(0x7f0000001e80)={0x0, 0x989680}) mount$9p_fd(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180), 0x10800, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@fscache}, {@cache_none}, {@cache_loose}, {@uname={'uname', 0x3d, 'hugetlbfs\x00'}}, {@mmap}, {@access_user}], [{@smackfshat={'smackfshat', 0x3d, 'hugetlbfs\x00'}}, {@uid_lt={'uid<', r5}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x0, 0x38, 0x65, 0x39, 0x65, 0x36, 0x36], 0x2d, [0x31, 0x61, 0x61, 0x34], 0x2d, [0x38, 0x62, 0x30, 0x61], 0x2d, [0x64, 0x55, 0x34, 0x38], 0x2d, [0x38, 0x64, 0x39, 0x32, 0x35, 0x38, 0x31, 0x37]}}}, {@smackfshat={'smackfshat', 0x3d, 'hugetlbfs\x00'}}, {@permit_directio}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0x38, 0x34, 0x32, 0x32, 0x34, 0x61, 0x35, 0x281c3aa5fd11b18c], 0x2d, [0x39, 0x61, 0x56, 0x39], 0x2d, [0x31, 0x36, 0x36, 0x64], 0x2d, [0x36, 0x31, 0x31, 0x64], 0x2d, [0x34, 0x64, 0x37, 0x31, 0x64, 0x65, 0x62, 0x62]}}}]}}) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x3}}, './file0\x00'}) ioctl$LOOP_SET_FD(r8, 0x4c00, r1) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1483.295758] FAULT_INJECTION: forcing a failure. [ 1483.295758] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1483.296953] CPU: 1 PID: 10167 Comm: Not tainted 5.10.222 #1 [ 1483.297487] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1483.298254] Call Trace: [ 1483.298510] dump_stack+0x107/0x167 [ 1483.298853] should_fail.cold+0x5/0xa [ 1483.299222] _copy_from_user+0x2e/0x1b0 [ 1483.299605] comm_write+0xbf/0x2a0 [ 1483.299939] ? proc_pid_permission+0x300/0x300 [ 1483.300381] do_iter_write+0x4f0/0x700 [ 1483.300757] vfs_writev+0x1ae/0x620 [ 1483.301102] ? vfs_iter_write+0xa0/0xa0 [ 1483.301483] ? __fdget_pos+0xf1/0x190 [ 1483.301843] ? lock_downgrade+0x6d0/0x6d0 [ 1483.302239] ? ksys_write+0x12d/0x260 [ 1483.302606] ? __fget_files+0x2f8/0x520 [ 1483.302991] do_writev+0x139/0x300 [ 1483.303338] ? vfs_writev+0x620/0x620 [ 1483.303706] do_syscall_64+0x33/0x40 [ 1483.304054] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1483.304528] RIP: 0033:0x7fbbbec6fb19 [ 1483.304881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1483.306581] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1483.307299] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1483.307958] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1483.308623] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1483.309313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1483.309978] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1483.336875] FAT-fs (loop6): bogus number of reserved sectors [ 1483.337460] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1483.373004] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1483.390510] FAULT_INJECTION: forcing a failure. [ 1483.390510] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1483.391775] CPU: 1 PID: 10168 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1483.392580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1483.393401] Call Trace: [ 1483.393645] dump_stack+0x107/0x167 [ 1483.393970] should_fail.cold+0x5/0xa [ 1483.394310] __alloc_pages_nodemask+0x182/0x600 [ 1483.394720] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1483.395265] ? find_get_entry+0x2c8/0x740 [ 1483.395634] ? lock_chain_count+0x20/0x20 [ 1483.396010] alloc_pages_current+0x187/0x280 [ 1483.396400] __page_cache_alloc+0x2d2/0x360 [ 1483.396791] pagecache_get_page+0x2c7/0xc80 [ 1483.397173] ? unlock_page_memcg+0x96/0x170 [ 1483.397563] grab_cache_page_write_begin+0x64/0xa0 [ 1483.397997] cont_write_begin+0x448/0x980 [ 1483.398378] ? fat_add_cluster+0x100/0x100 [ 1483.398758] ? nobh_write_begin+0xed0/0xed0 [ 1483.399152] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1483.399675] ? generic_write_end+0x20e/0x3f0 [ 1483.400067] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1483.400526] fat_write_begin+0x89/0x180 [ 1483.400880] ? fat_add_cluster+0x100/0x100 [ 1483.401265] generic_perform_write+0x20a/0x4f0 [ 1483.401677] ? fat_direct_IO+0x1ef/0x380 [ 1483.402036] ? page_cache_prev_miss+0x310/0x310 [ 1483.402469] __generic_file_write_iter+0x2cd/0x5d0 [ 1483.402916] generic_file_write_iter+0xdb/0x230 [ 1483.403351] do_iter_readv_writev+0x476/0x750 [ 1483.403535] handle_bad_sector: 8 callbacks suppressed [ 1483.403552] attempt to access beyond end of device [ 1483.403552] loop1: rw=2049, want=276, limit=128 [ 1483.403749] ? new_sync_write+0x660/0x660 [ 1483.403769] ? avc_policy_seqno+0x9/0x70 [ 1483.406054] ? selinux_file_permission+0x92/0x520 [ 1483.406489] ? security_file_permission+0xb1/0xe0 [ 1483.406933] do_iter_write+0x191/0x700 [ 1483.407288] ? trace_hardirqs_on+0x5b/0x180 [ 1483.407677] vfs_iter_write+0x70/0xa0 [ 1483.408020] iter_file_splice_write+0x762/0xc30 [ 1483.408352] attempt to access beyond end of device [ 1483.408352] loop1: rw=0, want=147, limit=128 [ 1483.408446] ? generic_splice_sendpage+0x140/0x140 [ 1483.410191] ? security_file_permission+0xb1/0xe0 [ 1483.410616] ? generic_splice_sendpage+0x140/0x140 [ 1483.411052] direct_splice_actor+0x10f/0x170 [ 1483.411455] splice_direct_to_actor+0x387/0x980 [ 1483.411866] ? pipe_to_sendpage+0x380/0x380 [ 1483.412254] ? do_splice_to+0x160/0x160 [ 1483.412607] ? security_file_permission+0xb1/0xe0 [ 1483.413037] do_splice_direct+0x1c4/0x290 [ 1483.413405] ? splice_direct_to_actor+0x980/0x980 [ 1483.413824] ? avc_policy_seqno+0x9/0x70 [ 1483.414200] ? security_file_permission+0xb1/0xe0 [ 1483.414632] do_sendfile+0x553/0x11e0 [ 1483.414978] ? do_pwritev+0x270/0x270 [ 1483.415330] ? wait_for_completion_io+0x270/0x270 [ 1483.415759] ? rcu_read_lock_any_held+0x75/0xa0 [ 1483.416172] ? vfs_write+0x354/0xb10 [ 1483.416508] __x64_sys_sendfile64+0x1d1/0x210 [ 1483.416916] ? __ia32_sys_sendfile+0x220/0x220 [ 1483.417331] do_syscall_64+0x33/0x40 [ 1483.417666] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1483.418119] RIP: 0033:0x7f24f4026b19 [ 1483.418458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1483.420173] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1483.420896] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1483.421531] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1483.422169] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 11:00:53 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) kcmp(0xffffffffffffffff, 0xffffffffffffffff, 0x6, r1, r0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1483.422806] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1483.423578] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1483.433109] attempt to access beyond end of device [ 1483.433109] loop5: rw=2049, want=276, limit=128 [ 1483.444506] attempt to access beyond end of device [ 1483.444506] loop1: rw=34817, want=148, limit=128 [ 1483.475742] attempt to access beyond end of device [ 1483.475742] loop4: rw=2049, want=276, limit=128 11:00:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 32) 11:00:53 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 17) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1483.515536] attempt to access beyond end of device [ 1483.515536] loop1: rw=2049, want=404, limit=128 [ 1483.520966] FAULT_INJECTION: forcing a failure. [ 1483.520966] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1483.522361] CPU: 1 PID: 10187 Comm: Not tainted 5.10.222 #1 [ 1483.522853] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1483.523541] Call Trace: [ 1483.523772] dump_stack+0x107/0x167 [ 1483.524164] should_fail.cold+0x5/0xa [ 1483.524533] _copy_from_user+0x2e/0x1b0 [ 1483.524892] comm_write+0xbf/0x2a0 [ 1483.525277] ? proc_pid_permission+0x300/0x300 [ 1483.525670] do_iter_write+0x4f0/0x700 [ 1483.526002] vfs_writev+0x1ae/0x620 [ 1483.526413] ? vfs_iter_write+0xa0/0xa0 [ 1483.526795] ? __fdget_pos+0xf1/0x190 [ 1483.527254] ? lock_downgrade+0x6d0/0x6d0 [ 1483.527682] ? ksys_write+0x12d/0x260 [ 1483.528009] ? __fget_files+0x2f8/0x520 [ 1483.528351] do_writev+0x139/0x300 [ 1483.528645] ? vfs_writev+0x620/0x620 [ 1483.529085] do_syscall_64+0x33/0x40 [ 1483.529398] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1483.529824] RIP: 0033:0x7fbbbec6fb19 [ 1483.530138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1483.531687] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1483.532317] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1483.532904] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1483.533610] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1483.534348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1483.535057] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1483.593910] FAULT_INJECTION: forcing a failure. [ 1483.593910] name failslab, interval 1, probability 0, space 0, times 0 [ 1483.595144] CPU: 1 PID: 10193 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1483.595697] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1483.596461] Call Trace: [ 1483.596688] dump_stack+0x107/0x167 [ 1483.596983] should_fail.cold+0x5/0xa [ 1483.597418] ? create_object.isra.0+0x3a/0xa20 [ 1483.597808] should_failslab+0x5/0x20 [ 1483.598220] kmem_cache_alloc+0x5b/0x310 [ 1483.598666] create_object.isra.0+0x3a/0xa20 [ 1483.599022] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1483.599444] kmem_cache_alloc+0x159/0x310 [ 1483.599786] alloc_buffer_head+0x20/0x110 [ 1483.600122] alloc_page_buffers+0x14d/0x700 [ 1483.600475] create_empty_buffers+0x2c/0x640 [ 1483.600839] create_page_buffers+0x1bb/0x230 [ 1483.601198] __block_write_begin_int+0x1d1/0x19c0 [ 1483.601589] ? fat_add_cluster+0x100/0x100 [ 1483.601935] ? add_to_page_cache_locked+0x40/0x40 [ 1483.602329] ? __page_cache_alloc+0x10d/0x360 [ 1483.602691] ? remove_inode_buffers+0x300/0x300 [ 1483.603075] ? pagecache_get_page+0x243/0xc80 [ 1483.603440] ? unlock_page_memcg+0x96/0x170 [ 1483.603793] ? wait_for_stable_page+0x92/0xe0 [ 1483.604162] cont_write_begin+0x472/0x980 [ 1483.604561] ? fat_add_cluster+0x100/0x100 [ 1483.604976] ? nobh_write_begin+0xed0/0xed0 [ 1483.605364] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1483.605843] ? generic_write_end+0x20e/0x3f0 [ 1483.606218] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1483.606641] fat_write_begin+0x89/0x180 [ 1483.606959] ? fat_add_cluster+0x100/0x100 [ 1483.607312] generic_perform_write+0x20a/0x4f0 [ 1483.607685] ? fat_direct_IO+0x1ef/0x380 [ 1483.608012] ? page_cache_prev_miss+0x310/0x310 [ 1483.608405] __generic_file_write_iter+0x2cd/0x5d0 [ 1483.608803] generic_file_write_iter+0xdb/0x230 [ 1483.609186] do_iter_readv_writev+0x476/0x750 [ 1483.609557] ? new_sync_write+0x660/0x660 [ 1483.609896] ? avc_policy_seqno+0x9/0x70 [ 1483.610247] ? selinux_file_permission+0x92/0x520 [ 1483.610659] ? security_file_permission+0xb1/0xe0 [ 1483.611047] do_iter_write+0x191/0x700 [ 1483.611377] ? trace_hardirqs_on+0x5b/0x180 [ 1483.611727] vfs_iter_write+0x70/0xa0 [ 1483.612042] iter_file_splice_write+0x762/0xc30 [ 1483.612426] ? generic_splice_sendpage+0x140/0x140 [ 1483.612838] ? security_file_permission+0xb1/0xe0 [ 1483.613236] ? generic_splice_sendpage+0x140/0x140 [ 1483.613636] direct_splice_actor+0x10f/0x170 [ 1483.614002] splice_direct_to_actor+0x387/0x980 [ 1483.614398] ? pipe_to_sendpage+0x380/0x380 [ 1483.614750] ? do_splice_to+0x160/0x160 [ 1483.615075] ? security_file_permission+0xb1/0xe0 [ 1483.615482] do_splice_direct+0x1c4/0x290 [ 1483.615822] ? splice_direct_to_actor+0x980/0x980 [ 1483.616209] ? avc_policy_seqno+0x9/0x70 [ 1483.616552] ? security_file_permission+0xb1/0xe0 [ 1483.616949] do_sendfile+0x553/0x11e0 [ 1483.617270] ? do_pwritev+0x270/0x270 [ 1483.617585] ? wait_for_completion_io+0x270/0x270 [ 1483.617986] ? rcu_read_lock_any_held+0x75/0xa0 [ 1483.618374] ? vfs_write+0x354/0xb10 [ 1483.618686] __x64_sys_sendfile64+0x1d1/0x210 [ 1483.619046] ? __ia32_sys_sendfile+0x220/0x220 [ 1483.619606] do_syscall_64+0x33/0x40 [ 1483.619919] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1483.620514] RIP: 0033:0x7f24f4026b19 [ 1483.620884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1483.622384] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1483.623006] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1483.623594] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1483.624182] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1483.624763] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1483.625343] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1483.628786] attempt to access beyond end of device [ 1483.628786] loop1: rw=1, want=403, limit=128 [ 1483.630405] Buffer I/O error on dev loop1, logical block 402, lost async page write [ 1483.635041] attempt to access beyond end of device [ 1483.635041] loop5: rw=2049, want=276, limit=128 11:00:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 33) 11:00:53 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x4041c2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x802101, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)) ftruncate(r0, 0xfdef) [ 1483.717759] attempt to access beyond end of device [ 1483.717759] loop4: rw=1, want=403, limit=128 [ 1483.819357] FAT-fs (loop6): bogus number of reserved sectors [ 1483.819856] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1483.833724] FAULT_INJECTION: forcing a failure. [ 1483.833724] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1483.834720] CPU: 1 PID: 10204 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1483.835282] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1483.836079] Call Trace: [ 1483.836306] dump_stack+0x107/0x167 [ 1483.836607] should_fail.cold+0x5/0xa [ 1483.837046] __alloc_pages_nodemask+0x182/0x600 [ 1483.837429] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1483.837923] ? find_get_entry+0x2c8/0x740 [ 1483.838262] ? lock_chain_count+0x20/0x20 [ 1483.838599] alloc_pages_current+0x187/0x280 [ 1483.838957] __page_cache_alloc+0x2d2/0x360 [ 1483.839319] pagecache_get_page+0x2c7/0xc80 [ 1483.839674] ? unlock_page_memcg+0x96/0x170 [ 1483.840206] grab_cache_page_write_begin+0x64/0xa0 [ 1483.840709] cont_write_begin+0x448/0x980 [ 1483.841051] ? fat_add_cluster+0x100/0x100 [ 1483.841397] ? nobh_write_begin+0xed0/0xed0 [ 1483.841864] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1483.842334] ? generic_write_end+0x20e/0x3f0 [ 1483.842797] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1483.843360] fat_write_begin+0x89/0x180 [ 1483.843684] ? fat_add_cluster+0x100/0x100 [ 1483.844032] generic_perform_write+0x20a/0x4f0 [ 1483.844409] ? fat_direct_IO+0x1ef/0x380 [ 1483.844738] ? page_cache_prev_miss+0x310/0x310 [ 1483.845203] __generic_file_write_iter+0x2cd/0x5d0 [ 1483.845651] generic_file_write_iter+0xdb/0x230 [ 1483.846041] do_iter_readv_writev+0x476/0x750 [ 1483.846457] ? new_sync_write+0x660/0x660 [ 1483.846884] ? avc_policy_seqno+0x9/0x70 [ 1483.847223] ? selinux_file_permission+0x92/0x520 [ 1483.847621] ? security_file_permission+0xb1/0xe0 [ 1483.848034] do_iter_write+0x191/0x700 [ 1483.848471] ? trace_hardirqs_on+0x5b/0x180 [ 1483.848963] vfs_iter_write+0x70/0xa0 [ 1483.849279] iter_file_splice_write+0x762/0xc30 [ 1483.849667] ? generic_splice_sendpage+0x140/0x140 [ 1483.850188] ? security_file_permission+0xb1/0xe0 [ 1483.850581] ? generic_splice_sendpage+0x140/0x140 [ 1483.850987] direct_splice_actor+0x10f/0x170 [ 1483.851360] splice_direct_to_actor+0x387/0x980 [ 1483.851749] ? pipe_to_sendpage+0x380/0x380 [ 1483.852104] ? do_splice_to+0x160/0x160 [ 1483.852427] ? security_file_permission+0xb1/0xe0 [ 1483.852878] do_splice_direct+0x1c4/0x290 [ 1483.853263] ? splice_direct_to_actor+0x980/0x980 [ 1483.853655] ? avc_policy_seqno+0x9/0x70 [ 1483.853997] ? security_file_permission+0xb1/0xe0 [ 1483.854396] do_sendfile+0x553/0x11e0 [ 1483.854716] ? do_pwritev+0x270/0x270 [ 1483.855132] ? wait_for_completion_io+0x270/0x270 [ 1483.855684] ? rcu_read_lock_any_held+0x75/0xa0 [ 1483.856060] ? vfs_write+0x354/0xb10 [ 1483.856374] __x64_sys_sendfile64+0x1d1/0x210 [ 1483.856797] ? __ia32_sys_sendfile+0x220/0x220 [ 1483.857222] do_syscall_64+0x33/0x40 [ 1483.857527] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1483.858053] RIP: 0033:0x7f24f4026b19 [ 1483.858363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1483.859836] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1483.860442] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1483.861112] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1483.861837] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1483.862415] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1483.863091] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1483.881596] attempt to access beyond end of device [ 1483.881596] loop5: rw=2049, want=276, limit=128 11:01:09 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000247b996b1b8880801000470000000f801", 0x1d}, {0x0, 0x0, 0x8000}], 0x50054, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x4000, 0x41) symlinkat(&(0x7f00000000c0)='./file0\x00', r2, &(0x7f00000001c0)='./file1\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:01:09 executing program 3: perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) r4 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000480)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000400)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x4000, @fd=r0, 0xffff, &(0x7f0000000500)=""/192, 0xc0, 0x19, 0x0, {0x0, r7}}, 0xeddd) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r4, 0x0) syz_io_uring_submit(r8, r6, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_submit(r2, r6, &(0x7f0000000300)=@IORING_OP_RECVMSG={0xa, 0x1, 0x0, r1, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@xdp, 0x80, &(0x7f0000000000)=[{&(0x7f00000001c0)=""/140, 0x8c}], 0x1}, 0x0, 0x140, 0x1, {0x3}}, 0x90) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600), &(0x7f0000000640)={0x0, 0xfb, 0x2a, 0x3, 0x3, "aeaa0e9fdda4685c87a4aa82cd19b475", "547eead39e78ff09bb5673871866774773d54a6cde"}, 0x2a, 0x3) remap_file_pages(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4, 0x200, 0x2000) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 11:01:09 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) fallocate(r4, 0x15, 0x0, 0x4) ftruncate(r0, 0xfdef) 11:01:09 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 18) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:01:09 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000018) 11:01:09 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) openat(r1, &(0x7f0000000300)='./file0\x00', 0x4022c0, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) futimesat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:01:09 executing program 6: r0 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x900, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) ftruncate(r1, 0xfdef) 11:01:09 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 34) [ 1499.644386] FAULT_INJECTION: forcing a failure. [ 1499.644386] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1499.646257] CPU: 0 PID: 10226 Comm: Not tainted 5.10.222 #1 [ 1499.647094] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1499.648305] Call Trace: [ 1499.648703] dump_stack+0x107/0x167 [ 1499.649244] should_fail.cold+0x5/0xa [ 1499.649811] _copy_from_user+0x2e/0x1b0 [ 1499.650404] comm_write+0xbf/0x2a0 [ 1499.650936] ? proc_pid_permission+0x300/0x300 [ 1499.651643] do_iter_write+0x4f0/0x700 [ 1499.652238] vfs_writev+0x1ae/0x620 [ 1499.652774] ? vfs_iter_write+0xa0/0xa0 [ 1499.653357] ? __fdget_pos+0xf1/0x190 [ 1499.653918] ? lock_downgrade+0x6d0/0x6d0 [ 1499.654542] ? ksys_write+0x12d/0x260 [ 1499.655109] ? __fget_files+0x2f8/0x520 [ 1499.655721] do_writev+0x139/0x300 [ 1499.656250] ? vfs_writev+0x620/0x620 [ 1499.656829] do_syscall_64+0x33/0x40 [ 1499.657374] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1499.658121] RIP: 0033:0x7fbbbec6fb19 [ 1499.658678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1499.661351] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1499.662461] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1499.663502] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1499.664530] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1499.665555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1499.666582] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1499.702043] mmap: syz-executor.3 (10225) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 1499.727981] FAT-fs (loop6): Unrecognized mount option "/proc/thread-self" or missing value [ 1499.762854] FAULT_INJECTION: forcing a failure. [ 1499.762854] name failslab, interval 1, probability 0, space 0, times 0 [ 1499.764767] CPU: 1 PID: 10218 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1499.765776] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1499.766968] Call Trace: [ 1499.767363] dump_stack+0x107/0x167 [ 1499.767904] should_fail.cold+0x5/0xa [ 1499.768471] ? create_object.isra.0+0x3a/0xa20 [ 1499.769143] should_failslab+0x5/0x20 [ 1499.769695] kmem_cache_alloc+0x5b/0x310 [ 1499.770428] create_object.isra.0+0x3a/0xa20 [ 1499.771067] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1499.771952] kmem_cache_alloc+0x159/0x310 [ 1499.772707] alloc_buffer_head+0x20/0x110 [ 1499.773436] alloc_page_buffers+0x14d/0x700 [ 1499.774074] create_empty_buffers+0x2c/0x640 [ 1499.774716] create_page_buffers+0x1bb/0x230 [ 1499.775367] __block_write_begin_int+0x1d1/0x19c0 [ 1499.776076] ? fat_add_cluster+0x100/0x100 [ 1499.776697] ? add_to_page_cache_locked+0x40/0x40 [ 1499.777398] ? __page_cache_alloc+0x10d/0x360 [ 1499.778055] ? remove_inode_buffers+0x300/0x300 [ 1499.778741] ? pagecache_get_page+0x243/0xc80 [ 1499.779423] ? unlock_page_memcg+0x96/0x170 [ 1499.780141] ? wait_for_stable_page+0x92/0xe0 [ 1499.780799] cont_write_begin+0x472/0x980 [ 1499.781420] ? fat_add_cluster+0x100/0x100 [ 1499.782036] ? nobh_write_begin+0xed0/0xed0 [ 1499.782668] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1499.783661] ? generic_write_end+0x20e/0x3f0 [ 1499.784522] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1499.785265] fat_write_begin+0x89/0x180 [ 1499.785886] ? fat_add_cluster+0x100/0x100 [ 1499.786560] generic_perform_write+0x20a/0x4f0 [ 1499.787378] ? fat_direct_IO+0x1ef/0x380 [ 1499.787977] ? page_cache_prev_miss+0x310/0x310 [ 1499.788679] __generic_file_write_iter+0x2cd/0x5d0 [ 1499.789403] generic_file_write_iter+0xdb/0x230 [ 1499.790090] do_iter_readv_writev+0x476/0x750 [ 1499.790749] ? new_sync_write+0x660/0x660 [ 1499.791347] ? avc_policy_seqno+0x9/0x70 [ 1499.792162] ? selinux_file_permission+0x92/0x520 [ 1499.792939] ? security_file_permission+0xb1/0xe0 [ 1499.793656] do_iter_write+0x191/0x700 [ 1499.794225] ? trace_hardirqs_on+0x5b/0x180 [ 1499.794866] vfs_iter_write+0x70/0xa0 [ 1499.795440] iter_file_splice_write+0x762/0xc30 [ 1499.796134] ? generic_splice_sendpage+0x140/0x140 [ 1499.796867] ? security_file_permission+0xb1/0xe0 [ 1499.797579] ? generic_splice_sendpage+0x140/0x140 [ 1499.798296] direct_splice_actor+0x10f/0x170 [ 1499.799081] splice_direct_to_actor+0x387/0x980 [ 1499.799780] ? pipe_to_sendpage+0x380/0x380 [ 1499.800516] ? do_splice_to+0x160/0x160 [ 1499.801098] ? security_file_permission+0xb1/0xe0 [ 1499.801938] do_splice_direct+0x1c4/0x290 [ 1499.802663] ? splice_direct_to_actor+0x980/0x980 [ 1499.803355] ? avc_policy_seqno+0x9/0x70 [ 1499.803969] ? security_file_permission+0xb1/0xe0 [ 1499.804679] do_sendfile+0x553/0x11e0 [ 1499.805252] ? do_pwritev+0x270/0x270 [ 1499.805853] ? wait_for_completion_io+0x270/0x270 [ 1499.806636] ? rcu_read_lock_any_held+0x75/0xa0 [ 1499.807309] ? vfs_write+0x354/0xb10 [ 1499.807873] __x64_sys_sendfile64+0x1d1/0x210 [ 1499.808525] ? __ia32_sys_sendfile+0x220/0x220 [ 1499.809267] do_syscall_64+0x33/0x40 [ 1499.809817] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1499.810568] RIP: 0033:0x7f24f4026b19 [ 1499.811106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1499.814141] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1499.815401] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1499.816596] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 1499.817691] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1499.818727] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1499.819761] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1499.852743] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1499.879294] handle_bad_sector: 1 callbacks suppressed [ 1499.879310] attempt to access beyond end of device [ 1499.879310] loop1: rw=2049, want=276, limit=128 [ 1499.900298] attempt to access beyond end of device [ 1499.900298] loop1: rw=34817, want=148, limit=128 [ 1499.924372] attempt to access beyond end of device [ 1499.924372] loop1: rw=0, want=147, limit=128 11:01:10 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r0, 0x0) mount$9p_unix(&(0x7f0000000280)='./file0\x00', &(0x7f0000000480)='./file0\x00', &(0x7f0000000700), 0x10, &(0x7f0000000740)={'trans=unix,', {[{@cachetag={'cachetag', 0x3d, '/D,#'}}, {@aname={'aname', 0x3d, 'MAY_EXEC'}}, {@msize={'msize', 0x3d, 0xfffffffffffffffa}}, {@cache_mmap}, {@debug={'debug', 0x3d, 0x80}}, {@cache_mmap}, {@noextend}, {@uname={'uname', 0x3d, 'session'}}], [{@measure}, {@fsuuid={'fsuuid', 0x3d, {[0x31, 0x31, 0x34, 0x62, 0x65, 0x66, 0x64, 0x32], 0x2d, [0x34, 0x36, 0x63, 0x61], 0x2d, [0x35, 0x63, 0x33, 0x38], 0x2d, [0x36, 0x32, 0x35, 0x38], 0x2d, [0x39, 0x32, 0x64, 0x37, 0x39, 0x61, 0x6d, 0x33]}}}, {@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@fowner_gt={'fowner>', r0}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}, {@subj_role}, {@appraise_type}, {@fowner_lt={'fowner<', 0xffffffffffffffff}}, {@fowner_gt={'fowner>', 0xffffffffffffffff}}]}}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x8000, 0x5, &(0x7f0000000500)=[{&(0x7f0000000180)="741a752050eef8eff844b6c4b1db56e29403ea9480ad4fd04e96ca706279d20797bcc7e43b813b2abafa6909e387334c4cbe9f09fea674ba475f2656cefb6049fd6ec83ff5bf3c59d09854ac0b2b9232a9bfe8bcf5ce3e89e6b265c7c9b885c2a495d641e172dc9b851a", 0x6a, 0x80}, {&(0x7f0000000200)="ac39cea4f38fdeac608aeb092b76aee26b", 0x11, 0xffffffffd2b55bf0}, {&(0x7f0000000240)="a9229516f3918ee50788bb4f58e41f4e477b45c05ada57aa71f76309ca7527559fa65e9ede8d38f7f5", 0x29, 0x6}, {&(0x7f0000000300)="dce63813942003d854cc0932677670ae4cad3c61e9c08e7adb79f76153b8da0c33765c6478db811201e0b7c34a7acb277ee26c0420232db4d7d1b8e3a0bf8cf73c94f6994491eeeef60bb68eb20c98f1c9d03c344edf3a8179a6064d52a39cbb5a75e6d3fa32cbad582b8f94f4843a764b93", 0x72, 0xdc9}, {&(0x7f0000000380)="7be3cc1cb5071dee781f7c56f88c76782ccae0ef69b2999780e3e8e8f8d7431141a8ade069ae6706cfaaea144950f295269bcf2a5d8e66d6f1884713d9fc2f1139e82ae081cc0928ffd07b84e4ae64db90fb353af5691a49d662194a383d0f5367ca792fe53de84d6ef78cba72e3beee1d18bc8c96675d1693611c3982981eead181a8a39c633e0d9f55a345dac94fe0e89da73c30f31c5fd8bd62e58f", 0x9d, 0x4}], 0x90, &(0x7f0000000600)={[{@unhide}, {@overriderock}, {@iocharset={'iocharset', 0x3d, 'macgreek'}}, {@unhide}, {@session={'session', 0x3d, 0x3d}}, {@utf8}, {@overriderock}, {@iocharset={'iocharset', 0x3d, 'cp861'}}], [{@uid_gt={'uid>', 0xee01}}, {@uid_eq={'uid', 0x3d, r1}}, {@fsuuid={'fsuuid', 0x3d, {[0x62, 0x31, 0x35, 0x35, 0x37, 0x64, 0x33, 0x30], 0x2d, [0x33, 0x33, 0x33, 0x33], 0x2d, [0x31, 0x65, 0x62, 0x33], 0x2d, [0x39, 0x0, 0x33, 0x63], 0x2d, [0xc, 0x34, 0x32, 0x37, 0x65, 0x39, 0x66, 0x66]}}}, {@fsname={'fsname', 0x3d, '+'}}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]}) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) chroot(&(0x7f00000008c0)='./file0\x00') setreuid(r0, r1) [ 1499.980631] attempt to access beyond end of device [ 1499.980631] loop5: rw=2049, want=276, limit=128 11:01:10 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 19) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1500.089566] attempt to access beyond end of device [ 1500.089566] loop1: rw=1, want=403, limit=128 [ 1500.114629] FAULT_INJECTION: forcing a failure. [ 1500.114629] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1500.116619] CPU: 0 PID: 10253 Comm: Not tainted 5.10.222 #1 [ 1500.117473] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1500.118703] Call Trace: [ 1500.119097] dump_stack+0x107/0x167 [ 1500.119659] should_fail.cold+0x5/0xa [ 1500.120233] _copy_from_user+0x2e/0x1b0 [ 1500.120830] comm_write+0xbf/0x2a0 [ 1500.121357] ? proc_pid_permission+0x300/0x300 [ 1500.122049] do_iter_write+0x4f0/0x700 [ 1500.122645] vfs_writev+0x1ae/0x620 [ 1500.123188] ? vfs_iter_write+0xa0/0xa0 [ 1500.123781] ? __fdget_pos+0xf1/0x190 [ 1500.124345] ? lock_downgrade+0x6d0/0x6d0 [ 1500.124962] ? ksys_write+0x12d/0x260 [ 1500.125528] ? __fget_files+0x2f8/0x520 [ 1500.126134] do_writev+0x139/0x300 [ 1500.126656] ? vfs_writev+0x620/0x620 [ 1500.127229] do_syscall_64+0x33/0x40 [ 1500.127784] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1500.128533] RIP: 0033:0x7fbbbec6fb19 [ 1500.129087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1500.131728] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1500.132829] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1500.133867] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1500.134895] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1500.135940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1500.136976] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:01:10 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x201, 0x0) unlinkat(r0, &(0x7f0000000180)='./file0\x00', 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) ftruncate(r1, 0xfdef) 11:01:10 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x20, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="ea3c906dfedb99004521c659020801000070000000f809", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0xbf, 0x2, &(0x7f0000000200)=[{&(0x7f00000001c0)="84670cfa5b73102499ce164c13720cb50ddde9e8b2e4b3eb2d25ccea992b4372410bb4a3a4b84621c2feb23b56b73cbc7f85ec2487acca7d", 0x38, 0x42}, {&(0x7f0000000300)="032d990c254021a0050518af5ed660dde073457d574eb514ef7204e84ba1a7b80a98e28d372b14d37a140ba7fcb22101ebb497b1d04acd8891c1d04d5ec868ee5ebd40dbee07a493be6eb1c3a830d0c31f9f91ca50925ec06d28a1d83580acca6099245fb81ba02f69712e49bd5cb3a821a5a2293020171abe0d9021b4b077a4d058ed357a4bc1a2f85c5933f1b68ecc070801a9413ea126bee78f16b491974c090d3f439fbfee888e4ad462be5e702bc3446432d615539353e4f0b45b24fca5084f7bc7e1fa89926e2b762b7fc1238725c5e974ae4a65e4960e58000ff4f6ff", 0xe0, 0x1}], 0x284400, &(0x7f0000000280)={[{@nodots}, {@nodots}, {@dots}, {@nodots}, {@dots}], [{@subj_user}, {@subj_user={'subj_user', 0x3d, '*.{^#'}}]}) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) r3 = epoll_create(0x8) fcntl$dupfd(r3, 0x406, 0xffffffffffffffff) [ 1500.207408] FAT-fs (loop1): bogus number of FAT structure [ 1500.208330] FAT-fs (loop1): Can't find a valid FAT filesystem 11:01:10 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 35) [ 1500.253552] FAT-fs (loop6): Unrecognized mount option "/proc/thread-self" or missing value [ 1500.358453] FAT-fs (loop1): Unrecognized mount option "msdos" or missing value 11:01:10 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) finit_module(r1, &(0x7f0000000000)=')\xe5\x00', 0x1) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000140)=0x9) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext3\x00', &(0x7f00000001c0)='./file0\x00', 0x3, 0xa, &(0x7f00000017c0)=[{&(0x7f0000000200)="cf36899500a4ea6aa483f56d509a9295e6fb9ffe1952e1e131a1c81df08f5eaf", 0x20, 0x101}, {&(0x7f0000000300)="2511740efdd37b66c4494f79187ed2c6b43bdb980fe25cfca0d9b4f06946208e4179bdb19420e2c6356c66c4bf5d18f97136aac8fcf7f69fd0d576e07423dc428b61985019778ba11793fb0fb66dcfff9c5f28664146dc1d438d4f0d5eacc609e275d012e56a93848592509dee7b3eb06d1fcd9fc3fc0ad73217a1e470d1467d75a77b9158282d206f55898065c261bee4a712cde8cd", 0x96, 0x831}, {&(0x7f0000001500)="53b3ca9ccd6997e4b5b1efa2f58cac69ddfcaedf9ab8a067da47dfd87c6d77b2a94813d30d9ca2d8f400b022cddf2407bc29a19fdace9558c182b1d3a937c466f9bf03d4ec39d9cab47932c7a64f6f79f9980604db03c3334483059b8c9ee729ea7e78b7ec986aded5024d34b5c502aa94e9e3713516cb93af695db4a97d2621a1e188d92dc299a7b725e6e57daedd519e08913364c249b48fcdc16d34af48c8fca8b99cf2eef70820dd05d7779868dac09ab84cff19fb7fe86cfff3261d185001523bc589fe9ea6", 0xc8, 0x800}, {&(0x7f0000000240)="a47204199dc97832915df2591cd5974d2e38c4650e5863d68e416a68dd6f74af424a3d170797be3f51e825c631a391b5847d08f873dc4f50c8b667f925ad6a6d3b684d6b63c0181b59f7d85663c74c5dcf1921d210fc25104e8a61eba48ed584058d76afef9bf199a952b13f51f1533bbeb58672f2f9f77be0b521b38d", 0x7d, 0x1}, {&(0x7f00000003c0)="c75ed558a988901c4f43bf2e13bf2b7ed533a01e70458050aad7ff7de10d658aab026ae0a52f3d2e00", 0x29, 0x7}, {&(0x7f0000001600)="08a50eecb95e1b9ade170f7354337b6c4d92d0304c258bd0e85260460b582bc6faa945548de7144e16e0e9911a9949fba2eee640f5764452db2e8eec35a8b6207b80c0c937e61771f8e4cc8cdcea4ba7e5fb3f7f5771e47ae23254823a550624fc63ffe599551d4f711647cdf7f734bc5b", 0x71, 0xc0000000000000}, {&(0x7f0000000400)="fbd6489264b4a2a9af523a609e93953140f0deeabe4fd59120dc9fd61413bf2e", 0x20, 0x7}, {&(0x7f0000001680)="e746ab6bf7e5539513356c2b6edc1edce82f3cb233fb323221047c0097e69edd100a462329b873a10fd6fb4d8b9d541e73bee9796597e66f55e26308077e98c1ac1487474b7e1cc9b920bcdcf35ae31e3d0de7fe48c1eec75d814891b51b022d84f66a90c7fd1c53076873e256e547066166909d8c07525e4410ce772820b4451846496213ccda40614cf94d10342f892dedc9592873b23540cb6709d186e16580c4e98e2a2c0a5585c377cfa7deccec0f2f2927eb8f95971a86ad15b6180d418cb264663cef935834d05d146ebac96eb0f2cca6068acc973a13f08793e922b364ce063e23e64ff620e0958f95927eaf22911b512d87bbabe632932ca374bd", 0xff, 0x7fff}, {&(0x7f0000000480)="c8ac34514267eb80781ad7085e5002292c6164a4f0d3eb7640bebe7e1c9bd8a1a7d146c73d", 0x25, 0x2}, {&(0x7f0000001780)="48efe91732c55a79568311306dc3879fe05ebc94d9c31ecc5573e158d9c86d7e20a2e2e41617f0d5fec56be0434d5c", 0x2f, 0xfffffffffffffffa}], 0x3000000, &(0x7f00000018c0)={[{@journal_checksum}, {@usrjquota}, {@errors_remount}, {@dax}, {@init_itable}], [{@context={'context', 0x3d, 'unconfined_u'}}, {@obj_type={'obj_type', 0x3d, ')\xe5\x00'}}, {@dont_hash}, {@fscontext={'fscontext', 0x3d, 'system_u'}}]}) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) rename(&(0x7f0000001940)='./file0\x00', &(0x7f0000001980)='./file0\x00') r2 = epoll_create1(0x80000) pwrite64(r2, &(0x7f0000000500)="9e36cbe6532db0ba38278fb46aba146391d9fecbb8c0cda39e6c64db93b19da50076cd48609c626170bcb805e73331859438bd5ff6881c8ba64a2129d970391c3a771a98444769e25350a07ec0f125204d5efaf081405fcc69dcb651a5b5e1427776d35565728a940914dcd676ec098954fd17c4c1481eb2d1ebd956b307563ca08f3318ed923f242ed10d404c3c0bec62eded2025110aaa5a229b0d8ac55148b52bfdc5104f3fe233c4c555c86e50bd5ddbd7110630872113d8fc8a53acf267cb7dad643b98c0d92d290c16aac8669a69f1de195a47f90ac84872c85ec3f421c1d214fdc2c4172fbb59756b257cc311d4fb3e03b4e9716dde7a3bf9b56f7f0fc150fb2ad9ece4f790c77ea6869b830db8a464660c97c3b2d1a9ee3d0dbdc8fd17bf996f606660a1ebd120c8a72955f6f53eadc83c289f7ad5380ec219af26190a9b2e53be3012211db07b906736fe0b5409333fa1c6abe3cb4577f7525a49eb73118b79dbd3ef77ed3aa6829efb0539e9ca58a392459118c3f979bf3542a705c59759f8961e04e66575a9a63d0e118b24527302674fb87350c98fabfee72db2aafdc2e76c4037a5a7aaf734b889f63b1687a55f26de861deed0f8eadb233ca55a00423bda87da77f5727ec74b6003d1468f7306ca49e62eaaf5dd87606d1158fc453676b802c36d000a94dd963aef1b1762bf64825493f00540eeb3b383cdd5dbdf9b2398a5fd370c77c8fd5da7d25b66db2e5a3ae70dc9b20282a8d9f1b1f325aee8ef50699ce6a45e55dc721a716a7103436f6c27ecf764a6726340cc7d0229128907b2d08357df008bb66b7f53b5430ab4d296d8e86138ab39f9508e389d421fef876d5180e40a5afae1b166bddbc471dd4439a8768de351153a333ba105afb712b940f5a701d57bff61f266c83c3d83f64f80b3aaab30879e8317772b4c033eeab74ad0310cc3f147509d23077a10a5ed4427cb0ca1825efb9cea99cb6eb1eadc0bd2b1729032caa76ed6e5ad90a371c40483f83aab63cec831cea29ca36079a761990a6d14ffb7362ac36c597345ea655c88c2ac1e8f9c171fa3e783a4461428cfb3c137c7b4ca95b72104402ab0b2f0a2541fc7101008021caa500f9ed9133f6af3fac13af3bf182c703f8c1be404c743364a74652e1627b4a0673b323d860005348356a750da1198df03dd51fe68163df0233e62d11afa4126eb8f15063f348ebf7acf7828b651c094d39cf142a785fc1e3103518df998079f7a64d59a5de13dab9a4a625f031abc63883296445d7f4fe2df6f7c3ae33e19111980d2d86cd7b57f92d5c75cac1705ba15827f55367e8c7df6b3fc513ae89aaae60e7a8b9c1ec8171742f9db29e09a98efd2b439098e6f5063ca3689ac8adcb17eea7228fc695b2288df9f200d750640e02ec1f5d37c0eb0527ebede8f633412f11e047108d1d19cc06854c887d0cfa89a22992cec744ead3adf2597adb471da5da99a2bf3eeca2a2e97bc838ecf4e7dad22552d4c1a0ab4d9296b30d1467999829888601b7b7f45fab77470c3f4bdef8f835295fcea835ac7745be83f8dc51bacd9b930998cafe3ee5b4ad99a1758e9f946f5f0359a6e76cc44827aaa5e2ab145c7c19f2b96d666ba17a8afe3d50b2211e4d5d8decd4d659791af08d2665a88e18b5ca9cd64311f65374e7dc69aaa9865cec4dd8c3f6d8e67f30d7396a56894f2b3c59f44bdebddfddbbe574b1c9a0167c1d2ec69e058718ea5264bf06313d639f5816b4cc3ce64f8649fb2890d7d4379ba28f61f4cea0fcc341027bf918c7d6b2c31ffe08bc7dfe15e41af26df0058196b2fa95e4cf89da861ebb2c423bb697408d48408f7470020ca11f03f1c8b5687ed4d0bf0f871c364dafb8b4bc09ef0195082cfd5aeb31522ee292267fc0ae5f3f6de72c5770442f218471187e297a57234ca67becb9d45928e29267ef6aec95bd7896b213be0cfaafe6b53dbb7c2a9f9981f0930a08d693707374193d6cf6a3d61acc6666ecd20da2046bfd79876725d44215cd8e401d1bb3fe2891a6a465e663289c4bf0b55555dc809697807c195287ad504111afee85ee01cc4c456393c30e3f56c2441db1ce14f68b7ef53bc14653d5c30cea78bf2bcf0042a65acc79c08d039dfeb9ba5aed4749f83f0a21f96c44c9295cdd4cc7de49490bc3ec54ba2ffeb81687d6c08bd92deb07c98c089e76694f7cbc7276310dfa23c14925ebcaa3c2841de127848aaca5753bd7a1ccd0941fa1549744c1bfaa204fb080051007f1fda46564be45f0593e0cdb8869c0efb04f767e6449714c4aa47e1cee1578b31c80c60b6dc0d79d724b726d6dbefd10c73f5037d5aec650e666782f92229346fcb4fc56c233b546693a23809880c705202c6c1c741e6b4c7d74f9009b4948705f5b0da1d465b3fc84517272117df86f3371f6322506eee43b0a8a1a381d1f1badc1e6b0a9e8090cb2ce05bc723ef087f03f1832102faa796348aff4c8dfa76cdf93a153bfd1b0c23846cf9d691c034a827647a07441cba0be523f2651d9a3b846588291fd43a633471f2072661a7593e56c48ac625694a06985136fc9932c1f1a9398060ab2098f1b506ed2d78a634f6a0be948da1e1dc400f6909dccbf86047c369f135955f5be82eb22bba998dcf6cab50da26e212c34164d58ff39886f4276733a0c5323d34bc2696f9a5f29dc1ff399c9069ae230d99a135a766f2664559fac000f476ccafcae961f2cdb9c11a4ec04e1e9b1bd6517655bcc59f0593f26348e139873f4528a6df1f6018ec4b39f93abf1898e9e4a0d1576e3da518c6a9e1cbc18a855e313d99421bfb7d5a437aea53fc279caa2beac7d36422ef9ef35946e0afb8e98fcf1b81b67a4ad6e4036dd4111b97ee1ffeedc76266f61341d71e9bdbb1293a12997118d3ee8c6a6cdf3063ff3a8d3b39d223c1148db6cc7c9ae389224c31af0701852c55010826505547262e066a4f07371255e2ba3053d93f433cc7d99d8028468fb1b5aeedf97feb8f249456ffbe0962dc3f7dbe6e6a7fe530cf572db85793ebd0561f145127b4226e5bbc5eff68ec964d145e63aa8c04af47fd287b7aa3e1f7cdd7f1f5f32282c06f8653100a754091c652cee46af31fba40392907a56a7f7adce45722754b3c138ff75aafc77d1f530ad3edc0ed426f787d02059b76f4a562bcc5887e441894e9d21cd7ce3fe571c440a401c4151ea68fb2463918684bd7fe927d6a0c6daafc0e455c0da277f9cf4397f3d04784ff6a6b096284ec38dd4a5fc732de8a880df3c7cb55ba3ed379a901dd21c074920d3c5e9a0c826b442cbcca9e4fa17055dabb851ae67ba56d33aaae98b9b7544d9621c62240614441686a145a96c1dc90c1130ee86ba142e1e19ce35174d4a7130a94ba70f4adbd75d3f96c964d3284e5cf11d9238694e2f3dec0def169a75511ea5a751417943dbfab888588031a4c90223338a6e8bbbd091b84be37dd41fad2bf1ae20732f04545a0d49c7af504fa9f0380ee27ec8a032e877c43bb40b9e6160dd2303bf62bfb74faba540f3069e766e0df3078b79e96042417b2fc5dfb30e4377fda42ccddd8c2b5b1218e2906f392cfdfc1dd739558b484222875e7392fab723eef728d3d4629b63ef8ea7712315f704aa46543229c8421c1eb301fa11c30a0d39ca8961745c332abe79b203dbbf1ed50b649ed08aa07ee57a69172b4c45ff3ce15cbfa96338ffc03c5304f34022b32998e9a345bf832616658dbbdfdb7efd29931a9c31cca7cf37b0efb2463601280e9c41e6f2f3af9aea61c2eabdbe951616af46246d2c591fbe0460a476bb07c613fa19c431eff8cc7e29bda6bbd4b9f6a6276756dc2583d3262136fed8b2ef451aba9069b88ef034f02b0dcf7b473641fe9b0be7f19435bc1724d99db540a0eca2f418bf7552a64619008686e9413736a8f272ea1321839e61be58aed53ef5267f7ee6096dce84d034677735d0e71e6b28920fa067a3ac233fefe0dcc0aae7ae886cde6cd3d05c3490948cbd7380073cfe9c7a66adf989029837db0b99ee635c58aa5b98065562a35f7eb8b9ce552d9987c03fd820671f5dfedea24fb7e216f5b021372d89d0d2c5f409bb80196b801959da2f11f2094d67cc02e8aba4786c4e39965876301f04426f55830bc99f56e4fdf83d0a1da7366b578446cd01b30c30de785dbddeb3ff93caa7900c19cb9469d2862e2fe875f67f7db3c329b474e0db3784ae217b0a339da15b38844959f39890c1b9eb459fdc2fdbc98fe0e7b994375f80c3652610d221c9f64b7403166f568404459203415d5ece6190b83ba2436a6a3360fe95e3c34bda453c2cce825ae6d4afe2150db2188229fc16d7857ae7467a1b00d8509a8c23e76ba3ec6b320bc4d18c1c311c8b1ff7e9d197934bf9ee052ff617f4500e4bda8dc80dbabe9831db49fcc729658280bdb578614928f7821b959597692dabaf5180863d15d2b2a94ad4b74a1b01fc7c36b572a12ca32f5284b3a02e613bba5b69867f14e2cd67727977f42fc9ea8c523ef0d90796d778be2bf052871d94be262be5c0ab720947b239122b27f71117b3bfc01dac834c4c7ebdf2bc3973df7b9c0ce4fb7fa2f533720a7e4220dffe12d97b5e911d8eba5a820234e2b8bcdee52ac681aea43d9f7cdfbad6a5b530917f3080262aaac22f1adc73509dc87771fc0ddb888c184c8cf5a8e991d19a4d1419c6e96d114404efadc775a17509aaa40df718bd37bb821ecbbce5d185f2f27c8656a358c109593d1c1eaec8ea4b9193c2c13908606870d483209707a2e02b15e3acad98d676d2f9a3ceb15a300634e7ea62b5253cbe32303762aabda545ff1cd9ceef4161530dc0ca6121a7a3141deb5e310cdb423024acba6c51213e16dc6ac4ccf3a1617aaed120b3db13d38c261f4d2fb1ada992d5ebf51235ec202ab774a40c150a88005354103d725a5958b1d7f3eda7c97b9dc5fecc55d89821ce2b8d1cd3581fdda7141b6171ab90c6c860fef25538c0d1ace72e013f7ffa71fcc6641550825ad86ba5f09bbdae23245393e48102fb27c626c48db374af097ecda0ed687b7b8f5bb5dcb16dc0d07e3003054757b77844a5958d5ee33668475b505f3a802dd2d23d18934ba2f31c66a4fb19134ea8109994351c6f9c72a2a30e7c4ed2e1219faa9928a42327fd9aca6891761ed92f86f2c4f33555449aa3513c4503e7007c8ca13c0443bd178decb5be8da69998fdb64ae55dce3fcc8f32adc3e430990b561ade62e57c1e9acf9c47392266eaa6af4abbaf1c394702fc0dc7eafcf1a8900ae52a0ef2bbdd6e10a7db8399585313f58c9b47ade315fd6b022994646aae442a932a6aa840f551511978b69309e5d87659d734b0648b9ddaf9afb080b2ed41315601d878745fec3d2fc2718f81748a414652f64a74fda2d4cfd95b2b74aba840d318d4496300fc61775b32e29d2c897550770efeab0023783f229f1ff12810c3061962345fd7d0e56b4af0083f446546bf71767aa8001b5dc9c22bd58c9853dede4b445664273c1fc3407b75fe4ae0bcaa2bb2d5a599cc018f7c64a5b59fe5c29c9846d9d2d32cca3c186ae6f911ee1929c46cbe130f79fd6f62b8b0fa2ce04c4687543e8aea5e7b482cf96578036a345e8b46d3b9ff3f21c73f3764484a87443811327205dd15c4563dce1fe4ec0b552011d83122f33018ce5d2172a62221f336fdfe457ebd771f02b54db25fc8df40f5d55a8f450b51a272579f92fddea2cc17bb41e391853f68fedd3be6a0001cf2d", 0x1000, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 11:01:10 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) sendfile(r3, r0, &(0x7f00000000c0)=0x6, 0x10) ftruncate(r1, 0xfdef) 11:01:10 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 20) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1500.471402] FAULT_INJECTION: forcing a failure. [ 1500.471402] name failslab, interval 1, probability 0, space 0, times 0 [ 1500.473377] CPU: 0 PID: 10270 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1500.474410] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1500.475642] Call Trace: [ 1500.476044] dump_stack+0x107/0x167 [ 1500.476593] should_fail.cold+0x5/0xa [ 1500.477169] ? create_object.isra.0+0x3a/0xa20 [ 1500.477852] should_failslab+0x5/0x20 [ 1500.478420] kmem_cache_alloc+0x5b/0x310 [ 1500.479039] create_object.isra.0+0x3a/0xa20 [ 1500.479711] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1500.480478] kmem_cache_alloc+0x159/0x310 [ 1500.481114] alloc_buffer_head+0x20/0x110 [ 1500.481733] alloc_page_buffers+0x14d/0x700 [ 1500.482407] create_empty_buffers+0x2c/0x640 [ 1500.483065] create_page_buffers+0x1bb/0x230 [ 1500.483726] __block_write_begin_int+0x1d1/0x19c0 [ 1500.484436] ? fat_add_cluster+0x100/0x100 [ 1500.485051] ? add_to_page_cache_locked+0x40/0x40 [ 1500.485752] ? __page_cache_alloc+0x10d/0x360 [ 1500.486409] ? remove_inode_buffers+0x300/0x300 [ 1500.487086] ? pagecache_get_page+0x243/0xc80 [ 1500.487743] ? unlock_page_memcg+0x96/0x170 [ 1500.488382] ? wait_for_stable_page+0x92/0xe0 [ 1500.489046] cont_write_begin+0x472/0x980 [ 1500.489662] ? fat_add_cluster+0x100/0x100 [ 1500.490282] ? nobh_write_begin+0xed0/0xed0 [ 1500.490912] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1500.491749] ? generic_write_end+0x20e/0x3f0 [ 1500.492389] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1500.493129] fat_write_begin+0x89/0x180 [ 1500.493712] ? fat_add_cluster+0x100/0x100 [ 1500.494335] generic_perform_write+0x20a/0x4f0 [ 1500.495005] ? fat_direct_IO+0x1ef/0x380 [ 1500.495603] ? page_cache_prev_miss+0x310/0x310 [ 1500.496297] __generic_file_write_iter+0x2cd/0x5d0 [ 1500.497015] generic_file_write_iter+0xdb/0x230 [ 1500.497699] do_iter_readv_writev+0x476/0x750 [ 1500.498361] ? new_sync_write+0x660/0x660 [ 1500.498964] ? avc_policy_seqno+0x9/0x70 [ 1500.499562] ? selinux_file_permission+0x92/0x520 [ 1500.500281] ? security_file_permission+0xb1/0xe0 [ 1500.501003] do_iter_write+0x191/0x700 [ 1500.501579] ? trace_hardirqs_on+0x5b/0x180 [ 1500.502221] vfs_iter_write+0x70/0xa0 [ 1500.502781] iter_file_splice_write+0x762/0xc30 [ 1500.503488] ? generic_splice_sendpage+0x140/0x140 [ 1500.504231] ? security_file_permission+0xb1/0xe0 [ 1500.504935] ? generic_splice_sendpage+0x140/0x140 [ 1500.505648] direct_splice_actor+0x10f/0x170 [ 1500.506296] splice_direct_to_actor+0x387/0x980 [ 1500.506988] ? pipe_to_sendpage+0x380/0x380 [ 1500.507632] ? do_splice_to+0x160/0x160 [ 1500.508209] ? security_file_permission+0xb1/0xe0 [ 1500.508914] do_splice_direct+0x1c4/0x290 [ 1500.509520] ? splice_direct_to_actor+0x980/0x980 [ 1500.510215] ? avc_policy_seqno+0x9/0x70 [ 1500.510815] ? security_file_permission+0xb1/0xe0 [ 1500.511535] do_sendfile+0x553/0x11e0 [ 1500.512106] ? do_pwritev+0x270/0x270 [ 1500.512674] ? wait_for_completion_io+0x270/0x270 [ 1500.513380] ? rcu_read_lock_any_held+0x75/0xa0 [ 1500.514060] ? vfs_write+0x354/0xb10 [ 1500.514620] __x64_sys_sendfile64+0x1d1/0x210 [ 1500.515278] ? __ia32_sys_sendfile+0x220/0x220 [ 1500.515961] do_syscall_64+0x33/0x40 [ 1500.516503] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1500.517241] RIP: 0033:0x7f24f4026b19 [ 1500.517781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1500.520426] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1500.521529] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1500.522558] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1500.523595] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1500.524626] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1500.525661] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 11:01:10 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) openat(r1, &(0x7f0000000300)='./file0\x00', 0x4022c0, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) futimesat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:01:10 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000028) [ 1500.584096] FAULT_INJECTION: forcing a failure. [ 1500.584096] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1500.586320] CPU: 0 PID: 10278 Comm: Not tainted 5.10.222 #1 [ 1500.587249] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1500.588486] Call Trace: [ 1500.588878] dump_stack+0x107/0x167 [ 1500.589419] should_fail.cold+0x5/0xa [ 1500.589995] _copy_from_user+0x2e/0x1b0 [ 1500.590585] comm_write+0xbf/0x2a0 [ 1500.591109] ? proc_pid_permission+0x300/0x300 [ 1500.591845] do_iter_write+0x4f0/0x700 [ 1500.592562] vfs_writev+0x1ae/0x620 [ 1500.593119] ? vfs_iter_write+0xa0/0xa0 [ 1500.593719] ? __fdget_pos+0xf1/0x190 [ 1500.594383] ? lock_downgrade+0x6d0/0x6d0 [ 1500.595148] ? ksys_write+0x12d/0x260 [ 1500.595834] ? __fget_files+0x2f8/0x520 [ 1500.596550] do_writev+0x139/0x300 [ 1500.597173] ? vfs_writev+0x620/0x620 [ 1500.597873] do_syscall_64+0x33/0x40 [ 1500.598524] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1500.599338] RIP: 0033:0x7fbbbec6fb19 [ 1500.599973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1500.602949] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1500.604190] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1500.605244] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1500.606299] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1500.607524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1500.608603] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1500.633225] EXT4-fs (loop3): VFS: Can't find ext4 filesystem [ 1500.713500] attempt to access beyond end of device [ 1500.713500] loop5: rw=2049, want=276, limit=128 [ 1500.718807] EXT4-fs (loop3): VFS: Can't find ext4 filesystem [ 1500.760626] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1500.808747] attempt to access beyond end of device [ 1500.808747] loop6: rw=0, want=147, limit=128 [ 1500.818307] attempt to access beyond end of device [ 1500.818307] loop4: rw=2049, want=276, limit=128 [ 1500.841276] attempt to access beyond end of device [ 1500.841276] loop6: rw=2049, want=276, limit=128 [ 1500.923059] attempt to access beyond end of device [ 1500.923059] loop4: rw=1, want=348, limit=128 11:01:24 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) openat(r1, &(0x7f0000000300)='./file0\x00', 0x4022c0, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) futimesat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:01:24 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000300)=0x0) r4 = fork() ptrace(0x10, r4) rt_sigqueueinfo(r4, 0x1d, &(0x7f0000003800)={0x31, 0x8000, 0x80000000}) r5 = fork() ptrace(0x10, r5) rt_sigqueueinfo(r5, 0x1d, &(0x7f0000003800)={0x31, 0x8000, 0x80000000}) clone3(&(0x7f0000000380)={0x107061b00, &(0x7f00000000c0), &(0x7f0000000180), &(0x7f00000001c0), {0x20}, &(0x7f0000000200)=""/13, 0xd, &(0x7f0000000280)=""/19, &(0x7f0000000340)=[0x0, r3, 0x0, r4, r5, 0xffffffffffffffff], 0x6, {r0}}, 0x58) 11:01:24 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000030) 11:01:24 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 36) 11:01:24 executing program 0: ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80087601, &(0x7f00000000c0)) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) openat(r3, &(0x7f0000000180)='./file0\x00', 0x115000, 0x56) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x100000001) ioctl$TCXONC(r4, 0x540a, 0x3) ftruncate(r0, 0xfdef) 11:01:25 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) write$binfmt_elf64(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="7f454c46f8000104010000000000000003003e0009000000c6020000000000004000000000000000bc0100000000000007000000060038000100010182ff03000000007002000000080000000000000003000000000000000100000001000000070000000000000068cd000000000000ff01000000000000c9980d88b2e03a0c022a1f4c2ef25d94014473b233bfe36c054831b62ee8a50000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e8ffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800"/1943], 0x797) sendfile(r0, r1, 0x0, 0x100000001) openat(r0, &(0x7f0000000000)='./file0\x00', 0x90000, 0x119) 11:01:25 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 21) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1514.951073] FAULT_INJECTION: forcing a failure. [ 1514.951073] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1514.952329] CPU: 1 PID: 10312 Comm: Not tainted 5.10.222 #1 [ 1514.952869] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1514.953649] Call Trace: [ 1514.953908] dump_stack+0x107/0x167 [ 1514.954256] should_fail.cold+0x5/0xa [ 1514.954626] _copy_from_user+0x2e/0x1b0 [ 1514.955009] comm_write+0xbf/0x2a0 [ 1514.955355] ? proc_pid_permission+0x300/0x300 [ 1514.955809] do_iter_write+0x4f0/0x700 [ 1514.956194] vfs_writev+0x1ae/0x620 [ 1514.956542] ? vfs_iter_write+0xa0/0xa0 [ 1514.956921] ? __fdget_pos+0xf1/0x190 [ 1514.957283] ? lock_downgrade+0x6d0/0x6d0 [ 1514.957683] ? ksys_write+0x12d/0x260 [ 1514.958048] ? __fget_files+0x2f8/0x520 [ 1514.958449] do_writev+0x139/0x300 [ 1514.958788] ? vfs_writev+0x620/0x620 [ 1514.959163] do_syscall_64+0x33/0x40 [ 1514.959516] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1514.960002] RIP: 0033:0x7fbbbec6fb19 [ 1514.960357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1514.962072] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1514.962790] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1514.963458] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1514.964137] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1514.964806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1514.965476] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:01:25 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x2000000000, 0x5, &(0x7f00000013c0)=[{&(0x7f0000000300)="43ef3a79350741d45e754ac2a36bd85dbedd07ee9648c1a60d3610959e5d49d463e705773df9a2c23a53aa7b27b266110ad72b7519f6882ab47733c1920ac99fe14563b4755a72e2a67510fbf8b80d570ceeacb568b1c088e14642b162f36e6446e92bed38b99288713b70c4a0f071452519cad814754d2ed90c7a82b2e48b5b711e84e94ad6658bc304ce4e62ca4054808c6a7a96cc1054490a1845776a23cf4eba547843d81dcf28e0dbbdd58d5f51002c3e21caadba82ef9488d9a9fbc4f83d7510ae5e8d1919da2bc5d4f9a4d84a4f13ef8ce86c9c9e2bf9845ded773415419cac47a983b8fe51f42ddf94c9a6ed45bd9faec9cc2987b1fbfc65a405b2df2b80823b4b71184f07ad3826377beea26a13dd258173dc87f68b454215d96b7b18904577ed75e72c38b945c9f0d9dfeb322f628c975c3ca3bd6e84596d78a8671129e0f595dae9e468849d1fc2457dfb534ae587badb83cf72db0f1903fb7c80f9d6f711370320918762752eb7733ade9154e9f7b3d73f7ed4257e5b3cabee93b91f23c6546ac097691568e58ee7f01b8f6d4b6f78c26d8cadf324bdb7a91cc4d5d8bd8f6074322f95344eb95f728a9372eac2772429d0bb77f2f8588e74b13d0d06fec4c6eafdc794f840cdaf0790d8730b1ca70a2c81557c720ec06c658fafd929d9dc519fc010e74a2f34eb1dbdbb6b9c0732d405ad0e7a22ae8b37fb5eef4a415ac71f240210c5164a9346871334d3c4832dd25a9d3d715a9b284bc0da42b06a5081447ac5e044f38c7d8bd183892ea76a2f21556bd2257be9d22ce0c3a2caf2c8e8e4943af03568e5cd7ad936789d7aad79a72ca34d6f1d4331c82eadc0eb8ec31b8efcb0e245bd9db284db593b5e00c48d5af9a92dc898f8148b00489ec597cb27f0559979d17fa1a50da2bcf95ae5943dbddc95750f9dd7faef5886d161f321c0c9eaa41401bdee1d76c50028b3818d264121fc1375d7e6b1accdd7d17d9dd8fb30b7b242f7e8b79949ffbad656d7de12391419d6d30f7af2b13b6301f6f7f4667e6fb844594ac0718badb9103b44a36fa962f30a1b0090a69e0eec0c76bf144b0bf1d4d6ef56df8418964c5e1c89632475daa6f1a54deff48e0b7f50aae373e2a7eb747868372e94cc240a29559ff738ede119f1d9c8517af4c0e6c526dbef14b2d954bcc7535a7e9cd2ce095f69a191b50e1bebeb32ce8ad22db962f81fb6f8ebc07caafaa8437aacb7d018d4c8b4448f6a83a66d8a00b38cf05772cca378b1034125e2e60e62e9ee6bec7acd282462842cf957e756d80f1eb60ace223bda2a17a6c1fdfaacbd9a3f6d54da1b467adc9b4dba17ef10d7f218f346faffab93c42961b38476eb059d24e7ac692567958bd2703687687643f344388373f6799d327dfaac83ec3bf409daa156f26f42666d29ebfc66387e08781aa7728fe8f9d304e3db91883f69b9ef1929a15ef638373975dcad4bc8e7ae6ef8c9d359641a4d290f72a13beae51b9ffb1fe3f25bc68b7d0f2840f0ea77f79bfa5cd3e4522f7c49d7aef2003b09fd3c98b27b52612e0ec41960e8cede75de9179fac1184bba31c1b5b81fe00236c51512e5618c277c39885389feee0496d08f3a87f981822449f8bf544bc89afa088c840f79851936d299076e144b5ed0e08ec9b10db66d961109f7be1d2ec0cd2353e9552fa749cfb58256bbf4311a3edd85c8ec2d3f69df6109d94b30ffd48dc35bcd712ea4fbc339edbdd38f7b1c6eff919e6c867201f18e86e16cea07060a1b51960131dd588ab75a0f126fbb20c336e4626072b8e690033057cd00fd24269b7e3d1bd02510751f1525e0ef0760251a66bdf1fb1ffcce3367f1271fa5348081f76eb3a02931432d863d2848754a65d8ccda5e21daea502d09edc76d9a3babe98348b36c0e29f69e25abcbb90d01cbb09c4a84bef112767919b6ed36d725bef9f728c658dda1aedfa69b5baac42ef12a532092360b6f9a5ee073c7016625332b9db345b14f21795d37d9d8452491eb75fc4c6bd5a061094a85735b2bdb9eb94e7c6097bb6d200f27c61712aa09608e58f680a2b827c7ffc8a043d366efd95eb88a3d990402071d24f0745cf29d8ad4404f4b24e3fa4874753c2fe3b6768a7f57edfd8ae7549a255412b2dac4d25dde193a08a0d0531933b4cf01d1106968dd5e7651b63b8efe616c9f7d12e4ef0efb18b3728316cfd0a4394976d96465f265c33f4d695b2086915a06d727ae871b7873c52ff12796a3ce76ab80e9ac35b13f6fb26d3151901c50be56f5e92ea5184423032bbb435407fdfa82013d53f877babacac5ece3b52a49afeef56439ffbfd32df2c1fb20bdf8efd7ee193d9794a949912572048492d1fb186d08b4b8ebde1dcf25fa862a037f9dc335e5cbd9802e8e270daec7bd36ce6fcd63e65b2a0a517c4bc87722b0072751d0dd7f37f3ac3f25a36adbe22edfa400871b2941c16b86aaedf311371a87265115e345bf258d989261c55fc5aafd311a0d7caa442e14466b0d219f0a4155eaab2f4bd1d009849f8131038f37471923ceb60b8af6022ba8456327637ff5a46d606a45ebad12b97dd257e625a02711930a91f71d055581d4f1f762acd3db5d1214173b73c12fb59137ca09c760cf80215a2985bdf0a5ccf8e723d112e0e9372020811523f5e752cbb4c2601ffbe053ca27122062f044b31e922078bcc10bdf845eb0a11615096d7f40ca9ba5612551012575151762b2e1f982166b8493de6fe3ff040535754ff396c7a018d9679553fa1ec36e009ed9da4cde2a72926db9cfad488984511c324fc94b74738fcfff52b507f76c3929fb219e6979c4fc12ee9e7a02e1fbe22ba8e69eb147a139c2873b018489eebc8ae4b6780e8fad3034650b077ba081d8d620cdcd95e76eb85b7861641272465d7bd96913f877b2a5475f0f18ec6ffadff0e6dc8960d0a1c06781fdc19151dea2de4b9c8ebe21a20b099b6f850846c1dad37bdf002bdff4ed932775836627ca1637938c93ab71d2a997b4e8b4d62a2b56ce5a0daa575d75874e6ee8988dbfff2808e5f64de46835e435cbb1f7047188f9c7563619e1d16ee117e19171de6488c8c59c24e5f306fa8cccf8c82077d1f6ffc39763206834839dd524fbc0a155faef631a6837bacbcbd31cbb9d50f4a0c4ab5497509507a9f05e7523e3195c377ee88a1cf223f63d356eaf8df8418df511a9d0bda56b2f8fecc881a4c099926fe9b09a1786046ed7412864c607d8c4b96fba950b12449f1b3e75ee6b337ad5df86dc03e071491881cd4f3362a0b335eff17e5028188fb7635395d4270310a007993ba05b6c867754e1d9daefa84fd775969ec76be42fef838068b607cc8a9385f10609e7c24a0d4d7eff2ee81221b2b1f89a1fbc330ec5ae010af1b1d8b76ae1b42259f902530d7ec0f47df2dc4803d3aaac3ac162c8a4cb8ed60c475fbb89fb8f8e4e482a2811437d42bd75f3a68819d84af77a2e5baffcce5a5c4d1a234afd8fe7a490904b443a4763870d441b41b779efd6b5e61cfa1aebc7b37086c5631503b5ef07b5e2b67f65b16a55a741c9fd4d93f1f79b32ee92e39794018e1eb7a20d735cb2b627819b1480a6f087bf9e98a55fff8eae4ea476b0a8bdb8c0259c32b90d937057f16e12adac2fbe187c035930a30f53aabcbe8bee2e90bb17a7aba1291a7a72c682087b5f658373a186f19beac4e487fa1ecd188ea46016f02cd8c53121837de3f2bf9cb4b5cec10f482b145ec826d6b558327c05da78904d2493f90f737388d02c857854486900c9c42764c0a50835836323af3e28757bb46d9ae27588f8d64f20e947d797717bcd68024bd6620a2d4856080630116a32f85acd53300fde840edacc82a6650f4401f04d75535d41b23ae7a8b9c295d26fa6d1da40df81d4cc03cb852fff219365688a36eb0eca0c262197b324607d93fbc685a652c6123015dd8e39e81fb08f5c2105efaea2d10abfd31f5c0539e9a4a2b028149887087a67c6681a7059cc645b09b5c661de0da5e3055e9b5f7023cf12d775b38242babf0176a1faf3fa9dbc88fda59dbc4bf9d71fddf611f543e109430d3376db4b84db6b8b68f50f41f26b67efb4e54780c62c95c2830dfd12a221023ce428b1f162a89820cdb7910c6f3c184382148477609b8c18878fd90d29706d1006aa1b7d477f2adfc7046acbc0a0610075bbfab8058819181dcb8be230803df3dc063ea36aaf8d9f3e0661eef351e04acc7856a386065ffa7c53aa0bc6ed4fcc1292d489cd8c9717e7fc6bd20297ad564405486569ae4088aeb8aaa485ed19433794a89613050b68f221f286c5795d13364f32db31661df287a24e9f7e9dbd8d5e708d8b07437bfdaa806b027e9546629a0a1759a368c0f7e8bdf2df8d885ebe6184c18305370d3dea206ccaca16ce155bc6bbdd0111da787654a173001633b25a336533dd8a8e9f4ba7b448ab2fa7ab8e475f912575ead29003accc1b3b4b1389b930efa5b8feaa2c8d8be79f55133684873195bba94161397e403e585400b55354de59a5bf9d2a54c0ee243d9ef1d2620e2102ef3e919d11730205b58584e9fb93891346aae8300849a351135203bbd7cec6db57207e4eae8732754cbb77b6ff25aad2a9607eef47a1e7a31b3961d89c3e1835de16f698e0ac23d093a7a0e2d9a728f7a49223bb3c1c528c1a0de5f092577eef6dab7786355a233d5c28848b5c8d57380c43d050eae16fa1cf8e7b429c383d0f316d52c0fe9acee156dbd7f89c81b3d11c383b309eba9832be0f5c2bc22c09f08226ca73a5755757d99423f437f279df3e7ea4d63efcfbf33913474990e96c4d528e1aebc0509663ea7c3a677faea364ca0f1a8c82b917445324b5b3d9f2d3a048721c5ab4e153ecc5adfbf73ce2239006df785438af31c3801314012cf44fd153437c2628f95eaa70377611b0581f1646d048d5ab45eadd513a61ef75648899543915501fbd2febd1da7e997d5adcc3eefa41800000000066af6410d7ccdc3bdf189d9733cab56b1b7bd5edf023cef15a078764a94a77e471f5a8159ed4602e7fbeaa4186c7fe830d5801c1f7d1fbe99ffb4ab68d9749178f3c725003b230de3e6c3d4da495ed358f1f5b8ed470c20b9cc9843abc6a6cd17804321bfee5e71d7f5cc0127d197bd44f3ef0cc2fb01129e9e9485f1d1fd75294bf6ac31cf68d8ebd9497fb1dd136a85a4469ceab465c712c788d9c7991f7a1a6ba1d747490cd8bc46b2b5315f831ded472960846cd8b0703497598a5cdb1e317379a75d8d856af077a20ac1d0393c256bdf7c024a1e057efa9d92232dab4c66e3591272d5ce2e2c7cddc4209da17e3045910ea458c30a2d9d8571105189d4eeba9a5532e5153e441ddaaa4ce41e4110321aef0976d2f5b7bfecbd108386765b864b52682fb7c43f15722eef30a0c4e38fb1126bd30eba598d8ab502d69f5dea3a828e8a6d868eeb38b2a1812d51113d890bdad53091d49f93ebf0c96d307f37276ad85da3ebd5b84ee8b39086ff0f7f7cdedbda022926164e6e03b007819e60cc326dc8cafa317fc053cd57a2a05c8e5ec3e5931c86e14c418b8d5584555c104e79ba2daee17ad5c0de82e6b080d393ddff82da6e1e38d8a5f3a0caaf0d02a7b562568247f08bba5bde1a757b52adca543418bf7ffa2c9557dd17886b22688f94937d7ffa346b796eba4cd5c4521fd5658a2df7abb76cda21864402c86147f62b3fc74b555a6bd2592f09c652ace5028dd7c469ca06ead982331976a7b3cdb4de5443ef676e684942a2f8e511b4c6892acb38779c578a36bebb6", 0x1017, 0x5}, {&(0x7f0000000140)="1b286c8e79c150dec288a268cae5530731c13de0edb90d70ba16eaed54ab90336c809b4e4a9dd48ceda373453817ca3f53e965f3dc548f4fa3f6548445dee81b9bdf18a7a9f60aaf5ec4acf5212e85e123555c4b5ae49ec404bfe2d22cc7bfb7e727f92c1225a15b61cf6494b8a6c5b71879e1462b6451f1fb1ebe8b639b0eada103c96f651e4af5cb0b85ae23ec2860", 0x90, 0xffffffffffff9702}, {&(0x7f00000000c0)="08be9c0f075e82848e5f5eed78ee49bc5a80cc6317e21e5c14722f23871e5e54e7c7b774cd167048473a39ce6c7939", 0x2f, 0x4}, {&(0x7f0000000200)="42415ca9069a2b9669170de588c352551ef2507628b8d04f9bfe3e929845a669e0d7ced52d6d4d626805e1bb9d24d4e1e35ca83f70482dbfa7760e85770e7b61b49d31", 0x43, 0x2}, {&(0x7f0000001440)="8ef95b5f1390c42f96b8158957cefe57cd3e2304eecba9c59ca05ef5dcdaaaf07c8065d6e5e236cdacb13d960061d27ddafa41590f044d42ceb5008b2da2d3c4d7aec9ca2dc4390e6fc9dd1795f4e504577c643b3117760c636168f7a36c882a197308000000000000002a048eae824e68fb6b41265cd1c9042a30cc849f952fb04f3dcaf28a983cf8e0c3972accf7edaadb693926f199527716c2d0349f7e5f686806f2d1350970801852f3266b8e24a7b0a173f753aaa88a03371440034e9c59294b58d58859", 0xc7}], 0x100005, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(r0, &(0x7f0000000280)='./file0\x00', 0x105142, 0x50) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) ftruncate(r1, 0xfdef) [ 1515.052284] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1515.055950] FAULT_INJECTION: forcing a failure. [ 1515.055950] name failslab, interval 1, probability 0, space 0, times 0 [ 1515.057284] CPU: 1 PID: 10328 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1515.057911] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1515.058669] Call Trace: [ 1515.058923] dump_stack+0x107/0x167 [ 1515.059262] should_fail.cold+0x5/0xa [ 1515.059615] ? mark_lock+0xf5/0x2df0 [ 1515.059974] ? create_object.isra.0+0x3a/0xa20 [ 1515.060397] should_failslab+0x5/0x20 [ 1515.060746] kmem_cache_alloc+0x5b/0x310 [ 1515.061121] ? lock_chain_count+0x20/0x20 [ 1515.061507] create_object.isra.0+0x3a/0xa20 [ 1515.061908] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1515.062378] kmem_cache_alloc+0x159/0x310 [ 1515.062769] ? mempool_free_pages+0x20/0x20 [ 1515.063163] mempool_alloc+0x148/0x360 [ 1515.063529] ? mempool_resize+0x7d0/0x7d0 [ 1515.063922] ? mark_lock+0xf5/0x2df0 [ 1515.064270] ? perf_trace_lock+0xac/0x490 [ 1515.064662] __sg_alloc_table+0x24e/0x390 [ 1515.065045] sg_alloc_table_chained+0x9b/0x1f0 [ 1515.065458] ? sg_alloc_table_chained+0x1f0/0x1f0 [ 1515.065909] scsi_alloc_sgtables+0x236/0xaf0 [ 1515.066311] ? scsi_cmd_runtime_exceeced+0x1d0/0x1d0 [ 1515.066769] ? lockdep_init_map_type+0x2c7/0x780 [ 1515.067212] sd_init_command+0x516/0x3550 [ 1515.067599] scsi_queue_rq+0xe5e/0x27f0 [ 1515.067978] blk_mq_dispatch_rq_list+0x372/0x1c40 [ 1515.068430] ? elv_rb_del+0x50/0xa0 [ 1515.068761] ? elv_rqhash_del+0x119/0x160 [ 1515.069136] ? blk_mq_dequeue_from_ctx+0x7f0/0x7f0 [ 1515.069580] ? dd_dispatch_request+0x1c0/0x990 [ 1515.070000] blk_mq_do_dispatch_sched+0x7f4/0xa00 [ 1515.070449] ? blk_mq_sched_mark_restart_hctx+0x80/0x80 [ 1515.070929] ? lock_acquire+0x197/0x470 [ 1515.071290] ? hctx_lock+0x7f/0x200 [ 1515.071630] __blk_mq_sched_dispatch_requests+0x2d7/0x450 [ 1515.072131] ? blk_mq_do_dispatch_sched+0xa00/0xa00 [ 1515.072593] blk_mq_sched_dispatch_requests+0xfb/0x180 [ 1515.073067] __blk_mq_run_hw_queue+0x12c/0x290 [ 1515.073479] ? blk_mq_start_request+0x3f0/0x3f0 [ 1515.073903] ? do_raw_spin_lock+0x121/0x260 [ 1515.074300] __blk_mq_delay_run_hw_queue+0x4f1/0x550 [ 1515.074766] blk_mq_run_hw_queue+0x170/0x2f0 [ 1515.075166] ? blk_mq_delay_run_hw_queues+0x1a0/0x1a0 [ 1515.075640] ? dd_dispatch_request+0x990/0x990 [ 1515.076063] blk_mq_sched_insert_requests+0x247/0x720 [ 1515.076537] blk_mq_flush_plug_list+0x415/0x6c0 [ 1515.076961] ? blk_mq_insert_requests+0x450/0x450 [ 1515.077410] blk_flush_plug_list+0x26c/0x3c0 [ 1515.077809] ? up_write+0x191/0x550 [ 1515.078144] ? blk_insert_cloned_request+0x450/0x450 [ 1515.078607] ? down_write_killable+0x180/0x180 [ 1515.079030] blk_finish_plug+0x50/0xa0 [ 1515.079386] ext4_writepages+0x22e6/0x3350 [ 1515.079818] ? __ext4_mark_inode_dirty+0x770/0x770 [ 1515.080264] ? __is_insn_slot_addr+0x14c/0x290 [ 1515.080684] ? __kernel_text_address+0x9/0x40 [ 1515.081092] ? unwind_get_return_address+0x55/0xa0 [ 1515.081537] ? create_prof_cpu_mask+0x20/0x20 [ 1515.081974] ? kasan_save_stack+0x32/0x40 [ 1515.082350] ? kasan_save_stack+0x1b/0x40 [ 1515.082724] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1515.083187] ? __ext4_mark_inode_dirty+0x770/0x770 [ 1515.083625] do_writepages+0xee/0x2a0 [ 1515.083979] ? page_writeback_cpu_online+0x20/0x20 [ 1515.084419] ? lock_acquire+0x197/0x470 [ 1515.084779] ? create_object.isra.0+0x3ad/0xa20 [ 1515.085204] ? lock_release+0x680/0x680 [ 1515.085560] ? find_held_lock+0x2c/0x110 [ 1515.085932] __filemap_fdatawrite_range+0x24b/0x2f0 [ 1515.086383] ? delete_from_page_cache_batch+0xa30/0xa30 [ 1515.086863] ? mark_held_locks+0x9e/0xe0 [ 1515.087234] ? trace_hardirqs_on+0x5b/0x180 [ 1515.087628] filemap_write_and_wait_range+0x65/0x100 [ 1515.088089] __iomap_dio_rw+0x552/0x1110 [ 1515.088469] ? iomap_dio_bio_actor+0xef0/0xef0 [ 1515.088881] ? ext4_orphan_add+0x253/0x9e0 [ 1515.089265] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 1515.089709] ? ext4_empty_dir+0xae0/0xae0 [ 1515.090082] ? jbd2__journal_start+0xf3/0x7e0 [ 1515.090494] iomap_dio_rw+0x31/0x90 [ 1515.090830] ext4_file_write_iter+0xb26/0x18d0 [ 1515.091249] ? ext4_file_read_iter+0x4c0/0x4c0 [ 1515.091658] ? kasan_save_stack+0x32/0x40 [ 1515.092040] ? kasan_save_stack+0x1b/0x40 [ 1515.092412] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1515.092866] ? iter_file_splice_write+0x16d/0xc30 [ 1515.093302] ? direct_splice_actor+0x10f/0x170 [ 1515.093713] ? splice_direct_to_actor+0x387/0x980 [ 1515.094145] ? do_splice_direct+0x1c4/0x290 [ 1515.094534] ? do_sendfile+0x553/0x11e0 [ 1515.094893] ? __x64_sys_sendfile64+0x1d1/0x210 [ 1515.095307] ? do_syscall_64+0x33/0x40 [ 1515.095654] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1515.096152] do_iter_readv_writev+0x476/0x750 [ 1515.096561] ? new_sync_write+0x660/0x660 [ 1515.096934] ? avc_policy_seqno+0x9/0x70 [ 1515.097300] ? selinux_file_permission+0x92/0x520 [ 1515.097740] ? security_file_permission+0xb1/0xe0 [ 1515.098186] do_iter_write+0x191/0x700 [ 1515.098543] ? trace_hardirqs_on+0x5b/0x180 [ 1515.098940] vfs_iter_write+0x70/0xa0 [ 1515.099284] iter_file_splice_write+0x762/0xc30 [ 1515.099719] ? generic_splice_sendpage+0x140/0x140 [ 1515.100175] ? security_file_permission+0xb1/0xe0 [ 1515.100606] ? generic_splice_sendpage+0x140/0x140 [ 1515.101046] direct_splice_actor+0x10f/0x170 [ 1515.101446] splice_direct_to_actor+0x387/0x980 [ 1515.101864] ? pipe_to_sendpage+0x380/0x380 [ 1515.102255] ? do_splice_to+0x160/0x160 [ 1515.102616] ? security_file_permission+0xb1/0xe0 [ 1515.103055] do_splice_direct+0x1c4/0x290 [ 1515.103429] ? splice_direct_to_actor+0x980/0x980 [ 1515.103868] ? avc_policy_seqno+0x9/0x70 [ 1515.104239] ? security_file_permission+0xb1/0xe0 [ 1515.104679] do_sendfile+0x553/0x11e0 [ 1515.105033] ? do_pwritev+0x270/0x270 [ 1515.105379] ? wait_for_completion_io+0x270/0x270 [ 1515.105811] ? rcu_read_lock_any_held+0x75/0xa0 [ 1515.106229] ? vfs_write+0x354/0xb10 [ 1515.106571] __x64_sys_sendfile64+0x1d1/0x210 [ 1515.106975] ? __ia32_sys_sendfile+0x220/0x220 [ 1515.107393] do_syscall_64+0x33/0x40 [ 1515.107740] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1515.108195] RIP: 0033:0x7f24f4026b19 [ 1515.108528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1515.110137] RSP: 002b:00007f24f157b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1515.110809] RAX: ffffffffffffffda RBX: 00007f24f413a020 RCX: 00007f24f4026b19 [ 1515.111435] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 1515.112069] RBP: 00007f24f157b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1515.112698] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1515.113324] R13: 00007ffc75df54bf R14: 00007f24f157b300 R15: 0000000000022000 [ 1515.121001] attempt to access beyond end of device [ 1515.121001] loop1: rw=2049, want=276, limit=128 [ 1515.137677] attempt to access beyond end of device [ 1515.137677] loop1: rw=0, want=147, limit=128 11:01:25 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0xffffffffffffffff}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:01:25 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) accept4(r1, 0x0, &(0x7f0000000140), 0x1000) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000000)='huget\xa3bfs\x00', 0x0, r0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1515.232884] FAT-fs (loop6): bogus number of reserved sectors [ 1515.233804] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1515.251880] attempt to access beyond end of device [ 1515.251880] loop4: rw=2049, want=276, limit=128 11:01:25 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 22) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1515.331965] attempt to access beyond end of device [ 1515.331965] loop1: rw=2049, want=404, limit=128 11:01:25 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) openat(r1, &(0x7f0000000300)='./file0\x00', 0x4022c0, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) futimesat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)) sendfile(r2, r3, 0x0, 0x20d315) [ 1515.350974] attempt to access beyond end of device [ 1515.350974] loop4: rw=1, want=348, limit=128 [ 1515.363914] FAULT_INJECTION: forcing a failure. [ 1515.363914] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1515.366534] CPU: 0 PID: 10351 Comm: Not tainted 5.10.222 #1 [ 1515.367359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1515.368584] Call Trace: [ 1515.368965] dump_stack+0x107/0x167 [ 1515.369488] should_fail.cold+0x5/0xa [ 1515.370042] _copy_from_user+0x2e/0x1b0 [ 1515.370611] comm_write+0xbf/0x2a0 [ 1515.371121] ? proc_pid_permission+0x300/0x300 [ 1515.371795] do_iter_write+0x4f0/0x700 [ 1515.372371] vfs_writev+0x1ae/0x620 [ 1515.372887] ? vfs_iter_write+0xa0/0xa0 [ 1515.373485] ? __fdget_pos+0xf1/0x190 [ 1515.374027] ? lock_downgrade+0x6d0/0x6d0 [ 1515.374656] ? ksys_write+0x12d/0x260 [ 1515.375210] ? __fget_files+0x2f8/0x520 [ 1515.375837] do_writev+0x139/0x300 [ 1515.376347] ? vfs_writev+0x620/0x620 [ 1515.376934] do_syscall_64+0x33/0x40 [ 1515.377466] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1515.378221] RIP: 0033:0x7fbbbec6fb19 [ 1515.378746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1515.381456] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1515.382530] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1515.383585] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1515.384645] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1515.385694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1515.386749] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1515.443452] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1515.515463] FAT-fs (loop6): bogus number of reserved sectors [ 1515.516403] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1515.529515] syz-executor.5 (10328) used greatest stack depth: 22656 bytes left 11:01:39 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) openat(r1, &(0x7f0000000300)='./file0\x00', 0x4022c0, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) futimesat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)) sendfile(r2, r3, 0x0, 0x20d315) 11:01:39 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1, {0xff}}, './file0\x00'}) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ftruncate(r2, 0xfdef) 11:01:39 executing program 3: r0 = fork() ptrace(0x10, r0) rt_sigqueueinfo(r0, 0x1d, &(0x7f0000003800)={0x37, 0x8000, 0x80000000}) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x5, 0x30604, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0x0, 0xffffffffffffffff, 0x2) fork() r1 = fsopen(&(0x7f0000000040)='bdev\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000000)='bdev\x00', 0x2, 0xffffffffffffffff) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = fcntl$dupfd(r2, 0x203, r2) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000006e80)={&(0x7f0000006ec0)={0x34, 0x0, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @ETHTOOL_A_FEATURES_WANTED={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x10}]}]}, 0x95}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'ip6tnl0\x00', r5, 0x4, 0x81, 0x2, 0x40, 0x20, @private0, @private2, 0x700, 0xf000, 0x10000, 0x8}}) 11:01:39 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 23) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:01:39 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200), 0x608000, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) perf_event_open$cgroup(&(0x7f0000000180)={0x5, 0x80, 0x5f, 0x7f, 0x5, 0x0, 0x0, 0x85, 0x8000, 0x9, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x6, 0x2, @perf_bp={&(0x7f00000000c0), 0xb}, 0x9200, 0x2, 0x9, 0x8, 0x7f, 0x9, 0x2, 0x0, 0xffffff11, 0x0, 0x5}, r2, 0x2, r4, 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r5, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:01:39 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000180)=[{&(0x7f00000001c0)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0xfffffffffffffffd}, {0x0, 0x0, 0x8000}], 0x21f000, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) mkdirat(r1, &(0x7f00000000c0)='./file0\x00', 0x24) 11:01:39 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000038) 11:01:39 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 37) [ 1529.758626] FAULT_INJECTION: forcing a failure. [ 1529.758626] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1529.760519] CPU: 1 PID: 10381 Comm: Not tainted 5.10.222 #1 [ 1529.761360] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1529.762520] Call Trace: [ 1529.762909] dump_stack+0x107/0x167 [ 1529.763432] should_fail.cold+0x5/0xa [ 1529.763996] _copy_from_user+0x2e/0x1b0 [ 1529.764576] comm_write+0xbf/0x2a0 [ 1529.765090] ? proc_pid_permission+0x300/0x300 [ 1529.765762] do_iter_write+0x4f0/0x700 [ 1529.766340] vfs_writev+0x1ae/0x620 [ 1529.766865] ? vfs_iter_write+0xa0/0xa0 [ 1529.767454] ? __fdget_pos+0xf1/0x190 [ 1529.768014] ? lock_downgrade+0x6d0/0x6d0 [ 1529.768614] ? ksys_write+0x12d/0x260 [ 1529.769166] ? __fget_files+0x2f8/0x520 [ 1529.769756] do_writev+0x139/0x300 [ 1529.770268] ? vfs_writev+0x620/0x620 [ 1529.770826] do_syscall_64+0x33/0x40 [ 1529.771356] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1529.772087] RIP: 0033:0x7fbbbec6fb19 [ 1529.772639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1529.775222] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1529.776300] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1529.777302] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1529.778308] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1529.779310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1529.780327] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1529.849653] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue 11:01:40 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 24) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1529.967509] attempt to access beyond end of device [ 1529.967509] loop6: rw=2049, want=276, limit=128 [ 1529.972566] FAULT_INJECTION: forcing a failure. [ 1529.972566] name failslab, interval 1, probability 0, space 0, times 0 [ 1529.974186] CPU: 1 PID: 10383 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1529.975153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1529.976321] Call Trace: [ 1529.976717] dump_stack+0x107/0x167 [ 1529.977240] should_fail.cold+0x5/0xa [ 1529.977784] ? create_object.isra.0+0x3a/0xa20 [ 1529.978440] should_failslab+0x5/0x20 [ 1529.978979] kmem_cache_alloc+0x5b/0x310 [ 1529.979564] create_object.isra.0+0x3a/0xa20 [ 1529.980195] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1529.980925] kmem_cache_alloc+0x159/0x310 [ 1529.981545] alloc_buffer_head+0x20/0x110 [ 1529.982134] alloc_page_buffers+0x14d/0x700 [ 1529.982754] create_empty_buffers+0x2c/0x640 [ 1529.983388] create_page_buffers+0x1bb/0x230 [ 1529.984027] __block_write_begin_int+0x1d1/0x19c0 [ 1529.984714] ? fat_add_cluster+0x100/0x100 [ 1529.985317] ? add_to_page_cache_locked+0x40/0x40 [ 1529.986004] ? __page_cache_alloc+0x10d/0x360 [ 1529.986643] ? remove_inode_buffers+0x300/0x300 [ 1529.987301] ? pagecache_get_page+0x243/0xc80 [ 1529.987965] ? unlock_page_memcg+0x96/0x170 [ 1529.988585] ? wait_for_stable_page+0x92/0xe0 [ 1529.989225] cont_write_begin+0x472/0x980 [ 1529.989834] ? fat_add_cluster+0x100/0x100 [ 1529.990434] ? nobh_write_begin+0xed0/0xed0 [ 1529.991049] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1529.991866] ? generic_write_end+0x20e/0x3f0 [ 1529.992497] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1529.993223] fat_write_begin+0x89/0x180 [ 1529.993805] ? fat_add_cluster+0x100/0x100 [ 1529.994409] generic_perform_write+0x20a/0x4f0 [ 1529.995163] ? fat_direct_IO+0x1ef/0x380 [ 1529.995765] attempt to access beyond end of device [ 1529.995765] loop6: rw=34817, want=148, limit=128 [ 1529.995781] ? page_cache_prev_miss+0x310/0x310 [ 1529.995825] __generic_file_write_iter+0x2cd/0x5d0 [ 1529.997981] attempt to access beyond end of device [ 1529.997981] loop6: rw=0, want=147, limit=128 [ 1529.999982] generic_file_write_iter+0xdb/0x230 [ 1530.000670] do_iter_readv_writev+0x476/0x750 [ 1530.001330] ? new_sync_write+0x660/0x660 [ 1530.001932] ? avc_policy_seqno+0x9/0x70 [ 1530.002521] ? selinux_file_permission+0x92/0x520 [ 1530.003219] ? security_file_permission+0xb1/0xe0 [ 1530.003927] do_iter_write+0x191/0x700 [ 1530.004497] ? trace_hardirqs_on+0x5b/0x180 [ 1530.005132] vfs_iter_write+0x70/0xa0 [ 1530.005675] iter_file_splice_write+0x762/0xc30 [ 1530.006369] ? generic_splice_sendpage+0x140/0x140 [ 1530.007086] ? security_file_permission+0xb1/0xe0 [ 1530.007791] ? generic_splice_sendpage+0x140/0x140 [ 1530.008503] direct_splice_actor+0x10f/0x170 [ 1530.009131] splice_direct_to_actor+0x387/0x980 [ 1530.009815] ? pipe_to_sendpage+0x380/0x380 [ 1530.010447] ? do_splice_to+0x160/0x160 [ 1530.011030] ? security_file_permission+0xb1/0xe0 [ 1530.011719] do_splice_direct+0x1c4/0x290 [ 1530.012332] ? splice_direct_to_actor+0x980/0x980 [ 1530.013023] ? avc_policy_seqno+0x9/0x70 [ 1530.013627] ? security_file_permission+0xb1/0xe0 [ 1530.014336] do_sendfile+0x553/0x11e0 [ 1530.014909] ? do_pwritev+0x270/0x270 [ 1530.015461] ? setup_APIC_eilvt+0x2f0/0x2f0 [ 1530.016101] ? tick_program_event+0xa8/0x140 [ 1530.016757] __x64_sys_sendfile64+0x1d1/0x210 [ 1530.017414] ? __ia32_sys_sendfile+0x220/0x220 [ 1530.017505] attempt to access beyond end of device [ 1530.017505] loop6: rw=2049, want=332, limit=128 [ 1530.018068] do_syscall_64+0x33/0x40 [ 1530.020122] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1530.020864] RIP: 0033:0x7f24f4026b19 [ 1530.021405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1530.024036] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1530.025136] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1530.026166] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1530.027194] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1530.028227] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1530.029258] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1530.052329] attempt to access beyond end of device [ 1530.052329] loop4: rw=2049, want=276, limit=128 [ 1530.079109] FAULT_INJECTION: forcing a failure. [ 1530.079109] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1530.081112] CPU: 0 PID: 10408 Comm: Not tainted 5.10.222 #1 [ 1530.081935] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1530.083191] Call Trace: [ 1530.083681] dump_stack+0x107/0x167 [ 1530.084325] should_fail.cold+0x5/0xa [ 1530.084889] _copy_from_user+0x2e/0x1b0 [ 1530.085494] comm_write+0xbf/0x2a0 [ 1530.086026] ? proc_pid_permission+0x300/0x300 [ 1530.086727] do_iter_write+0x4f0/0x700 [ 1530.087326] vfs_writev+0x1ae/0x620 [ 1530.087872] ? vfs_iter_write+0xa0/0xa0 [ 1530.088474] ? __fdget_pos+0xf1/0x190 [ 1530.089042] ? lock_downgrade+0x6d0/0x6d0 [ 1530.089711] ? ksys_write+0x12d/0x260 [ 1530.090302] ? __fget_files+0x2f8/0x520 [ 1530.091087] do_writev+0x139/0x300 [ 1530.091744] ? vfs_writev+0x620/0x620 [ 1530.092453] do_syscall_64+0x33/0x40 [ 1530.093094] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1530.094053] RIP: 0033:0x7fbbbec6fb19 [ 1530.094621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1530.097618] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1530.098910] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1530.100195] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1530.101239] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1530.102292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1530.103335] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:01:40 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) openat(r3, &(0x7f00000000c0)='./file0/file0\x00', 0x2000, 0x40) ftruncate(r0, 0xfdef) [ 1530.207850] attempt to access beyond end of device [ 1530.207850] loop5: rw=2049, want=276, limit=128 [ 1530.285504] attempt to access beyond end of device [ 1530.285504] loop4: rw=1, want=356, limit=128 11:01:40 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000048) 11:01:40 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ioctl$TIOCSLCKTRMIOS(r1, 0x5457, &(0x7f00000000c0)) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:01:40 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x7fff) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x3) 11:01:40 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) openat(r1, &(0x7f0000000300)='./file0\x00', 0x4022c0, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) futimesat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)) sendfile(r2, r3, 0x0, 0x20d315) 11:01:40 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 38) [ 1530.408760] attempt to access beyond end of device [ 1530.408760] loop6: rw=2049, want=276, limit=128 [ 1530.412983] attempt to access beyond end of device [ 1530.412983] loop6: rw=34817, want=148, limit=128 [ 1530.415560] attempt to access beyond end of device [ 1530.415560] loop6: rw=0, want=147, limit=128 11:01:40 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 25) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1530.443124] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue 11:01:40 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) openat(r2, &(0x7f00000000c0)='./file0\x00', 0x6e242, 0x148) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) syz_io_uring_setup(0x4c65, &(0x7f0000000380)={0x0, 0x7c05, 0x20, 0x1, 0x51, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000280)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000400)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x1, 0x0, @fd_index=0x4, 0x800, 0x0, 0x8, 0x6, 0x0, {0x0, r5}}, 0x6) sendfile(r2, r3, 0x0, 0x100000001) ftruncate(r1, 0xfdef) mount$cgroup(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x40022, &(0x7f0000000300)={[{@cpuset_v2_mode}, {@noprefix}], [{@obj_role={'obj_role', 0x3d, '!*-'}}, {@euid_lt}, {@obj_type={'obj_type', 0x3d, 'vfat\x00'}}]}) [ 1530.532096] Buffer I/O error on dev loop6, logical block 402, lost async page write [ 1530.618051] FAULT_INJECTION: forcing a failure. [ 1530.618051] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1530.619998] CPU: 0 PID: 10442 Comm: Not tainted 5.10.222 #1 [ 1530.620850] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1530.622057] Call Trace: [ 1530.622456] dump_stack+0x107/0x167 [ 1530.623000] should_fail.cold+0x5/0xa [ 1530.623577] _copy_from_user+0x2e/0x1b0 [ 1530.624187] comm_write+0xbf/0x2a0 [ 1530.624716] ? proc_pid_permission+0x300/0x300 [ 1530.625416] do_iter_write+0x4f0/0x700 [ 1530.626009] vfs_writev+0x1ae/0x620 [ 1530.626544] ? vfs_iter_write+0xa0/0xa0 [ 1530.627128] ? __fdget_pos+0xf1/0x190 [ 1530.627685] ? lock_downgrade+0x6d0/0x6d0 [ 1530.628301] ? ksys_write+0x12d/0x260 [ 1530.628864] ? __fget_files+0x2f8/0x520 [ 1530.629482] do_writev+0x139/0x300 [ 1530.630008] ? vfs_writev+0x620/0x620 [ 1530.630590] do_syscall_64+0x33/0x40 [ 1530.631140] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1530.631878] RIP: 0033:0x7fbbbec6fb19 [ 1530.632432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1530.635097] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1530.636216] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1530.637256] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1530.638292] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1530.639335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1530.640390] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1530.665224] FAULT_INJECTION: forcing a failure. [ 1530.665224] name failslab, interval 1, probability 0, space 0, times 0 [ 1530.667239] CPU: 1 PID: 10438 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1530.668285] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1530.669511] Call Trace: [ 1530.669928] dump_stack+0x107/0x167 [ 1530.670497] should_fail.cold+0x5/0xa [ 1530.671084] ? create_object.isra.0+0x3a/0xa20 [ 1530.671770] should_failslab+0x5/0x20 [ 1530.672364] kmem_cache_alloc+0x5b/0x310 [ 1530.672991] create_object.isra.0+0x3a/0xa20 [ 1530.673659] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1530.674429] kmem_cache_alloc+0x159/0x310 [ 1530.675065] alloc_buffer_head+0x20/0x110 [ 1530.675734] alloc_page_buffers+0x14d/0x700 [ 1530.676491] create_empty_buffers+0x2c/0x640 [ 1530.677392] create_page_buffers+0x1bb/0x230 [ 1530.678046] __block_write_begin_int+0x1d1/0x19c0 [ 1530.678918] ? fat_add_cluster+0x100/0x100 [ 1530.679540] ? add_to_page_cache_locked+0x40/0x40 [ 1530.680260] ? __page_cache_alloc+0x10d/0x360 [ 1530.681029] ? remove_inode_buffers+0x300/0x300 [ 1530.681787] ? pagecache_get_page+0x243/0xc80 [ 1530.682620] ? unlock_page_memcg+0x96/0x170 [ 1530.683502] ? wait_for_stable_page+0x92/0xe0 [ 1530.684269] cont_write_begin+0x472/0x980 [ 1530.684988] ? fat_add_cluster+0x100/0x100 [ 1530.685681] ? nobh_write_begin+0xed0/0xed0 [ 1530.686321] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1530.687245] ? generic_write_end+0x20e/0x3f0 [ 1530.687883] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1530.688648] fat_write_begin+0x89/0x180 [ 1530.689234] ? fat_add_cluster+0x100/0x100 [ 1530.689866] generic_perform_write+0x20a/0x4f0 [ 1530.690546] ? fat_direct_IO+0x1ef/0x380 [ 1530.691154] ? page_cache_prev_miss+0x310/0x310 [ 1530.691986] __generic_file_write_iter+0x2cd/0x5d0 [ 1530.692864] generic_file_write_iter+0xdb/0x230 [ 1530.693812] do_iter_readv_writev+0x476/0x750 [ 1530.694526] ? new_sync_write+0x660/0x660 [ 1530.695269] ? avc_policy_seqno+0x9/0x70 [ 1530.695859] ? selinux_file_permission+0x92/0x520 [ 1530.696591] ? security_file_permission+0xb1/0xe0 [ 1530.697307] do_iter_write+0x191/0x700 [ 1530.698058] ? trace_hardirqs_on+0x5b/0x180 [ 1530.698854] vfs_iter_write+0x70/0xa0 [ 1530.699570] iter_file_splice_write+0x762/0xc30 [ 1530.700281] ? generic_splice_sendpage+0x140/0x140 [ 1530.701034] ? security_file_permission+0xb1/0xe0 [ 1530.701755] ? generic_splice_sendpage+0x140/0x140 [ 1530.702555] direct_splice_actor+0x10f/0x170 [ 1530.703208] splice_direct_to_actor+0x387/0x980 [ 1530.703899] ? pipe_to_sendpage+0x380/0x380 [ 1530.704549] ? do_splice_to+0x160/0x160 [ 1530.705287] ? security_file_permission+0xb1/0xe0 [ 1530.706006] do_splice_direct+0x1c4/0x290 [ 1530.706640] ? splice_direct_to_actor+0x980/0x980 [ 1530.707451] ? avc_policy_seqno+0x9/0x70 [ 1530.708083] ? security_file_permission+0xb1/0xe0 [ 1530.708922] do_sendfile+0x553/0x11e0 [ 1530.709739] ? do_pwritev+0x270/0x270 [ 1530.710418] ? wait_for_completion_io+0x270/0x270 [ 1530.711238] ? rcu_read_lock_any_held+0x75/0xa0 [ 1530.712018] ? vfs_write+0x354/0xb10 [ 1530.712638] __x64_sys_sendfile64+0x1d1/0x210 [ 1530.713297] ? __ia32_sys_sendfile+0x220/0x220 [ 1530.713986] do_syscall_64+0x33/0x40 [ 1530.714533] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1530.715284] RIP: 0033:0x7f24f4026b19 [ 1530.715830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1530.718809] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1530.720173] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1530.721452] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1530.722676] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1530.723708] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1530.724900] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1546.035727] handle_bad_sector: 5 callbacks suppressed [ 1546.035746] attempt to access beyond end of device [ 1546.035746] loop1: rw=1048577, want=403, limit=128 [ 1546.037216] Buffer I/O error on dev loop1, logical block 402, lost async page write 11:01:56 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 39) 11:01:56 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat(r0, &(0x7f0000000000)='./file0/file0\x00', 0x4000, 0x81) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1546.769388] FAULT_INJECTION: forcing a failure. [ 1546.769388] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1546.770379] CPU: 0 PID: 10464 Comm: Not tainted 5.10.222 #1 [ 1546.770845] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1546.771465] Call Trace: [ 1546.771859] dump_stack+0x107/0x167 [ 1546.772159] should_fail.cold+0x5/0xa [ 1546.772462] _copy_from_user+0x2e/0x1b0 [ 1546.772789] comm_write+0xbf/0x2a0 [ 1546.773061] ? proc_pid_permission+0x300/0x300 [ 1546.773448] do_iter_write+0x4f0/0x700 [ 1546.773773] vfs_writev+0x1ae/0x620 [ 1546.774068] ? vfs_iter_write+0xa0/0xa0 [ 1546.774398] ? __fdget_pos+0xf1/0x190 [ 1546.774715] ? lock_downgrade+0x6d0/0x6d0 [ 1546.775059] ? ksys_write+0x12d/0x260 [ 1546.775378] ? __fget_files+0x2f8/0x520 [ 1546.775714] do_writev+0x139/0x300 [ 1546.776005] ? vfs_writev+0x620/0x620 [ 1546.776332] do_syscall_64+0x33/0x40 [ 1546.776631] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1546.777058] RIP: 0033:0x7fbbbec6fb19 [ 1546.777362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1546.778847] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1546.779462] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1546.780032] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1546.780619] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1546.781197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1546.781768] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:01:56 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000004c0)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0xfffffffffffffff8}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f0000000280)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) inotify_init() r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000005, 0x10, 0xffffffffffffffff, 0xcf92c000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x100000001) fcntl$getownex(r6, 0x10, &(0x7f0000000280)) sendfile(r5, r2, 0x0, 0x7) ftruncate(r1, 0xfdef) r8 = syz_io_uring_complete(0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r4, 0x29, 0x22, &(0x7f0000000300)={{{@in6=@local, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in=@dev}}, &(0x7f0000000200)=0xe8) mount$9p_fd(0x0, &(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0), 0x40, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_uid={'access', 0x3d, r9}}, {@posixacl}], [{@appraise}, {@seclabel}, {@dont_hash}, {@seclabel}, {@pcr={'pcr', 0x3d, 0x39}}]}}) 11:01:56 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x30400, 0x114) openat(r2, &(0x7f00000000c0)='./file0\x00', 0x2000, 0x1c) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:01:56 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x8800, 0x140) pwrite64(r0, &(0x7f00000001c0)="8b06610cce834654d6fc8e80b39d721606ab5c6579a5d146615399b51909c6007384e91f1cf24cc799eb0f8edb4ed053cbb8cdd6c241650c712f4809bc0a0c85329a61c2d810e64b6b76ba01ad09098808f31188f802196fe8be523e759fae3ad1f920b9f199ae8d5aec14229f8e8e250fa46b574e9e80363b239e7d", 0x7c, 0x80000001) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/loop', 0x10103, 0xb0) ftruncate(r1, 0xfdef) 11:01:56 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000050) 11:01:56 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) openat(r1, &(0x7f0000000300)='./file0\x00', 0x4022c0, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:01:56 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 26) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1546.817813] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue 11:01:56 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 27) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1546.912964] FAULT_INJECTION: forcing a failure. [ 1546.912964] name failslab, interval 1, probability 0, space 0, times 0 [ 1546.913972] CPU: 0 PID: 10458 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1546.914556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1546.915246] Call Trace: [ 1546.915487] dump_stack+0x107/0x167 [ 1546.915814] should_fail.cold+0x5/0xa [ 1546.916151] ? create_object.isra.0+0x3a/0xa20 [ 1546.916554] should_failslab+0x5/0x20 [ 1546.916896] kmem_cache_alloc+0x5b/0x310 [ 1546.917258] create_object.isra.0+0x3a/0xa20 [ 1546.917637] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1546.918084] kmem_cache_alloc+0x159/0x310 [ 1546.918452] alloc_buffer_head+0x20/0x110 [ 1546.918810] alloc_page_buffers+0x14d/0x700 [ 1546.919195] create_empty_buffers+0x2c/0x640 [ 1546.919586] create_page_buffers+0x1bb/0x230 [ 1546.919973] __block_write_begin_int+0x1d1/0x19c0 [ 1546.920386] ? fat_add_cluster+0x100/0x100 [ 1546.920736] ? add_to_page_cache_locked+0x40/0x40 [ 1546.921129] ? __page_cache_alloc+0x10d/0x360 [ 1546.921502] ? remove_inode_buffers+0x300/0x300 [ 1546.921880] ? pagecache_get_page+0x243/0xc80 [ 1546.922251] ? unlock_page_memcg+0x96/0x170 [ 1546.922607] ? wait_for_stable_page+0x92/0xe0 [ 1546.922976] cont_write_begin+0x472/0x980 [ 1546.923321] ? fat_add_cluster+0x100/0x100 [ 1546.923676] ? nobh_write_begin+0xed0/0xed0 [ 1546.924032] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1546.924511] ? generic_write_end+0x20e/0x3f0 [ 1546.924868] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1546.925291] fat_write_begin+0x89/0x180 [ 1546.925612] ? fat_add_cluster+0x100/0x100 [ 1546.925963] generic_perform_write+0x20a/0x4f0 [ 1546.926343] ? fat_direct_IO+0x1ef/0x380 [ 1546.926679] ? page_cache_prev_miss+0x310/0x310 [ 1546.927070] __generic_file_write_iter+0x2cd/0x5d0 [ 1546.927477] generic_file_write_iter+0xdb/0x230 [ 1546.927861] do_iter_readv_writev+0x476/0x750 [ 1546.928232] ? new_sync_write+0x660/0x660 [ 1546.928580] ? avc_policy_seqno+0x9/0x70 [ 1546.928910] ? selinux_file_permission+0x92/0x520 [ 1546.929311] ? security_file_permission+0xb1/0xe0 [ 1546.929710] do_iter_write+0x191/0x700 [ 1546.930032] ? trace_hardirqs_on+0x5b/0x180 [ 1546.930391] vfs_iter_write+0x70/0xa0 [ 1546.930637] attempt to access beyond end of device [ 1546.930637] loop4: rw=2049, want=276, limit=128 [ 1546.930717] iter_file_splice_write+0x762/0xc30 [ 1546.932481] ? generic_splice_sendpage+0x140/0x140 [ 1546.932896] ? security_file_permission+0xb1/0xe0 [ 1546.933296] ? generic_splice_sendpage+0x140/0x140 [ 1546.933701] direct_splice_actor+0x10f/0x170 [ 1546.934064] splice_direct_to_actor+0x387/0x980 [ 1546.934449] ? pipe_to_sendpage+0x380/0x380 [ 1546.934804] ? do_splice_to+0x160/0x160 [ 1546.935132] ? security_file_permission+0xb1/0xe0 [ 1546.935540] do_splice_direct+0x1c4/0x290 [ 1546.935884] ? splice_direct_to_actor+0x980/0x980 [ 1546.936280] ? avc_policy_seqno+0x9/0x70 [ 1546.936621] ? security_file_permission+0xb1/0xe0 [ 1546.937022] do_sendfile+0x553/0x11e0 [ 1546.937344] ? do_pwritev+0x270/0x270 [ 1546.937661] ? wait_for_completion_io+0x270/0x270 [ 1546.938062] ? rcu_read_lock_any_held+0x75/0xa0 [ 1546.938443] ? vfs_write+0x354/0xb10 [ 1546.938756] __x64_sys_sendfile64+0x1d1/0x210 [ 1546.939123] ? __ia32_sys_sendfile+0x220/0x220 [ 1546.939506] do_syscall_64+0x33/0x40 [ 1546.939810] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1546.940228] RIP: 0033:0x7f24f4026b19 [ 1546.940541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1546.942032] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1546.942652] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1546.943232] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1546.943804] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1546.944388] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1546.944973] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1546.989066] FAULT_INJECTION: forcing a failure. [ 1546.989066] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1546.990320] CPU: 0 PID: 10487 Comm: Not tainted 5.10.222 #1 [ 1546.990819] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1546.991600] Call Trace: [ 1546.991821] dump_stack+0x107/0x167 [ 1546.992124] should_fail.cold+0x5/0xa [ 1546.992450] _copy_from_user+0x2e/0x1b0 [ 1546.992790] comm_write+0xbf/0x2a0 [ 1546.993091] ? proc_pid_permission+0x300/0x300 [ 1546.993479] do_iter_write+0x4f0/0x700 [ 1546.993808] vfs_writev+0x1ae/0x620 [ 1546.994111] ? vfs_iter_write+0xa0/0xa0 [ 1546.994439] ? __fdget_pos+0xf1/0x190 [ 1546.994755] ? lock_downgrade+0x6d0/0x6d0 [ 1546.995100] ? ksys_write+0x12d/0x260 [ 1546.995418] ? __fget_files+0x2f8/0x520 [ 1546.995760] do_writev+0x139/0x300 [ 1546.996058] ? vfs_writev+0x620/0x620 [ 1546.996394] do_syscall_64+0x33/0x40 [ 1546.996705] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1546.997121] RIP: 0033:0x7fbbbec6fb19 [ 1546.997423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1546.998915] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1546.999534] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1547.000117] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1547.000700] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1547.001279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1547.001860] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1547.023348] attempt to access beyond end of device [ 1547.023348] loop4: rw=1, want=300, limit=128 11:01:57 executing program 6: syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x400, 0x0, &(0x7f0000000240), 0x4000, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:01:57 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000058) [ 1547.069345] attempt to access beyond end of device [ 1547.069345] loop5: rw=2049, want=276, limit=128 11:01:57 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) openat(r1, &(0x7f0000000300)='./file0\x00', 0x4022c0, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) ftruncate(0xffffffffffffffff, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) [ 1547.168668] FAT-fs (loop6): Unrecognized mount option "vfat" or missing value 11:01:57 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 40) 11:01:57 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) r7 = openat(r5, &(0x7f0000000700)='./file0\x00', 0x101000, 0x108) kcmp(0xffffffffffffffff, 0xffffffffffffffff, 0x1, r6, r7) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r8, 0x0, 0x100000001) r9 = syz_open_dev$mouse(&(0x7f00000004c0), 0x9, 0xc1) fsetxattr$security_evm(r9, &(0x7f0000000580), &(0x7f00000005c0)=@sha1={0x1, "27fed23e75abb1c80100ee0712a130565b181bce"}, 0x15, 0x2) io_submit(0x0, 0x4, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0xff, r4, &(0x7f0000000180)="edfe76856bb0c1d03017e5478288394c4bce671fdca3f69d35dd722e12a044b07e9499394f67350b95418e69756cf0e7ac738bf8fb2732887d4119ce4ce74cd086c438c689da151f790179605c30fc7b4173b79fb6831f42ece63c905d02ef12d114cd662c7d77d22774676b141bd7fbaf5b89c8d06e5d8b8f1a1c684162afd7f7970585b5567a2ed333756daedb2d7aa17c68c6ca64c5928f6be79e67dbebafea784e396a035dd68734a292caa00c", 0xaf, 0x20, 0x0, 0x2}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x6, 0xc12b, r8, &(0x7f0000000300)="5bea56200585cf4f564169abdb51035cdb926efdc7e551e71c3850ea7707fbce8bd6db5547dd030555c33e5d3d7025ef5ee509b1be78bfc1481cab509204527a316d7e26d07a3d90f26eef04414ee2b12a6c", 0x52, 0x8}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x6, 0x4, r1, &(0x7f0000000380)="dbb9c10efa03ad56ff81dae9788a01ec5bd4a770af333100a65c97a145bcdc2633a9c9c7bda541f768d71e474a635580f5468f017c855de6c6159ad1f240fbb6a312de6bafc38e4ad79d4d5a4c626ce65563f2c063e171f9bb81c1d1cfe2fa880f51f4712fc6ce6cfa77bc7a1e2fbd4dbd89782daaa72a08367acd58ff3016478fb869673603a1968813c43df29a43b927d674adc244662f3d7ec30dd24b04d4f635961662d4cb3f59b5bc4223bb0f65bd48d35a9aa66244358e605f55001c2b5a7e17a8eae8af73de58f861b5e3f7b5b8016637df4c2a808d0e52479dd337daf4", 0xe1, 0x800000000000, 0x0, 0x2, r0}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x7, 0x7, r0, &(0x7f00000004c0), 0x0, 0xffffffffffffffff, 0x0, 0x1, r0}]) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) [ 1547.193611] FAULT_INJECTION: forcing a failure. [ 1547.193611] name failslab, interval 1, probability 0, space 0, times 0 [ 1547.194691] CPU: 0 PID: 10499 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1547.195248] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1547.195890] Call Trace: [ 1547.196168] dump_stack+0x107/0x167 [ 1547.196478] should_fail.cold+0x5/0xa [ 1547.196795] ? create_object.isra.0+0x3a/0xa20 [ 1547.197178] should_failslab+0x5/0x20 [ 1547.197499] kmem_cache_alloc+0x5b/0x310 [ 1547.197836] ? quarantine_put+0x8b/0x1a0 [ 1547.198180] create_object.isra.0+0x3a/0xa20 [ 1547.198544] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1547.198933] kmem_cache_alloc+0x159/0x310 [ 1547.199284] ? mempool_free_pages+0x20/0x20 [ 1547.199641] mempool_alloc+0x148/0x360 [ 1547.199948] ? mempool_resize+0x7d0/0x7d0 [ 1547.200300] ? lock_downgrade+0x6d0/0x6d0 [ 1547.200648] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 1547.201061] bio_alloc_bioset+0x36e/0x600 [ 1547.201403] ? bvec_alloc+0x2f0/0x2f0 [ 1547.201721] ? iov_iter_npages+0x1fd/0xa70 [ 1547.202054] iomap_dio_bio_actor+0x518/0xef0 [ 1547.202432] iomap_dio_actor+0x36f/0x560 [ 1547.202774] iomap_apply+0x289/0x810 [ 1547.203086] ? iomap_dio_rw+0x90/0x90 [ 1547.203382] ? trace_event_raw_event_iomap_apply+0x430/0x430 [ 1547.203886] ? filemap_check_errors+0xa5/0x150 [ 1547.204242] __iomap_dio_rw+0x6cd/0x1110 [ 1547.204589] ? iomap_dio_rw+0x90/0x90 [ 1547.204895] ? iomap_dio_bio_actor+0xef0/0xef0 [ 1547.205271] ? ext4_orphan_add+0x253/0x9e0 [ 1547.205616] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 1547.205990] ? ext4_empty_dir+0xae0/0xae0 [ 1547.206326] ? jbd2__journal_start+0xf3/0x7e0 [ 1547.206674] iomap_dio_rw+0x31/0x90 [ 1547.206981] ext4_file_write_iter+0xb26/0x18d0 [ 1547.207369] ? ext4_file_read_iter+0x4c0/0x4c0 [ 1547.207741] ? kasan_save_stack+0x32/0x40 [ 1547.208092] ? kasan_save_stack+0x1b/0x40 [ 1547.208435] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1547.208820] ? iter_file_splice_write+0x16d/0xc30 [ 1547.209217] ? direct_splice_actor+0x10f/0x170 [ 1547.209596] ? splice_direct_to_actor+0x387/0x980 [ 1547.209985] ? do_splice_direct+0x1c4/0x290 [ 1547.210315] ? do_sendfile+0x553/0x11e0 [ 1547.210639] ? __x64_sys_sendfile64+0x1d1/0x210 [ 1547.210994] ? do_syscall_64+0x33/0x40 [ 1547.211314] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1547.211719] do_iter_readv_writev+0x476/0x750 [ 1547.212091] ? new_sync_write+0x660/0x660 [ 1547.212412] ? avc_policy_seqno+0x9/0x70 [ 1547.212742] ? selinux_file_permission+0x92/0x520 [ 1547.213142] ? security_file_permission+0xb1/0xe0 [ 1547.213542] do_iter_write+0x191/0x700 [ 1547.213864] ? trace_hardirqs_on+0x5b/0x180 [ 1547.214230] vfs_iter_write+0x70/0xa0 [ 1547.214546] iter_file_splice_write+0x762/0xc30 [ 1547.214937] ? generic_splice_sendpage+0x140/0x140 [ 1547.215353] ? security_file_permission+0xb1/0xe0 [ 1547.215715] ? generic_splice_sendpage+0x140/0x140 [ 1547.216123] direct_splice_actor+0x10f/0x170 [ 1547.216465] splice_direct_to_actor+0x387/0x980 [ 1547.216814] ? pipe_to_sendpage+0x380/0x380 [ 1547.217173] ? do_splice_to+0x160/0x160 [ 1547.217476] ? security_file_permission+0xb1/0xe0 [ 1547.217878] do_splice_direct+0x1c4/0x290 [ 1547.218193] ? splice_direct_to_actor+0x980/0x980 [ 1547.218583] ? avc_policy_seqno+0x9/0x70 [ 1547.218919] ? security_file_permission+0xb1/0xe0 [ 1547.219289] do_sendfile+0x553/0x11e0 [ 1547.219610] ? do_pwritev+0x270/0x270 [ 1547.219903] ? wait_for_completion_io+0x270/0x270 [ 1547.220312] ? rcu_read_lock_any_held+0x75/0xa0 [ 1547.220689] ? vfs_write+0x354/0xb10 [ 1547.221002] __x64_sys_sendfile64+0x1d1/0x210 [ 1547.221370] ? __ia32_sys_sendfile+0x220/0x220 [ 1547.221728] do_syscall_64+0x33/0x40 [ 1547.222036] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1547.222429] RIP: 0033:0x7f24f4026b19 11:01:57 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r0 = fork() ptrace(0x10, r0) rt_sigqueueinfo(r0, 0x1d, &(0x7f0000003800)={0x31, 0x8000, 0x80000000}) r1 = syz_open_dev$vcsa(&(0x7f0000000280), 0x1, 0x42180) perf_event_open(&(0x7f00000003c0)={0x5, 0x80, 0x7, 0xc4, 0x8, 0x3, 0x0, 0x5, 0x10480, 0x6, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7d, 0x4, @perf_bp={&(0x7f0000000000), 0xb}, 0x4500, 0x9, 0x7, 0x9, 0x50, 0x3fff, 0x7, 0x0, 0x9, 0x0, 0x1}, r0, 0x4, r1, 0x8) open(&(0x7f0000000380)='./file0\x00', 0x4200, 0xe8) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_FILES_UPDATE={0x14, 0x2, 0x0, 0x0, 0x6, &(0x7f00000000c0)=[0xffffffffffffffff], 0x1, 0x0, 0x1, {0x0, r2}}, 0x5) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r2}}, 0x401) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x9, 0x6, 0xff, 0x3, 0x0, 0x7fff, 0x20088, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x5, 0x2, @perf_bp={&(0x7f0000000140)}, 0x2b410, 0x7, 0x7, 0x1, 0x5, 0x8, 0x1, 0x0, 0x4, 0x0, 0x200}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x3) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1547.222715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1547.224286] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1547.224905] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1547.225491] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 1547.226069] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1547.226648] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1547.227225] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 11:01:57 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 28) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1547.282776] attempt to access beyond end of device [ 1547.282776] loop4: rw=2049, want=276, limit=128 [ 1547.318844] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1547.327360] FAULT_INJECTION: forcing a failure. [ 1547.327360] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1547.328387] CPU: 0 PID: 10513 Comm: Not tainted 5.10.222 #1 [ 1547.328934] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1547.329549] Call Trace: [ 1547.329772] dump_stack+0x107/0x167 [ 1547.330058] should_fail.cold+0x5/0xa [ 1547.330359] _copy_from_user+0x2e/0x1b0 [ 1547.330663] comm_write+0xbf/0x2a0 [ 1547.330931] ? proc_pid_permission+0x300/0x300 [ 1547.331282] do_iter_write+0x4f0/0x700 [ 1547.331591] vfs_writev+0x1ae/0x620 [ 1547.331863] ? vfs_iter_write+0xa0/0xa0 [ 1547.332167] ? __fdget_pos+0xf1/0x190 [ 1547.332461] ? lock_downgrade+0x6d0/0x6d0 [ 1547.332809] ? ksys_write+0x12d/0x260 [ 1547.333100] ? __fget_files+0x2f8/0x520 [ 1547.333413] do_writev+0x139/0x300 [ 1547.333682] ? vfs_writev+0x620/0x620 [ 1547.334000] do_syscall_64+0x33/0x40 [ 1547.334286] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1547.334664] RIP: 0033:0x7fbbbec6fb19 [ 1547.334944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1547.336427] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1547.336994] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1547.337517] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1547.338042] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1547.338562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1547.339141] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1547.367603] attempt to access beyond end of device [ 1547.367603] loop4: rw=1, want=372, limit=128 11:01:57 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000060) 11:01:57 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x400}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:01:57 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 29) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1547.566465] FAT-fs (loop6): Unrecognized mount option "vfat" or missing value [ 1547.576728] attempt to access beyond end of device [ 1547.576728] loop4: rw=2049, want=276, limit=128 [ 1547.602922] FAULT_INJECTION: forcing a failure. [ 1547.602922] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1547.603890] CPU: 0 PID: 10531 Comm: Not tainted 5.10.222 #1 [ 1547.604374] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1547.605052] Call Trace: [ 1547.605279] dump_stack+0x107/0x167 [ 1547.605582] should_fail.cold+0x5/0xa [ 1547.605900] _copy_from_user+0x2e/0x1b0 [ 1547.606235] comm_write+0xbf/0x2a0 [ 1547.606567] ? proc_pid_permission+0x300/0x300 [ 1547.607011] do_iter_write+0x4f0/0x700 [ 1547.607341] vfs_writev+0x1ae/0x620 [ 1547.607643] ? vfs_iter_write+0xa0/0xa0 [ 1547.607951] ? __fdget_pos+0xf1/0x190 [ 1547.608278] ? lock_downgrade+0x6d0/0x6d0 [ 1547.608595] ? ksys_write+0x12d/0x260 [ 1547.608912] ? __fget_files+0x2f8/0x520 [ 1547.609227] do_writev+0x139/0x300 [ 1547.609519] ? vfs_writev+0x620/0x620 [ 1547.609816] do_syscall_64+0x33/0x40 [ 1547.610121] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1547.610538] RIP: 0033:0x7fbbbec6fb19 [ 1547.610844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1547.612331] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1547.612953] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1547.613530] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1547.614110] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1547.614688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1547.615269] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1547.686730] attempt to access beyond end of device [ 1547.686730] loop4: rw=1, want=356, limit=128 [ 1561.728771] FAULT_INJECTION: forcing a failure. [ 1561.728771] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1561.730900] CPU: 0 PID: 10547 Comm: Not tainted 5.10.222 #1 [ 1561.731735] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1561.732950] Call Trace: [ 1561.733355] dump_stack+0x107/0x167 [ 1561.733896] should_fail.cold+0x5/0xa [ 1561.734471] _copy_from_user+0x2e/0x1b0 [ 1561.735065] comm_write+0xbf/0x2a0 [ 1561.735596] ? proc_pid_permission+0x300/0x300 [ 1561.736289] do_iter_write+0x4f0/0x700 [ 1561.736890] vfs_writev+0x1ae/0x620 [ 1561.737430] ? vfs_iter_write+0xa0/0xa0 [ 1561.737879] FAT-fs (loop6): Unrecognized mount option "@" or missing value [ 1561.738018] ? __fdget_pos+0xf1/0x190 [ 1561.739415] ? lock_downgrade+0x6d0/0x6d0 [ 1561.740036] ? ksys_write+0x12d/0x260 [ 1561.740614] ? __fget_files+0x2f8/0x520 [ 1561.741283] do_writev+0x139/0x300 [ 1561.741809] ? vfs_writev+0x620/0x620 [ 1561.742386] do_syscall_64+0x33/0x40 [ 1561.742932] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1561.743683] RIP: 0033:0x7fbbbec6fb19 [ 1561.744230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1561.746912] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1561.748036] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1561.749093] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1561.750136] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1561.751177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1561.752218] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:02:11 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 41) 11:02:11 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) fallocate(r3, 0x40, 0x7, 0x81) ftruncate(r0, 0xfdef) 11:02:11 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8, 0x2}, 0x0, 0x5, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) io_setup(0x6, &(0x7f0000000140)=0x0) r3 = syz_open_dev$loop(&(0x7f0000000180), 0x6d4e0fbe, 0x8000) io_cancel(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x3, 0x9, r3, &(0x7f00000001c0)="2ab26d405355b6882f64c2b79b950274be9b2f7ae9cd2a3f39850b9e3a", 0x1d, 0x4, 0x0, 0x1, r1}, &(0x7f0000000240)) openat(r0, &(0x7f0000000000)='./file0\x00', 0x424000, 0x30) 11:02:11 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 30) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:02:11 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f00000000c0)=[{&(0x7f0000000140)="eb3c906d6b66732e66610600000000000000000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:02:11 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000068) 11:02:11 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x200, 0x0, &(0x7f0000000240), 0x0, &(0x7f00000000c0)=ANY=[]) openat(r0, &(0x7f0000001380)='./file0\x00', 0x62401, 0x2) getresuid(&(0x7f0000000280)=0x0, &(0x7f0000000300), &(0x7f0000000340)) quotactl(0x401, &(0x7f0000000240)='./file1\x00', r1, &(0x7f0000000380)="3bd578c607d43df6e66cb0d489090e7f8fe96994b5f454adbffcc600d88e6ee9c069f612280cccd0b5214e6f45c99108ab3d69e80e3e4e744e8d7fe028a16a8f562384e96a9d730a975c8d02b4a8abb460f9c06946a33c0e4d917bce2988e85577b5033df4a318371c7b39aed1c743053281d0fd113464642906554e3cf64b13fef145411e52c64242bb98cc39cadbaba3b43ac44057d6e0ca2198fc8367a74342675bfb48abed30a467ecfbd68065c12ed865f0bcff606cbfba216e003676af1712f591cc057495b56eb2676b4bf61c02e373de86071836c2144dd5891d5633132aa20d154354a246a603adc0950803c0496fce3f99b2dc1de8b63b62cec00902585b4a5342a673a3cb783f5e7b3d692032527c64f04c978aa74bf90fabad74e6fd17b73040e43bb29dedb55ee6beb948626dd6dd3656571bd81ba9f9d71ec87f0ab221aa9e8fd0365d67b3bbaf1d84f6ab2985a7af2d7915c78aab2d8a619be4c57a55a565dc48a16bd549b3c56fad92ab58f4814d093712e6f784c3cc255cc0fee9289d1f6ca567ee4d230f7e2a1b8c5f21689b053fb4152c682f1cf3568a5100787a1f6e02e973b8096aeb081dab0e461905aa18dc7e627e96b7c9ba49870f085de36a9b5ed662453534c72f60dd220edccf1f33f598a22edfb2017faf738a7f8f26b8e79e7a9434bb7f69af57f3579bfb4ca491d76a7a32aa15eafb76731b354245efb3ae2286157f474a075954a5016008ef3fdd44f8e93477a59a0ad454194e0588ced7a9384af264fff672e21060894ca625bdc71355a3334c09053bd8a3a76fa5f1cdc9ebb144e257f63ec1c2dc02fc62204d0054bb517b8ad309595a6e71305ae5a613e6c59b13b53c09f1854d592f49f9139b45686caed821ae2f1688be81014d1ebe5961553c4d54d5d1992ae7f867eb94bb32e7cf75c4790d813f10498b060e10d611a22e1dd8c8a8b683116abe1e5b7d4f7aee8732f2d45e946112840ea8c350f8f99b2d687f0dbf7c09df066f17ceff88ddb793712b12425fcf6850fa22e57638543bfa197ddd2b5227c544cf7e8ec7689c2c303fe711f29a5ab29644f792c27bd2662d81954fbda54b8026fe454f1f6edda8847f7dc0b770669b922c0d63d492b3ab509fc39cb70db8c7f8d40ca0049abe851f7b815529860db36d9f8ffac7046d170363c9550cc6844871e70958cdeab2a2eda7b01700411a1e26553f0993f0ccccfbb0f6c83d298bacebd620a67c30ba31beabbf62b0f0ee9d058a702e35c639321dca9496dbf791845f9cb758a43997740a4f136c1d55db4c4b9196f7bcca189a9a8a25e2fe042c6896f13b3387259d9b4d5ca73a648d7cfe670f24faa41fbb50383af86181f03fb907055bb2fb62def11ff035a569807af208a38e847367772adba3f0562ecfbef1d1ecff619a8b64bc6b170dd3677c53a03f643e80773a20a5971c4804bd01e074b7415dd41124fa681ef73bded7ccada8639099a32681b312dc4bafde9ed97f426ab26003fc76c0925e521f7210418d47eeb0bbaa1b98ce7a04892bd849802109ff113167654136182ded5f40c827fbc68e609ab87b540031ea37af0a6ba6427a2616941c4e8cda0044a04a019c9143d9b173a4f850b47bad96bea13145c15078eaacb02ef5481bdc666ad49ad1b49b38f3058d852290eadc576246522ddf31dd49adb2e4f810866a15245d2e3b59739d98f0d6e2466eeb39ae0299b12beadbd62eb1083796ea8827ff105ca6919879fe3b09527a7154c3342e6d450a7603aa61eb708f223fa64e46a09f1dfed76ddf077dd7fb1037ab2d93d943dfb68aeb8dbd5e5dbfbcd0f229a7d889f0a6981e1465826004adcc0abf28d09d05fb5be0acb3187b5e992b03394784085ef23d6e42d03c8c98d63b50b1bbacdb2f4ac53806d1166c3f8313b7c5ffb9eb9b1d73a432b74df6a4f3e337a86499c23d1ce513a822c5d3b0b92659fc84b168f7667ad241d5a6347a69af01372b9f073d020f54593baebe14a9930e399b281713cab75274bd1779a7773263601e4030bfe16055fd0c20fd5e5b70d432d8830879469348fe583388b746d5c4dc811a0cec9a58c7055e73b8975212019fa9e46e6449a11a87e0609edf3dfdcf1da5f293a6379e221cd89af261f7b408c9ce8341d96260524ff5f381674bed5841e8d0c6821c0203d575f8b90a8336d5477af0817d444306e9f4cc835864db8b4361e1d0eb7296d8d71c6ade13ff0fabfcdf1806426e7bd5d3b557a600d200a22e14eb745e8cc1fc5f13bc3ced33619f0d1cd2b9ae97c619d8463655edb7be335d5c1c01f0581f5319eaf8aacbb517dd9fc65bd4a114e993bc0cb35e76d63ada6bd9d06046963ffa14ab87073776e06f93967dbf7a4d439c9b48ec6a692f4161883e2453f05d4bd95b73cf48e10cb8687b8d0ca07187095c1c8b6dbab6d9b070061c0f3212e5ecd5c2256ec8a405d2afc42021650e892c9ba0b7d118b1e7078eae356786a0a90bf292718d10cdd48619ac8310c62e77ec395b10de277784879fe52130c9940742922f98a3a5665f5c73c2560d2ef5bd7575a06d66ce9b51f1210ef67d8932a92e1edc18a6d5baee4e63b342713e767c0a0fd61225bd598454d3df2a4c5e10b9722536be25e6c93f794ee9ceb3087335f9a003ddebb74d25df8f33e760b16f388354d637a4f611bdaae7db35e60da7897633b99c4bfd5797c0d706706460cffcf49646d48711f7a2da7321efe12e53840482ca513820dd72c7922b3f71ad0a3f854a6eb2b42bed7ce707614229c07163017e91a96a743bc44361cc145049bc569ab17fe15e1e73dd32acf5b78507988db72dab695ae93254060ada64285e671dde85d74f75e6c144f64129d74d7b5158fc7fb0aaeb3488ff38e738edb4cfa78ecde9467b0e3c82e858b9776829aa10274f40ea63215aeb3b2338f4dd63fac94d847bd41426fd21ae5390cbf364e2d3d4c4b6ff3db78513b8be6b09a5d61776159f27e8710587b40d8d1da2636c25c0710bc11a2a408d32b798ba36ba9535257538ce16fc96f53a84fa260a2368def6b23f6d49a3bafc5aec49ed49bd05d17f3e614e4f237a5efd6742bcb61e76a7cf4bd2c74c9e7b87e4f84508880d643fba14806495878d25533e12d5affdf92045d0585e90a408a2e3acb045637e43191890b71a688953352a53a2e32828e9f25da6ea57bd3240d5f4aeb79e86c518cb9dd888ccd93370915f12c39aa05823a2acabb97acec3b9de1503a67e7f4e2b3dd89c3158f280f2cc414168b374448d2556b0ebe974b336c41632585ed6869b3c90fdfd1266592cc660beebe85916427183f6e92532a62cd7e5293c02c63279048cdec656288c4e845a99d16aef196c048e624efb37c7987d0b3bac723fd32c002d02033b5abdcfa6ec8e2b5a1144e88af39aebd93c7dcb32472ba6091c87ac9b8824d11c85ef7874eaa950fc30bafb7c4e8a4e386175e1d3e3513b21e6027c876141700985718445c75e462ed73b15d774b3b58342813edb4b32ce45bc0faf6858c8252f95349a195f8d948b7a498beba28fc470b6b487abccea2aa8548c89b9ee513d312b45433878cf22d98e67f46b4fa25a521d11534e0427a4efda12062de232f5272d82efa75bfd0a07c0a90e9ca1da1ac2015cf42e9185a235c8c58e4a7cf1626acbd3d1aaa149df4e165b8e33c9482ba87cc0425e1a67c9c64c8275aa8e627bc074a78ced1cdb6a66d914aeca5c885d770013c1d68392810957a4e814935c4c947645031b6564f523db687e3d287d43ed9f7b18bbe210c72037753eb2d87716c0ed637bece09abc71fc8169806f4cdad0593c748b2da81559a206d17191edb137aa67fd95e0706fde8553283df86c038b33c5feb6fc5f197de86c713b4dad82cc7fd976795f4659d86825eea51b98356ed25031f506a97bdd49801b0a2a04dd1494311285130fa7e1c7cb345804c01989cfa7cc2830bdd7aae6f3a6ae80d007f0d9ab37a78d16fc54ecd3324cfe3a9086cb3525d2540b426d8604c3272d59f5834c55921e813368ca5eb2b7ebf066481f9c0ca8c65859e765142e272c0c511404dcec52a270de02691f7024215548dc4a832e86a2f0c25aeab4045286678ee050f7f3e00318ec46f64ee5c93fc57e46c147ac0a1a4ebec2cba976a40e3a258faa47cb42797acef821377ae6c2a8c19d4866193a61161d9c83a47685f55e36a2025da8c0ce25fe1305730e0a60d4dfe8e8fe42e408d18ce3aeb1b153563ffca85d49026ceb4528ba2ac1d1f764d63986be494a0bbea5054f755f15c076caecb4bb5d4bc41b9e57a5ab9744fd6995783d3f897505f5d74f318ee44453959a75c99efa53ed948776ecaee6fccb1b6235534971188783d95b5cb8639c3c8b14236a26ba664e8560e897bdb711f066b6f1c9ac37d4005f09acdcbd57e76ba63d2d977465e04421957b3376cd089a77ce67a432162f3a57c915cddd7c269e06534b6f09cc72d6e1a0faca1b93c3a1f3618251e1adec217288ba210fbbdc2f463027e811941956ac632e0cd82738aa6e5665ce0b6a8a295ce1439445a3ac247524248211f0f307573c818376975241e27ebcaea3161f7f4461a6086ba95c239dbc20745f2e015e496dc6b0be172fef7bd382e947d962be4ffc0c48f19fff83d0dcecfa7421c437ec5861774cf6c99530c2a4bd0df7d2d7f2c4b4b148b269b68e5646b0e7a6860be666462db6e10c814c029d00fd64f90aeaf3a0f4d51b583718c8e401d323e892e6c93233c4de524157234a923d76ec5b552edcc5e03dd21c1a6b94055edd4a59146eb08da3898c406f6656b7671c320974de6d261a6973b61a47d6577ede4dd6c86dc669bab1ae729c41e4d13b3ef1452aede268501f56eace4c56059d363f0aa3a5f1857fc172c71fad7947851e3de0af064b9421074e64b6c06b6aaaf8bd2d9a3ae3adb3b5c8ce79bd006e05407695f719976b377be9d9a8715e0ca597f7229730a79d5650739be81c02e1bc0c381cad082f915a34bc3e29a1622c31131cdc381df52d7f6b86c12c927934608d5c254e09f5e41bc27cbef36765a71ab6b8a1fdf0d8b92456bcca8a6e3f2fae2a8b8fdc7349f5df683462c048abfb4affd1e55012adcab5a613bd0e524fa34a1e2ea637ec18a892d99fc80b44d705ef883b07faacd3885c243a3bb193a8d38fd3e24030649f3e71e7dc21dae530f5b1ba09c690ebcb1c0d16348f194f9a20c99765d0b023ca7fcd56ed3986c0ac0a8ca18d76a61284a01f6110bda0c016023c71379e135082aedd672c18054d45eeac65625e762b39c16129a1c5321d649e80da3314f7af08c129d953cf22c42d0a3b78165835f2e3b3fffa1cdc3a2ac23fb991b969aa5252b658327fb9cc0f041476d663e57fdb1408b992de2a958f6f6e97bc3c78bd7cb23ad12c8ffbe650148b255495b362cf8c6b7b6d045f3caf1509be3a35fd02a4f8436281795a87abe29f5db089d4fca223070d0f57af364332f3d5adbe20e15c5b9f6ab52ae39afa4cc3c50f561aff9863659f5c6fd08ab001e5fdc2602dccae5d1c3ac6dbc992f743907a16dfc8a67791551f7e69292478e62d5aabc5f3ba30dfa038654e4d57fd506e43b1294b9ae3568e5d1f98455cd152e98178fce3a582d864def17d2a2834c574e087cb4c0cc4de253869a79c7f5b04ac0ade6ed73de451532bd5e0bb0c0975e37cceb1fb82bd19c272d74cf010079668482dbe4145185a34d356e5ea2990305f76f89c5d0f9bd7d277cbfa9f6746568a33") chdir(&(0x7f0000000040)='./file0\x00') r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x6001, 0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) utimensat(r4, &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)={{r5, r6/1000+60000}}, 0x0) clock_gettime(0x2, &(0x7f0000000200)) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r7, 0x0, 0x100000001) ftruncate(r2, 0xfdef) 11:02:11 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) openat(r1, &(0x7f0000000300)='./file0\x00', 0x4022c0, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) ftruncate(0xffffffffffffffff, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:02:11 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 31) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1561.869090] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1561.880771] FAULT_INJECTION: forcing a failure. [ 1561.880771] name failslab, interval 1, probability 0, space 0, times 0 [ 1561.882082] CPU: 1 PID: 10557 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1561.882703] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1561.883430] Call Trace: [ 1561.883675] dump_stack+0x107/0x167 [ 1561.884003] should_fail.cold+0x5/0xa [ 1561.884352] ? create_object.isra.0+0x3a/0xa20 [ 1561.884767] should_failslab+0x5/0x20 [ 1561.885107] kmem_cache_alloc+0x5b/0x310 [ 1561.885474] create_object.isra.0+0x3a/0xa20 [ 1561.885863] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1561.886319] kmem_cache_alloc+0x159/0x310 [ 1561.886691] alloc_buffer_head+0x20/0x110 [ 1561.887058] alloc_page_buffers+0x14d/0x700 [ 1561.887450] create_empty_buffers+0x2c/0x640 [ 1561.887843] create_page_buffers+0x1bb/0x230 [ 1561.888239] __block_write_begin_int+0x1d1/0x19c0 [ 1561.888674] ? fat_add_cluster+0x100/0x100 [ 1561.889050] ? add_to_page_cache_locked+0x40/0x40 [ 1561.889479] ? __page_cache_alloc+0x10d/0x360 [ 1561.889877] ? remove_inode_buffers+0x300/0x300 [ 1561.890289] ? pagecache_get_page+0x243/0xc80 [ 1561.890690] ? wait_for_stable_page+0x92/0xe0 [ 1561.891090] cont_write_begin+0x472/0x980 [ 1561.891460] ? finish_task_switch+0x126/0x5d0 [ 1561.891854] ? finish_task_switch+0xef/0x5d0 [ 1561.892243] ? fat_add_cluster+0x100/0x100 [ 1561.892625] ? nobh_write_begin+0xed0/0xed0 [ 1561.893011] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1561.893526] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1561.893973] ? io_schedule_timeout+0x140/0x140 [ 1561.894378] fat_write_begin+0x89/0x180 [ 1561.894730] ? fat_add_cluster+0x100/0x100 [ 1561.895107] generic_perform_write+0x20a/0x4f0 [ 1561.895518] ? fat_direct_IO+0x1ef/0x380 [ 1561.895876] ? page_cache_prev_miss+0x310/0x310 [ 1561.896302] __generic_file_write_iter+0x2cd/0x5d0 [ 1561.896745] generic_file_write_iter+0xdb/0x230 [ 1561.897161] do_iter_readv_writev+0x476/0x750 [ 1561.897561] ? new_sync_write+0x660/0x660 [ 1561.897926] ? avc_policy_seqno+0x9/0x70 [ 1561.898288] ? selinux_file_permission+0x92/0x520 [ 1561.898721] ? security_file_permission+0xb1/0xe0 [ 1561.899290] do_iter_write+0x191/0x700 [ 1561.899644] ? trace_hardirqs_on+0x5b/0x180 [ 1561.900034] vfs_iter_write+0x70/0xa0 [ 1561.900374] iter_file_splice_write+0x762/0xc30 [ 1561.900801] ? generic_splice_sendpage+0x140/0x140 [ 1561.901243] ? security_file_permission+0xb1/0xe0 [ 1561.901665] ? generic_splice_sendpage+0x140/0x140 [ 1561.902096] direct_splice_actor+0x10f/0x170 [ 1561.902483] splice_direct_to_actor+0x387/0x980 [ 1561.902896] ? pipe_to_sendpage+0x380/0x380 [ 1561.903278] ? do_splice_to+0x160/0x160 [ 1561.903632] ? security_file_permission+0xb1/0xe0 [ 1561.904061] do_splice_direct+0x1c4/0x290 [ 1561.904426] ? splice_direct_to_actor+0x980/0x980 [ 1561.904852] ? avc_policy_seqno+0x9/0x70 [ 1561.905218] ? security_file_permission+0xb1/0xe0 [ 1561.905649] do_sendfile+0x553/0x11e0 [ 1561.905994] ? do_pwritev+0x270/0x270 [ 1561.906335] ? wait_for_completion_io+0x270/0x270 [ 1561.906760] ? rcu_read_lock_any_held+0x75/0xa0 [ 1561.907165] ? vfs_write+0x354/0xb10 [ 1561.907499] __x64_sys_sendfile64+0x1d1/0x210 [ 1561.907894] ? __ia32_sys_sendfile+0x220/0x220 [ 1561.908304] do_syscall_64+0x33/0x40 [ 1561.908638] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1561.909091] RIP: 0033:0x7f24f4026b19 [ 1561.909420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1561.911011] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1561.911670] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1561.912291] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1561.912916] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1561.913537] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1561.914156] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1561.934449] attempt to access beyond end of device [ 1561.934449] loop5: rw=2049, want=276, limit=128 [ 1561.959220] attempt to access beyond end of device [ 1561.959220] loop4: rw=2049, want=276, limit=128 11:02:12 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x300000e, 0x100010, 0xffffffffffffffff, 0x10000000) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1561.964369] FAULT_INJECTION: forcing a failure. [ 1561.964369] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1561.966329] CPU: 0 PID: 10572 Comm: Not tainted 5.10.222 #1 [ 1561.967162] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1561.968350] Call Trace: [ 1561.968756] dump_stack+0x107/0x167 [ 1561.969299] should_fail.cold+0x5/0xa [ 1561.969862] _copy_from_user+0x2e/0x1b0 [ 1561.970450] comm_write+0xbf/0x2a0 [ 1561.970971] ? proc_pid_permission+0x300/0x300 [ 1561.971657] do_iter_write+0x4f0/0x700 [ 1561.972245] vfs_writev+0x1ae/0x620 [ 1561.972791] ? vfs_iter_write+0xa0/0xa0 [ 1561.973376] ? __fdget_pos+0xf1/0x190 [ 1561.973935] ? lock_downgrade+0x6d0/0x6d0 [ 1561.974551] ? ksys_write+0x12d/0x260 [ 1561.975118] ? __fget_files+0x2f8/0x520 [ 1561.975723] do_writev+0x139/0x300 [ 1561.976247] ? vfs_writev+0x620/0x620 [ 1561.976832] do_syscall_64+0x33/0x40 [ 1561.977377] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1561.978116] RIP: 0033:0x7fbbbec6fb19 [ 1561.978662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1561.981299] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1561.982395] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1561.983418] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1561.984445] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1561.985480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1561.986506] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:02:12 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 42) 11:02:12 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 32) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1562.108911] attempt to access beyond end of device [ 1562.108911] loop4: rw=1, want=403, limit=128 11:02:12 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000070) [ 1562.128842] FAULT_INJECTION: forcing a failure. [ 1562.128842] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1562.130019] CPU: 1 PID: 10579 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1562.130577] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1562.131237] Call Trace: [ 1562.131459] dump_stack+0x107/0x167 [ 1562.131759] should_fail.cold+0x5/0xa [ 1562.132074] __alloc_pages_nodemask+0x182/0x600 [ 1562.132456] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1562.132945] ? find_get_entry+0x2c8/0x740 [ 1562.133287] ? lock_chain_count+0x20/0x20 [ 1562.133630] alloc_pages_current+0x187/0x280 [ 1562.133987] __page_cache_alloc+0x2d2/0x360 [ 1562.134348] pagecache_get_page+0x2c7/0xc80 [ 1562.134694] ? unlock_page_memcg+0x96/0x170 [ 1562.135047] grab_cache_page_write_begin+0x64/0xa0 [ 1562.135448] cont_write_begin+0x448/0x980 [ 1562.135786] ? fat_add_cluster+0x100/0x100 [ 1562.136133] ? nobh_write_begin+0xed0/0xed0 [ 1562.136483] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1562.136956] ? generic_write_end+0x20e/0x3f0 [ 1562.137308] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1562.137724] fat_write_begin+0x89/0x180 [ 1562.138047] ? fat_add_cluster+0x100/0x100 [ 1562.138401] generic_perform_write+0x20a/0x4f0 [ 1562.138770] ? fat_direct_IO+0x1ef/0x380 [ 1562.139100] ? page_cache_prev_miss+0x310/0x310 [ 1562.139486] __generic_file_write_iter+0x2cd/0x5d0 [ 1562.139885] generic_file_write_iter+0xdb/0x230 [ 1562.140266] do_iter_readv_writev+0x476/0x750 [ 1562.140633] ? new_sync_write+0x660/0x660 [ 1562.140970] ? avc_policy_seqno+0x9/0x70 [ 1562.141300] ? selinux_file_permission+0x92/0x520 [ 1562.141698] ? security_file_permission+0xb1/0xe0 [ 1562.142094] do_iter_write+0x191/0x700 [ 1562.142413] ? trace_hardirqs_on+0x5b/0x180 [ 1562.142769] vfs_iter_write+0x70/0xa0 [ 1562.143076] iter_file_splice_write+0x762/0xc30 [ 1562.143466] ? generic_splice_sendpage+0x140/0x140 [ 1562.143874] ? security_file_permission+0xb1/0xe0 [ 1562.144269] ? generic_splice_sendpage+0x140/0x140 [ 1562.144675] direct_splice_actor+0x10f/0x170 [ 1562.145035] splice_direct_to_actor+0x387/0x980 [ 1562.145415] ? pipe_to_sendpage+0x380/0x380 [ 1562.145767] ? do_splice_to+0x160/0x160 [ 1562.146085] ? security_file_permission+0xb1/0xe0 [ 1562.146482] do_splice_direct+0x1c4/0x290 [ 1562.146813] ? splice_direct_to_actor+0x980/0x980 [ 1562.147203] ? avc_policy_seqno+0x9/0x70 [ 1562.147535] ? security_file_permission+0xb1/0xe0 [ 1562.147929] do_sendfile+0x553/0x11e0 [ 1562.148244] ? do_pwritev+0x270/0x270 [ 1562.148565] ? wait_for_completion_io+0x270/0x270 [ 1562.148958] ? rcu_read_lock_any_held+0x75/0xa0 [ 1562.149331] ? vfs_write+0x354/0xb10 [ 1562.149639] __x64_sys_sendfile64+0x1d1/0x210 [ 1562.150006] ? __ia32_sys_sendfile+0x220/0x220 [ 1562.150387] do_syscall_64+0x33/0x40 [ 1562.150685] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1562.151104] RIP: 0033:0x7f24f4026b19 [ 1562.151407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1562.152879] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1562.153484] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1562.154045] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1562.154608] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1562.155176] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1562.155743] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1562.165523] FAULT_INJECTION: forcing a failure. [ 1562.165523] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1562.166654] CPU: 1 PID: 10582 Comm: Not tainted 5.10.222 #1 [ 1562.167109] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1562.167904] Call Trace: [ 1562.168206] dump_stack+0x107/0x167 [ 1562.168605] should_fail.cold+0x5/0xa [ 1562.168920] _copy_from_user+0x2e/0x1b0 [ 1562.169251] comm_write+0xbf/0x2a0 [ 1562.169536] ? proc_pid_permission+0x300/0x300 [ 1562.169910] do_iter_write+0x4f0/0x700 [ 1562.170234] vfs_writev+0x1ae/0x620 [ 1562.170531] ? vfs_iter_write+0xa0/0xa0 [ 1562.170891] ? __fdget_pos+0xf1/0x190 [ 1562.171292] ? lock_downgrade+0x6d0/0x6d0 [ 1562.171626] ? ksys_write+0x12d/0x260 [ 1562.171936] ? __fget_files+0x2f8/0x520 [ 1562.172338] do_writev+0x139/0x300 [ 1562.172693] ? vfs_writev+0x620/0x620 [ 1562.173005] do_syscall_64+0x33/0x40 [ 1562.173316] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1562.173838] RIP: 0033:0x7fbbbec6fb19 [ 1562.174139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1562.175888] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1562.176492] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1562.177079] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1562.177752] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1562.178330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1562.179015] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1562.252102] attempt to access beyond end of device [ 1562.252102] loop5: rw=2049, want=276, limit=128 [ 1562.318050] FAT-fs (loop6): Unrecognized mount option "@" or missing value [ 1562.392987] attempt to access beyond end of device [ 1562.392987] loop4: rw=2049, want=276, limit=128 [ 1562.452685] attempt to access beyond end of device [ 1562.452685] loop4: rw=1, want=403, limit=128 11:02:27 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000078) 11:02:27 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000200)={'vcan0\x00', &(0x7f00000001c0)=ANY=[@ANYBLOB="40e3a8e50000000070009a8a030000000800"/27]}) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = fork() r4 = fork() ptrace(0x10, r4) ptrace(0x4207, r3) rt_sigqueueinfo(r3, 0x1d, &(0x7f0000003800)={0x31, 0x8000, 0x80000000}) perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x7f, 0x81, 0x8, 0x2, 0x0, 0x7, 0x4000, 0x3, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10000, 0x1, @perf_config_ext={0x2, 0x30af97ad}, 0x400, 0x80000000, 0x100, 0x6, 0x4, 0x2, 0xfbe8, 0x0, 0x6, 0x0, 0x1}, r3, 0xb, r0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) perf_event_open(&(0x7f0000000380)={0x3, 0x80, 0x4, 0x4, 0x0, 0x1, 0x0, 0x2, 0x14, 0x5, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0xffff, 0x1, @perf_bp={&(0x7f0000000280), 0x4}, 0x9000, 0x6, 0x7, 0x3, 0x1800000, 0x1, 0x1f, 0x0, 0x10000, 0x0, 0x81}, r3, 0x1, r2, 0x2) r6 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x10880, 0x0) openat(r6, &(0x7f0000000180)='./file0\x00', 0x200000, 0x8) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r7, 0x0, 0x100000001) ftruncate(r2, 0xffffffffffff5948) 11:02:27 executing program 3: r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r0, 0x200, 0x70bd28, 0x25dfdbfd, {{}, {}, {0x14, 0x18, {0x5, @bearer=@udp='udp:syz0\x00'}}}, ["", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4008080}, 0x4008801) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 11:02:27 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 33) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:02:27 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) openat(r1, &(0x7f0000000300)='./file0\x00', 0x4022c0, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) ftruncate(0xffffffffffffffff, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:02:27 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0xaaaaaaaaaaaab04, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f0000000300)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x204a82, 0x101) sendfile(r4, r5, 0x0, 0x100000001) r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x200, 0x316) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100000001) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x3, 0x1, 0x5, 0x4}) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x100000001) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r4, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r3, {r7}}, './file0\x00'}) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r8, 0x0, 0x100000001) ftruncate(r2, 0xfdef) 11:02:27 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 43) 11:02:27 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) unlinkat(r0, &(0x7f00000000c0)='./file0\x00', 0x0) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x4) ftruncate(r1, 0xfdef) [ 1577.839846] FAULT_INJECTION: forcing a failure. [ 1577.839846] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1577.841729] CPU: 1 PID: 10610 Comm: Not tainted 5.10.222 #1 [ 1577.842546] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1577.843697] Call Trace: [ 1577.844079] dump_stack+0x107/0x167 [ 1577.844600] should_fail.cold+0x5/0xa [ 1577.845159] _copy_from_user+0x2e/0x1b0 [ 1577.845725] comm_write+0xbf/0x2a0 [ 1577.846228] ? proc_pid_permission+0x300/0x300 [ 1577.846888] do_iter_write+0x4f0/0x700 [ 1577.847463] vfs_writev+0x1ae/0x620 [ 1577.847981] ? vfs_iter_write+0xa0/0xa0 [ 1577.848565] ? __fdget_pos+0xf1/0x190 [ 1577.849112] ? lock_downgrade+0x6d0/0x6d0 [ 1577.849709] ? ksys_write+0x12d/0x260 [ 1577.850256] ? __fget_files+0x2f8/0x520 [ 1577.850856] do_writev+0x139/0x300 [ 1577.851357] ? vfs_writev+0x620/0x620 [ 1577.851909] do_syscall_64+0x33/0x40 [ 1577.852440] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1577.853174] RIP: 0033:0x7fbbbec6fb19 [ 1577.853690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1577.856220] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1577.857326] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1577.858319] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1577.859316] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1577.860310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1577.861314] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1577.942268] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1578.088226] FAULT_INJECTION: forcing a failure. [ 1578.088226] name failslab, interval 1, probability 0, space 0, times 0 [ 1578.089919] CPU: 0 PID: 10615 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1578.090948] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1578.092171] Call Trace: [ 1578.092582] dump_stack+0x107/0x167 [ 1578.093144] should_fail.cold+0x5/0xa [ 1578.093723] ? create_object.isra.0+0x3a/0xa20 [ 1578.094413] should_failslab+0x5/0x20 [ 1578.094988] kmem_cache_alloc+0x5b/0x310 [ 1578.095610] create_object.isra.0+0x3a/0xa20 [ 1578.096269] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1578.097038] kmem_cache_alloc+0x159/0x310 [ 1578.097663] alloc_buffer_head+0x20/0x110 [ 1578.098284] alloc_page_buffers+0x14d/0x700 [ 1578.098938] create_empty_buffers+0x2c/0x640 [ 1578.099595] create_page_buffers+0x1bb/0x230 [ 1578.100255] __block_write_begin_int+0x1d1/0x19c0 [ 1578.100974] ? fat_add_cluster+0x100/0x100 [ 1578.101606] ? add_to_page_cache_locked+0x40/0x40 [ 1578.102317] ? __page_cache_alloc+0x10d/0x360 [ 1578.102981] ? remove_inode_buffers+0x300/0x300 [ 1578.103668] ? pagecache_get_page+0x243/0xc80 [ 1578.104321] ? unlock_page_memcg+0x96/0x170 [ 1578.104972] ? wait_for_stable_page+0x92/0xe0 [ 1578.105632] cont_write_begin+0x472/0x980 [ 1578.106257] ? fat_add_cluster+0x100/0x100 [ 1578.106887] ? nobh_write_begin+0xed0/0xed0 [ 1578.107524] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1578.108373] ? generic_write_end+0x20e/0x3f0 [ 1578.109031] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1578.109786] fat_write_begin+0x89/0x180 [ 1578.110373] ? fat_add_cluster+0x100/0x100 [ 1578.111009] generic_perform_write+0x20a/0x4f0 [ 1578.111699] ? fat_direct_IO+0x1ef/0x380 [ 1578.112300] ? page_cache_prev_miss+0x310/0x310 [ 1578.113008] __generic_file_write_iter+0x2cd/0x5d0 [ 1578.113740] generic_file_write_iter+0xdb/0x230 [ 1578.114432] do_iter_readv_writev+0x476/0x750 [ 1578.115099] ? new_sync_write+0x660/0x660 [ 1578.115712] ? avc_policy_seqno+0x9/0x70 [ 1578.116309] ? selinux_file_permission+0x92/0x520 [ 1578.117038] ? security_file_permission+0xb1/0xe0 [ 1578.117762] do_iter_write+0x191/0x700 [ 1578.118346] ? trace_hardirqs_on+0x5b/0x180 [ 1578.118999] vfs_iter_write+0x70/0xa0 [ 1578.119562] iter_file_splice_write+0x762/0xc30 [ 1578.120265] ? generic_splice_sendpage+0x140/0x140 [ 1578.121021] ? security_file_permission+0xb1/0xe0 [ 1578.121740] ? generic_splice_sendpage+0x140/0x140 [ 1578.122466] direct_splice_actor+0x10f/0x170 [ 1578.123120] splice_direct_to_actor+0x387/0x980 [ 1578.123813] ? pipe_to_sendpage+0x380/0x380 [ 1578.124453] ? do_splice_to+0x160/0x160 [ 1578.125050] ? security_file_permission+0xb1/0xe0 [ 1578.125774] do_splice_direct+0x1c4/0x290 [ 1578.126388] ? splice_direct_to_actor+0x980/0x980 [ 1578.127099] ? avc_policy_seqno+0x9/0x70 [ 1578.127705] ? security_file_permission+0xb1/0xe0 [ 1578.128431] do_sendfile+0x553/0x11e0 [ 1578.129014] ? do_pwritev+0x270/0x270 [ 1578.129591] ? wait_for_completion_io+0x270/0x270 [ 1578.130306] ? rcu_read_lock_any_held+0x75/0xa0 [ 1578.130990] ? vfs_write+0x354/0xb10 [ 1578.131550] __x64_sys_sendfile64+0x1d1/0x210 [ 1578.132215] ? __ia32_sys_sendfile+0x220/0x220 [ 1578.132909] do_syscall_64+0x33/0x40 [ 1578.133462] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1578.134208] RIP: 0033:0x7f24f4026b19 [ 1578.134951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1578.137578] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1578.138683] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1578.139707] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1578.140733] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1578.141765] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1578.142784] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 11:02:28 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000140), 0xc}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) close(r0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1578.197369] attempt to access beyond end of device [ 1578.197369] loop4: rw=2049, want=276, limit=128 11:02:28 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 34) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:02:28 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(r0, &(0x7f00000001c0)='./file0\x00', 0x2080, 0x122) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) openat(r0, &(0x7f00000000c0)='./file0\x00', 0x280, 0x110) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) sendfile(r2, r3, 0x0, 0x100000001) ftruncate(r1, 0xfdef) [ 1578.264022] attempt to access beyond end of device [ 1578.264022] loop5: rw=2049, want=276, limit=128 [ 1578.319584] FAULT_INJECTION: forcing a failure. [ 1578.319584] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1578.321667] CPU: 1 PID: 10645 Comm: Not tainted 5.10.222 #1 [ 1578.322471] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1578.323632] Call Trace: [ 1578.324016] dump_stack+0x107/0x167 [ 1578.324536] should_fail.cold+0x5/0xa [ 1578.325095] _copy_from_user+0x2e/0x1b0 [ 1578.325667] comm_write+0xbf/0x2a0 [ 1578.326176] ? proc_pid_permission+0x300/0x300 [ 1578.326836] do_iter_write+0x4f0/0x700 [ 1578.327408] vfs_writev+0x1ae/0x620 [ 1578.327933] ? vfs_iter_write+0xa0/0xa0 [ 1578.328519] ? __fdget_pos+0xf1/0x190 [ 1578.329075] ? lock_downgrade+0x6d0/0x6d0 [ 1578.329669] ? ksys_write+0x12d/0x260 [ 1578.330224] ? __fget_files+0x2f8/0x520 [ 1578.330813] do_writev+0x139/0x300 [ 1578.331320] ? vfs_writev+0x620/0x620 [ 1578.331873] do_syscall_64+0x33/0x40 [ 1578.332398] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1578.333126] RIP: 0033:0x7fbbbec6fb19 [ 1578.333655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1578.336300] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1578.337370] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1578.338397] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1578.339420] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1578.340443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1578.341481] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:02:28 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 44) 11:02:28 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000007b) [ 1578.463415] attempt to access beyond end of device [ 1578.463415] loop4: rw=1, want=316, limit=128 11:02:28 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xb, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000140)={0x4, 0x80, 0x4f, 0x0, 0x1, 0x80, 0x0, 0xfffffffffffffffe, 0x5a601, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x40, 0x4, @perf_config_ext={0x9, 0xe59}, 0x80, 0xffffffffffffffe1, 0xff, 0x7, 0x3782266, 0x7, 0x0, 0x0, 0x1, 0x0, 0x7}) sendfile(r3, r1, &(0x7f0000000000)=0x100000000, 0x100000000) openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x9080, 0x28) 11:02:28 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) openat(r1, &(0x7f0000000300)='./file0\x00', 0x4022c0, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r4, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) [ 1578.671638] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue 11:02:28 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 35) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1578.721251] FAULT_INJECTION: forcing a failure. [ 1578.721251] name failslab, interval 1, probability 0, space 0, times 0 [ 1578.722744] CPU: 0 PID: 10655 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1578.723627] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1578.724689] Call Trace: [ 1578.725050] dump_stack+0x107/0x167 [ 1578.725528] should_fail.cold+0x5/0xa [ 1578.726027] ? create_object.isra.0+0x3a/0xa20 [ 1578.726616] should_failslab+0x5/0x20 [ 1578.727106] kmem_cache_alloc+0x5b/0x310 [ 1578.727635] create_object.isra.0+0x3a/0xa20 [ 1578.728198] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1578.728859] kmem_cache_alloc+0x159/0x310 [ 1578.729401] alloc_buffer_head+0x20/0x110 [ 1578.729931] alloc_page_buffers+0x14d/0x700 [ 1578.730494] create_empty_buffers+0x2c/0x640 [ 1578.731070] create_page_buffers+0x1bb/0x230 [ 1578.731643] __block_write_begin_int+0x1d1/0x19c0 [ 1578.732273] ? fat_add_cluster+0x100/0x100 [ 1578.732824] ? add_to_page_cache_locked+0x40/0x40 [ 1578.733449] ? __page_cache_alloc+0x10d/0x360 [ 1578.734026] ? remove_inode_buffers+0x300/0x300 [ 1578.734621] ? pagecache_get_page+0x243/0xc80 [ 1578.735202] ? unlock_page_memcg+0x96/0x170 [ 1578.735764] ? wait_for_stable_page+0x92/0xe0 [ 1578.736343] cont_write_begin+0x472/0x980 [ 1578.736895] ? fat_add_cluster+0x100/0x100 [ 1578.737442] ? nobh_write_begin+0xed0/0xed0 [ 1578.738004] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1578.738733] ? generic_write_end+0x20e/0x3f0 [ 1578.739288] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1578.739939] fat_write_begin+0x89/0x180 [ 1578.740443] ? fat_add_cluster+0x100/0x100 [ 1578.740998] generic_perform_write+0x20a/0x4f0 [ 1578.741590] ? fat_direct_IO+0x1ef/0x380 [ 1578.742111] ? page_cache_prev_miss+0x310/0x310 [ 1578.742718] __generic_file_write_iter+0x2cd/0x5d0 [ 1578.743348] generic_file_write_iter+0xdb/0x230 [ 1578.743949] do_iter_readv_writev+0x476/0x750 [ 1578.744519] ? new_sync_write+0x660/0x660 [ 1578.745054] ? avc_policy_seqno+0x9/0x70 [ 1578.745577] ? selinux_file_permission+0x92/0x520 [ 1578.746206] ? security_file_permission+0xb1/0xe0 [ 1578.746824] do_iter_write+0x191/0x700 [ 1578.747324] ? trace_hardirqs_on+0x5b/0x180 [ 1578.747880] vfs_iter_write+0x70/0xa0 [ 1578.748372] iter_file_splice_write+0x762/0xc30 [ 1578.748987] ? generic_splice_sendpage+0x140/0x140 [ 1578.749632] ? security_file_permission+0xb1/0xe0 [ 1578.750246] ? generic_splice_sendpage+0x140/0x140 [ 1578.750874] direct_splice_actor+0x10f/0x170 [ 1578.751437] splice_direct_to_actor+0x387/0x980 [ 1578.752027] ? pipe_to_sendpage+0x380/0x380 [ 1578.752584] ? do_splice_to+0x160/0x160 [ 1578.753107] ? security_file_permission+0xb1/0xe0 [ 1578.753723] do_splice_direct+0x1c4/0x290 [ 1578.754253] ? splice_direct_to_actor+0x980/0x980 [ 1578.754857] ? avc_policy_seqno+0x9/0x70 [ 1578.755386] ? security_file_permission+0xb1/0xe0 [ 1578.756013] do_sendfile+0x553/0x11e0 [ 1578.756516] ? do_pwritev+0x270/0x270 [ 1578.757012] ? wait_for_completion_io+0x270/0x270 [ 1578.757627] ? rcu_read_lock_any_held+0x75/0xa0 [ 1578.758215] ? vfs_write+0x354/0xb10 [ 1578.758704] __x64_sys_sendfile64+0x1d1/0x210 [ 1578.759271] ? __ia32_sys_sendfile+0x220/0x220 [ 1578.759850] do_syscall_64+0x33/0x40 [ 1578.760321] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1578.760962] RIP: 0033:0x7f24f4026b19 [ 1578.761432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1578.763703] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1578.764651] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1578.765563] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1578.766455] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1578.767342] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1578.768230] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 11:02:28 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat2(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x4040, 0x2, 0xc}, 0x18) perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x1, 0x3c, 0x0, 0x1f, 0x0, 0xffffffffffffffff, 0x80, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x2, @perf_bp, 0x42400, 0x2, 0xa, 0x0, 0xd72, 0x3, 0x100, 0x0, 0x1, 0x0, 0x4}, 0x0, 0xd, r0, 0x8) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(r1, &(0x7f00000002c0)='./file0\x00', 0x105102, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1578.872484] FAULT_INJECTION: forcing a failure. [ 1578.872484] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1578.874024] CPU: 0 PID: 10678 Comm: Not tainted 5.10.222 #1 [ 1578.874795] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1578.875769] Call Trace: [ 1578.876098] dump_stack+0x107/0x167 [ 1578.876532] should_fail.cold+0x5/0xa [ 1578.876997] _copy_from_user+0x2e/0x1b0 [ 1578.877473] comm_write+0xbf/0x2a0 [ 1578.877896] ? proc_pid_permission+0x300/0x300 [ 1578.878062] attempt to access beyond end of device [ 1578.878062] loop5: rw=2049, want=276, limit=128 [ 1578.878450] do_iter_write+0x4f0/0x700 [ 1578.878485] vfs_writev+0x1ae/0x620 [ 1578.880633] ? vfs_iter_write+0xa0/0xa0 [ 1578.881164] ? __fdget_pos+0xf1/0x190 [ 1578.881610] ? lock_downgrade+0x6d0/0x6d0 [ 1578.882117] ? ksys_write+0x12d/0x260 [ 1578.882578] ? __fget_files+0x2f8/0x520 [ 1578.883065] do_writev+0x139/0x300 [ 1578.883495] ? vfs_writev+0x620/0x620 [ 1578.883961] do_syscall_64+0x33/0x40 [ 1578.884405] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1578.885011] RIP: 0033:0x7fbbbec6fb19 [ 1578.885448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1578.887584] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1578.888458] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1578.889288] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1578.890123] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1578.890950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1578.891776] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:02:29 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f00000004c0)=@newae={0x48, 0x1e, 0x1, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @in=@remote}, [@etimer_thresh={0x8}]}, 0x48}}, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) [ 1579.153537] FAULT_INJECTION: forcing a failure. [ 1579.153537] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1579.155287] CPU: 1 PID: 10693 Comm: Not tainted 5.10.222 #1 [ 1579.156018] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1579.157084] Call Trace: [ 1579.157434] dump_stack+0x107/0x167 [ 1579.157904] should_fail.cold+0x5/0xa [ 1579.158401] _copy_from_user+0x2e/0x1b0 [ 1579.158919] comm_write+0xbf/0x2a0 [ 1579.159381] ? proc_pid_permission+0x300/0x300 [ 1579.159975] do_iter_write+0x4f0/0x700 [ 1579.160498] vfs_writev+0x1ae/0x620 [ 1579.161016] ? vfs_iter_write+0xa0/0xa0 [ 1579.161547] ? __fdget_pos+0xf1/0x190 [ 1579.162040] ? lock_downgrade+0x6d0/0x6d0 [ 1579.162574] ? ksys_write+0x12d/0x260 [ 1579.163069] ? __fget_files+0x2f8/0x520 [ 1579.163599] do_writev+0x139/0x300 [ 1579.164057] ? vfs_writev+0x620/0x620 [ 1579.164561] do_syscall_64+0x33/0x40 [ 1579.165053] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1579.165708] RIP: 0033:0x7fbbbec6fb19 [ 1579.166182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1579.168574] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1579.169550] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1579.170437] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1579.171326] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1579.172219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1579.173120] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:02:29 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 11:02:29 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) execve(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=[&(0x7f0000000180)='vfat\x00', &(0x7f00000001c0)='vfat\x00'], &(0x7f0000000340)=[&(0x7f0000000280)='@-\'{\xcb\xd5%(\x00', &(0x7f0000000300)='$\x00']) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:02:29 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000080), 0xd4d, 0x240400) sendfile(r0, r2, 0x0, 0x100000004) r3 = syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000fc0)=[{&(0x7f0000000140)="eb3c986d6b66732e66616d2ab0631d715f156b166f073e", 0x2}, {0x0, 0x0, 0x8000}, {&(0x7f00000001c0)="1a76602d3b07730f571f9de547e25f2e03772970277b602747b460fb8ea05ea88b85dbba5cf4ead392cbd8307ca547654cb5528a4e970aad3211babb4b6ba651408ccf8c1f529180fe8d60e9f15abe03cc5e8b85c3e3dc2e2f2838c69638f4c12bc07fd2749e2299095b895c8fb5c7e4678e6865238bf12e245ff5b33b139de65e4501400edba28064642daef8ab2a805ece461762df205e254f3a76233cdf", 0x9f, 0x7f}], 0x204002, &(0x7f0000001040)=ANY=[@ANYRESDEC=0x0, @ANYBLOB="2d7a3d1f50a4db05c8604eacefc5b7399ea80fb6824c1d00809bef8d3dcdd7d37cebc57953629e0cfcace416ea6ab58dcbf7230056aef0e67e4dc3ca27ba9f22c771a24af85a1dbb6a0fad66a758ca229cc0cc9368aa3342ae970737f97e5e3fb47e1330014c73298c1e3f6d3348cf4bd5bad961c42039671cc5c211387fa59882453042beb71254d177b48145fd8bca2612b74855759c87f88aff19638be9b02c7c1fe83cccad2dc54bab40c7e6a07080a6bb269f51c0b0635fd630bc414c2103c3d8cd75eb48fac80fc1a092", @ANYRESDEC, @ANYRES16=0x0, @ANYRESHEX, @ANYRESOCT=r1, @ANYBLOB="1b11f03dc733ab7b33eb33cbacfb60fa91f2e0318b939edce7b2a180826c7dc4fba3ac0fa0f47d9ff0e5c32ecd10d149f530a1b5675969f6e2bdede9e3dced0089b62077a3c687efc190c3343369", @ANYRESOCT=r0]) chdir(&(0x7f0000000040)='./file0\x00') r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x100000001) write$binfmt_elf64(r3, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0xff, 0x0, 0xff, 0x20, 0x1, 0x3, 0x6, 0x10001, 0xfe, 0x40, 0x2d7, 0xff, 0x81, 0x38, 0x2, 0x100, 0x2, 0x9}, [{0x7, 0x0, 0xfffffffffffffffe, 0x9, 0xffffffffffff8000, 0x7f, 0x6, 0x3ff}], "1e26854ea35ddeb90050d7afbf30051425feeceed8d7332ece48e4294a33825ac93ba188a641e71cc3561c33082a099fead8f7320c8df465b0c79de1ec6bf42540b6cf61b5cc15a065d782ac828332188f8910a8943476c9f7dfb4885fc3a1173df6ddba1c366ff9d628dfad73bcc06fb78b33db4205870763fc89b0cdd4982d870e3763e984f92887611a84d6c9baad11ebf701118e26a09405e74920fa6f0cdfe0582f7e25ef5b0ea0817855c869666c9f1422937b7e0f7513668b0e07c8720dda", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xb3a) ftruncate(r4, 0xfdef) 11:02:29 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 45) 11:02:29 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 36) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1579.232479] attempt to access beyond end of device [ 1579.232479] loop6: rw=2049, want=276, limit=128 [ 1579.251054] attempt to access beyond end of device [ 1579.251054] loop6: rw=0, want=147, limit=128 [ 1579.304305] attempt to access beyond end of device [ 1579.304305] loop6: rw=2049, want=404, limit=128 [ 1579.313981] FAULT_INJECTION: forcing a failure. [ 1579.313981] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1579.315121] CPU: 0 PID: 10695 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1579.315813] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1579.316564] Call Trace: [ 1579.316839] dump_stack+0x107/0x167 [ 1579.317193] should_fail.cold+0x5/0xa [ 1579.317564] __alloc_pages_nodemask+0x182/0x600 [ 1579.318008] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1579.318589] alloc_pages_current+0x187/0x280 [ 1579.319009] allocate_slab+0x26f/0x380 [ 1579.319383] ___slab_alloc+0x470/0x700 [ 1579.319754] ? alloc_buffer_head+0x20/0x110 [ 1579.320169] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1579.320654] ? trace_hardirqs_on+0x5b/0x180 [ 1579.321069] ? alloc_buffer_head+0x20/0x110 [ 1579.321461] ? kmem_cache_alloc+0x301/0x310 [ 1579.321851] kmem_cache_alloc+0x301/0x310 [ 1579.322228] alloc_buffer_head+0x20/0x110 [ 1579.322598] alloc_page_buffers+0x14d/0x700 [ 1579.322988] create_empty_buffers+0x2c/0x640 [ 1579.323386] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1579.323875] create_page_buffers+0x1bb/0x230 [ 1579.324267] __block_write_begin_int+0x1d1/0x19c0 [ 1579.324702] ? fat_add_cluster+0x100/0x100 [ 1579.325088] ? add_to_page_cache_locked+0x40/0x40 [ 1579.325519] ? __page_cache_alloc+0x10d/0x360 [ 1579.325923] ? remove_inode_buffers+0x300/0x300 [ 1579.326339] ? pagecache_get_page+0x243/0xc80 [ 1579.326740] ? unlock_page_memcg+0x96/0x170 [ 1579.327130] ? wait_for_stable_page+0x92/0xe0 [ 1579.327530] cont_write_begin+0x472/0x980 [ 1579.327899] ? fat_add_cluster+0x100/0x100 [ 1579.328280] ? nobh_write_begin+0xed0/0xed0 [ 1579.328661] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1579.329178] ? generic_write_end+0x20e/0x3f0 [ 1579.329568] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1579.330014] fat_write_begin+0x89/0x180 [ 1579.330368] ? fat_add_cluster+0x100/0x100 [ 1579.330745] generic_perform_write+0x20a/0x4f0 [ 1579.331154] ? fat_direct_IO+0x1ef/0x380 [ 1579.331515] ? page_cache_prev_miss+0x310/0x310 [ 1579.331935] __generic_file_write_iter+0x2cd/0x5d0 [ 1579.332374] generic_file_write_iter+0xdb/0x230 [ 1579.332794] do_iter_readv_writev+0x476/0x750 [ 1579.333194] ? new_sync_write+0x660/0x660 [ 1579.333563] ? avc_policy_seqno+0x9/0x70 [ 1579.333923] ? selinux_file_permission+0x92/0x520 [ 1579.334359] ? security_file_permission+0xb1/0xe0 [ 1579.334786] do_iter_write+0x191/0x700 [ 1579.335132] ? trace_hardirqs_on+0x5b/0x180 [ 1579.335521] vfs_iter_write+0x70/0xa0 [ 1579.335862] iter_file_splice_write+0x762/0xc30 [ 1579.336284] ? generic_splice_sendpage+0x140/0x140 [ 1579.336738] ? security_file_permission+0xb1/0xe0 [ 1579.337172] ? generic_splice_sendpage+0x140/0x140 [ 1579.337613] direct_splice_actor+0x10f/0x170 [ 1579.338002] splice_direct_to_actor+0x387/0x980 [ 1579.338421] ? pipe_to_sendpage+0x380/0x380 [ 1579.338808] ? do_splice_to+0x160/0x160 [ 1579.339165] ? security_file_permission+0xb1/0xe0 [ 1579.339600] do_splice_direct+0x1c4/0x290 [ 1579.339975] ? splice_direct_to_actor+0x980/0x980 [ 1579.340392] ? avc_policy_seqno+0x9/0x70 [ 1579.340759] ? security_file_permission+0xb1/0xe0 [ 1579.341202] do_sendfile+0x553/0x11e0 [ 1579.341547] ? do_pwritev+0x270/0x270 [ 1579.341887] ? wait_for_completion_io+0x270/0x270 [ 1579.342317] ? rcu_read_lock_any_held+0x75/0xa0 [ 1579.342725] ? vfs_write+0x354/0xb10 [ 1579.343063] __x64_sys_sendfile64+0x1d1/0x210 [ 1579.343459] ? __ia32_sys_sendfile+0x220/0x220 [ 1579.343872] do_syscall_64+0x33/0x40 [ 1579.344200] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1579.344651] RIP: 0033:0x7f24f4026b19 [ 1579.344989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1579.346594] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1579.347259] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1579.347875] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1579.348492] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1579.349113] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1579.349732] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1579.352515] attempt to access beyond end of device [ 1579.352515] loop6: rw=1, want=403, limit=128 [ 1579.353357] Buffer I/O error on dev loop6, logical block 402, lost async page write [ 1579.371710] attempt to access beyond end of device [ 1579.371710] loop5: rw=2049, want=276, limit=128 11:02:42 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x22) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:02:42 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000007c) 11:02:42 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') setxattr$trusted_overlay_nlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), &(0x7f00000001c0)={'U+', 0x20}, 0x16, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:02:42 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x4}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) recvmmsg$unix(r3, &(0x7f0000000200)=[{{&(0x7f0000000180), 0x6e, &(0x7f0000000840)=[{&(0x7f0000000300)=""/221, 0xdd}, {&(0x7f0000000400)=""/125, 0x7d}, {&(0x7f0000000480)=""/101, 0x65}, {&(0x7f0000000500)=""/122, 0x7a}, {&(0x7f0000000580)=""/210, 0xd2}, {&(0x7f0000000680)=""/166, 0xa6}, {&(0x7f00000000c0)}, {&(0x7f0000000740)=""/211, 0xd3}], 0x8, &(0x7f00000008c0)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x70}}], 0x1, 0x20, &(0x7f0000000280)={0x77359400}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x100000001) openat(r6, &(0x7f00000000c0)='./file0\x00', 0xa4040, 0x49) sendfile(r1, r4, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:02:42 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file1\x00', 0xfffffffffffffffc, 0x0, 0x0, 0x3007450, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x105042, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x100010, 0xffffffffffffffff, 0x10000000) r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) r4 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r4, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x100, 0x14) syz_io_uring_submit(r5, r6, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) r7 = openat$incfs(r1, &(0x7f0000000180)='.log\x00', 0x0, 0x64) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000000, 0x8010, r7, 0x8000000) syz_io_uring_submit(r2, r6, &(0x7f0000000140)=@IORING_OP_LINK_TIMEOUT={0xf, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x1, 0x0, 0x1}, 0x8) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) 11:02:42 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 46) 11:02:42 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 37) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:02:42 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) openat(r1, &(0x7f0000000300)='./file0\x00', 0x4022c0, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r4, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) [ 1592.891938] FAULT_INJECTION: forcing a failure. [ 1592.891938] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1592.893117] CPU: 0 PID: 10729 Comm: Not tainted 5.10.222 #1 [ 1592.893654] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1592.894429] Call Trace: [ 1592.894687] dump_stack+0x107/0x167 [ 1592.895033] should_fail.cold+0x5/0xa [ 1592.895401] _copy_from_user+0x2e/0x1b0 [ 1592.895780] comm_write+0xbf/0x2a0 [ 1592.896120] ? proc_pid_permission+0x300/0x300 [ 1592.896567] do_iter_write+0x4f0/0x700 [ 1592.896946] vfs_writev+0x1ae/0x620 [ 1592.897298] ? vfs_iter_write+0xa0/0xa0 [ 1592.897673] ? __fdget_pos+0xf1/0x190 [ 1592.898043] ? lock_downgrade+0x6d0/0x6d0 [ 1592.898442] ? ksys_write+0x12d/0x260 [ 1592.898806] ? __fget_files+0x2f8/0x520 [ 1592.899200] do_writev+0x139/0x300 [ 1592.899543] ? vfs_writev+0x620/0x620 [ 1592.899912] do_syscall_64+0x33/0x40 [ 1592.900269] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1592.900756] RIP: 0033:0x7fbbbec6fb19 [ 1592.901115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1592.902824] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1592.903541] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1592.904210] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1592.904877] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1592.905561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1592.906227] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1592.971967] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue 11:02:43 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 38) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1593.043435] FAULT_INJECTION: forcing a failure. [ 1593.043435] name failslab, interval 1, probability 0, space 0, times 0 [ 1593.045372] CPU: 1 PID: 10727 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1593.046387] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1593.047590] Call Trace: [ 1593.047988] dump_stack+0x107/0x167 [ 1593.048534] should_fail.cold+0x5/0xa [ 1593.049108] ? create_object.isra.0+0x3a/0xa20 [ 1593.049782] should_failslab+0x5/0x20 [ 1593.050341] kmem_cache_alloc+0x5b/0x310 [ 1593.050944] create_object.isra.0+0x3a/0xa20 [ 1593.051592] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1593.052347] kmem_cache_alloc+0x159/0x310 [ 1593.052972] alloc_buffer_head+0x20/0x110 [ 1593.053590] alloc_page_buffers+0x14d/0x700 [ 1593.054240] create_empty_buffers+0x2c/0x640 [ 1593.054903] create_page_buffers+0x1bb/0x230 [ 1593.055562] __block_write_begin_int+0x1d1/0x19c0 [ 1593.056277] ? fat_add_cluster+0x100/0x100 [ 1593.056902] ? add_to_page_cache_locked+0x40/0x40 [ 1593.057619] ? __page_cache_alloc+0x10d/0x360 [ 1593.058277] ? remove_inode_buffers+0x300/0x300 [ 1593.058962] ? pagecache_get_page+0x243/0xc80 [ 1593.059622] ? unlock_page_memcg+0x96/0x170 [ 1593.060261] ? wait_for_stable_page+0x92/0xe0 [ 1593.060926] cont_write_begin+0x472/0x980 [ 1593.061558] ? fat_add_cluster+0x100/0x100 [ 1593.062183] ? nobh_write_begin+0xed0/0xed0 [ 1593.062819] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1593.063660] ? generic_write_end+0x20e/0x3f0 [ 1593.064307] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1593.065074] fat_write_begin+0x89/0x180 [ 1593.065660] ? fat_add_cluster+0x100/0x100 [ 1593.066283] generic_perform_write+0x20a/0x4f0 [ 1593.066962] ? fat_direct_IO+0x1ef/0x380 [ 1593.067560] ? page_cache_prev_miss+0x310/0x310 [ 1593.068264] __generic_file_write_iter+0x2cd/0x5d0 [ 1593.068990] generic_file_write_iter+0xdb/0x230 [ 1593.069691] do_iter_readv_writev+0x476/0x750 [ 1593.070357] ? new_sync_write+0x660/0x660 [ 1593.070963] ? avc_policy_seqno+0x9/0x70 [ 1593.071562] ? selinux_file_permission+0x92/0x520 [ 1593.072279] ? security_file_permission+0xb1/0xe0 [ 1593.073003] do_iter_write+0x191/0x700 [ 1593.073588] ? trace_hardirqs_on+0x5b/0x180 [ 1593.074238] vfs_iter_write+0x70/0xa0 [ 1593.074802] iter_file_splice_write+0x762/0xc30 [ 1593.075595] ? generic_splice_sendpage+0x140/0x140 [ 1593.076399] ? security_file_permission+0xb1/0xe0 [ 1593.077121] ? generic_splice_sendpage+0x140/0x140 [ 1593.077838] direct_splice_actor+0x10f/0x170 [ 1593.078488] splice_direct_to_actor+0x387/0x980 [ 1593.079173] ? pipe_to_sendpage+0x380/0x380 [ 1593.079811] ? do_splice_to+0x160/0x160 [ 1593.080398] ? security_file_permission+0xb1/0xe0 [ 1593.081119] do_splice_direct+0x1c4/0x290 [ 1593.081727] ? splice_direct_to_actor+0x980/0x980 [ 1593.082423] ? avc_policy_seqno+0x9/0x70 [ 1593.083033] ? security_file_permission+0xb1/0xe0 [ 1593.083757] do_sendfile+0x553/0x11e0 [ 1593.084338] ? do_pwritev+0x270/0x270 [ 1593.084904] ? wait_for_completion_io+0x270/0x270 [ 1593.085615] ? rcu_read_lock_any_held+0x75/0xa0 [ 1593.086293] ? vfs_write+0x354/0xb10 [ 1593.086853] __x64_sys_sendfile64+0x1d1/0x210 [ 1593.087516] ? __ia32_sys_sendfile+0x220/0x220 [ 1593.088203] do_syscall_64+0x33/0x40 [ 1593.088745] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1593.089494] RIP: 0033:0x7f24f4026b19 [ 1593.090049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1593.092699] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1593.093826] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1593.094863] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1593.095898] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1593.096927] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1593.097967] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1593.114735] attempt to access beyond end of device [ 1593.114735] loop4: rw=2049, want=276, limit=128 [ 1593.134699] FAULT_INJECTION: forcing a failure. [ 1593.134699] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1593.135769] CPU: 0 PID: 10749 Comm: Not tainted 5.10.222 #1 [ 1593.136402] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1593.137093] Call Trace: [ 1593.137331] dump_stack+0x107/0x167 [ 1593.137642] should_fail.cold+0x5/0xa [ 1593.137972] _copy_from_user+0x2e/0x1b0 [ 1593.138316] comm_write+0xbf/0x2a0 [ 1593.138618] ? proc_pid_permission+0x300/0x300 [ 1593.139015] do_iter_write+0x4f0/0x700 [ 1593.139355] vfs_writev+0x1ae/0x620 [ 1593.139667] ? vfs_iter_write+0xa0/0xa0 [ 1593.140010] ? __fdget_pos+0xf1/0x190 [ 1593.140336] ? lock_downgrade+0x6d0/0x6d0 [ 1593.140695] ? ksys_write+0x12d/0x260 [ 1593.141026] ? __fget_files+0x2f8/0x520 [ 1593.141377] do_writev+0x139/0x300 [ 1593.141681] ? vfs_writev+0x620/0x620 [ 1593.142012] do_syscall_64+0x33/0x40 [ 1593.142330] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1593.142763] RIP: 0033:0x7fbbbec6fb19 [ 1593.143086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1593.144607] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1593.145257] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1593.145849] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1593.146439] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1593.147027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1593.147615] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1593.174377] attempt to access beyond end of device [ 1593.174377] loop6: rw=1, want=275, limit=128 11:02:43 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setown(r0, 0x8, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='./file0\x00') mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 11:02:43 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0/file0\x00', 0x680, 0x50) [ 1593.214635] attempt to access beyond end of device [ 1593.214635] loop5: rw=2049, want=276, limit=128 11:02:43 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000007d) [ 1593.246533] attempt to access beyond end of device [ 1593.246533] loop6: rw=2049, want=276, limit=128 [ 1593.248913] attempt to access beyond end of device [ 1593.248913] loop6: rw=0, want=147, limit=128 11:02:43 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) mount$9p_unix(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x44008, &(0x7f00000003c0)={'trans=unix,', {[{@uname={'uname', 0x3d, 'privport'}}, {@privport}, {@cache_loose}], [{@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@euid_eq}, {@subj_type={'subj_type', 0x3d, 'smackfsroot'}}, {@seclabel}, {@smackfsroot={'smackfsroot', 0x3d, 'vfat\x00'}}, {@seclabel}, {@smackfsdef={'smackfsdef', 0x3d, 'vfat\x00'}}, {@obj_user={'obj_user', 0x3d, '/$,'}}]}}) ftruncate(r0, 0xfdef) [ 1593.278250] attempt to access beyond end of device [ 1593.278250] loop6: rw=2049, want=404, limit=128 [ 1593.385965] attempt to access beyond end of device [ 1593.385965] loop6: rw=1, want=403, limit=128 [ 1593.386763] Buffer I/O error on dev loop6, logical block 402, lost async page write [ 1593.460044] attempt to access beyond end of device [ 1593.460044] loop4: rw=2049, want=276, limit=128 [ 1593.555169] attempt to access beyond end of device [ 1593.555169] loop4: rw=1, want=316, limit=128 11:02:57 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 47) 11:02:57 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x100, 0x80000) r2 = openat(r1, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x140) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) ftruncate(r0, 0xfdef) ioctl$BINDER_CTL_ADD(0xffffffffffffffff, 0xc1086201, &(0x7f0000000300)={'custom0\x00'}) 11:02:57 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = syz_open_dev$sg(&(0x7f0000000200), 0xea, 0x303c80) ioctl$AUTOFS_IOC_EXPIRE(r0, 0x810c9365, &(0x7f0000000300)={{0x8, 0x2eb}, 0x100, './file0\x00'}) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) fspick(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x1) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r4, {0x7}}, './file0\x00'}) ftruncate(r1, 0xfdef) 11:02:57 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000400)={0x1000, 0xb0c7, 0x2}) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) writev(r0, &(0x7f0000003ac0)=[{&(0x7f0000003740)="49e6286074275bccaecb338da01d28fb814850c9c3294f243121e103e7e46a1da0c498dd17910421d07f721c60ff9620cbce73a016bc797018efd8876d0e443f43df2cc2cd9af5", 0x47}, {&(0x7f00000037c0)="e0895ed1365cf2badb9f71119bb1c5bf820199799a6b75a643075edbf8096f6721fdd8cbc3b675e139b1cba8ced7fa20dfd7685a87d5fa35b9d1b7ddbe5a503554948cd54bc9a1dfc0a88b8eb58af9f180144ba7b68d", 0x56}, {&(0x7f0000003840)="996476282e67756248221e4383c66c8f8139513c8e617a3316012b9004a2ced1fb13ca73a09cdbc9a379ca65fcf28e5a1da0244afdcf7d58ed768a8938d839d43fcf091156bf79b4e007a79e56f7845e8de86dfc0be424f6693547f91b00492ff27174991b0b6ab622a2c0a7e45c3767841ca2759a83e40e60c0b9394b9f720f47", 0x81}, {&(0x7f0000003900)="c7a895591ba70772e2b0e730ac1cd51a84d8736d6d3e152830127105230ad5a0e93cbcceb6263b8d41c7c528cb762742f80be47a7e5f74f4f3298aaf6fa144393ac386ac93c99b0b43073c92e319a478e388a95006002fd34c18e4394f9678a8de5355eb10518232f8b38560f97c015bb11f7b5d65df10fc47f89d93c177b446d091119556675c220e", 0x89}, {&(0x7f00000039c0)="8b81051580d23b1655243353bb7a8fc3f73d18254f9a5cb4081bfd90251965b3eab9b593266d745058514f7fe5d300b56ee6c6484dbbf8d815fff012e76633318c42c1b56a3d253ee30017b91d1ef70ae8c490c2ca942388501c4e8462c95f7869315fe78d58f67d76", 0x69}, {&(0x7f0000003a40)="3ab6444ecbede3fc83963e6a6b65a507d161f9bb5ad4cbc6a706099b965b11da4d0864bbcdf97bc9377a5796161cbdd7e96d41f2f3346c2088a0a6e5ff829983d628ef259cf2d1f3f0c3", 0x4a}, {&(0x7f0000000480)="9b876f763b79547399f1696a5ba48a947733b9ab079f1aa9751ec5", 0x1b}], 0x7) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) bind$inet(r3, &(0x7f0000003b40)={0x2, 0x4e23, @loopback}, 0x10) readv(r1, &(0x7f0000003680)=[{&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000000140)=""/238, 0xee}, {&(0x7f0000000000)=""/60, 0x3c}, {&(0x7f0000000300)=""/192, 0xc0}, {&(0x7f0000001500)=""/138, 0x8a}, {&(0x7f00000015c0)=""/4096, 0x1000}, {&(0x7f0000000240)=""/105, 0x69}, {&(0x7f00000003c0)=""/14, 0xe}, {&(0x7f00000025c0)=""/134, 0x86}, {&(0x7f0000002680)=""/4096, 0x1000}], 0xa) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 11:02:57 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 39) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:02:57 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) r2 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x585142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) ftruncate(r0, 0x100000000) openat(r0, &(0x7f0000000180)='./file0\x00', 0x0, 0x12) 11:02:57 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) openat(r1, &(0x7f0000000300)='./file0\x00', 0x4022c0, 0x100) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r4, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:02:57 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000007e) [ 1607.466955] FAULT_INJECTION: forcing a failure. [ 1607.466955] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1607.468878] CPU: 1 PID: 10775 Comm: Not tainted 5.10.222 #1 [ 1607.469734] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1607.470953] Call Trace: [ 1607.471359] dump_stack+0x107/0x167 [ 1607.471910] should_fail.cold+0x5/0xa [ 1607.472485] _copy_from_user+0x2e/0x1b0 [ 1607.473083] comm_write+0xbf/0x2a0 [ 1607.473629] ? proc_pid_permission+0x300/0x300 [ 1607.474333] do_iter_write+0x4f0/0x700 [ 1607.474936] vfs_writev+0x1ae/0x620 [ 1607.475486] ? vfs_iter_write+0xa0/0xa0 [ 1607.476068] ? __fdget_pos+0xf1/0x190 [ 1607.476640] ? lock_downgrade+0x6d0/0x6d0 [ 1607.477266] ? ksys_write+0x12d/0x260 [ 1607.477848] ? __fget_files+0x2f8/0x520 [ 1607.478462] do_writev+0x139/0x300 [ 1607.478996] ? vfs_writev+0x620/0x620 [ 1607.479579] do_syscall_64+0x33/0x40 [ 1607.480130] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1607.480889] RIP: 0033:0x7fbbbec6fb19 [ 1607.481446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1607.484089] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1607.485205] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1607.486253] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1607.487296] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1607.488333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1607.489378] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1607.625028] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1607.655458] FAULT_INJECTION: forcing a failure. [ 1607.655458] name failslab, interval 1, probability 0, space 0, times 0 [ 1607.657247] CPU: 1 PID: 10785 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1607.658281] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1607.659505] Call Trace: [ 1607.659909] dump_stack+0x107/0x167 [ 1607.660451] should_fail.cold+0x5/0xa [ 1607.661022] ? create_object.isra.0+0x3a/0xa20 [ 1607.661710] should_failslab+0x5/0x20 [ 1607.662277] kmem_cache_alloc+0x5b/0x310 [ 1607.662882] create_object.isra.0+0x3a/0xa20 [ 1607.663535] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1607.664290] kmem_cache_alloc+0x159/0x310 [ 1607.664916] alloc_buffer_head+0x20/0x110 [ 1607.665538] alloc_page_buffers+0x14d/0x700 [ 1607.666191] create_empty_buffers+0x2c/0x640 [ 1607.666848] create_page_buffers+0x1bb/0x230 [ 1607.667585] __block_write_begin_int+0x1d1/0x19c0 [ 1607.668391] ? fat_add_cluster+0x100/0x100 [ 1607.669017] ? add_to_page_cache_locked+0x40/0x40 [ 1607.669736] ? __page_cache_alloc+0x10d/0x360 [ 1607.670403] ? remove_inode_buffers+0x300/0x300 [ 1607.671084] ? pagecache_get_page+0x243/0xc80 [ 1607.671750] ? unlock_page_memcg+0x96/0x170 [ 1607.672391] ? wait_for_stable_page+0x92/0xe0 [ 1607.673059] cont_write_begin+0x472/0x980 [ 1607.673684] ? fat_add_cluster+0x100/0x100 [ 1607.674308] ? nobh_write_begin+0xed0/0xed0 [ 1607.674942] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1607.675795] ? generic_write_end+0x20e/0x3f0 [ 1607.676436] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1607.677191] fat_write_begin+0x89/0x180 [ 1607.677781] ? fat_add_cluster+0x100/0x100 [ 1607.678408] generic_perform_write+0x20a/0x4f0 [ 1607.679083] ? fat_direct_IO+0x1ef/0x380 [ 1607.679688] ? page_cache_prev_miss+0x310/0x310 [ 1607.680392] __generic_file_write_iter+0x2cd/0x5d0 [ 1607.681129] generic_file_write_iter+0xdb/0x230 [ 1607.681819] do_iter_readv_writev+0x476/0x750 [ 1607.682488] ? new_sync_write+0x660/0x660 [ 1607.683094] ? avc_policy_seqno+0x9/0x70 [ 1607.683697] ? selinux_file_permission+0x92/0x520 [ 1607.684411] ? security_file_permission+0xb1/0xe0 [ 1607.685141] do_iter_write+0x191/0x700 [ 1607.685718] ? trace_hardirqs_on+0x5b/0x180 [ 1607.686366] vfs_iter_write+0x70/0xa0 [ 1607.686929] iter_file_splice_write+0x762/0xc30 [ 1607.687641] ? generic_splice_sendpage+0x140/0x140 [ 1607.688392] ? security_file_permission+0xb1/0xe0 [ 1607.689109] ? generic_splice_sendpage+0x140/0x140 [ 1607.689835] direct_splice_actor+0x10f/0x170 [ 1607.690491] splice_direct_to_actor+0x387/0x980 [ 1607.691179] ? pipe_to_sendpage+0x380/0x380 [ 1607.691829] ? do_splice_to+0x160/0x160 [ 1607.692551] ? security_file_permission+0xb1/0xe0 [ 1607.693300] do_splice_direct+0x1c4/0x290 [ 1607.694145] ? splice_direct_to_actor+0x980/0x980 [ 1607.694975] ? avc_policy_seqno+0x9/0x70 [ 1607.695674] ? security_file_permission+0xb1/0xe0 [ 1607.696529] do_sendfile+0x553/0x11e0 [ 1607.697313] ? do_pwritev+0x270/0x270 [ 1607.697974] ? wait_for_completion_io+0x270/0x270 [ 1607.698726] ? rcu_read_lock_any_held+0x75/0xa0 [ 1607.699474] ? vfs_write+0x354/0xb10 [ 1607.700113] __x64_sys_sendfile64+0x1d1/0x210 [ 1607.700956] ? __ia32_sys_sendfile+0x220/0x220 [ 1607.701670] do_syscall_64+0x33/0x40 [ 1607.702294] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1607.703259] RIP: 0033:0x7f24f4026b19 [ 1607.703803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1607.706762] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1607.707977] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1607.709242] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 1607.710524] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1607.711649] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1607.712778] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1607.741376] attempt to access beyond end of device [ 1607.741376] loop4: rw=2049, want=276, limit=128 [ 1607.765780] attempt to access beyond end of device [ 1607.765780] loop5: rw=2049, want=276, limit=128 [ 1607.809086] FAULT_INJECTION: forcing a failure. [ 1607.809086] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1607.810252] CPU: 0 PID: 10816 Comm: Not tainted 5.10.222 #1 [ 1607.810714] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1607.811376] Call Trace: [ 1607.811596] dump_stack+0x107/0x167 [ 1607.811894] should_fail.cold+0x5/0xa [ 1607.812209] _copy_from_user+0x2e/0x1b0 [ 1607.812541] comm_write+0xbf/0x2a0 [ 1607.812830] ? proc_pid_permission+0x300/0x300 [ 1607.813215] do_iter_write+0x4f0/0x700 [ 1607.813546] vfs_writev+0x1ae/0x620 [ 1607.813844] ? vfs_iter_write+0xa0/0xa0 [ 1607.814167] ? __fdget_pos+0xf1/0x190 [ 1607.814482] ? lock_downgrade+0x6d0/0x6d0 [ 1607.814820] ? ksys_write+0x12d/0x260 [ 1607.815131] ? __fget_files+0x2f8/0x520 [ 1607.815460] do_writev+0x139/0x300 [ 1607.815746] ? vfs_writev+0x620/0x620 [ 1607.816063] do_syscall_64+0x33/0x40 [ 1607.816364] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1607.816773] RIP: 0033:0x7fbbbec6fb19 [ 1607.817075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1607.818549] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1607.819158] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1607.819725] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1607.820291] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1607.820857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1607.821437] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:02:57 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 40) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:02:57 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x509002, 0x2a) 11:02:57 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) pipe(&(0x7f0000000080)) sendfile(r2, r3, 0x0, 0x100000001) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x4, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f0000000300)=ANY=[@ANYRESOCT, @ANYBLOB="2c6ee345a00b2e890e96ee0a02ad51f1ba7ddb96292239dcc6e9465407c593622578538b9bcbb45cfcbd21346e2e0b454706141f8e4e1e5b3746149ae5ee65211384700793899d47e24f90bfe5450089c3996d69da49149f5426b8c5a65d94c2f9b15d1276ddf2dfb009f034288a11ffdcd0bc03dd20ef330ee6c01f116cae11836a6158d16b8247b9fcfcdd21c260a73767dc5acd52a7e03c275437c2d62bf06d135927d286b940f4b5d7c237b8e7310b6ffaa8eb8eff61eef99eac7c8a57b4c55df949cb0467c41419e89b70a0abc25f76de34681f1d012f95d5fd9f017ffc51f8cbf59fd119fbd9586d86217455ce86d8398e6bec2bbe9280d70f45253d58f67899b9492d2352cf62ca58b43257091bff9de3dbff54d22ef8e1479c8e3f17d51b208cb0e29b171069bdb90c73cd0411472a41d0a354de59b607d91df6ec4c988ac8468284635d824d729002485bed9ef9beb31b9cbe53e1a0e8e5c6f9e66f639071828affcec753841834f98d64b1ca823805a4790689b2f758df08fde7cb0973d7507cfe0c74b1e885f493db5be83b05490eccdf406b369c4199b5828a4f7ee0e67c908a70dd0372a768667cf672bbabbdfdf28de43594bff1955dbbc808b13329c63e3c4c9300d8e1b8e4691e319dab157e22dd787864b1c7b1a4fe6034b82849d4d8b6252f43af2d66eb02a7909cb92439c2351c00ffcb0e24c53b81d880f29e0189d48c56f05cbce220e376662f2da78cf9a5107022015d876df0f7d4f2c2e71b7eaeeeb1a111c0a6c54257b66b9fe2483e85316c300ecfafb40bbff981045855dfce3ff5e2822804369dcccb6d8940c02205d6332a92766a177000885b813f5ebf4a25ccead0abeb9218eba1ec3e279ba5c3db95b199d81ff98df0892a1d0ed3d059d60246d32cc60e13422ed21d92669f9a5944bac6826ae2f9fc6e6cac0cdd976a2723bbc75b26deb60c4ee9ec49c0c6a429c504bc384ec6fb3ef02318bd33dae56c953e85f31a1f6ebba5d86e3706e62e6f5b79c0f8f224937aa29bfe04e7eaa5253275608fe97404a5979b958217278097625697e7ef3c17f214a4f6e1f6bf7c7610b5d68d46ddac6c8c487a9b8a9088367b508f09386c77973cc428777290606a258a0a9ccd2818b2574ad0f64f3b9baf1e47770e5fa7453ea9af3695821957800ac59e95f02409da46d1ba93c4410b8cd276ba926d2974f5c344074389ee4557a595f5ea2b9d6e7a1c88f9651a5e131c54c5cb17487ad12fc0bc0ccad87d40dbecfe6f53e593c69101d1545fde7725372fb94dac49bdfa60dbb99a6415ea03f7dc912c5685b33ee69b682a5f287955be09c4a4ac2220c5256fdf5a6ed4bf956c7c491cf031db2aad08735b1e62ade06f1e8c9764fb17063ac418b0beb304f2a22143feb48cce807bb5a8e50cd1c62a115bceb6fa446bff542477811113a1975d9bd4fd004d6c338aaebf61f3d483a4b10acfa66bea02a6b41ec07140dac6dd1c36533248eda28ba835e8d9a69a5009d9ced652bc40cb894c6a7f93a4ce0661caf2cd74ddfa624ed5db62d36f57b736577fd6d3c25a2ca6e25a3870bc1d98ce617d2e339cb251a0db25f1eb933c2fffb679a6f27d581b94436cde6f14e3c94cc5be658572dd8ad2889a5f9e54085dafad0bfacd1f07f052c0120629a93fadb61b19b1e152e3e68ac6ce65f95b871ac136226e08976df5b3c6421da8891f739f21a8d96f903f3a0b6611ae07f614989b2a1e16213beabecbb4d726822fefbb83e3b6f1b85e730e5a350ce2ab175e4d5e365de7c6699785cbefe761b5c3a33bee4ecc222addd9fb784d3d10c142d8b8cb5d61570d4bc749aa24aec77d94cebaef39f08fc3c08b59bd4b8d8cf7772708363895f74c256c811c2d4433edc0903f753c4f2f653b30457120e8ff02aacb4e9ec3218ab4641a11546379d244ca2fd32d470c56631aa00798322ad4d4fa4ca6cf4ab20c376c0929e8dc9f4e685e249d9a24408442c0a671ceeb8d3cd4bf507f786a0c3674e41923c97b38d1f5206e60deb972a990be4410ca9991cc9aedeb4a398991d4444f7b58dc4e0ad5a8834acc7166cc17593435dc6fcf4e3b82c2e73290f3e774f1b70b106acc221d78e073557387288e6906ceb150cd852c8660a614f2b29c049e021b6d6e36eea746c00261453ac88a3e4b1cd56c665712c1dd3cf9f9f81271cf4cfd9f20e72d987f95016d2548a67d483e27f2f7b3980ae5df41ae290ec687f4bed8929381643e4baa7c19aa577c94acd8f3edfcd2d52940be87bb51d10a052aaaa72f9996986911164c63ac39981e8b02d04d9c0322dbc6194ed4843817b3c24e1c46bcb7f39c15aec029c2059de555250e94d21dc579f403ae2e7768fa9241838c2fbd386b21e1a3c5b14a6b3880136e4668f9a4de0b414cd8a4b75d90466cebeaeaf325d10288b886baacb6b7c471f6a01c33013ff568e5b24983eb0dbf95b14fc91fdcaebd50658c33f84f596ce6ce41dd99052cc172813d22027e82f6ad70f7217162d4aed6c50d5d300c647d5682e8a6343d9be803cddbc39867a9d121ab41d09baf83009be151dc1ba2d182010e8709053195348e932d9d97445ec8b932fdf3a6ceda1a39d49ac591df007fe567cd33c7a0640f55aaf8da50073f42fe435dbfdce4348aece4fa760a1ef435e203a51f7dd7a659abe9ce17c00e90a56a524b7b724aca9f6f94d33d0e75c8da744da8da914944ea143cb6f76158fcea0ac1a62ac21651b2398543246ac6985fce71c8fd50a5386eccadf264756bf6ece52d809bcb727722d6712005ebc4b3f4600cf2831d1ef9a6fcd45e55045ec3ef317a2089f8d34fa8538d824c6dc370507f3b221db5ad18827ca1e5049e0485ce5100f10a58d1d621e1e1e11cdc752812b5f181c2ba032f6f9cc10f47e6c2e0a8ccd1dac4f43e12436b4d9a4d2a657f02055688b1a0eaeb05c28213e1d00217c23a0c1ff1d5284f0e1402e8a024c0d2c8cf88e44dc12bfa607be0e98c772de39e8101d53c69b648aad0580b3e1419917d8e1a18c92534f6f56829ddf46e1d8fc482e0a2c507aa6f26efad56f460678cd9e49244422e0a54af7eb142fc4cd4fcbc984ddf3c5cf6888f959056604edeeda9c2feafa3fc97409171c14194f675ccc20a75a16193e80f4a8419119f9d0e8a81eeb57b1c9eee4e3d3b2445a53d027775427d53ae3a10ba0e54bdfe215ba24418153f0ff3a7be4c44ab02bbf9b56756b1d30b6ae05620cffa2642532f70d685993c9869eaaf36dd186eb98599796dbb94fda0dc75e78c05b827227cbbfe9e86519f6ced0ec534347b281e961d39372514b45520a78d4ea83b6b4eb60c312a6efd917be9b9f701e9c28f5224eb1fa6b67f39c6aa55b095dad125893e1998dcab3a2069a70979049f4b77ab1ba4a5beeab329cfeab478a93491d6b906f8963f9f91d209e9a8f79ddffeb91d4aed38bf2f460be286ea1109258d841877d4dc4c54e2246580a7dcc005de398e6aa6688d20ecec20bd8b8730222d756b374cb2eaaaafc6af941e383a42bb335230d1ad2eb4f5d33a30ee66698dbed10e61531a06dcebc3eb57e4f87fface4b0ab45f7a578c4edabb69d109f87086caef2625bf4ec724229b09bb868f8e9ba718a6c89b67c36ac6bd34355d2659b3898ebf715d2d611ca1f023f993e132028c8678801ac18eb7ccc0f6e6e115dc8808ab6b03e1a987a550d773d655a5d125dd50535410b6f8c0fe8286428bce23cba3716e016047b96b71bb886458df05769234d025db7985780cfb2e9c488b480a9812f9460a25c1ef0ab1808b9f64aef714ea9bd6faad02d99df2fbbfd047abf300a2be6eae0a87feceef2f47160c69a16e6da5ee02c0ead6e4faa1ea5d256ad63645cc7fc0f90aae0605eae3bf7d268b57525fa56941ae2c8f68749cc8a86031688a47913939079988187c5ff8ba190c70140bae2817c27538a227b3db810e905fa16b033d68014f4d895e66694a8ae1470b831d9a8b10d19ac4fc9da396d913b4b8b744d725e8b12042d9d223ab6395d7ce33fd74d5a3a49af49f5e094df086c08ba8d3235edaa3f7dbb39da42d59888ac3a4216b375a5ab1bbb8caf624a0f7673080c42b96503558676d357968e69185290ae86e1cdcb60c4e3070f15e972c990ef0cfc462ca24e5fa09f4d07c0771292f2f327d2f3a76452a580dd947a01a46caf7cd0169ab935587abf2c1ba0a3b46258ddd15648ac1c57845e0ddf0dd8e2aac873dcbaefa0b408b041beffd70e28252ea723eaaad347ef1ba638cf40ffd445d4bf6e509d3813679116c39a7a61a4eb2787f50687f137b0e038e681e489d25e7e8e8fa7cf9e7dbb94a0473e15f481eca48d3915e54ed6f0a15e6978b77ff4d7f573607453ad6812ee235d7e5510d66e58a65728b1bbceb51303f3cb16934a439214d0350c1668ff2d997dd041c3b9175eb222bafadb55f60acbd9515b42377b1e9646f335c7df5ba763f5985c047100ef91b2bee0116f28c9cca5cd21c6f1f459b6716d0397ea73047c351236024b3118f0b90521a97e5dbe0eb09ad040f1c943310db05d48a4eb800aeb3aa6c7d6a9a1f0883f929aa16dcca36c1e486aeacb426ee25ced0fc7c4edd9dbfe26770c3fbd263b7502606076e284ca7370709f47b98f597ff9ab7e5ff7c59c73aeb24e8e03446a4e8e371733238e2b4e59ba6bc0c212689d8674e02aa55199ad1bfb70bcad6eba8e552dee17da3a729deb7958eeb4a08cd9b0d5bf259edd564bd16ce52ad24c177b671ca3ff6cbabdd3817b998ad76c49f7a24a3d468b029fa55bdd948afe74965c6c6f909b7a6b419ec957bdcfc78298b2cfffa3ebec715071ff7fb2ffbce83f08005f641f2581ad533987500c852d04114a02159cb5fc076c067f43e52420f3cb974d472468e511141aa21b05be5b2696bf611729878851962358fd3c0b59e48366085460682f7d254a2d4adea5e4b9ed32e82118312439fa7750cd7b69d950b0285dc4aadbecffc570f007fb4ca96c581750b001062f8c9aea8303824ad1624d275dfe23e0d56a0675431efdfad35b04f7b38f81f24f99dbe20e1cb4aea368b14992cc7488b32097860ea649208a199a3f0926ae69893a49ac139e8785d88b27acf8c4dacbc79c974ba5b2c9da30aca4a37a843506204538352666c102cc72c1f8d9fb1d8f7184742f2e3c13198e1c65eaea1b353bc1a957835b44624d00987df1a6e0554a45ea17e1f447a8731d6c82b578625242730ff2741fe5a8b2dc55c5cd18c728a0b9b71e0f50b2d5fa04660fd2004c64cde6c562d7c3c969b7e1062172056721f550e9bcd86ad41bc2525d2a5b45640bc46dc7d939bb3e3a7068a39a0ea200fae4e6e16bc169551721eb36645802c0c927110f35d7cc2120ebf5be8e0185ae7e1fc6ba6cebdc4c56c34891bf95dc498e2ecc0010de4bfcb0fe7312edaf99214c356e5de236ccd96f23910045b10167ba5e64b1470e824e536f6bff1bfaaf70192333fcaaca4b5b5806df5884d31b58bca0683b4b498a33c60e447f2adbbabda7c3317e9ee290e738d36b69f936d904a07f191ea07f9fead971c41c6193c901f57fbe5f84d0ec39f902d9da5953b0cc8f329091bb84d72f19f48a98c3af5967cf0cf046817e0d9acd14fcd408100a6f523b305f12fba3ebb15a9050c26f72abb6c01f759eca959390fc4093d61115f1439345d2e92c9b6a90f3f15a5d79bf64898d61c0f16089c7b3677479fdac244ec6e6fc52e7db054e793815a6cda19f3729be482519e7e", @ANYRES64]) chdir(&(0x7f0000000040)='./file0\x00') r4 = syz_open_dev$sg(&(0x7f00000012c0), 0x0, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r4, 0x2202, 0x0) r5 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) sendfile(r6, 0xffffffffffffffff, 0x0, 0x100000001) ftruncate(r5, 0xfdef) 11:02:57 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000103) 11:02:57 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000140)=ANY=[@ANYBLOB="0100000098f4f95e24b75eec", @ANYRES32, @ANYBLOB="ff7b62df59ff39de0e798c0300000000"]) r1 = openat(r0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x7, @loopback, 0x73}, 0x1c) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1607.903522] attempt to access beyond end of device [ 1607.903522] loop4: rw=2049, want=276, limit=128 11:02:57 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 48) 11:02:58 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c904a6b66732e66007400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) sendfile(0xffffffffffffffff, r2, &(0x7f00000001c0)=0x7fff, 0x1b2) linkat(r2, &(0x7f00000000c0)='./file0/file0\x00', r0, &(0x7f0000000180)='./file0/file0\x00', 0x1000) chdir(&(0x7f0000000040)='./file0\x00') r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x100000001) ftruncate(r3, 0xfdef) [ 1607.944498] attempt to access beyond end of device [ 1607.944498] loop4: rw=1, want=356, limit=128 11:02:58 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0xa, &(0x7f0000000d80)=[{&(0x7f0000000600)="038ea0d6e4845cbb914a2b71a7815af9e8098bfe4fa8aca7b0", 0x19, 0xffffffffffffff82}, {&(0x7f0000000640)="a2c364bd7ff0", 0x6, 0x3ee8}, {&(0x7f0000000680)="e06d344681778ca84bb399f6f78ae64d4f52f33f829d184dd9c109bb36bead6c038c8b5e74e9d9dcf16d64791dd4fb23c18c2b6569822669e9a24255795db243325051e1dcdbb865c8b9fe0d84114dfe2d3c2e268db6d961db0c0382eb926babb2e4de39273c0ccaea09f5d2525e55e8c5625f07d4a807f2d8340de17896abb7865d577b7c80d9780dc1a093f1a90a85547aa4c3c2024295dae8e9694e9de4f860f013ab477a44de9f8f5be108f0739ab0157f6bf3308f945bab4a0bab24d012a2b32892a3cdacb23156ab2cd0371197d80029", 0xd3, 0x1b}, {&(0x7f0000000780)="9861b012b0329a24aafe648627d3d992d4e12b444ab31ed4d95ac7df03447dab7d6e8da3df7096d390ebd05f1e6d0fc33f47e23f63ee51aade26e12decbc28f7cc9998567374d9c250c318290623d26f03f4c296b67aa9ced892fe70ff6678e2122cbab8d5619117b3b3e1d455f50595240f932d78805327145bf88f9f4712a07e2494fcc128697b6b621f7cb59fc445d91b315ec9906b1111af3e2f0dcba7b6e71186039b2ba04c509370b0cbe6af9fd2910040cbf5134b21e3b704f83c02000000000000005b14da16805fb5624a61fd0d65173aa9f577a57459079ed1ace089f41678bb12a23a7d21ab69b3cb51fc343c496907c9690675828a", 0xfb, 0x400}, {&(0x7f0000000880)="66e4a83f4a8cbe5aa8a7beb1d9b00e79590445b0f89257788e40500ba1914d864dcdc92178f4823c0c33212cc4910f6b44adfc9bccb7d593ca22ca3166c220896a97bab8f9e5bd5e2086d62b856d6f7cdbd0306b0d7c34c0ab601cba788ef2", 0x5f, 0x7}, {&(0x7f0000001080)="a499d3eb708a8519ce7e1c93e1824774f840276085925a14e2749aacc6d59ea0044442393e092a6571e34fb567eb1884b0f83dbe5afb03868835eb55eee0fbea8c2f9c7144c48ae334488fc6900ace76fc59520e3c28fd84d433911cd7f027da4880bdf64a94e8c8a35147b03ce9cbb4775b6bb8e536f468b818fb18e31db3b13f441093a4fe3fdedcdbdb1a1977e38414839ec1acca92e0f4d0c75f39e5874efa983dcd37f9253041eeda0aa76a428d22984291100d4ebea86f696db08d2a3c70f708e92158fc142cfe9ccc38bc520888dee7573fcc5094a4b11f6d40a169796907ea754e9a697759f98a94fabb5f274e2a3687826e8d367f0eaf52d8d90378d9e41475f94624ecf633ee0cac62fdf6364185de0929674bbf1e9dbbd8cda1759ec0707f0ef499ec2d6cb36c04fc123c8ece9ea9d699c33ac8606838501fb662593f651751107c83e910b73c91994c76dab3fe7f19b31bc862180b46fb5eb91f3ae5b89213aa6d1a0c4fb7931ddb44e52b59fadf9105adefb67d7a961f8715f2aafa86e080e89a0940a51333a0e96cd568251a888f9d160e3e56743726f1498be88ed70cecfac3cf6ca2f5e46893c03e70d2ea5d5dd5607a73bd309fb626363a570e607e09968a60df5cf7e8ea081ed9bf43b0527cf01c3befaa26782b2a84d56eeb82a8446b8acebfe1c7de6a6e9dac5176df272c3a88bcd73e869c6ffd6973a16a2fc89ebb372556e82d0716116120be00863d85dca1aa6f4148b63dae07878fc280c73fd016cd306833c9364bc09ffda0bfbadd34e421d1b3695cbf33ed1b2cdec5ec42374294fbd59e0bceca8f7ac8f40277f55102136556571b8cba4116c56954bff5cfe51669b7d71070b491e2f069f12e0c7e4cd0a2ad664d2b88c16a08dddee08c6b9d74c7eaf8c18fd3bbd991412599cd69886748f868f77f5f9612cbfa61d03808d53f16f817d390166467f008c0a622f4c432", 0x2b8, 0x4}, {&(0x7f0000000b40)="938521fd00000000000037fbb38ddd5096edf912bcadefb366716e17d417ad36a4c5d93cb82c1ac56bbd364698ac1ef2ca3782c1534562eb57a5fb80cef0016b300aa3c2bbe5572877b7af31adb61b102e5defc61d3eaf9423010000808b96155457f0459c0aa921de440000bdab106936c859bc1da8bd424f313127ee7dae25e3cb2d90b84ac0ee6736879ae9de218163b25273a7653c9e4879ecc00b40146007b3faab394e997f622eee583ed7d30ede326a7ce08e054be38261e1e2c0ef66db9852e445d5e2a8dbbf8f9a155dad33d147", 0xd2, 0x16}, {&(0x7f0000000a80)="b24cb3e443eb4b1f69e8c7d096c9b97cc56479b02ca84cea312cfb30febe5226c782a8662af4cdf2e14c0fb84a8c0fc6e278067c66690a5335df694d607e5b9320bfc5daab66c93e52f2d44ca4b29e493ac304361f8280c3ecd7fa8df30e1ab4d5e2195ee4550284430ec9b4caab4d128de7103e07b6defd713ba9395373099afdac7b8874b522f3f497acf2f1745703d7", 0x91, 0x7fff}, {&(0x7f0000000900)="d2f5385b1f9cafd925f426ed6cc1ea909de4909483ea2b20098e7fafef36c9e7dcfe7d5b7e087e015beb4f332944ab9f3977688a87fac6bedd1da4508ab9deee76d796b677123e96b687938434e4f2591637cba6ece1d85da1d1ede8c217932e7706a0d970bfc4b99d8aa325b9b6f072b2d3eafd741a054cf97abae28b4f64ac2106d9c12e2a601419e19c442cfce26feb552c0244da5bb2d8974626df59227dbe537cd46f440e713e978635e006ac88eea5765e0330c6b1dc9ccad24112be10e91ee18c7b419a82744120ea37f81f5890dfc3e777d3ccd0fbfc7c980741c854a26eb3098a29ee680129b6ea3bf28010fd5604e653fe6a", 0xf7, 0x7fffffff}, {&(0x7f0000000c40)="65e3eb17a498f2b2ca859d16d26bb6c588e2028719c70c1946d581512adcb9f37abf3d8da8afe8c7ed424bd1b77814b13f", 0x31, 0x9}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r4 = creat(&(0x7f0000000040)='./file0\x00', 0x44) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x2c) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x200500, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100000001) openat(r7, &(0x7f0000000280)='./file0\x00', 0x4c0700, 0x60) r8 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x5054c3, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r8, r9, 0x0, 0x100000001) preadv(r9, &(0x7f0000000580)=[{&(0x7f0000000140)=""/146, 0x92}, {&(0x7f00000000c0)=""/18, 0x12}, {&(0x7f0000000200)=""/58, 0x3a}, {&(0x7f0000000300)=""/191, 0xbf}, {&(0x7f0000000240)=""/63, 0x3f}, {&(0x7f00000003c0)=""/243, 0xf3}, {&(0x7f00000004c0)=""/188, 0xbc}], 0x7, 0x1000, 0xfffffff7) sendfile(r5, r6, 0x0, 0x100000001) ftruncate(r4, 0xfdef) 11:02:58 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x1000001da) [ 1608.068560] FAT-fs (loop6): invalid media value (0xd2) [ 1608.069533] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1608.230012] FAULT_INJECTION: forcing a failure. [ 1608.230012] name failslab, interval 1, probability 0, space 0, times 0 [ 1608.231889] CPU: 1 PID: 10843 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1608.232812] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1608.233913] Call Trace: [ 1608.234277] dump_stack+0x107/0x167 [ 1608.234760] should_fail.cold+0x5/0xa [ 1608.235271] ? create_object.isra.0+0x3a/0xa20 [ 1608.235872] should_failslab+0x5/0x20 [ 1608.236374] kmem_cache_alloc+0x5b/0x310 [ 1608.236912] create_object.isra.0+0x3a/0xa20 [ 1608.237503] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1608.238174] kmem_cache_alloc+0x159/0x310 [ 1608.238735] alloc_buffer_head+0x20/0x110 [ 1608.239284] alloc_page_buffers+0x14d/0x700 [ 1608.239864] create_empty_buffers+0x2c/0x640 [ 1608.240455] create_page_buffers+0x1bb/0x230 [ 1608.241043] __block_write_begin_int+0x1d1/0x19c0 [ 1608.241695] ? fat_add_cluster+0x100/0x100 [ 1608.242252] ? add_to_page_cache_locked+0x40/0x40 [ 1608.242888] ? __page_cache_alloc+0x10d/0x360 [ 1608.243478] ? remove_inode_buffers+0x300/0x300 [ 1608.244091] ? pagecache_get_page+0x243/0xc80 [ 1608.244680] ? unlock_page_memcg+0x96/0x170 [ 1608.245253] ? wait_for_stable_page+0x92/0xe0 [ 1608.245855] cont_write_begin+0x472/0x980 [ 1608.246413] ? fat_add_cluster+0x100/0x100 [ 1608.246976] ? nobh_write_begin+0xed0/0xed0 [ 1608.247551] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1608.248311] ? generic_write_end+0x20e/0x3f0 [ 1608.248897] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1608.249586] fat_write_begin+0x89/0x180 [ 1608.250114] ? fat_add_cluster+0x100/0x100 [ 1608.250678] generic_perform_write+0x20a/0x4f0 [ 1608.251291] ? fat_direct_IO+0x1ef/0x380 [ 1608.251832] ? page_cache_prev_miss+0x310/0x310 [ 1608.252474] __generic_file_write_iter+0x2cd/0x5d0 [ 1608.253121] generic_file_write_iter+0xdb/0x230 [ 1608.253740] do_iter_readv_writev+0x476/0x750 [ 1608.254338] ? new_sync_write+0x660/0x660 [ 1608.254878] ? avc_policy_seqno+0x9/0x70 [ 1608.255415] ? selinux_file_permission+0x92/0x520 [ 1608.256049] ? security_file_permission+0xb1/0xe0 [ 1608.256686] do_iter_write+0x191/0x700 [ 1608.257200] ? trace_hardirqs_on+0x5b/0x180 [ 1608.257780] vfs_iter_write+0x70/0xa0 [ 1608.258286] iter_file_splice_write+0x762/0xc30 [ 1608.258914] ? generic_splice_sendpage+0x140/0x140 [ 1608.259575] ? security_file_permission+0xb1/0xe0 [ 1608.260207] ? generic_splice_sendpage+0x140/0x140 [ 1608.260860] direct_splice_actor+0x10f/0x170 [ 1608.261445] splice_direct_to_actor+0x387/0x980 [ 1608.262061] ? pipe_to_sendpage+0x380/0x380 [ 1608.262632] ? do_splice_to+0x160/0x160 [ 1608.263154] ? security_file_permission+0xb1/0xe0 [ 1608.263786] do_splice_direct+0x1c4/0x290 [ 1608.264332] ? splice_direct_to_actor+0x980/0x980 [ 1608.264959] ? avc_policy_seqno+0x9/0x70 [ 1608.265516] ? security_file_permission+0xb1/0xe0 [ 1608.266155] do_sendfile+0x553/0x11e0 [ 1608.266669] ? do_pwritev+0x270/0x270 [ 1608.267173] ? wait_for_completion_io+0x270/0x270 [ 1608.267809] ? rcu_read_lock_any_held+0x75/0xa0 [ 1608.268411] ? vfs_write+0x354/0xb10 [ 1608.268905] __x64_sys_sendfile64+0x1d1/0x210 [ 1608.269541] ? __ia32_sys_sendfile+0x220/0x220 [ 1608.270204] do_syscall_64+0x33/0x40 [ 1608.270687] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1608.271345] RIP: 0033:0x7f24f4026b19 [ 1608.271826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1608.274155] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1608.275203] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1608.276107] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1608.277011] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1608.277822] attempt to access beyond end of device [ 1608.277822] loop4: rw=2049, want=276, limit=128 [ 1608.277927] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1608.277945] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1608.332606] attempt to access beyond end of device [ 1608.332606] loop5: rw=2049, want=276, limit=128 [ 1608.363957] attempt to access beyond end of device [ 1608.363957] loop4: rw=1, want=403, limit=128 [ 1608.476027] FAT-fs (loop6): Unrecognized mount option "" or missing value 11:03:13 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) fgetxattr(r0, &(0x7f0000000000)=@known='trusted.overlay.impure\x00', &(0x7f0000000140)=""/2, 0x2) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat(r0, &(0x7f0000000180)='./file0\x00', 0x2800, 0x2) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x5) 11:03:13 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 41) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:03:13 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) openat(r1, &(0x7f0000000300)='./file0\x00', 0x4022c0, 0x100) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:03:13 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) r5 = dup(r0) syz_io_uring_setup(0x2a7b, &(0x7f00000004c0)={0x0, 0x3, 0x8, 0x0, 0x18c}, &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000480), &(0x7f0000000140)=0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000180)=@IORING_OP_FILES_UPDATE={0x14, 0x3, 0x0, 0x0, 0x6, &(0x7f00000000c0)=[0xffffffffffffffff], 0x1, 0x0, 0x0, {0x0, r7}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x2, 0x0, r4, 0x0, r5, 0x2, 0x0, 0x1, {0x0, r7}}, 0x80) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:03:13 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000300) 11:03:13 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 49) 11:03:13 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) sendfile(r0, r0, 0x0, 0x2) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x4000) mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x81000, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=virtio,privport,aname=;/#@+>.,euid=', @ANYRESDEC=0xee00, @ANYBLOB=',smackfsroot=\'\'%,appraise_type=imasig,uid>', @ANYRESDEC=r2, @ANYBLOB=',permit_directio,fscontext=system_u,appraise,appraise,fowner>', @ANYRESDEC=0xee01, @ANYBLOB="3a9d"]) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ftruncate(r1, 0xfdef) 11:03:13 executing program 6: chdir(&(0x7f0000000040)='./file0\x00') syz_io_uring_setup(0x281d, &(0x7f0000000180)={0x0, 0x158c, 0x10, 0x1, 0x8d}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000280)) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_submit(r0, r3, &(0x7f0000000540)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000380)=""/50, 0x32}, {&(0x7f00000003c0)=""/145, 0x91}], 0x2, &(0x7f00000004c0)=""/2, 0x2}, 0x0, 0x140, 0x1}, 0x6) mknodat$null(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x8, 0x103) r5 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x100000001) ftruncate(r5, 0xfdef) [ 1623.662450] FAULT_INJECTION: forcing a failure. [ 1623.662450] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1623.664275] CPU: 1 PID: 10863 Comm: Not tainted 5.10.222 #1 [ 1623.665097] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1623.666295] Call Trace: [ 1623.666681] dump_stack+0x107/0x167 [ 1623.667205] should_fail.cold+0x5/0xa [ 1623.667756] _copy_from_user+0x2e/0x1b0 [ 1623.668332] comm_write+0xbf/0x2a0 [ 1623.668843] ? proc_pid_permission+0x300/0x300 [ 1623.669512] do_iter_write+0x4f0/0x700 [ 1623.670097] vfs_writev+0x1ae/0x620 [ 1623.670620] ? vfs_iter_write+0xa0/0xa0 [ 1623.671191] ? __fdget_pos+0xf1/0x190 [ 1623.671736] ? lock_downgrade+0x6d0/0x6d0 [ 1623.672334] ? ksys_write+0x12d/0x260 [ 1623.672885] ? __fget_files+0x2f8/0x520 [ 1623.673477] do_writev+0x139/0x300 [ 1623.673995] ? vfs_writev+0x620/0x620 [ 1623.674555] do_syscall_64+0x33/0x40 [ 1623.675095] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1623.675817] RIP: 0033:0x7fbbbec6fb19 [ 1623.676348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1623.678928] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1623.679997] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 11:03:13 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x51, 0x0, 0x0, 0x64002, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) open(&(0x7f0000000200)='./file0/file0\x00', 0x240041, 0x80) openat(r0, &(0x7f0000000140)='./file0\x00', 0x4000, 0x22) openat(r1, &(0x7f0000000000)='./file0\x00', 0xc2480, 0x8c) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x3) [ 1623.680998] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1623.682127] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1623.683111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1623.684090] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1623.831846] FAULT_INJECTION: forcing a failure. [ 1623.831846] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1623.833069] CPU: 0 PID: 10872 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1623.833842] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1623.834616] Call Trace: [ 1623.834883] dump_stack+0x107/0x167 [ 1623.835240] should_fail.cold+0x5/0xa [ 1623.835619] __alloc_pages_nodemask+0x182/0x600 [ 1623.836077] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1623.836652] ? find_get_entry+0x2c8/0x740 [ 1623.837059] ? lock_chain_count+0x20/0x20 [ 1623.837274] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1623.837467] alloc_pages_current+0x187/0x280 [ 1623.838982] __page_cache_alloc+0x2d2/0x360 [ 1623.839379] pagecache_get_page+0x2c7/0xc80 [ 1623.839773] ? unlock_page_memcg+0x96/0x170 [ 1623.840170] grab_cache_page_write_begin+0x64/0xa0 [ 1623.840616] cont_write_begin+0x448/0x980 [ 1623.841004] ? fat_add_cluster+0x100/0x100 [ 1623.841388] ? nobh_write_begin+0xed0/0xed0 [ 1623.841787] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1623.842311] ? generic_write_end+0x20e/0x3f0 [ 1623.842712] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1623.843177] fat_write_begin+0x89/0x180 [ 1623.843535] ? fat_add_cluster+0x100/0x100 [ 1623.843928] generic_perform_write+0x20a/0x4f0 [ 1623.844352] ? fat_direct_IO+0x1ef/0x380 [ 1623.844724] ? page_cache_prev_miss+0x310/0x310 [ 1623.845157] __generic_file_write_iter+0x2cd/0x5d0 [ 1623.845610] generic_file_write_iter+0xdb/0x230 [ 1623.846037] do_iter_readv_writev+0x476/0x750 [ 1623.846450] ? new_sync_write+0x660/0x660 [ 1623.846834] ? avc_policy_seqno+0x9/0x70 [ 1623.847210] ? selinux_file_permission+0x92/0x520 [ 1623.847655] ? security_file_permission+0xb1/0xe0 [ 1623.848105] do_iter_write+0x191/0x700 [ 1623.848466] ? trace_hardirqs_on+0x5b/0x180 [ 1623.848869] vfs_iter_write+0x70/0xa0 [ 1623.849221] iter_file_splice_write+0x762/0xc30 [ 1623.849666] ? generic_splice_sendpage+0x140/0x140 [ 1623.850137] ? security_file_permission+0xb1/0xe0 [ 1623.850581] ? generic_splice_sendpage+0x140/0x140 [ 1623.851026] direct_splice_actor+0x10f/0x170 [ 1623.851432] splice_direct_to_actor+0x387/0x980 [ 1623.851861] ? pipe_to_sendpage+0x380/0x380 [ 1623.852258] ? do_splice_to+0x160/0x160 [ 1623.852630] ? security_file_permission+0xb1/0xe0 [ 1623.853087] do_splice_direct+0x1c4/0x290 [ 1623.853468] ? splice_direct_to_actor+0x980/0x980 [ 1623.853914] ? avc_policy_seqno+0x9/0x70 [ 1623.854293] ? security_file_permission+0xb1/0xe0 [ 1623.854737] do_sendfile+0x553/0x11e0 [ 1623.855094] ? do_pwritev+0x270/0x270 [ 1623.855444] ? wait_for_completion_io+0x270/0x270 [ 1623.855880] ? rcu_read_lock_any_held+0x75/0xa0 [ 1623.856298] ? vfs_write+0x354/0xb10 [ 1623.856641] __x64_sys_sendfile64+0x1d1/0x210 [ 1623.857045] ? __ia32_sys_sendfile+0x220/0x220 [ 1623.857467] do_syscall_64+0x33/0x40 [ 1623.857811] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1623.858274] RIP: 0033:0x7f24f4026b19 [ 1623.858613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1623.860252] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1623.860940] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1623.861585] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1623.862222] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1623.862860] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1623.863499] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 11:03:13 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 42) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:03:13 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x80, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='devpts\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1623.928934] attempt to access beyond end of device [ 1623.928934] loop4: rw=2049, want=276, limit=128 [ 1623.935945] attempt to access beyond end of device [ 1623.935945] loop5: rw=2049, want=276, limit=128 11:03:14 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1623.964447] attempt to access beyond end of device [ 1623.964447] loop4: rw=2049, want=364, limit=128 [ 1623.975482] FAULT_INJECTION: forcing a failure. [ 1623.975482] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1623.977622] CPU: 1 PID: 10895 Comm: Not tainted 5.10.222 #1 [ 1623.978430] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1623.979581] Call Trace: [ 1623.980080] dump_stack+0x107/0x167 [ 1623.980683] should_fail.cold+0x5/0xa [ 1623.981348] _copy_from_user+0x2e/0x1b0 [ 1623.982017] comm_write+0xbf/0x2a0 [ 1623.982578] ? proc_pid_permission+0x300/0x300 [ 1623.983251] do_iter_write+0x4f0/0x700 [ 1623.983901] vfs_writev+0x1ae/0x620 [ 1623.984432] ? vfs_iter_write+0xa0/0xa0 [ 1623.985000] ? __fdget_pos+0xf1/0x190 [ 1623.985709] ? lock_downgrade+0x6d0/0x6d0 [ 1623.986354] ? ksys_write+0x12d/0x260 [ 1623.986931] ? __fget_files+0x2f8/0x520 [ 1623.987608] do_writev+0x139/0x300 [ 1623.988119] ? vfs_writev+0x620/0x620 [ 1623.988662] do_syscall_64+0x33/0x40 [ 1623.989303] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1623.990032] RIP: 0033:0x7fbbbec6fb19 [ 1623.990570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1623.993372] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1623.994570] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1623.995664] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1623.996647] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1623.997831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1623.998943] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1624.021444] attempt to access beyond end of device [ 1624.021444] loop4: rw=1, want=403, limit=128 11:03:14 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x1000004f9) 11:03:14 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 50) [ 1624.199371] attempt to access beyond end of device [ 1624.199371] loop4: rw=2049, want=276, limit=128 11:03:14 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x8, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x20000, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1624.257998] FAULT_INJECTION: forcing a failure. [ 1624.257998] name failslab, interval 1, probability 0, space 0, times 0 [ 1624.258960] CPU: 0 PID: 10905 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1624.259535] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1624.260193] Call Trace: [ 1624.260414] dump_stack+0x107/0x167 [ 1624.260718] should_fail.cold+0x5/0xa [ 1624.261046] ? create_object.isra.0+0x3a/0xa20 [ 1624.261422] should_failslab+0x5/0x20 [ 1624.261748] kmem_cache_alloc+0x5b/0x310 [ 1624.262076] create_object.isra.0+0x3a/0xa20 [ 1624.262430] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1624.262841] kmem_cache_alloc+0x159/0x310 [ 1624.263177] alloc_buffer_head+0x20/0x110 [ 1624.263531] alloc_page_buffers+0x14d/0x700 [ 1624.263880] create_empty_buffers+0x2c/0x640 [ 1624.264248] create_page_buffers+0x1bb/0x230 [ 1624.264613] __block_write_begin_int+0x1d1/0x19c0 [ 1624.265004] ? fat_add_cluster+0x100/0x100 [ 1624.265355] ? add_to_page_cache_locked+0x40/0x40 [ 1624.265750] ? __page_cache_alloc+0x10d/0x360 [ 1624.266119] ? remove_inode_buffers+0x300/0x300 [ 1624.266497] ? pagecache_get_page+0x243/0xc80 [ 1624.266864] ? unlock_page_memcg+0x96/0x170 [ 1624.267217] ? wait_for_stable_page+0x92/0xe0 [ 1624.267589] cont_write_begin+0x472/0x980 [ 1624.267927] ? fat_add_cluster+0x100/0x100 [ 1624.268274] ? nobh_write_begin+0xed0/0xed0 [ 1624.268623] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1624.269097] ? generic_write_end+0x20e/0x3f0 [ 1624.269451] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1624.269879] fat_write_begin+0x89/0x180 [ 1624.270196] ? fat_add_cluster+0x100/0x100 [ 1624.270548] generic_perform_write+0x20a/0x4f0 [ 1624.270925] ? fat_direct_IO+0x1ef/0x380 [ 1624.271248] ? page_cache_prev_miss+0x310/0x310 [ 1624.271638] __generic_file_write_iter+0x2cd/0x5d0 [ 1624.272033] generic_file_write_iter+0xdb/0x230 [ 1624.272417] do_iter_readv_writev+0x476/0x750 [ 1624.272779] ? new_sync_write+0x660/0x660 [ 1624.273120] ? avc_policy_seqno+0x9/0x70 [ 1624.273447] ? selinux_file_permission+0x92/0x520 [ 1624.273861] ? security_file_permission+0xb1/0xe0 [ 1624.274254] do_iter_write+0x191/0x700 [ 1624.274593] ? trace_hardirqs_on+0x5b/0x180 [ 1624.274948] vfs_iter_write+0x70/0xa0 [ 1624.275268] iter_file_splice_write+0x762/0xc30 [ 1624.275661] ? generic_splice_sendpage+0x140/0x140 [ 1624.276066] ? security_file_permission+0xb1/0xe0 [ 1624.276461] ? generic_splice_sendpage+0x140/0x140 [ 1624.276855] direct_splice_actor+0x10f/0x170 [ 1624.277218] splice_direct_to_actor+0x387/0x980 [ 1624.277622] ? pipe_to_sendpage+0x380/0x380 [ 1624.278008] ? do_splice_to+0x160/0x160 [ 1624.278402] ? security_file_permission+0xb1/0xe0 [ 1624.278882] do_splice_direct+0x1c4/0x290 [ 1624.279287] ? splice_direct_to_actor+0x980/0x980 [ 1624.279755] ? avc_policy_seqno+0x9/0x70 [ 1624.280159] ? security_file_permission+0xb1/0xe0 [ 1624.280642] do_sendfile+0x553/0x11e0 [ 1624.281032] ? do_pwritev+0x270/0x270 [ 1624.281415] ? wait_for_completion_io+0x270/0x270 [ 1624.281901] ? rcu_read_lock_any_held+0x75/0xa0 [ 1624.282357] ? vfs_write+0x354/0xb10 [ 1624.282737] __x64_sys_sendfile64+0x1d1/0x210 [ 1624.283183] ? __ia32_sys_sendfile+0x220/0x220 [ 1624.283642] do_syscall_64+0x33/0x40 [ 1624.284006] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1624.284504] RIP: 0033:0x7f24f4026b19 [ 1624.284884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1624.286661] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1624.287401] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1624.288090] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1624.288788] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1624.289475] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1624.290173] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1624.342589] attempt to access beyond end of device [ 1624.342589] loop4: rw=1, want=332, limit=128 [ 1624.393242] attempt to access beyond end of device [ 1624.393242] loop5: rw=2049, want=276, limit=128 11:03:29 executing program 1: chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x220000, 0x4c) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x2, 0x0, @fd, 0x7fff, 0x0, 0x7}, 0xf50b) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100000001) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x101142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x100000001) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x100000001) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f00000002c0)=[r1, r2, r5], 0x3) sendfile(0xffffffffffffffff, r0, 0x0, 0x100000005) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300), 0x80f40, 0x0) accept$unix(r6, &(0x7f0000000180)=@abs, &(0x7f0000000200)=0x6e) ftruncate(r0, 0xfdef) 11:03:29 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 51) 11:03:29 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) creat(&(0x7f00000000c0)='./file0\x00', 0xe) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:03:29 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x193901, 0x2) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:03:29 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) openat(r1, &(0x7f0000000300)='./file0\x00', 0x4022c0, 0x100) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:03:29 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000500) 11:03:29 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) readahead(r1, 0x1010, 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1000004, 0x2010, r2, 0x10000000) 11:03:29 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 43) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1639.434587] FAULT_INJECTION: forcing a failure. [ 1639.434587] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1639.435688] CPU: 1 PID: 10935 Comm: Not tainted 5.10.222 #1 [ 1639.436175] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1639.436868] Call Trace: [ 1639.437106] dump_stack+0x107/0x167 [ 1639.437427] should_fail.cold+0x5/0xa [ 1639.437759] _copy_from_user+0x2e/0x1b0 [ 1639.438120] comm_write+0xbf/0x2a0 [ 1639.438430] ? proc_pid_permission+0x300/0x300 [ 1639.438828] do_iter_write+0x4f0/0x700 [ 1639.439171] vfs_writev+0x1ae/0x620 [ 1639.439487] ? vfs_iter_write+0xa0/0xa0 [ 1639.439826] ? __fdget_pos+0xf1/0x190 [ 1639.440151] ? lock_downgrade+0x6d0/0x6d0 [ 1639.440572] ? ksys_write+0x12d/0x260 [ 1639.440981] ? __fget_files+0x2f8/0x520 [ 1639.441335] do_writev+0x139/0x300 [ 1639.441728] ? vfs_writev+0x620/0x620 [ 1639.442175] do_syscall_64+0x33/0x40 [ 1639.442574] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1639.443006] RIP: 0033:0x7fbbbec6fb19 [ 1639.443323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1639.444845] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1639.445485] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1639.446093] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1639.446689] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1639.447285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1639.447877] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1639.464281] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue 11:03:29 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 44) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1639.613639] attempt to access beyond end of device [ 1639.613639] loop6: rw=0, want=147, limit=128 [ 1639.633045] FAULT_INJECTION: forcing a failure. [ 1639.633045] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1639.634784] CPU: 0 PID: 10925 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1639.635786] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1639.636991] Call Trace: [ 1639.637396] dump_stack+0x107/0x167 [ 1639.637945] should_fail.cold+0x5/0xa [ 1639.638524] __alloc_pages_nodemask+0x182/0x600 [ 1639.639214] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1639.640088] ? find_get_entry+0x2c8/0x740 [ 1639.640696] ? lock_chain_count+0x20/0x20 [ 1639.641307] alloc_pages_current+0x187/0x280 [ 1639.641965] __page_cache_alloc+0x2d2/0x360 [ 1639.642608] pagecache_get_page+0x2c7/0xc80 [ 1639.643243] ? unlock_page_memcg+0x96/0x170 [ 1639.643867] grab_cache_page_write_begin+0x64/0xa0 [ 1639.644582] cont_write_begin+0x448/0x980 [ 1639.645198] ? fat_add_cluster+0x100/0x100 [ 1639.645825] ? nobh_write_begin+0xed0/0xed0 [ 1639.646454] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1639.647279] ? generic_write_end+0x20e/0x3f0 [ 1639.647917] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1639.648658] fat_write_begin+0x89/0x180 [ 1639.649231] ? fat_add_cluster+0x100/0x100 [ 1639.649857] generic_perform_write+0x20a/0x4f0 11:03:29 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1639.650529] ? fat_direct_IO+0x1ef/0x380 [ 1639.651245] ? page_cache_prev_miss+0x310/0x310 [ 1639.651939] __generic_file_write_iter+0x2cd/0x5d0 [ 1639.652655] generic_file_write_iter+0xdb/0x230 [ 1639.653328] do_iter_readv_writev+0x476/0x750 [ 1639.653989] ? new_sync_write+0x660/0x660 [ 1639.654587] ? avc_policy_seqno+0x9/0x70 [ 1639.655174] ? selinux_file_permission+0x92/0x520 [ 1639.655876] ? security_file_permission+0xb1/0xe0 [ 1639.656583] do_iter_write+0x191/0x700 [ 1639.657149] ? trace_hardirqs_on+0x5b/0x180 [ 1639.657777] vfs_iter_write+0x70/0xa0 [ 1639.658344] iter_file_splice_write+0x762/0xc30 [ 1639.659037] ? generic_splice_sendpage+0x140/0x140 [ 1639.659774] ? security_file_permission+0xb1/0xe0 [ 1639.660470] ? generic_splice_sendpage+0x140/0x140 [ 1639.661175] direct_splice_actor+0x10f/0x170 [ 1639.661825] splice_direct_to_actor+0x387/0x980 [ 1639.662498] ? pipe_to_sendpage+0x380/0x380 [ 1639.663132] ? do_splice_to+0x160/0x160 [ 1639.663714] ? security_file_permission+0xb1/0xe0 [ 1639.664418] do_splice_direct+0x1c4/0x290 [ 1639.665024] ? splice_direct_to_actor+0x980/0x980 [ 1639.665708] ? avc_policy_seqno+0x9/0x70 [ 1639.666313] ? security_file_permission+0xb1/0xe0 [ 1639.667022] do_sendfile+0x553/0x11e0 [ 1639.667590] ? do_pwritev+0x270/0x270 11:03:29 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) pread64(r3, &(0x7f0000000380)=""/242, 0xf2, 0x4) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) [ 1639.668145] ? wait_for_completion_io+0x270/0x270 [ 1639.668908] ? rcu_read_lock_any_held+0x75/0xa0 [ 1639.669575] ? vfs_write+0x354/0xb10 [ 1639.670256] __x64_sys_sendfile64+0x1d1/0x210 [ 1639.670901] ? __ia32_sys_sendfile+0x220/0x220 [ 1639.671574] do_syscall_64+0x33/0x40 [ 1639.672107] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1639.672847] RIP: 0033:0x7f24f4026b19 [ 1639.673387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1639.676002] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1639.677091] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1639.678117] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1639.679136] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1639.680155] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1639.681173] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1639.688930] attempt to access beyond end of device [ 1639.688930] loop6: rw=2049, want=276, limit=128 [ 1639.705002] FAULT_INJECTION: forcing a failure. [ 1639.705002] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1639.706849] CPU: 0 PID: 10952 Comm: Not tainted 5.10.222 #1 [ 1639.707686] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1639.708883] Call Trace: [ 1639.709273] dump_stack+0x107/0x167 [ 1639.709817] should_fail.cold+0x5/0xa [ 1639.710380] _copy_from_user+0x2e/0x1b0 [ 1639.710968] comm_write+0xbf/0x2a0 [ 1639.711490] ? proc_pid_permission+0x300/0x300 [ 1639.712172] do_iter_write+0x4f0/0x700 [ 1639.712770] vfs_writev+0x1ae/0x620 [ 1639.713310] ? vfs_iter_write+0xa0/0xa0 [ 1639.713908] ? __fdget_pos+0xf1/0x190 [ 1639.714469] ? lock_downgrade+0x6d0/0x6d0 [ 1639.715086] ? ksys_write+0x12d/0x260 [ 1639.715660] ? __fget_files+0x2f8/0x520 [ 1639.716270] do_writev+0x139/0x300 [ 1639.716794] ? vfs_writev+0x620/0x620 [ 1639.717370] do_syscall_64+0x33/0x40 [ 1639.717922] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1639.718663] RIP: 0033:0x7fbbbec6fb19 [ 1639.719211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1639.721874] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1639.722977] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1639.724009] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1639.725039] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1639.726080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1639.727114] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1639.772634] attempt to access beyond end of device [ 1639.772634] loop4: rw=2049, want=276, limit=128 [ 1639.779062] attempt to access beyond end of device [ 1639.779062] loop5: rw=2049, want=276, limit=128 11:03:29 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x40, &(0x7f00000000c0)=ANY=[]) mount$9p_rdma(&(0x7f00000009c0), &(0x7f0000000a00)='./file0\x00', &(0x7f0000000a40), 0x4084, &(0x7f0000000a80)={'trans=rdma,', {'port', 0x3d, 0x4e24}, 0x2c, {[{@sq={'sq', 0x3d, 0x3}}, {@common=@version_L}], [{@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x37, 0x62, 0x63, 0x52, 0x39, 0x33], 0x2d, [0x34, 0x33, 0x62, 0x39], 0x2d, [0x61, 0x31, 0x39, 0x31], 0x2d, [0x39, 0x63, 0x32, 0x63], 0x2d, [0x62, 0x66, 0x36, 0x61, 0x62, 0x36, 0x30, 0x38]}}}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@dont_measure}, {@fsname}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}]}}) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = syz_mount_image$msdos(&(0x7f0000000740), &(0x7f0000000780)='./file0\x00', 0x9, 0x2, &(0x7f00000008c0)=[{&(0x7f00000007c0)="cc073bbd1a559dd66214c0d90b6a27f17f81cd1f0871154a328acea9c555c9924eaab635ad94f2e1b5c02e899bb55730ddb910dfc3fc7561ab8db9429161c972c4c0289f6422bb830e79d33ea1c6568b346f2497245ce1284fe18eb3a3a05d3ac9bda0e37904ae5b5dde9979ef708a0db6accc4f81bf3039b596d39f383b0498e5", 0x81, 0x6}, {&(0x7f0000000880)="74fb5ac296aca1b0215debfd6fa78ab9e85121a7187f8806185ec0782726d9fac7798b95553d", 0x26, 0x6}], 0x1208002, &(0x7f0000000900)={[{@fat=@nfs}, {@nodots}, {@nodots}, {@dots}, {@nodots}], [{@obj_type={'obj_type', 0x3d, '@'}}, {@dont_measure}, {@smackfsroot={'smackfsroot', 0x3d, 'vfat\x00'}}, {@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}, {@smackfstransmute}, {@appraise_type}, {@fowner_gt={'fowner>', 0xee01}}]}) r3 = openat(r2, &(0x7f0000000000)='./file0\x00', 0x0, 0x1) sendmmsg(r0, &(0x7f0000000700)=[{{&(0x7f0000000140)=@hci={0x1f, 0x2, 0x2}, 0x80, &(0x7f0000000580)=[{&(0x7f00000001c0)="7caf09c2a48375a389e1e945f91ea4c81e9109f76a9c010f4f2e0802330c2a0fd4140a7ac599de1810f687b6682efc44db0511c9edd1279ca27a99393cecaeffb37489149d2bb16de8765050ceddb0f3d0861b55693941e455b4a8803af85621a9689a4dbf82254c6087bcfc68a743f98f3562f1b98a2ca6513f", 0x7a}, {&(0x7f0000000300)="9243ffcb2c5db71b7f2e69e07dff54b4b08c86f849b17febc22dd5bc86b90e432ad40b2d638eb7f712e7bf84d3872df815ce7a240b3e5f71f27413c76944d808618553d142e0cd83c031035ec2cd980c91fd327d5445779317f544cd913b87e9e0d0eaf5857580bff535819cf371c17d334d7813565ecd2cdbed3278c70032c8c4528117353e099b0499be09452b530aa503ac8ef0cf125d6dd45622a5672e158c8ccec80caf9c745f5cc90d66f39b032b714e9e33ac2a5a79a6d12582778acb1314dca7f41f066c142d451d164ff7cfd4afb31d3cd10c05f360977320630e67", 0xe0}, {&(0x7f0000000240)="03578029cfec47e51efb8c2c50ed77ed36c28da6d3131a36cb4541b8c189541df9c633cad7fd79d0becfc55d13b6d8bd65ff2dc8a212823f5a7bf934fdca0ea8812a513c1005935dd8999305f9ca7b10dec6c0e000", 0x55}, {&(0x7f0000000400)="3161f513260c20aee80aa246c136e179f7b12d45ac70565968d2f382a1b752e372a493e7cf5bcd98cd53d11838b5d760f5573fc534cd17eab8d520c200a69c026ce8b7e4d83aa7b48f9f31367b1c78e9f848a650925aa5fc285f6eb340548ff8f44ece4efef3108f627d40ab5f1d0b0bb95427cb40d396055538dd0029daed196a8ee88920b2d086e48af54cef2acac51e", 0x91}, {&(0x7f00000004c0)="0d36b1acf043c30e0eaae2b6434ee5c3719f4f2c6326fe75907b96e9795d665d2d0c38cce60d4feac5d0fc971326febf397bfd4b02403d5240b12b2a2d53fcaae6bece2f230b90209cff9a1c4b58090249c2b58b32ee14cbf3537f6ab5abccc712aebddf2e9c7fba7651e9e9118019cefe50eb247979147f62255d3319ee5d5ebb6905afe34afc5bd0eddd33b849bb0dd7f0702286c6890e01cf21326171f847985be2c6e27ed2bcdb668b93e6af6582f009d9454e468d17d4", 0xb9}, {&(0x7f00000000c0)="d6f415b0f9a7b4ccc0cdffa329f0303f523c21afb117ad773f082cf1737157ed", 0x20}], 0x6, &(0x7f0000000600)=[{0xd8, 0xff, 0x9, "5561d99df4db11ab11bd8b8bcab89cf55e5c8a0ddb4f65bc6d2be3dc42572128dc5d438d1f923d7e60b8c9e12e4d5f13a869ecfb6ea1f068754bde1d32395ce364d1b98fe18b7beab9db00d895a9c44a21990afd07c201ebaac99b7fae6b97cbe68250ada4dec7bdfa9a75244212fc35c944b7329a4fd8d7f976d3c803fb1abe54ebf38b19b93437c003c136aec64ea7bd3707e49dad6abb753e21e7061fe7937c5b29785aa61fe80f87ff761715d4594abd9c037ea7cfc4b0add522b38e2c20830e7b"}], 0xd8}}], 0x1, 0x4000000) sendfile(r1, r3, 0x0, 0x100000001) ftruncate(r0, 0xfdef) [ 1639.825416] attempt to access beyond end of device [ 1639.825416] loop4: rw=1, want=403, limit=128 11:03:29 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000504) [ 1639.892267] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1639.937650] FAT-fs (loop6): bogus number of reserved sectors [ 1639.938900] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1639.971180] 9pnet: Could not find request transport: rdma [ 1640.024066] FAT-fs (loop6): Unrecognized mount option "Öô°ů§´ĚŔÍ˙Ł)đ0?R0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:03:44 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) mknodat$loop(r1, &(0x7f00000000c0)='./file0\x00', 0x800, 0x0) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ftruncate(r2, 0xfdef) 11:03:44 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000505) 11:03:44 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) setxattr$security_capability(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=@v3={0x3000000, [{0x80000001, 0x3}, {0xffffffff, 0x1f}]}, 0x18, 0x3) ftruncate(r0, 0xfdef) 11:03:44 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 52) 11:03:44 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = fork() ptrace(0x10, r1) rt_sigqueueinfo(r1, 0x1d, &(0x7f0000003800)={0x31, 0x8000, 0x80000000}) perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0xcd, 0x4, 0x1, 0x9, 0x0, 0x5, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, @perf_config_ext={0x1, 0x10001}, 0x0, 0x2, 0x3, 0x0, 0x5, 0x6, 0x4, 0x0, 0x2, 0x0, 0x81}, r1, 0xd, r0, 0x7) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0xdf, 0x81, 0xcd, 0x3, 0x0, 0x9, 0x1200a, 0xa, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0xa67, 0x2, @perf_bp={&(0x7f0000000000), 0x8}, 0x10050, 0x3f, 0x5, 0x7, 0x7, 0xfffff11b, 0x0, 0x0, 0x6, 0x0, 0x9}, 0x0, 0xa, r0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 11:03:44 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:03:44 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000000c0)=@v2={0x2, @aes256, 0x0, '\x00', @d}) sendfile(r1, r2, 0x0, 0x100000001) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000280), 0x4080, 0x0) setsockopt$WPAN_WANTACK(r3, 0x0, 0x0, &(0x7f0000000300), 0x4) ftruncate(r0, 0xfdef) lsetxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000200)={0x0, 0xfb, 0x2d, 0x1, 0x8, "06c9013de31baebf45b87aacdf703a6d", "20e223222baa02e78fb36bf13830ba2d0f12a52059a7fc4f"}, 0x2d, 0x1) [ 1654.262035] FAULT_INJECTION: forcing a failure. [ 1654.262035] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1654.264670] CPU: 1 PID: 10990 Comm: Not tainted 5.10.222 #1 [ 1654.265739] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1654.267427] Call Trace: [ 1654.268086] dump_stack+0x107/0x167 [ 1654.268734] should_fail.cold+0x5/0xa [ 1654.269506] _copy_from_user+0x2e/0x1b0 [ 1654.270123] comm_write+0xbf/0x2a0 [ 1654.270712] ? proc_pid_permission+0x300/0x300 [ 1654.271467] do_iter_write+0x4f0/0x700 [ 1654.272207] vfs_writev+0x1ae/0x620 [ 1654.272908] ? vfs_iter_write+0xa0/0xa0 [ 1654.273656] ? __fdget_pos+0xf1/0x190 [ 1654.274263] ? lock_downgrade+0x6d0/0x6d0 [ 1654.274905] ? ksys_write+0x12d/0x260 [ 1654.275511] ? __fget_files+0x2f8/0x520 [ 1654.276231] do_writev+0x139/0x300 [ 1654.276901] ? vfs_writev+0x620/0x620 [ 1654.277521] do_syscall_64+0x33/0x40 [ 1654.278343] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1654.279175] RIP: 0033:0x7fbbbec6fb19 [ 1654.279760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1654.282535] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1654.283873] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1654.285188] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1654.286342] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1654.287569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1654.288666] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1654.415538] attempt to access beyond end of device [ 1654.415538] loop6: rw=2049, want=276, limit=128 [ 1654.457489] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1654.460422] FAULT_INJECTION: forcing a failure. [ 1654.460422] name failslab, interval 1, probability 0, space 0, times 0 [ 1654.462304] CPU: 1 PID: 11011 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1654.463382] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1654.464651] Call Trace: [ 1654.465074] dump_stack+0x107/0x167 [ 1654.465650] should_fail.cold+0x5/0xa [ 1654.466264] ? create_object.isra.0+0x3a/0xa20 [ 1654.466985] should_failslab+0x5/0x20 [ 1654.467597] attempt to access beyond end of device [ 1654.467597] loop4: rw=2049, want=276, limit=128 [ 1654.467618] kmem_cache_alloc+0x5b/0x310 [ 1654.467650] create_object.isra.0+0x3a/0xa20 [ 1654.470292] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1654.471098] kmem_cache_alloc+0x159/0x310 [ 1654.471758] jbd2__journal_start+0x190/0x7e0 [ 1654.472464] __ext4_journal_start_sb+0x214/0x390 [ 1654.473221] ext4_dirty_inode+0xbc/0x130 [ 1654.473877] ? ext4_setattr+0x2160/0x2160 [ 1654.474541] __mark_inode_dirty+0x492/0xd40 [ 1654.475226] generic_update_time+0x21c/0x370 [ 1654.475915] file_update_time+0x43a/0x520 [ 1654.476573] ? evict_inodes+0x420/0x420 [ 1654.477202] ? down_write_killable+0x180/0x180 [ 1654.477923] file_modified+0x7d/0xa0 [ 1654.478529] ext4_file_write_iter+0x906/0x18d0 [ 1654.479264] ? ext4_file_read_iter+0x4c0/0x4c0 [ 1654.479976] ? kasan_save_stack+0x32/0x40 [ 1654.480629] ? kasan_save_stack+0x1b/0x40 [ 1654.481274] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1654.482074] ? iter_file_splice_write+0x16d/0xc30 [ 1654.482812] ? direct_splice_actor+0x10f/0x170 [ 1654.483520] ? splice_direct_to_actor+0x387/0x980 [ 1654.484261] ? do_splice_direct+0x1c4/0x290 [ 1654.484930] ? do_sendfile+0x553/0x11e0 [ 1654.485552] ? __x64_sys_sendfile64+0x1d1/0x210 [ 1654.486279] ? do_syscall_64+0x33/0x40 [ 1654.486889] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1654.487736] do_iter_readv_writev+0x476/0x750 [ 1654.488435] ? new_sync_write+0x660/0x660 [ 1654.489076] ? avc_policy_seqno+0x9/0x70 [ 1654.489711] ? selinux_file_permission+0x92/0x520 [ 1654.490495] ? security_file_permission+0xb1/0xe0 [ 1654.491272] do_iter_write+0x191/0x700 [ 1654.491890] ? trace_hardirqs_on+0x5b/0x180 [ 1654.492574] vfs_iter_write+0x70/0xa0 [ 1654.493176] iter_file_splice_write+0x762/0xc30 [ 1654.493923] ? generic_splice_sendpage+0x140/0x140 [ 1654.494747] ? security_file_permission+0xb1/0xe0 [ 1654.495506] ? generic_splice_sendpage+0x140/0x140 [ 1654.496278] direct_splice_actor+0x10f/0x170 [ 1654.496961] splice_direct_to_actor+0x387/0x980 [ 1654.497695] ? pipe_to_sendpage+0x380/0x380 [ 1654.498382] ? do_splice_to+0x160/0x160 [ 1654.499013] ? security_file_permission+0xb1/0xe0 [ 1654.499782] do_splice_direct+0x1c4/0x290 [ 1654.500440] ? splice_direct_to_actor+0x980/0x980 [ 1654.501191] ? avc_policy_seqno+0x9/0x70 [ 1654.501841] ? security_file_permission+0xb1/0xe0 [ 1654.502614] do_sendfile+0x553/0x11e0 [ 1654.503229] ? do_pwritev+0x270/0x270 [ 1654.503830] ? wait_for_completion_io+0x270/0x270 [ 1654.504582] ? rcu_read_lock_any_held+0x75/0xa0 [ 1654.505298] ? vfs_write+0x354/0xb10 [ 1654.505887] __x64_sys_sendfile64+0x1d1/0x210 [ 1654.506596] ? __ia32_sys_sendfile+0x220/0x220 [ 1654.507318] do_syscall_64+0x33/0x40 [ 1654.507897] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1654.508691] RIP: 0033:0x7f24f4026b19 [ 1654.509274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1654.512106] RSP: 002b:00007f24f157b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1654.513279] RAX: ffffffffffffffda RBX: 00007f24f413a020 RCX: 00007f24f4026b19 [ 1654.514392] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 1654.515486] RBP: 00007f24f157b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1654.516596] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1654.517690] R13: 00007ffc75df54bf R14: 00007f24f157b300 R15: 0000000000022000 [ 1654.545200] attempt to access beyond end of device [ 1654.545200] loop6: rw=2049, want=404, limit=128 11:03:44 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 46) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:03:44 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000506) [ 1654.616533] attempt to access beyond end of device [ 1654.616533] loop4: rw=1, want=403, limit=128 [ 1654.712861] FAULT_INJECTION: forcing a failure. [ 1654.712861] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1654.714764] CPU: 0 PID: 11024 Comm: Not tainted 5.10.222 #1 [ 1654.715602] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1654.716971] Call Trace: [ 1654.717371] dump_stack+0x107/0x167 [ 1654.717912] should_fail.cold+0x5/0xa [ 1654.718490] _copy_from_user+0x2e/0x1b0 [ 1654.719081] comm_write+0xbf/0x2a0 [ 1654.719603] ? proc_pid_permission+0x300/0x300 [ 1654.720288] do_iter_write+0x4f0/0x700 [ 1654.720877] vfs_writev+0x1ae/0x620 [ 1654.721418] ? vfs_iter_write+0xa0/0xa0 [ 1654.722003] ? __fdget_pos+0xf1/0x190 [ 1654.722567] ? lock_downgrade+0x6d0/0x6d0 [ 1654.723181] ? ksys_write+0x12d/0x260 [ 1654.723747] ? __fget_files+0x2f8/0x520 [ 1654.724355] do_writev+0x139/0x300 [ 1654.724875] ? vfs_writev+0x620/0x620 [ 1654.725445] do_syscall_64+0x33/0x40 [ 1654.725991] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1654.726743] RIP: 0033:0x7fbbbec6fb19 [ 1654.727293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1654.729915] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1654.731021] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1654.732046] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1654.733074] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1654.734106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1654.735135] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:03:44 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 47) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:03:44 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:03:44 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) openat(r1, &(0x7f00000000c0)='./file0\x00', 0x1c4c0, 0x19d) ftruncate(r0, 0xfdef) [ 1654.895784] attempt to access beyond end of device [ 1654.895784] loop6: rw=1, want=531, limit=128 11:03:44 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0xa3) r1 = signalfd4(r0, &(0x7f0000000000)={[0x5]}, 0x8, 0x80000) syz_io_uring_setup(0x5880, &(0x7f0000000140)={0x0, 0x354b, 0x1, 0x3, 0x345, 0x0, r1}, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 11:03:44 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) r4 = socket$packet(0x11, 0x3, 0x300) dup2(r0, r4) ftruncate(r1, 0xfdef) [ 1654.948534] attempt to access beyond end of device [ 1654.948534] loop4: rw=2049, want=276, limit=128 [ 1654.966407] FAULT_INJECTION: forcing a failure. [ 1654.966407] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1654.968243] CPU: 0 PID: 11031 Comm: Not tainted 5.10.222 #1 [ 1654.969069] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1654.970265] Call Trace: [ 1654.970665] dump_stack+0x107/0x167 [ 1654.971198] should_fail.cold+0x5/0xa [ 1654.971761] _copy_from_user+0x2e/0x1b0 [ 1654.972350] comm_write+0xbf/0x2a0 [ 1654.972871] ? proc_pid_permission+0x300/0x300 [ 1654.973553] do_iter_write+0x4f0/0x700 [ 1654.974146] vfs_writev+0x1ae/0x620 [ 1654.974678] ? vfs_iter_write+0xa0/0xa0 [ 1654.975268] ? __fdget_pos+0xf1/0x190 [ 1654.975822] ? lock_downgrade+0x6d0/0x6d0 [ 1654.976434] ? ksys_write+0x12d/0x260 [ 1654.976998] ? __fget_files+0x2f8/0x520 [ 1654.977598] do_writev+0x139/0x300 [ 1654.978122] ? vfs_writev+0x620/0x620 [ 1654.978689] do_syscall_64+0x33/0x40 [ 1654.979230] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1654.979970] RIP: 0033:0x7fbbbec6fb19 [ 1654.980519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1654.983226] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1654.984334] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1654.985365] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1654.986395] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1654.987416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1654.988444] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:03:45 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) [ 1655.089730] attempt to access beyond end of device [ 1655.089730] loop4: rw=1, want=403, limit=128 11:03:45 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x10000050b) [ 1655.149695] attempt to access beyond end of device [ 1655.149695] loop6: rw=0, want=147, limit=128 11:03:45 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 53) [ 1655.195640] attempt to access beyond end of device [ 1655.195640] loop6: rw=2049, want=276, limit=128 [ 1655.228438] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue 11:03:45 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 48) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1655.289747] attempt to access beyond end of device [ 1655.289747] loop6: rw=2049, want=403, limit=128 11:03:45 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount$bind(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x840, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200001, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x800004, 0x10010, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = open(&(0x7f0000000240)='./file0\x00', 0x101802, 0x122) openat$incfs(r2, &(0x7f0000000280)='.pending_reads\x00', 0x200000, 0x24) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x100000001) mknodat$loop(r3, &(0x7f0000000200)='./file0\x00', 0x4, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) [ 1655.360259] FAULT_INJECTION: forcing a failure. [ 1655.360259] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1655.362048] CPU: 0 PID: 11059 Comm: Not tainted 5.10.222 #1 [ 1655.362872] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1655.364041] Call Trace: [ 1655.364434] dump_stack+0x107/0x167 [ 1655.364960] should_fail.cold+0x5/0xa [ 1655.365519] _copy_from_user+0x2e/0x1b0 [ 1655.366104] comm_write+0xbf/0x2a0 [ 1655.366613] ? proc_pid_permission+0x300/0x300 [ 1655.367283] do_iter_write+0x4f0/0x700 [ 1655.367858] vfs_writev+0x1ae/0x620 [ 1655.368385] ? vfs_iter_write+0xa0/0xa0 [ 1655.368966] ? __fdget_pos+0xf1/0x190 [ 1655.369517] ? lock_downgrade+0x6d0/0x6d0 [ 1655.370123] ? ksys_write+0x12d/0x260 [ 1655.370679] ? __fget_files+0x2f8/0x520 [ 1655.371275] do_writev+0x139/0x300 [ 1655.371788] ? vfs_writev+0x620/0x620 [ 1655.372350] do_syscall_64+0x33/0x40 [ 1655.372884] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1655.373603] RIP: 0033:0x7fbbbec6fb19 [ 1655.374143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1655.376717] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1655.377798] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1655.378812] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1655.379816] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1655.380825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1655.381825] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:03:45 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) write$P9_RREADLINK(r0, &(0x7f00000000c0)={0x10, 0x17, 0x2, {0x7, './file1'}}, 0x10) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ftruncate(r2, 0xfdef) [ 1655.497006] FAULT_INJECTION: forcing a failure. [ 1655.497006] name failslab, interval 1, probability 0, space 0, times 0 [ 1655.498268] CPU: 1 PID: 11057 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1655.498982] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1655.499848] Call Trace: [ 1655.500137] dump_stack+0x107/0x167 [ 1655.500521] should_fail.cold+0x5/0xa [ 1655.500924] ? create_object.isra.0+0x3a/0xa20 [ 1655.501419] should_failslab+0x5/0x20 [ 1655.501818] kmem_cache_alloc+0x5b/0x310 [ 1655.502268] create_object.isra.0+0x3a/0xa20 [ 1655.502736] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1655.503268] kmem_cache_alloc+0x159/0x310 [ 1655.503709] alloc_buffer_head+0x20/0x110 [ 1655.504147] alloc_page_buffers+0x14d/0x700 [ 1655.504614] create_empty_buffers+0x2c/0x640 [ 1655.505080] create_page_buffers+0x1bb/0x230 [ 1655.505545] __block_write_begin_int+0x1d1/0x19c0 [ 1655.506037] ? fat_add_cluster+0x100/0x100 [ 1655.506488] ? add_to_page_cache_locked+0x40/0x40 [ 1655.506989] ? __page_cache_alloc+0x10d/0x360 [ 1655.507454] ? remove_inode_buffers+0x300/0x300 [ 1655.507930] ? pagecache_get_page+0x243/0xc80 [ 1655.508394] ? unlock_page_memcg+0x96/0x170 [ 1655.508842] ? wait_for_stable_page+0x92/0xe0 [ 1655.509310] cont_write_begin+0x472/0x980 [ 1655.509751] ? fat_add_cluster+0x100/0x100 [ 1655.510205] ? nobh_write_begin+0xed0/0xed0 [ 1655.510649] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1655.511242] ? generic_write_end+0x20e/0x3f0 [ 1655.511708] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1655.512234] fat_write_begin+0x89/0x180 [ 1655.512642] ? fat_add_cluster+0x100/0x100 [ 1655.513079] generic_perform_write+0x20a/0x4f0 [ 1655.513548] ? fat_direct_IO+0x1ef/0x380 [ 1655.513966] ? page_cache_prev_miss+0x310/0x310 [ 1655.514469] __generic_file_write_iter+0x2cd/0x5d0 [ 1655.514973] generic_file_write_iter+0xdb/0x230 [ 1655.515454] do_iter_readv_writev+0x476/0x750 [ 1655.515916] ? new_sync_write+0x660/0x660 [ 1655.516340] ? avc_policy_seqno+0x9/0x70 [ 1655.516757] ? selinux_file_permission+0x92/0x520 [ 1655.517262] ? security_file_permission+0xb1/0xe0 [ 1655.517764] do_iter_write+0x191/0x700 [ 1655.518178] ? trace_hardirqs_on+0x5b/0x180 [ 1655.518621] vfs_iter_write+0x70/0xa0 [ 1655.519011] iter_file_splice_write+0x762/0xc30 [ 1655.519500] ? generic_splice_sendpage+0x140/0x140 [ 1655.520029] ? security_file_permission+0xb1/0xe0 [ 1655.520524] ? generic_splice_sendpage+0x140/0x140 [ 1655.521030] direct_splice_actor+0x10f/0x170 [ 1655.521479] splice_direct_to_actor+0x387/0x980 [ 1655.521956] ? pipe_to_sendpage+0x380/0x380 [ 1655.522410] ? do_splice_to+0x160/0x160 [ 1655.522819] ? security_file_permission+0xb1/0xe0 [ 1655.523316] do_splice_direct+0x1c4/0x290 [ 1655.523741] ? splice_direct_to_actor+0x980/0x980 [ 1655.524224] ? avc_policy_seqno+0x9/0x70 [ 1655.524647] ? security_file_permission+0xb1/0xe0 [ 1655.525142] do_sendfile+0x553/0x11e0 [ 1655.525543] ? do_pwritev+0x270/0x270 [ 1655.525933] ? wait_for_completion_io+0x270/0x270 [ 1655.526439] ? rcu_read_lock_any_held+0x75/0xa0 [ 1655.526911] ? vfs_write+0x354/0xb10 [ 1655.527301] __x64_sys_sendfile64+0x1d1/0x210 [ 1655.527755] ? __ia32_sys_sendfile+0x220/0x220 [ 1655.528224] do_syscall_64+0x33/0x40 [ 1655.528602] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1655.529116] RIP: 0033:0x7f24f4026b19 [ 1655.529494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1655.531330] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1655.532093] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1655.532805] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1655.533517] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1655.534237] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1655.534947] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1655.675659] Buffer I/O error on dev loop6, logical block 402, lost async page write [ 1655.716306] Buffer I/O error on dev loop6, logical block 530, lost async page write 11:04:00 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000514) 11:04:00 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x8000000000000, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x6a9d4a49ef1eef20, 0x1) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:04:00 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:04:00 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 54) 11:04:00 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 49) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:04:00 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') creat(&(0x7f0000000040)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) r2 = openat(r1, &(0x7f00000002c0)='./file0\x00', 0x507143, 0x0) ioctl$BLKROGET(r1, 0x125e, &(0x7f0000000180)) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x100000001) signalfd(r6, &(0x7f00000000c0)={[0x9]}, 0x8) sendfile(r4, r3, 0x0, 0x100000004) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ftruncate(r7, 0x1) 11:04:00 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:04:00 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) [ 1670.285474] FAULT_INJECTION: forcing a failure. [ 1670.285474] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1670.286726] CPU: 1 PID: 11082 Comm: Not tainted 5.10.222 #1 [ 1670.287272] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1670.288052] Call Trace: [ 1670.288315] dump_stack+0x107/0x167 [ 1670.288668] should_fail.cold+0x5/0xa [ 1670.289039] _copy_from_user+0x2e/0x1b0 [ 1670.289428] comm_write+0xbf/0x2a0 [ 1670.289772] ? proc_pid_permission+0x300/0x300 [ 1670.290226] do_iter_write+0x4f0/0x700 [ 1670.290620] vfs_writev+0x1ae/0x620 [ 1670.290972] ? vfs_iter_write+0xa0/0xa0 [ 1670.291356] ? __fdget_pos+0xf1/0x190 [ 1670.291718] ? lock_downgrade+0x6d0/0x6d0 [ 1670.292122] ? ksys_write+0x12d/0x260 [ 1670.292498] ? __fget_files+0x2f8/0x520 [ 1670.292897] do_writev+0x139/0x300 [ 1670.293242] ? vfs_writev+0x620/0x620 [ 1670.293614] do_syscall_64+0x33/0x40 [ 1670.293970] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1670.294462] RIP: 0033:0x7fbbbec6fb19 [ 1670.294822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1670.296535] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1670.297259] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1670.297938] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1670.298624] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1670.299297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1670.299963] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:04:00 executing program 0: r0 = syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x9, 0x3, &(0x7f0000000500)=[{&(0x7f0000000300)="66a2c0944e745ec1e65ada3784b678b5df997660d6f5280b299cc173fc629aee1457a4d2d0964b5565091433330bc18d95d98586bcd247a77ced955f2dfdfcc75bb2b70464c9ff521cc4a497aa4f03156e0af84e0295426bab9c1d0a9e98c213e781c975b4b30dc8713a2b1361ca9d33cea5bd2aef8ef63e4941058b3418bc51266d902ba3292bd1c211981586bf34e0ff84a4a123df57c8515da903ddb6688c40026842dab72883b9bde50e7b16c2b2e30f0ae1e889aa440f2bb87ea46825e3b3fdbf725005b2bdbaf7ba2aff0c17807c56edf1187dbf77e332b011", 0xdc}, {&(0x7f00000001c0)="baea49cfa71a7f0e36a4bd354b50fccedfca0b4321ea5746df357e690ac51c08e9d164d6b22db48b80f677339988be8baff781bef8f0083d420ecf42d47e3d7eaa967b85a9c145d4a13143a490e8af9d90659af143968462669cf8b4", 0x5c, 0x9}, {&(0x7f0000000400)="58f836aadecd32b98f1da8fe530e6a21bd73b6cfb4bb75903d0c7080527c6267824286ea8f0a54cb2a98a59a444b6402985d8484229800ad46f0d90b2bf48bb0eabbc7a94a413cf1bbc2e5ac1291c13dad87730e715eff06c8d46b2317b1dae48e8945350860c7d559338d47960da01df4906cbb055ef8cdba58e702e59b60da2fda0a176013fbcf7c588eefbb2f4090e9f791061a0c503380fe4f34406573a79d2264a5b681f465c7d6f7f96626dcc78602a1bc040960197828d4c85eaf4df97d6f37992b34d0d7200d758ed2e05ebe7b55372f3d8f4598812a64ef60ac9d1bb87df03a7eab09ece4f2ac213a7077ec09c14d2e8c98f989dcde05", 0xfb, 0x2}], 0x1, &(0x7f00000006c0)=ANY=[@ANYBLOB='nr_inodes=77ge,nr_inodes=99\x009-e58e,mpol=interleave=static:--08-6/8,huge=never,gid=', @ANYRESHEX=0xee01, @ANYBLOB=',subj_type=vfat\x00,fscontext=sysadm_u,uid=', @ANYRESDEC=0xee00, @ANYBLOB="f83e8d9af018cf9df6bbd30b340122e6107c354cf15a3d9b5c19fd8152e0782a5d939bb0a04bbd", @ANYRESDEC=0xee01, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',func=MODULE_CHECK,\x00']) r1 = socket$netlink(0x10, 0x3, 0xa) dup2(r0, r1) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ftruncate(r2, 0xfdef) [ 1670.368617] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1670.379608] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 1670.475294] handle_bad_sector: 8 callbacks suppressed [ 1670.475306] attempt to access beyond end of device [ 1670.475306] loop4: rw=2049, want=276, limit=128 [ 1670.498245] FAULT_INJECTION: forcing a failure. [ 1670.498245] name failslab, interval 1, probability 0, space 0, times 0 [ 1670.499887] CPU: 0 PID: 11096 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1670.500900] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1670.502103] Call Trace: [ 1670.502504] dump_stack+0x107/0x167 [ 1670.503041] should_fail.cold+0x5/0xa [ 1670.503600] ? create_object.isra.0+0x3a/0xa20 [ 1670.504275] should_failslab+0x5/0x20 [ 1670.504832] kmem_cache_alloc+0x5b/0x310 [ 1670.505435] create_object.isra.0+0x3a/0xa20 [ 1670.506077] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1670.506839] kmem_cache_alloc+0x159/0x310 [ 1670.507455] alloc_buffer_head+0x20/0x110 [ 1670.508060] alloc_page_buffers+0x14d/0x700 [ 1670.508692] create_empty_buffers+0x2c/0x640 [ 1670.509342] create_page_buffers+0x1bb/0x230 [ 1670.509987] __block_write_begin_int+0x1d1/0x19c0 [ 1670.510708] ? fat_add_cluster+0x100/0x100 [ 1670.511330] ? add_to_page_cache_locked+0x40/0x40 [ 1670.512039] ? __page_cache_alloc+0x10d/0x360 [ 1670.512698] ? remove_inode_buffers+0x300/0x300 [ 1670.513378] ? pagecache_get_page+0x243/0xc80 [ 1670.514024] ? unlock_page_memcg+0x96/0x170 [ 1670.514673] ? wait_for_stable_page+0x92/0xe0 [ 1670.515338] cont_write_begin+0x472/0x980 [ 1670.515953] ? fat_add_cluster+0x100/0x100 [ 1670.516572] ? nobh_write_begin+0xed0/0xed0 [ 1670.517209] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1670.518018] ? generic_write_end+0x20e/0x3f0 [ 1670.518670] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1670.519422] fat_write_begin+0x89/0x180 [ 1670.519998] ? fat_add_cluster+0x100/0x100 [ 1670.520623] generic_perform_write+0x20a/0x4f0 [ 1670.521298] ? fat_direct_IO+0x1ef/0x380 [ 1670.521891] ? page_cache_prev_miss+0x310/0x310 [ 1670.522595] __generic_file_write_iter+0x2cd/0x5d0 [ 1670.523323] generic_file_write_iter+0xdb/0x230 [ 1670.524005] do_iter_readv_writev+0x476/0x750 [ 1670.524665] ? new_sync_write+0x660/0x660 [ 1670.525270] ? avc_policy_seqno+0x9/0x70 [ 1670.525862] ? selinux_file_permission+0x92/0x520 [ 1670.526581] ? security_file_permission+0xb1/0xe0 [ 1670.527301] do_iter_write+0x191/0x700 [ 1670.527875] ? trace_hardirqs_on+0x5b/0x180 [ 1670.528514] vfs_iter_write+0x70/0xa0 [ 1670.529076] iter_file_splice_write+0x762/0xc30 [ 1670.529777] ? generic_splice_sendpage+0x140/0x140 [ 1670.530529] ? security_file_permission+0xb1/0xe0 [ 1670.531240] ? generic_splice_sendpage+0x140/0x140 [ 1670.531958] direct_splice_actor+0x10f/0x170 [ 1670.532608] splice_direct_to_actor+0x387/0x980 [ 1670.533304] ? pipe_to_sendpage+0x380/0x380 [ 1670.533935] ? do_splice_to+0x160/0x160 [ 1670.534525] ? security_file_permission+0xb1/0xe0 [ 1670.535240] do_splice_direct+0x1c4/0x290 [ 1670.535839] ? splice_direct_to_actor+0x980/0x980 [ 1670.536540] ? avc_policy_seqno+0x9/0x70 [ 1670.537136] ? security_file_permission+0xb1/0xe0 [ 1670.537851] do_sendfile+0x553/0x11e0 [ 1670.538440] ? do_pwritev+0x270/0x270 [ 1670.539010] ? wait_for_completion_io+0x270/0x270 [ 1670.539721] ? rcu_read_lock_any_held+0x75/0xa0 [ 1670.540402] ? vfs_write+0x354/0xb10 [ 1670.540944] __x64_sys_sendfile64+0x1d1/0x210 [ 1670.541596] ? __ia32_sys_sendfile+0x220/0x220 [ 1670.542271] do_syscall_64+0x33/0x40 [ 1670.542823] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1670.543553] RIP: 0033:0x7f24f4026b19 [ 1670.544096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1670.546712] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1670.547810] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1670.548833] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1670.549847] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1670.550873] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1670.551887] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1670.603104] attempt to access beyond end of device [ 1670.603104] loop6: rw=1, want=275, limit=128 11:04:00 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 50) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:04:00 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) flistxattr(r0, &(0x7f0000000180)=""/125, 0x7d) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000700)="eb46906d6b329daab78ccb3d19262cc133a43c7966732e6600f80100"/38, 0x26}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x100000001) openat(r5, &(0x7f0000000200)='./file0\x00', 0x440000, 0xa6) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r7, 0x0, 0x100000001) ioctl$PIO_FONTX(0xffffffffffffffff, 0x4b6c, &(0x7f0000000280)={0x1a8, 0x1f, &(0x7f0000000300)="b5705eba0e0696f9cfcd3629b0e9cf9e6c4ed4c09b60fa1ddc71cf36ca9a3e3632f8c8d5ceb23386f64a17e7f182abccac547476ed08629d3f1e16d180b7fad5dd40570f3c9f660213e81c57c9674103dc506af23b9645f77d359129b668b2ce17d2105ae88d6b8dea79862e1ff837c9b9810c47c9d4afb89436b4d20b548d3a684b2d11fb2023cf4314e0b2e4ff8d112c12bdb6141daef251733863ce8b8762bb35910713047753b78da06b4699494d0abe9f5c97a2ec027d0a8dbdbbde7875a9c171719493d666870492869a83c28ea4599509b5e078da9bf2e3774c32456289ba2505c7ab89c7e2eb24430dded422e056b6dd38439cf60e76ac78388819278b145041de0c9728153e4b9a8de892ce8b37f9512c8393cfd5ffde790030a1a362fd82eff17ccbda3e9c7353a57c206f5871d9ba87d8c3caa725d366abf1287cb11327c55faba77a9efd84a9d9b6c33b267605999b4f98ac666a7f62d49015a20d319d78c71e3036036cc453cc5df29733b5880bfd8239ea81a82c0ed7940497f158cafd7f2a0e9ee6c4b56e32a6042c08c0af086c0b953b02cbd02bdcf5131223b732886e3905b74dc07cd637d401d097acf3ae4d0a7e8a1421defdcdf74480e552083a67b02ba764533c8876b3aa233de18a7f6d1f8993fbb3ff296489c9970353dde99a9dbfebb4484266ac2b2a0b07a14d79ff02a4ae5df50a0cf3f2bd4da3e8eefeab69adb862df3bc05ec473c3c053e98d4d2990395e3b0873da124543787d76172e69996056c0077dca3a7bd5d81c312b85f8bc486f334c21bc89b0b6ed900a41e3887def38f08d3f37901711e4599855ab89f12548f8d14bf6e6f678ac843113a0314967799d93304ba42f82f0e2f138d8c13c0da7d3a38eed0b942590fb8a56bd30082f3498901e908260b1eb66cfb805e2c84ebdfc9636252c7ce26d60cfeba8d30ea9231f2399931ef9ef628da96d1eb43082eddee9323ee9a218a3a707db3bb89868049a4ffef604c1fe02f29ad20e1768bfde192548dd04ed136e6bf285a090efcda8dc66e428f29af6a9c109f1074890105eedac10f1338de54199a8607e77565c3cfd6051a63d3fc80c434485a0986c2bc3f09df79fd6391c8432c57d212390173df0c1a3f79ca0e99c0d872cf8a7433453393854b00f9c0590fe21f8d70ebf9e34937659ff91ab910ca36d4385807f8b66e568c6c850b7a325349b776143b2066494935e3489b482b0a6d55d9633011e6757169460ec47917f72d1e2b5a49b7aaa1b26490b0d7aed9769b6112f80faaf5508fe3b0fb9fe12c4132b2e63ad5d664b42a66fede868a25972fa6a3b417f7414a281f72aa9c006200006708c4fea34efb132b6903181d5cd2bb2045e75a3191130a92792fb9bb257ccef1afc1cb54f84938757efe131f5d31d735f9036ccf299790843d93c05be"}) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='stack\x00') fallocate(r8, 0x34, 0x6b41c6c5, 0x5) sendfile(r3, r4, 0x0, 0x100000001) ftruncate(r2, 0xfdef) [ 1670.645408] attempt to access beyond end of device [ 1670.645408] loop5: rw=2049, want=276, limit=128 11:04:00 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000600) [ 1670.702456] FAULT_INJECTION: forcing a failure. [ 1670.702456] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1670.704492] CPU: 0 PID: 11122 Comm: Not tainted 5.10.222 #1 [ 1670.705324] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1670.706515] Call Trace: [ 1670.706909] dump_stack+0x107/0x167 [ 1670.707440] should_fail.cold+0x5/0xa [ 1670.707999] _copy_from_user+0x2e/0x1b0 [ 1670.708583] comm_write+0xbf/0x2a0 [ 1670.709100] ? proc_pid_permission+0x300/0x300 [ 1670.709772] do_iter_write+0x4f0/0x700 [ 1670.710357] vfs_writev+0x1ae/0x620 [ 1670.710894] ? vfs_iter_write+0xa0/0xa0 [ 1670.711471] ? __fdget_pos+0xf1/0x190 [ 1670.712027] ? lock_downgrade+0x6d0/0x6d0 [ 1670.712634] ? ksys_write+0x12d/0x260 [ 1670.713195] ? __fget_files+0x2f8/0x520 [ 1670.713800] do_writev+0x139/0x300 [ 1670.714324] ? vfs_writev+0x620/0x620 [ 1670.714895] do_syscall_64+0x33/0x40 [ 1670.715433] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1670.716164] RIP: 0033:0x7fbbbec6fb19 [ 1670.716699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1670.719300] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1670.720396] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1670.721419] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1670.722448] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1670.723466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1670.724495] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1670.786990] FAT-fs (loop6): invalid media value (0x73) [ 1670.787560] FAT-fs (loop6): Can't find a valid FAT filesystem [ 1670.817986] attempt to access beyond end of device [ 1670.817986] loop4: rw=2049, want=276, limit=128 [ 1670.881316] attempt to access beyond end of device [ 1670.881316] loop4: rw=1, want=284, limit=128 [ 1671.158689] FAT-fs (loop6): Unrecognized mount option "stack" or missing value 11:04:15 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') stat(&(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) stat(&(0x7f0000000400)='./file0/file0\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r3, 0x0) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000280), 0x1008840, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {}, 0x2c, {[{@nodevmap}, {@aname={'aname', 0x3d, 'vfat\x00'}}, {@privport}, {@privport}, {@dfltuid={'dfltuid', 0x3d, r3}}], [{@dont_measure}, {@euid_gt={'euid>', r0}}, {@context={'context', 0x3d, 'unconfined_u'}}]}}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x100000001) ftruncate(r1, 0xfdef) 11:04:15 executing program 6: mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2, 0x4000010, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:04:15 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x102041, 0x112) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:04:15 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x80, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f00000000c0)='devpts\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x410002, 0x0) 11:04:15 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000700) 11:04:15 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 51) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:04:15 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 55) [ 1685.808704] FAULT_INJECTION: forcing a failure. [ 1685.808704] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1685.810710] CPU: 1 PID: 11142 Comm: Not tainted 5.10.222 #1 [ 1685.811552] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1685.812752] Call Trace: [ 1685.813149] dump_stack+0x107/0x167 [ 1685.813696] should_fail.cold+0x5/0xa [ 1685.814280] _copy_from_user+0x2e/0x1b0 [ 1685.814882] comm_write+0xbf/0x2a0 [ 1685.815405] ? proc_pid_permission+0x300/0x300 [ 1685.816089] do_iter_write+0x4f0/0x700 [ 1685.816678] vfs_writev+0x1ae/0x620 [ 1685.817213] ? vfs_iter_write+0xa0/0xa0 [ 1685.817796] ? __fdget_pos+0xf1/0x190 [ 1685.818356] ? lock_downgrade+0x6d0/0x6d0 [ 1685.818987] ? ksys_write+0x12d/0x260 [ 1685.819552] ? __fget_files+0x2f8/0x520 [ 1685.820158] do_writev+0x139/0x300 [ 1685.820676] ? vfs_writev+0x620/0x620 [ 1685.821273] do_syscall_64+0x33/0x40 [ 1685.821816] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1685.822598] RIP: 0033:0x7fbbbec6fb19 [ 1685.823143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1685.825911] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1685.825984] 9pnet: Insufficient options for proto=fd [ 1685.827020] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1685.827032] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1685.827044] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1685.827060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1685.831739] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:04:15 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:04:15 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) rename(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='./file0\x00') chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:04:16 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 52) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1685.978622] FAULT_INJECTION: forcing a failure. [ 1685.978622] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1685.979930] CPU: 0 PID: 11173 Comm: Not tainted 5.10.222 #1 [ 1685.980564] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1685.981323] Call Trace: [ 1685.981581] dump_stack+0x107/0x167 [ 1685.981926] should_fail.cold+0x5/0xa [ 1685.982295] _copy_from_user+0x2e/0x1b0 [ 1685.982690] comm_write+0xbf/0x2a0 [ 1685.983030] ? proc_pid_permission+0x300/0x300 [ 1685.983470] do_iter_write+0x4f0/0x700 [ 1685.983846] vfs_writev+0x1ae/0x620 [ 1685.983985] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1685.984190] ? vfs_iter_write+0xa0/0xa0 [ 1685.984203] ? __fdget_pos+0xf1/0x190 [ 1685.984224] ? lock_downgrade+0x6d0/0x6d0 [ 1685.986600] ? ksys_write+0x12d/0x260 [ 1685.986964] ? __fget_files+0x2f8/0x520 [ 1685.987347] do_writev+0x139/0x300 [ 1685.987681] ? vfs_writev+0x620/0x620 [ 1685.988052] do_syscall_64+0x33/0x40 [ 1685.988398] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1685.988861] RIP: 0033:0x7fbbbec6fb19 [ 1685.989210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1685.990905] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1685.991602] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1685.992264] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1685.992909] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1685.993565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1685.994212] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1686.027362] FAULT_INJECTION: forcing a failure. [ 1686.027362] name failslab, interval 1, probability 0, space 0, times 0 [ 1686.028558] CPU: 0 PID: 11154 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1686.029195] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1686.029936] Call Trace: [ 1686.030188] dump_stack+0x107/0x167 [ 1686.030546] should_fail.cold+0x5/0xa [ 1686.030904] ? create_object.isra.0+0x3a/0xa20 [ 1686.031334] should_failslab+0x5/0x20 [ 1686.031706] kmem_cache_alloc+0x5b/0x310 [ 1686.032171] create_object.isra.0+0x3a/0xa20 [ 1686.032600] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1686.033071] kmem_cache_alloc+0x159/0x310 [ 1686.033477] alloc_buffer_head+0x20/0x110 [ 1686.033860] alloc_page_buffers+0x14d/0x700 [ 1686.034270] create_empty_buffers+0x2c/0x640 [ 1686.034684] create_page_buffers+0x1bb/0x230 [ 1686.035098] __block_write_begin_int+0x1d1/0x19c0 [ 1686.035532] ? fat_add_cluster+0x100/0x100 [ 1686.035921] ? add_to_page_cache_locked+0x40/0x40 [ 1686.036354] ? __page_cache_alloc+0x10d/0x360 [ 1686.036769] ? remove_inode_buffers+0x300/0x300 [ 1686.037183] ? pagecache_get_page+0x243/0xc80 [ 1686.037588] ? unlock_page_memcg+0x96/0x170 [ 1686.037976] ? wait_for_stable_page+0x92/0xe0 [ 1686.038391] cont_write_begin+0x472/0x980 [ 1686.038777] ? fat_add_cluster+0x100/0x100 [ 1686.039172] ? nobh_write_begin+0xed0/0xed0 [ 1686.039558] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1686.040077] ? generic_write_end+0x20e/0x3f0 [ 1686.040467] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1686.040932] fat_write_begin+0x89/0x180 [ 1686.041286] ? fat_add_cluster+0x100/0x100 [ 1686.041677] generic_perform_write+0x20a/0x4f0 [ 1686.042091] ? fat_direct_IO+0x1ef/0x380 [ 1686.042479] ? page_cache_prev_miss+0x310/0x310 [ 1686.042920] __generic_file_write_iter+0x2cd/0x5d0 [ 1686.043375] generic_file_write_iter+0xdb/0x230 [ 1686.043796] do_iter_readv_writev+0x476/0x750 [ 1686.044207] ? new_sync_write+0x660/0x660 [ 1686.044577] ? avc_policy_seqno+0x9/0x70 [ 1686.044946] ? selinux_file_permission+0x92/0x520 [ 1686.045386] ? security_file_permission+0xb1/0xe0 [ 1686.045834] do_iter_write+0x191/0x700 [ 1686.046186] ? trace_hardirqs_on+0x5b/0x180 [ 1686.046590] vfs_iter_write+0x70/0xa0 [ 1686.046940] iter_file_splice_write+0x762/0xc30 [ 1686.047377] ? generic_splice_sendpage+0x140/0x140 [ 1686.047832] ? security_file_permission+0xb1/0xe0 [ 1686.048279] ? generic_splice_sendpage+0x140/0x140 [ 1686.048717] direct_splice_actor+0x10f/0x170 [ 1686.049124] splice_direct_to_actor+0x387/0x980 [ 1686.049547] ? pipe_to_sendpage+0x380/0x380 [ 1686.049946] ? do_splice_to+0x160/0x160 [ 1686.050309] ? security_file_permission+0xb1/0xe0 [ 1686.050753] do_splice_direct+0x1c4/0x290 [ 1686.051133] ? splice_direct_to_actor+0x980/0x980 [ 1686.051558] ? avc_policy_seqno+0x9/0x70 [ 1686.051938] ? security_file_permission+0xb1/0xe0 [ 1686.052374] do_sendfile+0x553/0x11e0 [ 1686.052729] ? do_pwritev+0x270/0x270 [ 1686.053071] ? wait_for_completion_io+0x270/0x270 [ 1686.053507] ? rcu_read_lock_any_held+0x75/0xa0 [ 1686.053919] ? vfs_write+0x354/0xb10 [ 1686.054271] __x64_sys_sendfile64+0x1d1/0x210 [ 1686.054677] ? __ia32_sys_sendfile+0x220/0x220 [ 1686.055104] do_syscall_64+0x33/0x40 [ 1686.055435] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1686.055895] RIP: 0033:0x7f24f4026b19 [ 1686.056228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1686.057874] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1686.058556] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1686.059197] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1686.059843] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1686.060482] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1686.061128] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1686.062798] attempt to access beyond end of device [ 1686.062798] loop6: rw=0, want=147, limit=128 11:04:16 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) [ 1686.093014] attempt to access beyond end of device [ 1686.093014] loop6: rw=2049, want=276, limit=128 [ 1686.098815] attempt to access beyond end of device [ 1686.098815] loop4: rw=2049, want=276, limit=128 [ 1686.125876] attempt to access beyond end of device [ 1686.125876] loop5: rw=2049, want=276, limit=128 11:04:16 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 53) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1686.183565] attempt to access beyond end of device [ 1686.183565] loop4: rw=1, want=340, limit=128 11:04:16 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 56) 11:04:16 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000900) [ 1686.198091] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 1686.212764] attempt to access beyond end of device [ 1686.212764] loop6: rw=1, want=292, limit=128 11:04:16 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x200}], 0x0, &(0x7f0000000180)=ANY=[@ANYRES16=0x0]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) dup(r3) sendfile(r3, r4, 0x0, 0x100000001) openat(r4, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) ftruncate(r0, 0xfdef) [ 1686.274500] FAULT_INJECTION: forcing a failure. [ 1686.274500] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1686.276518] CPU: 1 PID: 11184 Comm: Not tainted 5.10.222 #1 [ 1686.277393] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1686.278659] Call Trace: [ 1686.279066] dump_stack+0x107/0x167 [ 1686.279627] should_fail.cold+0x5/0xa [ 1686.280226] _copy_from_user+0x2e/0x1b0 [ 1686.280847] comm_write+0xbf/0x2a0 [ 1686.281398] ? proc_pid_permission+0x300/0x300 [ 1686.282121] do_iter_write+0x4f0/0x700 [ 1686.282743] vfs_writev+0x1ae/0x620 [ 1686.283307] ? vfs_iter_write+0xa0/0xa0 [ 1686.283916] ? __fdget_pos+0xf1/0x190 [ 1686.284478] ? lock_downgrade+0x6d0/0x6d0 [ 1686.285120] ? ksys_write+0x12d/0x260 [ 1686.285713] ? __fget_files+0x2f8/0x520 [ 1686.286346] do_writev+0x139/0x300 [ 1686.286901] ? vfs_writev+0x620/0x620 [ 1686.287503] do_syscall_64+0x33/0x40 [ 1686.288068] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1686.288849] RIP: 0033:0x7fbbbec6fb19 [ 1686.289420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1686.292232] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1686.293395] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1686.294488] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1686.295580] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1686.296660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1686.297748] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1686.311596] 9pnet: Insufficient options for proto=fd [ 1686.339019] attempt to access beyond end of device [ 1686.339019] loop4: rw=2049, want=276, limit=128 [ 1686.372523] FAT-fs (loop6): Directory bread(block 5) failed [ 1686.384771] FAT-fs (loop6): Directory bread(block 6) failed [ 1686.398504] FAT-fs (loop6): Directory bread(block 7) failed [ 1686.400006] FAT-fs (loop6): Directory bread(block 8) failed [ 1686.404673] FAULT_INJECTION: forcing a failure. [ 1686.404673] name failslab, interval 1, probability 0, space 0, times 0 [ 1686.405815] CPU: 0 PID: 11196 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1686.406522] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1686.407226] Call Trace: [ 1686.407466] dump_stack+0x107/0x167 [ 1686.407792] should_fail.cold+0x5/0xa [ 1686.408131] ? create_object.isra.0+0x3a/0xa20 [ 1686.408549] should_failslab+0x5/0x20 [ 1686.408890] kmem_cache_alloc+0x5b/0x310 [ 1686.409255] create_object.isra.0+0x3a/0xa20 [ 1686.409636] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1686.410086] kmem_cache_alloc+0x159/0x310 [ 1686.410458] alloc_buffer_head+0x20/0x110 [ 1686.410791] alloc_page_buffers+0x14d/0x700 [ 1686.411143] create_empty_buffers+0x2c/0x640 [ 1686.411499] create_page_buffers+0x1bb/0x230 [ 1686.411857] __block_write_begin_int+0x1d1/0x19c0 [ 1686.412246] ? fat_add_cluster+0x100/0x100 [ 1686.412580] ? add_to_page_cache_locked+0x40/0x40 [ 1686.412963] ? __page_cache_alloc+0x10d/0x360 [ 1686.413128] FAT-fs (loop6): Directory bread(block 9) failed [ 1686.413348] ? remove_inode_buffers+0x300/0x300 [ 1686.414241] FAT-fs (loop6): Directory bread(block 10) failed [ 1686.414577] ? pagecache_get_page+0x243/0xc80 [ 1686.415784] ? unlock_page_memcg+0x96/0x170 [ 1686.416138] ? wait_for_stable_page+0x92/0xe0 [ 1686.416499] cont_write_begin+0x472/0x980 [ 1686.416837] ? fat_add_cluster+0x100/0x100 [ 1686.417191] ? nobh_write_begin+0xed0/0xed0 [ 1686.417546] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1686.418016] ? generic_write_end+0x20e/0x3f0 [ 1686.418373] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1686.418787] fat_write_begin+0x89/0x180 [ 1686.419120] ? fat_add_cluster+0x100/0x100 [ 1686.419461] generic_perform_write+0x20a/0x4f0 [ 1686.419832] ? fat_direct_IO+0x1ef/0x380 [ 1686.420160] ? page_cache_prev_miss+0x310/0x310 [ 1686.420544] __generic_file_write_iter+0x2cd/0x5d0 [ 1686.420950] generic_file_write_iter+0xdb/0x230 [ 1686.421329] do_iter_readv_writev+0x476/0x750 [ 1686.421651] FAT-fs (loop6): Directory bread(block 11) failed [ 1686.421699] ? new_sync_write+0x660/0x660 [ 1686.422905] ? avc_policy_seqno+0x9/0x70 [ 1686.423233] ? selinux_file_permission+0x92/0x520 [ 1686.423635] ? security_file_permission+0xb1/0xe0 [ 1686.424028] do_iter_write+0x191/0x700 [ 1686.424354] ? trace_hardirqs_on+0x5b/0x180 [ 1686.424713] vfs_iter_write+0x70/0xa0 [ 1686.425017] iter_file_splice_write+0x762/0xc30 [ 1686.425409] ? generic_splice_sendpage+0x140/0x140 [ 1686.425813] ? security_file_permission+0xb1/0xe0 [ 1686.426211] ? generic_splice_sendpage+0x140/0x140 [ 1686.426635] direct_splice_actor+0x10f/0x170 [ 1686.426990] splice_direct_to_actor+0x387/0x980 [ 1686.427384] ? pipe_to_sendpage+0x380/0x380 [ 1686.427745] ? do_splice_to+0x160/0x160 [ 1686.428069] ? security_file_permission+0xb1/0xe0 [ 1686.428480] do_splice_direct+0x1c4/0x290 [ 1686.428843] ? splice_direct_to_actor+0x980/0x980 [ 1686.429364] ? avc_policy_seqno+0x9/0x70 [ 1686.429716] ? security_file_permission+0xb1/0xe0 [ 1686.430123] do_sendfile+0x553/0x11e0 [ 1686.430446] ? do_pwritev+0x270/0x270 [ 1686.430767] ? wait_for_completion_io+0x270/0x270 [ 1686.431159] ? rcu_read_lock_any_held+0x75/0xa0 [ 1686.431614] ? vfs_write+0x354/0xb10 [ 1686.431919] __x64_sys_sendfile64+0x1d1/0x210 [ 1686.432280] ? __ia32_sys_sendfile+0x220/0x220 [ 1686.432666] do_syscall_64+0x33/0x40 [ 1686.432972] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1686.433382] RIP: 0033:0x7f24f4026b19 [ 1686.433687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1686.435187] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1686.435804] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1686.436391] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1686.436957] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1686.437526] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1686.438089] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1686.443010] attempt to access beyond end of device [ 1686.443010] loop4: rw=1, want=380, limit=128 11:04:16 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000a00) [ 1686.450475] FAT-fs (loop6): Directory bread(block 5) failed [ 1686.455843] FAT-fs (loop6): Directory bread(block 6) failed [ 1686.459510] FAT-fs (loop6): Directory bread(block 7) failed 11:04:16 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) r3 = accept(r0, &(0x7f0000004100)=@l2tp={0x2, 0x0, @initdev}, &(0x7f0000004180)=0x80) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000041c0)={@in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x0, 0x0, 0x1d, 0x0, "2e37680b7ec24c18c732ea4b853e3a138f1536455fcb06b4405d038d27722eadb93c804970e3a8e0c7f712f3d023487fa0cf6f0360525abfef5f2df05e6cd19fb35790dbc67598dc3c33f0d29dfe7d14"}, 0xd8) [ 1686.465944] attempt to access beyond end of device [ 1686.465944] loop5: rw=2049, want=276, limit=128 [ 1686.641118] attempt to access beyond end of device [ 1686.641118] loop4: rw=2049, want=276, limit=128 11:04:31 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 57) 11:04:31 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f00000000c0)=ANY=[@ANYRES16=0x0]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000180)='./file0\x00', 0xc) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) syz_mount_image$tmpfs(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x4, 0x4, &(0x7f0000002400)=[{&(0x7f0000000300)="23c2b737948d1ed98402e88549e957df3693dac732291de22b26c0196c14ef10a661d9783b36c43a87dacdb190e275b29ebb395a3b3feb7bfda161e68a6ef7486dce2b607fe894c662fbcc64b99b9bac55a665fdf6163ff24fbaadb2e02dba8fa8d87d9d28ab971fc0d51d7ce9e0e6a69446753d13d9f7fbc2739be32f733dc510de46239a4468778ccb2f90f36b554339b4602589891c61326cb45c03a62de1b7d091ded654718777a74655a6be62170803bb713f7edfa1441d3b8a2a9abe4a0f5eb445c6bb6b5040fb19d436782412024ebe8c3d", 0xd5, 0xec91}, {&(0x7f0000000400)="8bdcaa3062cfeacd7e8fa0ac20097c5ca75024f8e89f412d79a7ef227309eecaacace0a4f538d97fac3ec5137b088e2c90ee79f631566dc089974badd4f14f1ce1c95064ea9135eb954e252ec1d7a02c4743a29365f3835f629ff56814aaa157c466d113efff58892dc7394359a29ab80e31c643cce15c60e1ad2e4f7130e63e877c7effaee477711b483c9675084b5d71eebcd6d79f6710b0f3e10fbbdf617a24180c277c7112f4e121a3d6d82fc1f31183cb457f05af9a32203081082c8aa28bdc1dac046a9e0dea78078b6bf07941d604dde4cdd541a2dc3f1937ac28b9c24f8ac2f344a4090700c533e1ca3b39fb64f74b33b69e11d7e9f7767ea468bd5f97c0f543bff44c79f2968385db680947b0334daa301b10ba1b62176b7c1412c7b423b2faa7f6c3cce2de53461a199f414b9a5719942b2ebf345acd0a1aa1e7a3d3eb0e30a4df53770688a23a0e9f4ed1d571523c2195aee3fe38f701f8eb46a02e941268de9cd8cd17414f32c8132e03691328b68ca8c3a888e557ecafce78be7ac5685bd0ebbae163ca327838c80f1cd16243b029ccc6a298dc62a9ab6419f1be4a67f70d9bdaeeea7ea472f13191ff365d72476767ed0f9643072d45cf772ec23de34a2e14cc1296fe84ea1ca3d8df48f0da14c2445ceec8972ae8b8257f221954a1069064f40178fabc021893ce4e08c4c7d5cd3ba0cb7a9ca9635408014adaab1be5781e169ea3198769eaf9abf613f7e67fccdb567ee6a7f3872b0949c117421123ffa2a2886162b8be2adf2c1bcb6f94f178879708e91e687de0d864aea000e01ed5ff7c6fba4d2e03833eb4eaf192774be09acdbca7de945b8ea1b3daae80a1b50b0b622d729ee5170b7448eef0528dfb0720c952740763c33bb7dedbb049b81eee65286fe64df8d2f53efb09acf3bc99b23dac4478ae77076a87e5f1e522c72e415eb85cf1bd0a24814c91603561ddcdeb91fb3c8ee0e6b91c9388566607716247bff11bd7cf8761d0df88855f8880b02c8b74adbfc44ef61b03e2605cc6f088f83ab67737052ea0f10383f011d52b79a6f875a5f55a0978e1790ef26714ec4347e03082ec1e72829215fc12cda5f19bea27b948bfd39a8f96759b36d331a3eaea6be941f7ed325e77a54a20c5f527def840457ec87b9965e6e4a17ca58e62d996828e98ce1dff32b91ad4c9a6eb3396bce6d7666631ccd36b409e4babe7d5373f2d13c0522a636fc398e8630dfb2ad2d01cc57e8f8a0a622c1d3cfc12a24d34f1cbecac30c74d7ddcdaf82a7607634c4a1d245ccab3581374dde1cff4ba24607905b4b2cc1be985a6b859bb62385ee8c3f042b695e9bf020fc7ecbff547c9bc69c35f127dde12afcc4a96f2698fbefd0a0a687a002ebc3730499e024bc7e4509be76cd778f23d86bf2a1fb3c2a0771955bedc4e5399afd9040bf5423a78cc381480e75f239accfaaa7378444fda5c54ab34efc6c6f44bb7520a44be4fb0f01fafb63a4f4744bdb7336f55e427ad45662f4759b2d822d6ea84f6c7637467fbb843ed42bd79857db2f8b433aa416d643014374d09347780543bba64af74c2d0acb5d2857a7fee9bb6cc1737b1429166a21296abf96745b18f790c5900a61e1f297472a527e0484835415938086ba694c6bb88d4d6ca98452e564188982a5626384cc68ddfaaf9b7dc5228c8d3616c0505fb47c15b90607677265a92083b03ed6af3251db5557a00ca7758b6dc128242d1dd3315d31ae0a14d66ab26473b22adac63327a4ec7f900b2752b534af60861968d472be486f0faa70ea41b05d58aceb9780d1bce0c5ebd3026956c2aa31845b7ca0fbc76400a54e88d33c9df4cc13ca3139c50c7964e551c97da90a347cf611caa2364f914953ad8ba15cfb1ab17363ea0e5be91b706c2c7ee07e7d8399fe0a2b0b892371882fd5f2b06a79abe2eb0ab1045ba3927a6f9126a37cd3254655dbbd46f1b444e1a7e312c684d0be3e67c500dfcd7a3e799a42934c42c1ef5cdfd186ab9f16ea27aad2e19e3d5de96ce7f2a484a21a2f4cacbff492b0a2f835eede21f232df41076cc231df07473ba37a445320e071486f4d0390f0fbd9f0465d5bd87b9a4ad3f5fdc2de8b454c87f60b6339dcae0469b675e7e275ed59d4e9f6ef7c9888f4402200c748f57fb47041b68db9b42faf7006f75a15f685f7e3d347291aabac3b0b7cb61cdf8125561716dd5af7b29223a5452b921332425336e0abe47ae7b1650f55285866536dcdb6b2b20fc0416fbdcec511cf903dac9925122308bfc7c33122a66e0c6d2e34a225105d8f4229818b6d1e47da8d3a44bf6741b825ce0000b802e725e4c1daef61de345850c710ebe63880bd2b2a0814d75b8284cab9867aeafc5bd842820fc28a185f1854105ac776af31f2ca5e34c8d174bfaff946295535519751f07b9aeda7ff1540aa3b5a49eade2ab2d993a55a1b70421d9b6dbde086f5a38844a46680f64be238f4a302de085f588941e8621bcc06f132672bc71a1abdee196b5bfb0f7fff374d7bbbe5767393dbafd5e9d572a5cb40a2063225c9e8a5876e69cfbf1709a822a9f66b7c86f192bb896d925aeee68e3b43fb2e391fd3c1bf69f20cc5a6c61551bb7227a28cade49f605fab2b880d2e4ccc1ad442ffb81cce7f82b9d1fdf9e1c1fdca899184b3f71e796065c3e0dee3b96bda304de0e58c025cc0bdb9d8397b8b1be96f830c7a1ce848ff626ad513dec44622f30d608d3f9c2e48cc76f32f88cef66ec9056f866b68785732f07d56141669336fa98e38fedf17f58ac8ae74b45fca60fd91ccf7afb1388893f87e02fe54f0fde12d1e8ecc761dc59028860859d8072e7b3b281f009fe62b80e73870531bc3bf903219b8200a2b7ae015cff538eef3e6ebddd149575aae1dfe0cadf7b5de157f6deeb4b78af0ade1a4e11cae593584f53722a71247f29b0f6acb991750058e827205b75af7807e57e8d79776dc89ae8dd7cc3d799a47974c67fa1f7ba01c41380aa096dcdff556b9451ad0085ed4da75cf03e27fcf142885793fc9e1cd38eb186635dc8030ad3b48e19b29f7f5b114639cc271863ab7a46003001d1f1a277f86d120f81bcf4530af42c0389bd690c4066462cb3f42415bce8669002841bbd7b6369c36922cd974e58567a2a26671a5bb5ce134eb5736a9952fcf7815b67c7588710e59cfded5a60a53835a4c3746a5b81ecd13471f899137dda4ffe19adea2b0a4f626247ae8d2682b536140cf6b6fd41a57a8c8ea22d489afb8e734b4d8e84a00410332e0a95b19b8dbb4ad1cf67840d9b7d982d24dda3196ff0c9cf066d0f2b327b99cb5d0373f65ebc1d4f988fa2195400e16b370d256c9f4939e781ef0ca54e1d6eb67b3b2f347776a0eb2fd87fd2d71242ab87fcb308ec7b09b58f0eb0c9b98ec98072d7df84490497204772f5684ed276f3bba0acda3d081a83349bc329cac96433594a9a135a9c63260d59997296dcedcab3fa4ebcadacd56d892aba859542ad80dc1c415908462f1ea4f766147cb503db0a639eaa97646865bd25bd5f94dc6c0fdb407675f0808f390d255d51b8d7876b827c5086528a739108d79a8c57f4a42e34dd26daec0d488a0814d7bb6147c819ce340056898b9856728aecf8d9890a79802285f425e2dab847f49d5ebdd48b2e41931ff0226eea2f20df4697df836a608e0036a5a2d075674f7855c3ddb46ba2c9bfbc8269e5c14e0cd489a63bef83e10eeebb26c89e9cc8d7c05dc98362b3e4605c1a10ff57f2fecc87cf5ebe238af2b56517011ab7619d0edf6223f42ab348a922ce8c3eda7a9778309a15c4c481effba11f3953b576e31d1c7840eca16308adce1119b4515764eb21da447c03a9ed201e8ea069ae32c3ba3087aac3bc3e9ec26574d556a66203ad557ec97244b80eaebff2b75c37e3c476035e8987ad4017892241a676c17231b005936f6039947cbf8c717d89db47dd9e483de1b80ae9c943f0c68d6bee9264488478407fcb6a95b01c8c57d0b4b2ff70cd40ba0b283f7ee41a7482eca63e4180a07bae4359d27889a2385726c6325f9a7c60326813f562faa17d11f5a0e923517b83a42540fb1a30ef4172b97ef2b80509152f21c77e260e5689b6b53ceaea565b6162dab690be7912f7a8cb4929c26551946adc5750afcf597f87f2e386670b1e0a949f8df5104c1d192d485b2a12271a49ee16a52fb9fc210dbe838d9df7d229c2c75d5b57de44dc028890553c863c6bf3b256beaf31e9d3267b1b7363c2d26bfa40398c3db176a2e9bedaedc7aa76a2bdcd9ce83874ae5b9930bf77ba175f3a2d2853ebe1996224359b42dae87f8b4a78294c4e0347760d481f2a5f49d00758ced323658ac5e6854aced39a0d365caf99f4f682a675f94fc724bb381a6f242d2dd49777371bbf5a8f65037be04b67ddf13386cac554f5da288ae19a573a363408b8270d422940217c6a1f3e2bf1372837e4ecee59ca4e3046cbfd51d56542f101eeb82b41ff48944bae998ff432def4ba1e3665e5d25198031917b57849a1abe873ee46b7dfaf06fe2157674bd6e061e1e8480a30bfd0089f831209aa37e6b0c184de99863ea7b848d65d205674b830f3452a103fb83a5eec02e08353090e0cc9b1d5e1b1649701d541327d1072a1348eef6becd5e6d4442f279954853fda10b881911ed73316ce95ede6355bd734d77a19cab7f48e67733eeaed993ed3a0658ef42df63b236505adb2ce5c2303018e03919062044d2a5a5aa075369eba8bda780b39af905535ec07235b9ffd917383b7b482d88ec13d0000062675ad9151fa4d526c1a4784e06757b2662877f5837315c1c310d6851a06afe859b1a27376b069b7af57840ae6db881680af51453382ac0d16f8a92519bd173855d7d075d25aa2fd7809de6e7589f02ae0491412c602de5187e4a8b2812d18f4c1408a9c5163060728442560ae127a580105c1af40fcdfe24b5cbf9594306ffd12470badd01993cdfbbbceb9ca3207b84b0945b95aa377a608269081be1688c725b9e41c90acc92d7c60fd2103ed717783c466ac5a23fece27c1d7d355248c187b832d2e01f79fd8742295386b6afcce3f2a207b3e9418e5b3dc2724f78c80c925321ff66efccf3c1ecd137bf01419348e3ce0145d49a715f371233fb1ce1cc69b15b75ccba0ab0ba06371f0e5739c43e00ef539dcca2499a07062bd9129878112aff97f4e514639274dd6bc0b64d5828367e8fe220fa5603956cd7e59adff434f9a1f7673615744844e13687fa8221ab436233852c48d28c83d5dd4489d14d1c438834b47cfbb055ec90de9d4fe983732ec32c2c58948f2f6820e7391f5de78aad66b04a142eb980e8d5b072ae0df088d0779eaa28a37c933e08d1f52ce4b1f6dc453e765431765ecc0054087bc37e02f708fc47d72941238ad1fce2aa37084812efb4d5c1ba8dc68ae007f8c9dfaea39d2f8e55ef43cc9e9b4dad097586cdc5293342f870845edc76441bf26cdceb34636a4c12bfdeb3a29f4b3e7bf1f3cb288147cba2416cb3934cba53a0d46bc02fcf6edec3446ba75c295f2d964235e89dd1ee2959e6bbf518fdb94c8c23fdb55de36b3fa0e52e3d79c2b9b011765054ab9212274d99b1ade0fcaac026a61d15ae24c2b93f92a16da1c130f516980af488f61c77432a016fa430fc13d3b9f507afa3c2d07bf5d907e16354f28ef83e6f2e9d55fa8722f40f74a7a8cf54e190c5e28fb1c9e874e4f0190b7b275c5411834e05d7c4c444488b0d2124f02a942f82c6882d619", 0x1000, 0x3}, {&(0x7f0000000200)="9fb1f920b90de1288379bd565d0dcee0a4fb728a42de3c493bfef439274395b0fb9a0d31447fc9fef1c23884b86da5029f10b8e6974d8fd2feae4d1358e6ffd5ae95f46c2b52356df42b689b2715b7d53197bf76efc0d6de23e5f2fb0c9efa5e9a5f37862a24eee3d31e2f9858cd", 0x6e, 0x6}, {&(0x7f0000001400)="992029b650722db7008b5543080087fd2c22f7dd8f01a4afa68b1630999387993580be81b10d5033095ed187286d709aa9f734a536b63d8e04f5c405c38f57849aa43f563ab76aa6cd5367c221632af3bb7c580696b7cbedf15a8cc4056959d1d382b7188f7a4e17f9e6a24d5d5bf847718fffdf92d450a320321ee75ccc6b0395cf11d16d51ee30e698a0bd13bc64eccd1ee9a549f369577e468507d7e4e5537cd26b7076704064d19ec3bf1da549f5477f7e34d40c81952f6e758f032715ab2e215436bbf61912d8bf734ebe7e7c397fb2d2e9649b0d19996dbc0d8ec465fcefcfa702066415bbf53f5a46b618ee713d1df286ff4da0fb8b2b98598499097e0f83e31f9d07e3722865b6b13d4531e82d21296fa418d76f76265924f64f372bbe5720e218b8f6579766ab52e222a703545a9689bae5d8f66d17a48d8924635d86dd3dee1bf84b30676819238fa0ae391a390ffea8c992fe6e90934218ff99deeec9ce3cdd32e367ef08c0910fbf8a7b46ac1ed2f79e44fb19634774a840a824db6bba15b9afe75ff58ab2cd30ec2e3378c86f28ccb161b06e2237f1380ef891f38d7b79236028b8806eca6bf9c0b945fbee02ab68c0ebcc5a1fb8d01d45a16694cecece3664c4340af4b08dc4e48592f87366dce78e08681581026b7a2601535269f66788ae3080a0070d6d06af7e72de185321c05cc2228ad6e456b9405bccad8759f17a3975e4903c263267b6de89480e75a65821bf50182b04c76923dc7e77ff20d8bcb871bd6e4cd5ee18637a89602b4c4c4ab3df0b0f6d984212591268da337d7b7bb6f177f1ccb204c5104f884c69b15c1db350198eacc90cc1439e485a44f06070d581928ac4d39c439ffcc500e5a75d3e81e28af205395a259658c0fb042dcfe048d14e59ebea6fe118da511b0f10f0ccf73deb55ba8f765c8770c9d7b71fa9df36572e03d5e459546301b40e4c931131ef4e1a130c32d0d452918dc8b3079125b7d8e4b3fc6d152b168d13f594ad60a28708e46628dc0c5a2fe71b610945d32ed5beef00b63e1628de13cf713b0f405bf106afc7250ee452ec02fa454a88c99100c193c14e9502fc0236a24c2cbc2dfdfbcea55306cb2a5a7c620caa9c45309d713497108c79c345e55d5b314ae98573cad10a2b2a5a64b37d606a59082e52b0606ed54b69b34e5a00cb4f85cdb97dc81cb27da38925379dcf8e5f0b30894e640026797f455d0751f22ccc6a83b394784844f8b9e4e8caeb7acabb1d21c7bf1634d87af19e571c7ccd9aad1a918de8b4b93e3f65fe7874944576602f59fe2be81827a4546edd1e170bc08b02e6b5c7737135c6be9717fc58ed41ef7ddc88704415563d23d49e418f5fcdd839e685fe306ab2f248fb711655d43a687eb0aa67108ae6fd6e19f50cf988635fe4d13111858f852c1138a777242170075cecb532a083aa861d919008a40b32fee947f5f08a7dcd1bb3791eb2479d69ca701afbf391c12fd99a0394900ee00e5a8011792cbfa5da491912f8f4ea4739afc527b17233a34a71123898611331f03f82ad29eeaf7382f9ab30c06d8eb6cd79d6debe34b63e0043b9c9bc8ded7b58d76d81d6e17024513ea4840cc62b2d71a4cb8a5b704dea05b3458ed2002d66042be7696d1273f63fe8e789e06a768f3674e0970d099fa630300b18033d84e4cec3c9e0b51cde3932b5501d7a9e62b6531ad0f346269df504c08a92335b9c55b341d4243ac7f126a049425c2ec4d8e81fc9dc67b5664601b80cdd326b532f302556788ea0765e4d753bb7fe8f52936a523a17037b1048dcbd8901f592fbda25d57e54effee722ef9ebe934f61655a3698fab1f0d91ba763618118218f49c8d4b15e5e1e7b9d7a9aa696017610eec0f6fb7064c5e4a7027e95db00572820d2fd16aaebd4670c643a531296211cea4e162c35890a77bbef710744474032bc70c45819a6930bbc3084e3534985f4170950880373b3b27453a5bc61ca1e4752ac8889a2efb50fcf3a1ef431dea0f2867e8ed05e3415bc1d72e2cb8b519bd73b6a41debb429a14d6255124d4ba314fa10d1343daf3532f191d04b2b1faae25cb908f82bd9e8388bf6fe1eebda4725c1ed56710d1629ce450fbcaa091e79a78ab927295395b69506a1f85411e0b56a60099a59054af77ba898f86f2caaa941da75e54f55521cdcaef827ea37c2019f2ebe91b15535bdd5f42fc792cc1923191f1c4280ed2e037ee09855a56a97c8a37e41d033d2f0f08858b28619715aff78209772356e04195d66a3687aaa614a7cf4c4243057296a10708900fc070a42729c1f68014157d7efb0138bc8cbbbe65f2795ad98fc934a1869d7d605d7d57de1503f718ab0914ece071192eefd574c3123199e5384fc9a0274373858f0769760106b76ecd520b5d046b91f5db76bb110866f138bbb59a00ceca142695de9d76be3d1d66eab05bca34a03d6e435636077551f901344e48f9f4d5aa7595334b77738a84da92f73ad0ae57473bb2881ac805ee3ac8e775d16873ef1150b54c360e942be467695a35659398c2c13b43e724327f5db16ec54868f467e4863e2d0f53748e409d5dea7896a451699dc26f1dc1f66ad9e3f1ea3a959d350a3d6633dce8dd6714435ab6beaf7fe3d99e9d4f143f4a1673ca5d6de3bda61f46f410ac9ba7a3a97217c15962958829f72ecd53c0068c84f78e7ac606569aa265993ea5dc4daebb4e0b37eee7b03f003724f65ff367cdd6f9f3880fcef994e2efae0aef2d9ce3e42faf90242331ad8c7dc698262886614f1de4a4565d8219f4dc983922b6edce782b4a526148a6bcff4ff779df63928dc88da6695d640d3e8845f9d00e747d5921da83a4230357c82ff49ea673d33efdf2195538c70df6ed213a12c60424f204703019842910e63f984135246f7e85afa13e27415cad647fb09d757336f10df0c30fdf6f0c49d1286349d243e3a06b724af6516ec0865ce79f1b092eaa0a966c89dc6e1d4d548a00bdba4c5b728a83e8770ca598092d78380e69cb6847e331e7a86a691f7e3baeac289de97030c68e928dc4876a1d36c1d785a324f0608552f750ac06615bfef55f20fdbb43ba301432ccbf8c3a47f76d3c6761cf3aa657767144f94fd3caa5a563ca699a551f97fce92528352227c52b3a3e9b3e363c4d514757d032fa21d5588451b06953f787a9672851ba138702cf433a5fad75d1bd799585e138af7e4a447f58b734cf45d187aff30712d26ec42b9b3bb483a60fead545b560e6a7432412617f16158881162c59f6a8ebce1e29deb153bfd614c2e63dc2cc0729d89d26e205bd1fe0cca93e665fe9c5432db8063da6d2d8df068e5a14f6f6248849a89034b42edace9249730f85a651c3e4efb5c77a110d709992801eaecdde75ffcd6fc111fbcfa50e506c16b1445ad92f68e62f1690aedc177f843a1dd32a2171e2b3da13402265930e217cbcd0349ef09bf09c2a6a5d64ef1fa30e7b460f1943f9f676511505fe1e4ee6a18ce50f56bdb7874bc4aabe7a46f1c63ba55b3de98e84bc4e55316d6992f642dad63ee64af9007770fbe9ebee0f30443665b53389a9fb3741cf7b5e560c68398a4f8f786a477d77de266e07c123fce1b56cdfa29837f69f71b719024daace954c246299053d05c53e063e1750373f6fe4a58440fa4c17c5e6dd014b39b5775474064f7271863caa656b4ab7efef41269788396d6966310fcf6c9a717f52dacd57060f4b5d4f579f7e55ee40a1d2b63c787fb6bfd6edf4d5f560bc4631df171730bfedf520d2ad32ee71af7142dcff5d5cd9c024cae579390f936063f1bfb7ebf685132598e2f73f9a7a2e4a51109ea48e05993e51ec4526f059e5b6b9d679a28c8588eca72370722f85bae06d46027fcd4af64f2ed5f965347461942fab0d7f58c869e3a807c54693d4f8555dc91849392a834448a5f8f6d790f8a52fa93f44770225426ed0a06874a9314b98fc63deaacf48de4c34ed22dba890095ce0bbf8cbdb9414c4bffc21d9b052573889f820dca3f5949326125d4a90b6a76a47bfe9d60df73f54814fe609203daec00a73f1eaf9e78822efd18129bd227e8634c0c8d68b904c3fd72a5cab0b211e178e3daf120c67f6f3a0746901fd6c03c923e8e3956e27a28ef516d386481f935bf3c655dafdc716cdbdf98f37ac90903dec1b65bd469f045182ecb6e0e16c3f6a8019cbe2eda99c6e41722cf3c855fddd9a84ad2a34575d2341a20da10266554f4c5797515964feec759331842b5560eebeb2193012a4cf7e96bc287bc5223dabaf2f479d2bf28b558bbb9f59d4f65ee96beb94050a5f2235e496942041ee5d944e4d4dc0be123e8568c717b989ae3069e6e3056b90de9f9c03bc39e785670a504da7f69d26187ea2497c4b760b1dbbe92fccd2f61b8a3f8e949e8359337ba5b69a8cf54e8c4081e84fb991b6847f93bb2943fd41797151d09f66afa898c4e3a282167534b62d288335779c13c40d6fc9e52489d474a66c33f866b36f3f14bc3b0992cd8919af22eea5bafdb087945849d2483a5b2970389c0a685efa8163807f7e13b3eef6b3086a8292bb237b52eb92454d71d2f13806ecc5e0f182e109f6cf93d6fc2de0f42d4a1716976d5d499835676387573e4f84d199a781a3339c983dee1b0ef2f1366eb5f7d0cbbcdc2814fd639b25cdb1508b6e4cca551a871e486e8710799a9f49b10e7b0a87ee06f8a7330df1d9d249aaba62f6daf79c746a1c766c66b14f61df0c759568f0ad491997b55dcdffbe070ac085678f101f6f617b85017806fd7a60d3e5868a751352d8ab4ff6df03f774cfaf5288b72e3ae8d0188f1f08edcc8a58be86bdc2415838a221c45d7be150c8caf2e78057514d661b46f8c206012dc9093a924656b04326e77f04faf269da815903a43e8cc31eed365463bcc4323342b292276e8b921c1d00e9b54046e93e7e42f2e095df3dc7459a697acff4607e39e82ca7612fe1eeeee5d319b8776c6a5583822361ea9ddf8df0a48bfbbc3d851e541c41ca29df2e34c4d9845854d85492f588f1a2aeb0ad281b9395162f7d12764dbfcce079be1e6f84fbe3f3353baef1fc6cf2b088ab89555c47f48aa542333647962ff5285e22f1d559da288596c3f3315da332bee4b5d087c447e5a56a2bb1935f4c4007e8e416cd4ae771967e105c9c95b77c1aabb701af6cfa9d43a0c10ab3551719a071b7e9183aff7324737eaa2af4c142f6a9c7c043f26e6c53190869466d3b63cbce5c6a210576c594fc1db80997ce31c9afe4bfcc9e1a91ef41f51b0242535ecf43489e81f17ea6b905aba59382318e1d342ae001a36cccb57b9f6ba6c6285831f201d4b4634f9f59c9d424a51b240e149e2103ab20dcac8501861a777128dd5e9b2574e63977d3351767f557f127aa29246191b44358970b42cf089a5f0b835dd22cff13aed8e388016f4b7d3a85add1fca02866548fb9ef621ca21f46830847f508d3ed91af5712fd8082ba1830d777cc92be8a1248f6377887f962e75573fd7ac0dee48427e20a721b7c3d01ac17962270035e3cd2f7eb301d590eaa10c10409b1afa9e27aeb7715e96cc4154bf2103ce522068ea6662473d55db79f8a2933a3f2e058f94f3b6b1220122acbd5cb73ea3dbee6a707eecb92767d8bef1d58a7dc01bd6a1c94fa94e7b5c4ca55cb0b8c0a2b18b611108694869003631a3ff4d0766ccc02c600e7ae06436a5e8e4780a97e581d1aad2555a18693de5e38627bbf57c40883af1bce156082df1e1cb0b5a1", 0x1000, 0x1}], 0x20, &(0x7f0000002480)={[{@nr_inodes={'nr_inodes', 0x3d, [0x39]}}, {@huge_advise}, {@nr_inodes={'nr_inodes', 0x3d, [0x67, 0x36, 0x30, 0x32]}}], [{@obj_user={'obj_user', 0x3d, '!-,,.#}'}}, {@pcr={'pcr', 0x3d, 0x17}}]}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x182) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:04:31 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) mkdirat(r0, &(0x7f00000000c0)='./file0\x00', 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) ftruncate(r1, 0xfdef) 11:04:31 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 54) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:04:31 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}, {&(0x7f0000000500)="b212e544e89e72b3f279a24a3050b0c038fc4af49ea142dbaf40eab8b5897f07c97305348702fe340753dcad70f49768d493264a39718cb6291ed0b3b321e2be1916c71536b8be1f33d53b6042fcc61f4dc120d64f70ce621794c6175328fafffffffb4f11bc62170993d7715e3ffc1c4c18e94bddbd6412a21e521d9555d5f6038ae22fd832d14e8eab56059a7265e3fd3b29cc912fe07b89e6f346529a65c49f240c28e19d0957cd010dec3cd2c9b1d360bc85b4f10de19dc255660582ad726d505596dd336c2b2acc229c55043fa2ea7ec36307b75b6985bca2c9db350594dd7b1506e249490d296e8a934a8daf1801b24c60f4c3", 0xf6, 0x8}], 0x921022, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000002ac0), 0x2a0800, 0x0) openat(r5, &(0x7f0000002b00)='./file0\x00', 0x14102, 0x80) r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x100000001) ioctl$SG_IO(r6, 0x2285, &(0x7f0000002a40)={0x53, 0xfffffffffffffffb, 0x56, 0x7, @scatter={0x7, 0x0, &(0x7f0000002900)=[{&(0x7f0000000400)=""/255, 0xff}, {&(0x7f0000000240)=""/119, 0x77}, {&(0x7f0000000900)=""/4096, 0x1000}, {&(0x7f0000001900)=""/4096, 0x1000}, {&(0x7f0000000600)=""/255, 0xff}, {&(0x7f0000000700)=""/222, 0xde}, {&(0x7f0000000800)=""/108, 0x6c}]}, &(0x7f0000002980)="a5d2c2ca5b92fbe659a53cf286e1e90e2733834448655895a9dc13dbc20d4a703071a0ad837d0cda03ad44d1cb66738c1d1f009551b04ea9617855c5fc9b4b5dda3ad8c52a4609a931d19c0cc11e6a8343383093a758", &(0x7f0000000880)=""/37, 0x73, 0x1, 0x2, &(0x7f0000002a00)}) syz_io_uring_submit(r3, 0x0, &(0x7f00000000c0)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index=0x6, 0xe6, {0x0, r0}, 0x5, 0x3, 0x0, {0x0, 0x0, r0}}, 0x20) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r8, 0x0, 0x100000001) ftruncate(r1, 0xfdef) 11:04:31 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000b00) 11:04:31 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:04:31 executing program 3: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) fallocate(r1, 0x10, 0x0, 0x1000002) r2 = dup3(r0, r1, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0) ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, &(0x7f00000002c0)={{0x2, 0x0, @rand_addr=0x64010100}, {0x6, @link_local}, 0x20, {0x2, 0x4e22, @remote}, 'vxcan1\x00'}) r3 = dup3(r0, r1, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) fallocate(r2, 0x1b, 0x5, 0x3) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10) ioctl$INCFS_IOC_CREATE_FILE(r3, 0xc058671e, &(0x7f00000006c0)={{}, {0x1}, 0x38, 0x0, 0x0, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000340)="126b89793fb122e9504d8074f966be69bf7b4dd87da9d80161dae1787ec2d6b9467774909f7c009a602277301cf50c1eb83b8859c8672364fb9532d3e1b5759754bf20031994fa0b17e1585b319e01315c8ed16e0ef31e83b32272c3cbc02be4ba76c4f35dd7aeafa9d80d28182d93ff6f1e56ee8dd2ee8ba6daf011ff372c6668e0d1c150047b07978feee3e2a704a5d054c05f89ba45d4e72d4cfd57ca12ed89e7c74f17377462961b68c55a60fb32e60448ee9dfd32b5b4bb18d355dcb75cd0f8b14d1bbfce5cfb422313f039b33a8613500e811d8886469cdb1413fc02b931529bffa6e2564f2071afa7b0c515d06beb20bdee7e06ee0870cb0edec98cab3ed45fd8267f4e11631d87eaefb6465552ae9e1f09fb7539d5c97d27b12f7e892f0e3afd21f5e23a0bd40a9b178e4dc0ce4fb2a784fd27a969e01282e77fd632bf1f12c1d81c2caf4c179279362b7220fdf76466c7644938c53015102b6de985085d10a5b8ce3268eb42c9b8975b35787a180bdefb5d098f77b76417a3dbbfe4b98c0e2b9b4c794811b7dac1a9334e03d24617d8899ae9b033cb38e81dbc69c881e5e5930cc2d981795d60bca0bfb617d307c06287e328d13e7418561aeb61bce01c6170c512f8301eb4b400b5057dd84c41de7bd0f2b3e72c47848b4f17525490eb10b85142462eda22b0c8bf3c", 0x1ee, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0200000000000000000000000cec000000259b5f9c603e6b4987953a18f62d2e1ec36fb9f2ea65a99ea846c3f143d57c5fb9094fa0d1030854fc88d381fef169dbb96f7772dd16c9ab5f0ec9ab1c1a1891a2d2948bbd368554c0e242104b94990853c00848429a216170516ee361cce16801822ca6614f1e7b5cd8848c8670a318ea4d998645a40f76ead7a80156368e4e91d00543ccbb477b6d147cefeea8aa5afbf76ab1efe7800daff9771f42e5d792beb075dd438bbb761ecaa3c2f349306c83a601918c2669861eedc6565254f4862a458ca3eb212b7ccca3708e97fb1d3a3593d1a94b9d3084aeebd0da370aef42b39e9f0b0fc5b338e16be5b8030000002e7f4c4b000000761a2a663253bd23a9514b997397172e5c271f0792d22afbaec57d25b06187327a042598cc44ba7c3f61e4ca2c507924750bbdba85550417bca290f13c2e160591c3e5f44207360ee6d10d23055b668987ed6c2738c26bc1d27b2ca4f7bc1b9a76d4e6f821a8529722e8047127bfe9c6af3a3d16fab5be06037017f8607b01f1ac23666384449c0bfc3d"], 0x153}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x94, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x47c0, 0x94}, 0x807a, 0x1, 0x0, 0x9, 0x0, 0x4, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, r2, 0x0) shutdown(r0, 0x1) openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x40, 0x2c1) unshare(0x48020200) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x7, 0x20, 0x78, 0x0, 0x0, 0x2, 0x820, 0xb, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000040), 0x2}, 0x20, 0xffffffff00000000, 0x5, 0x3, 0x2, 0x3f, 0x34, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, 0x0, 0xc, 0xffffffffffffffff, 0x8) [ 1701.952696] FAULT_INJECTION: forcing a failure. [ 1701.952696] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1701.954736] CPU: 1 PID: 11235 Comm: Not tainted 5.10.222 #1 [ 1701.955141] FAULT_INJECTION: forcing a failure. [ 1701.955141] name failslab, interval 1, probability 0, space 0, times 0 [ 1701.955585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1701.955598] Call Trace: [ 1701.958739] dump_stack+0x107/0x167 [ 1701.959285] should_fail.cold+0x5/0xa [ 1701.959849] _copy_from_user+0x2e/0x1b0 [ 1701.960439] comm_write+0xbf/0x2a0 [ 1701.960960] ? proc_pid_permission+0x300/0x300 [ 1701.961643] do_iter_write+0x4f0/0x700 [ 1701.962233] vfs_writev+0x1ae/0x620 [ 1701.962776] ? vfs_iter_write+0xa0/0xa0 [ 1701.963369] ? __fdget_pos+0xf1/0x190 [ 1701.963929] ? lock_downgrade+0x6d0/0x6d0 [ 1701.964545] ? ksys_write+0x12d/0x260 [ 1701.965110] ? __fget_files+0x2f8/0x520 [ 1701.965716] do_writev+0x139/0x300 [ 1701.966239] ? vfs_writev+0x620/0x620 [ 1701.966818] do_syscall_64+0x33/0x40 [ 1701.967365] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1701.968105] RIP: 0033:0x7fbbbec6fb19 [ 1701.968645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1701.971294] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1701.972391] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1701.973419] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1701.974443] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1701.975474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1701.976502] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1701.977563] CPU: 0 PID: 11222 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1701.978572] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1701.979869] Call Trace: [ 1701.980257] dump_stack+0x107/0x167 [ 1701.980795] should_fail.cold+0x5/0xa [ 1701.981352] ? create_object.isra.0+0x3a/0xa20 [ 1701.982025] should_failslab+0x5/0x20 [ 1701.982583] kmem_cache_alloc+0x5b/0x310 [ 1701.983197] create_object.isra.0+0x3a/0xa20 [ 1701.983834] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1701.984576] kmem_cache_alloc+0x159/0x310 [ 1701.985185] alloc_buffer_head+0x20/0x110 [ 1701.985783] alloc_page_buffers+0x14d/0x700 [ 1701.986418] create_empty_buffers+0x2c/0x640 [ 1701.987072] create_page_buffers+0x1bb/0x230 [ 1701.987717] __block_write_begin_int+0x1d1/0x19c0 [ 1701.988416] ? fat_add_cluster+0x100/0x100 [ 1701.989032] ? add_to_page_cache_locked+0x40/0x40 [ 1701.989731] ? __page_cache_alloc+0x10d/0x360 [ 1701.990383] ? remove_inode_buffers+0x300/0x300 [ 1701.991067] ? pagecache_get_page+0x243/0xc80 [ 1701.991718] ? unlock_page_memcg+0x96/0x170 [ 1701.992350] ? wait_for_stable_page+0x92/0xe0 [ 1701.993004] cont_write_begin+0x472/0x980 [ 1701.993617] ? fat_add_cluster+0x100/0x100 [ 1701.994230] ? nobh_write_begin+0xed0/0xed0 [ 1701.994869] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1701.995697] ? generic_write_end+0x20e/0x3f0 [ 1701.996330] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1701.997067] fat_write_begin+0x89/0x180 [ 1701.997642] ? fat_add_cluster+0x100/0x100 [ 1701.998258] generic_perform_write+0x20a/0x4f0 [ 1701.998935] ? fat_direct_IO+0x1ef/0x380 [ 1701.999525] ? page_cache_prev_miss+0x310/0x310 [ 1702.000217] __generic_file_write_iter+0x2cd/0x5d0 [ 1702.000932] generic_file_write_iter+0xdb/0x230 [ 1702.001622] do_iter_readv_writev+0x476/0x750 [ 1702.002274] ? new_sync_write+0x660/0x660 [ 1702.002879] ? avc_policy_seqno+0x9/0x70 [ 1702.003471] ? selinux_file_permission+0x92/0x520 [ 1702.004208] ? security_file_permission+0xb1/0xe0 [ 1702.004964] do_iter_write+0x191/0x700 [ 1702.005545] ? trace_hardirqs_on+0x5b/0x180 [ 1702.006182] vfs_iter_write+0x70/0xa0 [ 1702.006741] iter_file_splice_write+0x762/0xc30 [ 1702.007446] ? generic_splice_sendpage+0x140/0x140 [ 1702.008273] ? security_file_permission+0xb1/0xe0 [ 1702.008982] ? generic_splice_sendpage+0x140/0x140 [ 1702.009700] direct_splice_actor+0x10f/0x170 [ 1702.010351] splice_direct_to_actor+0x387/0x980 [ 1702.011046] ? pipe_to_sendpage+0x380/0x380 [ 1702.011685] ? do_splice_to+0x160/0x160 [ 1702.012265] ? security_file_permission+0xb1/0xe0 [ 1702.013000] do_splice_direct+0x1c4/0x290 [ 1702.013691] ? splice_direct_to_actor+0x980/0x980 [ 1702.014388] ? avc_policy_seqno+0x9/0x70 [ 1702.015003] ? security_file_permission+0xb1/0xe0 [ 1702.015723] do_sendfile+0x553/0x11e0 [ 1702.016306] ? do_pwritev+0x270/0x270 [ 1702.016873] ? wait_for_completion_io+0x270/0x270 [ 1702.017586] ? rcu_read_lock_any_held+0x75/0xa0 [ 1702.018264] ? vfs_write+0x354/0xb10 [ 1702.018826] __x64_sys_sendfile64+0x1d1/0x210 [ 1702.019482] ? __ia32_sys_sendfile+0x220/0x220 [ 1702.020162] do_syscall_64+0x33/0x40 [ 1702.020706] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.021449] RIP: 0033:0x7f24f4026b19 [ 1702.021990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.024635] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1702.025731] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1702.026758] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1702.027959] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1702.028984] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1702.030014] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1702.054299] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue 11:04:32 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 55) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1702.182649] attempt to access beyond end of device [ 1702.182649] loop5: rw=2049, want=276, limit=128 11:04:32 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 58) [ 1702.340747] FAULT_INJECTION: forcing a failure. [ 1702.340747] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1702.342714] CPU: 1 PID: 11252 Comm: Not tainted 5.10.222 #1 [ 1702.343598] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.344867] Call Trace: [ 1702.345277] dump_stack+0x107/0x167 [ 1702.345845] should_fail.cold+0x5/0xa [ 1702.346445] _copy_from_user+0x2e/0x1b0 [ 1702.347074] comm_write+0xbf/0x2a0 [ 1702.347624] ? proc_pid_permission+0x300/0x300 [ 1702.348345] do_iter_write+0x4f0/0x700 [ 1702.348964] vfs_writev+0x1ae/0x620 [ 1702.349521] ? vfs_iter_write+0xa0/0xa0 [ 1702.350137] ? __fdget_pos+0xf1/0x190 [ 1702.350720] ? lock_downgrade+0x6d0/0x6d0 [ 1702.351378] ? ksys_write+0x12d/0x260 [ 1702.351966] ? __fget_files+0x2f8/0x520 [ 1702.352596] do_writev+0x139/0x300 [ 1702.353145] ? vfs_writev+0x620/0x620 [ 1702.353745] do_syscall_64+0x33/0x40 [ 1702.354314] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.355211] RIP: 0033:0x7fbbbec6fb19 [ 1702.355946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.358710] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1702.360047] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1702.361127] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1702.362296] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1702.363548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.364655] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1702.464498] FAULT_INJECTION: forcing a failure. [ 1702.464498] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.466234] CPU: 0 PID: 11256 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1702.467291] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.468614] Call Trace: [ 1702.469070] dump_stack+0x107/0x167 [ 1702.469722] should_fail.cold+0x5/0xa [ 1702.470426] ? create_object.isra.0+0x3a/0xa20 [ 1702.471132] should_failslab+0x5/0x20 [ 1702.471716] kmem_cache_alloc+0x5b/0x310 [ 1702.472342] create_object.isra.0+0x3a/0xa20 [ 1702.473008] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.473756] kmem_cache_alloc+0x159/0x310 [ 1702.474391] alloc_buffer_head+0x20/0x110 [ 1702.475025] alloc_page_buffers+0x14d/0x700 [ 1702.475691] create_empty_buffers+0x2c/0x640 [ 1702.476367] create_page_buffers+0x1bb/0x230 [ 1702.477049] __block_write_begin_int+0x1d1/0x19c0 [ 1702.477785] ? fat_add_cluster+0x100/0x100 [ 1702.478465] ? add_to_page_cache_locked+0x40/0x40 [ 1702.479321] ? __page_cache_alloc+0x10d/0x360 [ 1702.480006] ? remove_inode_buffers+0x300/0x300 [ 1702.480683] ? pagecache_get_page+0x243/0xc80 [ 1702.481370] ? unlock_page_memcg+0x96/0x170 [ 1702.482027] ? wait_for_stable_page+0x92/0xe0 [ 1702.482713] cont_write_begin+0x472/0x980 [ 1702.483371] ? fat_add_cluster+0x100/0x100 [ 1702.484013] ? nobh_write_begin+0xed0/0xed0 [ 1702.484674] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1702.485544] ? generic_write_end+0x20e/0x3f0 [ 1702.486218] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1702.487004] fat_write_begin+0x89/0x180 [ 1702.487585] ? fat_add_cluster+0x100/0x100 [ 1702.488238] generic_perform_write+0x20a/0x4f0 [ 1702.488938] ? fat_direct_IO+0x1ef/0x380 [ 1702.489556] ? page_cache_prev_miss+0x310/0x310 [ 1702.490279] __generic_file_write_iter+0x2cd/0x5d0 [ 1702.491053] generic_file_write_iter+0xdb/0x230 [ 1702.491767] do_iter_readv_writev+0x476/0x750 [ 1702.492455] ? new_sync_write+0x660/0x660 [ 1702.493090] ? avc_policy_seqno+0x9/0x70 [ 1702.493711] ? selinux_file_permission+0x92/0x520 [ 1702.494458] ? security_file_permission+0xb1/0xe0 [ 1702.495192] do_iter_write+0x191/0x700 [ 1702.495768] ? trace_hardirqs_on+0x5b/0x180 [ 1702.496409] vfs_iter_write+0x70/0xa0 [ 1702.496975] iter_file_splice_write+0x762/0xc30 [ 1702.497678] ? generic_splice_sendpage+0x140/0x140 [ 1702.498424] ? security_file_permission+0xb1/0xe0 [ 1702.499138] ? generic_splice_sendpage+0x140/0x140 [ 1702.499854] direct_splice_actor+0x10f/0x170 [ 1702.500510] splice_direct_to_actor+0x387/0x980 [ 1702.501199] ? pipe_to_sendpage+0x380/0x380 [ 1702.501841] ? do_splice_to+0x160/0x160 [ 1702.502428] ? security_file_permission+0xb1/0xe0 [ 1702.503148] do_splice_direct+0x1c4/0x290 [ 1702.503762] ? splice_direct_to_actor+0x980/0x980 [ 1702.504466] ? avc_policy_seqno+0x9/0x70 [ 1702.505077] ? security_file_permission+0xb1/0xe0 [ 1702.505796] do_sendfile+0x553/0x11e0 [ 1702.506369] ? do_pwritev+0x270/0x270 [ 1702.506944] ? wait_for_completion_io+0x270/0x270 [ 1702.507654] ? rcu_read_lock_any_held+0x75/0xa0 [ 1702.508338] ? vfs_write+0x354/0xb10 [ 1702.508895] __x64_sys_sendfile64+0x1d1/0x210 [ 1702.509554] ? __ia32_sys_sendfile+0x220/0x220 [ 1702.510232] do_syscall_64+0x33/0x40 [ 1702.510775] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.511526] RIP: 0033:0x7f24f4026b19 [ 1702.512070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.514696] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1702.515805] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1702.516838] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1702.517866] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1702.518904] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1702.519932] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1702.571417] attempt to access beyond end of device [ 1702.571417] loop5: rw=2049, want=276, limit=128 11:04:32 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) r2 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x400000, 0x19) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000300)={{{@in6=@remote, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6}}, &(0x7f0000000400)=0xe8) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r5, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r6, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext3\x00', &(0x7f00000001c0)='./file0\x00', 0x5, 0x1, &(0x7f0000000280)=[{&(0x7f0000000200)="81280260ebce89e55e2ec8cbb7b303bd0f02ef5927bb7b6394c19fb5", 0x1c, 0x100000001}], 0x4, &(0x7f0000000440)={[{@user_xattr}, {@init_itable_val={'init_itable', 0x3d, 0x3}}, {@delalloc}, {@abort}, {@norecovery}, {@jqfmt_vfsold}, {@journal_path={'journal_path', 0x3d, './file0'}}], [{@uid_eq={'uid', 0x3d, r4}}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@uid_gt={'uid>', r5}}, {@uid_gt={'uid>', r6}}, {@hash}]}) recvmsg$unix(r0, &(0x7f0000000880)={&(0x7f0000000540), 0x6e, &(0x7f0000000780)=[{&(0x7f00000005c0)=""/84, 0x54}, {&(0x7f0000000640)=""/56, 0x38}, {&(0x7f0000000680)=""/82, 0x52}, {&(0x7f0000000700)=""/70, 0x46}], 0x4, &(0x7f00000007c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}, 0x2) ioctl$EXT4_IOC_MOVE_EXT(r7, 0xc028660f, &(0x7f00000008c0)={0x0, r2, 0x101, 0x2, 0xd2, 0x5}) r8 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r8, r9, 0x0, 0x100000001) ftruncate(r3, 0xfdef) 11:04:32 executing program 3: keyctl$KEYCTL_RESTRICT_KEYRING(0xa, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x0, 0x3, 0x0, 0x2, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000380)={0x13016c580, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pidfd_getfd(0xffffffffffffffff, r0, 0x0) 11:04:32 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f00000000c0)={0xde6d, 0x3, 0x2000000, 0x7, 0xf9}) chdir(&(0x7f0000000180)='./file0\x00') 11:04:49 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 59) 11:04:49 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000c00) 11:04:49 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17, 0x800000000000}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:04:49 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) futimesat(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)={{0x0, 0xea60}}) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r4, 0xc0096616, &(0x7f0000000300)=ANY=[@ANYBLOB="0700000000000000000000010000007d2a9290379436b150e446f7a2c44b918c17d95e9a5001d6197e1c59c6d54300fe257e411cdf59ea364991c372bd6d12108fa2303c37712e164bd0ae72dad2c51591724d681abaf24676a0e74b9a10764051eb1b73800cac2148c525b6a24550c3db3b2337924444568a84199514eb15c52c1927e53c201ae77d3ecdf53da6ea3a1a0cd2ed6a3639062cae59d04678eec1"]) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x9) ftruncate(r2, 0xfdef) r7 = socket(0x23, 0x1, 0x2) fcntl$setstatus(r7, 0x4, 0x0) 11:04:49 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:04:49 executing program 3: keyctl$KEYCTL_RESTRICT_KEYRING(0xa, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x0, 0x3, 0x0, 0x2, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000380)={0x13016c580, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pidfd_getfd(0xffffffffffffffff, r0, 0x0) 11:04:49 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(r0, &(0x7f00000002c0)='./file0\x00', 0x1833c3, 0x20) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:04:49 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 56) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1719.500832] FAULT_INJECTION: forcing a failure. [ 1719.500832] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1719.502428] CPU: 0 PID: 11300 Comm: Not tainted 5.10.222 #1 [ 1719.503134] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1719.504141] Call Trace: [ 1719.504473] dump_stack+0x107/0x167 [ 1719.504918] should_fail.cold+0x5/0xa [ 1719.505397] _copy_from_user+0x2e/0x1b0 [ 1719.505888] comm_write+0xbf/0x2a0 [ 1719.506326] ? proc_pid_permission+0x300/0x300 [ 1719.506896] do_iter_write+0x4f0/0x700 [ 1719.507395] vfs_writev+0x1ae/0x620 [ 1719.507844] ? vfs_iter_write+0xa0/0xa0 [ 1719.508335] ? __fdget_pos+0xf1/0x190 [ 1719.508783] ? lock_downgrade+0x6d0/0x6d0 [ 1719.509299] ? ksys_write+0x12d/0x260 [ 1719.509770] ? __fget_files+0x2f8/0x520 [ 1719.510276] do_writev+0x139/0x300 [ 1719.510711] ? vfs_writev+0x620/0x620 [ 1719.511195] do_syscall_64+0x33/0x40 [ 1719.511650] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1719.512273] RIP: 0033:0x7fbbbec6fb19 [ 1719.512725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1719.514913] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1719.515840] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1719.516694] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1719.517548] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1719.518404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1719.519264] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1719.564539] attempt to access beyond end of device [ 1719.564539] loop6: rw=1, want=275, limit=128 11:04:49 executing program 3: chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000500)) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) pread64(r2, &(0x7f0000000300)=""/226, 0xe2, 0x8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200), 0x8000, &(0x7f0000000400)={[{@release_agent={'release_agent', 0x3d, './file0'}}, {@subsystem='cpuacct'}, {@release_agent={'release_agent', 0x3d, './file0'}}, {@noprefix}, {}], [{@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}, {@uid_lt}, {@measure}, {@dont_hash}, {@pcr={'pcr', 0x3d, 0x25}}, {@subj_type={'subj_type', 0x3d, ':'}}, {@fowner_lt={'fowner<', 0xee01}}]}) sendfile(r2, r3, 0x0, 0xfe) r4 = syz_io_uring_setup(0x3d19, &(0x7f0000000080)={0x0, 0x2277, 0x4, 0x0, 0x83}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000180)) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f00000001c0)=ANY=[@ANYBLOB="018556000100000018000000", @ANYRES32=r2, @ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) 11:04:49 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x100000000) ftruncate(r1, 0xfdef) [ 1719.622633] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1719.657641] cgroup: release_agent respecified [ 1719.688767] FAULT_INJECTION: forcing a failure. [ 1719.688767] name failslab, interval 1, probability 0, space 0, times 0 [ 1719.691135] CPU: 1 PID: 11293 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1719.692265] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1719.693602] Call Trace: [ 1719.694040] dump_stack+0x107/0x167 [ 1719.694641] should_fail.cold+0x5/0xa [ 1719.695276] ? ext4_mb_new_blocks+0x1fd8/0x45c0 [ 1719.696161] should_failslab+0x5/0x20 [ 1719.696900] kmem_cache_alloc+0x5b/0x310 [ 1719.697567] ext4_mb_new_blocks+0x1fd8/0x45c0 [ 1719.698314] ? trace_hardirqs_on+0x5b/0x180 [ 1719.699023] ? ext4_cache_extents+0x148/0x2d0 [ 1719.699765] ? ext4_discard_preallocations+0xd80/0xd80 [ 1719.700621] ? ext4_ext_search_right+0x2e3/0xbd0 [ 1719.701407] ext4_ext_map_blocks+0x1d49/0x5830 [ 1719.702152] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1719.703000] ? SOFTIRQ_verbose+0x10/0x10 [ 1719.703665] ? perf_trace_lock+0xac/0x490 [ 1719.704336] ? SOFTIRQ_verbose+0x10/0x10 [ 1719.705002] ? __lockdep_reset_lock+0x180/0x180 [ 1719.705756] ? ext4_ext_release+0x10/0x10 [ 1719.706436] ? ext4_map_blocks+0x5cd/0x1910 [ 1719.707154] ? lock_release+0x680/0x680 [ 1719.707804] ? ext4_es_lookup_extent+0x48d/0xaa0 [ 1719.708564] ? lock_downgrade+0x6d0/0x6d0 [ 1719.709256] ? down_write_killable+0x180/0x180 [ 1719.709702] attempt to access beyond end of device [ 1719.709702] loop4: rw=2049, want=276, limit=128 [ 1719.710005] ext4_map_blocks+0x63f/0x1910 [ 1719.711658] ? kmem_cache_alloc+0x2a6/0x310 [ 1719.712359] ? __kernel_text_address+0x9/0x40 [ 1719.713083] ? ext4_issue_zeroout+0x1c0/0x1c0 [ 1719.713779] ? jbd2__journal_start+0xf3/0x7e0 [ 1719.714511] ? __ext4_journal_start_sb+0x214/0x390 [ 1719.715298] ? __ext4_journal_start_sb+0x1db/0x390 [ 1719.716091] ext4_iomap_begin+0x3ad/0x700 [ 1719.716775] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 1719.717560] ? kasan_save_stack+0x1b/0x40 [ 1719.718228] ? ext4_file_write_iter+0xb26/0x18d0 [ 1719.718994] ? truncate_exceptional_pvec_entries.part.0+0x510/0x510 [ 1719.720016] ? splice_direct_to_actor+0x387/0x980 [ 1719.720791] ? do_splice_direct+0x1c4/0x290 [ 1719.721490] ? do_sendfile+0x553/0x11e0 [ 1719.722136] ? __x64_sys_sendfile64+0x1d1/0x210 [ 1719.722882] ? do_syscall_64+0x33/0x40 [ 1719.723517] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1719.724385] iomap_apply+0x164/0x810 [ 1719.724992] ? iomap_dio_rw+0x90/0x90 [ 1719.725615] ? trace_event_raw_event_iomap_apply+0x430/0x430 [ 1719.726558] ? mark_held_locks+0x9e/0xe0 [ 1719.727236] ? filemap_check_errors+0xa5/0x150 [ 1719.727976] __iomap_dio_rw+0x6cd/0x1110 [ 1719.728627] ? iomap_dio_rw+0x90/0x90 [ 1719.729265] ? iomap_dio_bio_actor+0xef0/0xef0 [ 1719.729997] ? ext4_orphan_add+0x253/0x9e0 [ 1719.730674] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 1719.731473] ? ext4_empty_dir+0xae0/0xae0 [ 1719.732134] ? jbd2__journal_start+0xf3/0x7e0 [ 1719.732867] iomap_dio_rw+0x31/0x90 [ 1719.733456] ext4_file_write_iter+0xb26/0x18d0 [ 1719.734210] ? ext4_file_read_iter+0x4c0/0x4c0 [ 1719.734937] ? kasan_save_stack+0x32/0x40 [ 1719.735608] ? kasan_save_stack+0x1b/0x40 [ 1719.736274] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1719.737082] ? iter_file_splice_write+0x16d/0xc30 [ 1719.737847] ? direct_splice_actor+0x10f/0x170 [ 1719.738574] ? splice_direct_to_actor+0x387/0x980 [ 1719.739347] ? do_splice_direct+0x1c4/0x290 [ 1719.740034] ? do_sendfile+0x553/0x11e0 [ 1719.740671] ? __x64_sys_sendfile64+0x1d1/0x210 [ 1719.741409] ? do_syscall_64+0x33/0x40 [ 1719.742029] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1719.742887] do_iter_readv_writev+0x476/0x750 [ 1719.743617] ? new_sync_write+0x660/0x660 [ 1719.744281] ? avc_policy_seqno+0x9/0x70 [ 1719.744928] ? selinux_file_permission+0x92/0x520 [ 1719.745702] ? security_file_permission+0xb1/0xe0 [ 1719.746477] do_iter_write+0x191/0x700 [ 1719.747106] ? trace_hardirqs_on+0x5b/0x180 [ 1719.747801] vfs_iter_write+0x70/0xa0 [ 1719.748410] iter_file_splice_write+0x762/0xc30 [ 1719.749171] ? generic_splice_sendpage+0x140/0x140 [ 1719.749975] ? security_file_permission+0xb1/0xe0 [ 1719.750741] ? generic_splice_sendpage+0x140/0x140 [ 1719.751527] direct_splice_actor+0x10f/0x170 [ 1719.752229] splice_direct_to_actor+0x387/0x980 [ 1719.752974] ? pipe_to_sendpage+0x380/0x380 [ 1719.753665] ? do_splice_to+0x160/0x160 [ 1719.754299] ? security_file_permission+0xb1/0xe0 [ 1719.755082] do_splice_direct+0x1c4/0x290 [ 1719.755743] ? splice_direct_to_actor+0x980/0x980 [ 1719.756502] ? avc_policy_seqno+0x9/0x70 [ 1719.757159] ? security_file_permission+0xb1/0xe0 [ 1719.757936] do_sendfile+0x553/0x11e0 [ 1719.758559] ? do_pwritev+0x270/0x270 [ 1719.759178] ? wait_for_completion_io+0x270/0x270 [ 1719.759947] ? rcu_read_lock_any_held+0x75/0xa0 [ 1719.760679] ? vfs_write+0x354/0xb10 [ 1719.761281] __x64_sys_sendfile64+0x1d1/0x210 [ 1719.761994] ? __ia32_sys_sendfile+0x220/0x220 [ 1719.762731] do_syscall_64+0x33/0x40 [ 1719.763326] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1719.764125] RIP: 0033:0x7f24f4026b19 [ 1719.764709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1719.767565] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1719.768752] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1719.769860] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 1719.770967] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1719.772082] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1719.773193] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 11:04:49 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 57) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:04:49 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) newfstatat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x6000) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r4, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000380)={{{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@dev}}, &(0x7f0000000200)=0xe8) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r6, 0x0) r7 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r7, 0x0, 0x0) getresgid(&(0x7f00000010c0), &(0x7f0000001100)=0x0, &(0x7f0000001140)) semctl$IPC_SET(r7, 0x0, 0x1, &(0x7f0000001200)={{0x0, 0xee01, r8, 0xffffffffffffffff, 0x0, 0x4, 0x2}, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f}) setxattr$system_posix_acl(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000480)={{}, {0x1, 0x3}, [{0x2, 0x0, r3}, {0x2, 0x2, r4}, {0x2, 0x7, r5}, {0x2, 0x2, 0xee00}, {0x2, 0x0, 0xee00}, {0x2, 0x1, r6}, {0x2, 0x2, 0xffffffffffffffff}], {0x4, 0x2}, [{0x8, 0x0, r8}], {0x10, 0x4}, {0x20, 0x2}}, 0x64, 0x2) ftruncate(r0, 0xfdef) 11:04:49 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 60) [ 1719.919886] FAULT_INJECTION: forcing a failure. [ 1719.919886] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1719.921327] CPU: 0 PID: 11327 Comm: Not tainted 5.10.222 #1 [ 1719.921885] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1719.922782] Call Trace: [ 1719.923047] dump_stack+0x107/0x167 [ 1719.923412] should_fail.cold+0x5/0xa [ 1719.923789] _copy_from_user+0x2e/0x1b0 [ 1719.924181] comm_write+0xbf/0x2a0 [ 1719.924535] ? proc_pid_permission+0x300/0x300 [ 1719.924989] do_iter_write+0x4f0/0x700 [ 1719.925379] vfs_writev+0x1ae/0x620 [ 1719.925728] ? vfs_iter_write+0xa0/0xa0 [ 1719.926111] ? __fdget_pos+0xf1/0x190 [ 1719.926481] ? lock_downgrade+0x6d0/0x6d0 [ 1719.926885] ? ksys_write+0x12d/0x260 [ 1719.927264] ? __fget_files+0x2f8/0x520 [ 1719.927662] do_writev+0x139/0x300 [ 1719.928002] ? vfs_writev+0x620/0x620 [ 1719.928380] do_syscall_64+0x33/0x40 [ 1719.928738] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1719.929204] RIP: 0033:0x7fbbbec6fb19 [ 1719.929567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1719.931242] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1719.931974] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1719.932651] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1719.933332] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1719.934008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1719.934655] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1719.978556] attempt to access beyond end of device [ 1719.978556] loop4: rw=1, want=403, limit=128 11:04:50 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000d00) [ 1720.017777] cgroup: release_agent respecified [ 1720.023084] attempt to access beyond end of device [ 1720.023084] loop6: rw=2049, want=276, limit=128 [ 1720.061132] attempt to access beyond end of device [ 1720.061132] loop6: rw=0, want=147, limit=128 [ 1720.061680] FAULT_INJECTION: forcing a failure. [ 1720.061680] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1720.064727] CPU: 0 PID: 11331 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1720.065340] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1720.066057] Call Trace: [ 1720.066299] dump_stack+0x107/0x167 [ 1720.066622] should_fail.cold+0x5/0xa [ 1720.066964] __alloc_pages_nodemask+0x182/0x600 [ 1720.067389] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1720.067913] ? find_get_entry+0x2c8/0x740 [ 1720.068283] ? lock_chain_count+0x20/0x20 [ 1720.068648] alloc_pages_current+0x187/0x280 [ 1720.069032] __page_cache_alloc+0x2d2/0x360 [ 1720.069400] pagecache_get_page+0x2c7/0xc80 [ 1720.069776] ? unlock_page_memcg+0x96/0x170 [ 1720.070160] grab_cache_page_write_begin+0x64/0xa0 [ 1720.070591] cont_write_begin+0x448/0x980 [ 1720.070959] ? fat_add_cluster+0x100/0x100 [ 1720.071337] ? nobh_write_begin+0xed0/0xed0 [ 1720.071716] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1720.072217] ? generic_write_end+0x20e/0x3f0 [ 1720.072614] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1720.073042] fat_write_begin+0x89/0x180 [ 1720.073386] ? fat_add_cluster+0x100/0x100 [ 1720.073769] generic_perform_write+0x20a/0x4f0 [ 1720.074171] ? fat_direct_IO+0x1ef/0x380 [ 1720.074527] ? page_cache_prev_miss+0x310/0x310 [ 1720.074944] __generic_file_write_iter+0x2cd/0x5d0 [ 1720.075385] generic_file_write_iter+0xdb/0x230 [ 1720.075795] do_iter_readv_writev+0x476/0x750 [ 1720.076195] ? new_sync_write+0x660/0x660 [ 1720.076542] ? avc_policy_seqno+0x9/0x70 [ 1720.076896] ? selinux_file_permission+0x92/0x520 [ 1720.077323] ? security_file_permission+0xb1/0xe0 [ 1720.077760] do_iter_write+0x191/0x700 [ 1720.078104] ? trace_hardirqs_on+0x5b/0x180 [ 1720.078490] vfs_iter_write+0x70/0xa0 [ 1720.078825] iter_file_splice_write+0x762/0xc30 [ 1720.079256] ? generic_splice_sendpage+0x140/0x140 [ 1720.079699] ? security_file_permission+0xb1/0xe0 [ 1720.080118] ? generic_splice_sendpage+0x140/0x140 [ 1720.080546] direct_splice_actor+0x10f/0x170 [ 1720.080925] splice_direct_to_actor+0x387/0x980 [ 1720.081318] ? pipe_to_sendpage+0x380/0x380 [ 1720.081693] ? do_splice_to+0x160/0x160 [ 1720.082035] ? security_file_permission+0xb1/0xe0 [ 1720.082457] do_splice_direct+0x1c4/0x290 [ 1720.082816] ? splice_direct_to_actor+0x980/0x980 [ 1720.083235] ? avc_policy_seqno+0x9/0x70 [ 1720.083597] ? security_file_permission+0xb1/0xe0 [ 1720.084018] do_sendfile+0x553/0x11e0 [ 1720.084362] ? do_pwritev+0x270/0x270 [ 1720.084692] ? wait_for_completion_io+0x270/0x270 [ 1720.085109] ? rcu_read_lock_any_held+0x75/0xa0 [ 1720.085509] ? vfs_write+0x354/0xb10 [ 1720.085837] __x64_sys_sendfile64+0x1d1/0x210 [ 1720.086226] ? __ia32_sys_sendfile+0x220/0x220 [ 1720.086628] do_syscall_64+0x33/0x40 [ 1720.086967] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1720.087414] RIP: 0033:0x7f24f4026b19 [ 1720.087737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1720.089302] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1720.089974] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1720.090583] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1720.091217] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1720.091825] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1720.092430] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 11:04:50 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) stat(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) openat(r0, &(0x7f00000000c0)='./file0\x00', 0xc0801, 0x21) ftruncate(r0, 0xfdef) 11:04:50 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) socket$inet6(0xa, 0x1, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:04:50 executing program 3: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f00000005c0), 0xa}, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000180)=ANY=[@ANYBLOB="0110000001000000c033900a2914c2eaa518000100", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000400)=0x5) recvmsg(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000880)=@rc={0x1f, @none}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000940)=""/149, 0x95}], 0x1}, 0x2) pread64(0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffff8) mknodat$loop(0xffffffffffffffff, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000000a00)=""/236, 0xec}, {&(0x7f00000007c0)=""/150, 0x96}], 0x2, 0xcae, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r1, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="00040000"], 0x18}}], 0x1, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r2, &(0x7f0000000580)=[{&(0x7f0000001380)=""/213, 0xd5}, {&(0x7f0000000600)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x0) open_tree(r2, &(0x7f00000002c0)='./file0\x00', 0x9100) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000000)) [ 1720.236658] FAULT_INJECTION: forcing a failure. [ 1720.236658] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1720.237704] CPU: 0 PID: 11346 Comm: Not tainted 5.10.222 #1 [ 1720.238284] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1720.238954] Call Trace: [ 1720.239198] dump_stack+0x107/0x167 [ 1720.239508] should_fail.cold+0x5/0xa [ 1720.239830] _copy_from_user+0x2e/0x1b0 [ 1720.240158] comm_write+0xbf/0x2a0 [ 1720.240463] ? proc_pid_permission+0x300/0x300 [ 1720.240842] do_iter_write+0x4f0/0x700 [ 1720.241175] vfs_writev+0x1ae/0x620 [ 1720.241473] ? vfs_iter_write+0xa0/0xa0 [ 1720.241795] ? __fdget_pos+0xf1/0x190 [ 1720.242111] ? lock_downgrade+0x6d0/0x6d0 [ 1720.242455] ? ksys_write+0x12d/0x260 [ 1720.242770] ? __fget_files+0x2f8/0x520 [ 1720.243113] do_writev+0x139/0x300 [ 1720.243416] ? vfs_writev+0x620/0x620 [ 1720.243742] do_syscall_64+0x33/0x40 [ 1720.244044] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1720.244456] RIP: 0033:0x7fbbbec6fb19 [ 1720.244765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1720.246225] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1720.246845] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1720.247429] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1720.247999] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1720.248589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1720.249160] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:04:50 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f00000000c0)='./file0/file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:04:50 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 58) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1720.277155] attempt to access beyond end of device [ 1720.277155] loop5: rw=2049, want=276, limit=128 [ 1720.280104] attempt to access beyond end of device [ 1720.280104] loop4: rw=2049, want=276, limit=128 11:04:50 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) newfstatat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x6000) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r4, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000380)={{{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@dev}}, &(0x7f0000000200)=0xe8) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r6, 0x0) r7 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r7, 0x0, 0x0) getresgid(&(0x7f00000010c0), &(0x7f0000001100)=0x0, &(0x7f0000001140)) semctl$IPC_SET(r7, 0x0, 0x1, &(0x7f0000001200)={{0x0, 0xee01, r8, 0xffffffffffffffff, 0x0, 0x4, 0x2}, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f}) setxattr$system_posix_acl(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000480)={{}, {0x1, 0x3}, [{0x2, 0x0, r3}, {0x2, 0x2, r4}, {0x2, 0x7, r5}, {0x2, 0x2, 0xee00}, {0x2, 0x0, 0xee00}, {0x2, 0x1, r6}, {0x2, 0x2, 0xffffffffffffffff}], {0x4, 0x2}, [{0x8, 0x0, r8}], {0x10, 0x4}, {0x20, 0x2}}, 0x64, 0x2) ftruncate(r0, 0xfdef) 11:04:50 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) stat(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000180)) ftruncate(r0, 0x80000fdf0) [ 1720.495813] attempt to access beyond end of device [ 1720.495813] loop4: rw=1, want=403, limit=128 [ 1720.536048] attempt to access beyond end of device [ 1720.536048] loop3: rw=2049, want=276, limit=128 [ 1720.585800] attempt to access beyond end of device [ 1720.585800] loop3: rw=0, want=147, limit=128 11:05:07 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 61) 11:05:07 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f00000000c0)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = syz_mount_image$msdos(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x4, 0x7, &(0x7f0000000780)=[{&(0x7f0000000300)="daa593a9ce23d61a8659f696adadc594d16156b6da43be603ff99956efa3a0abc8fc6acda020a371cb80f55f05462b3b9390f9e16ea3cc55ab4268f15772be49d04350886e036be72b04e901a84e14247675b6db45baf160a2d4", 0x5a, 0x100}, {&(0x7f0000000380)="f47ad2a353088e3248c34ac7f8f720f6acea180503b6efb1860e2ee740f5af8f276cc41345b1ed8d05e10c6126cf336ea6e2f899a8622fcd73bfc7a330f46e8d8b0f5d435077f053eb639abcaedf3394d2d7cba9eec46b31891ab55692edc17643e3b60a44b5857b5b224e748103a50af0b288a760c2cd3b6a5c282285497776ff97d69af38f69d235e4378ba50d8027501bf996630c1ea4db802351967fd81feaf538c56cfb785c8f01b986322427aba013115cefe5f794a4c4e21d2b6552420b96abafcd6127c6ee886609995b21179659b7440c6f6f0d26c04ce878d55f9e10ad632ab343ff4d63011b", 0xeb, 0x4}, {&(0x7f0000000480)="023db7062278f2291786ad381045023e465596ffe61d704d0d4401dc4a7388b8290d20babc08ab53a8229a713775eabecf3b7e6fbe7202e7e51ef67576beec2678833681a8a2d97647aabde8973aad622c105deb2c162bee2a4bc2eca32141fe277abf7c1e985762f19148ceeab788dd4b3f813692731ffa1e550b2b2a38225e2ea87c068354845d8205594983d1023f6e7b1b0fed95d69cf514417b7eb9786c1c53ec3fc8e3bd3466bd2a509a3a597c4f5b3ab78e4aa38c7b734eecf5612263dd5f06308d02af867b", 0xc9, 0x8885}, {&(0x7f0000000580)="3df3665c7c4474add6e7141d0910b29018ba91820762bd3925004b6a7017c9a0705608b91dcc3051a2cd1882d0000c696fd12de95f76c00826fc8f7b9f1cc411fcb925a0efac570f8ec61f45fda6948f983d0d13eeb90cfe471714a85b9bd8a0af1b0ef17fe3b62a6a18e38d8b25e7c0d8afca74a52eef39c6ff2def9160af3b6aaa4a278b6c20339e727f67548db231b8eb4c91e34884a5", 0x98, 0x4}, {&(0x7f0000000640)="4eae665ba129ea8969c596a2a0e24ef671e719814ee15f4ababb51a5e772745a6994893590bfa8d48cb729b3fad816de4adc60549e3f2508af090ac9d6b06dcadc92b44758f1159c5de46c1224263e1fa6e8176459e20d6110623945d96d22148cabe825fefafc3c459afae8f0041f4196d3a8508e7e028deb24d67febb8fc9f1c62", 0x82, 0x1f}, {&(0x7f0000000700)="1c4400d424e8454cd62b0bb34b09708dc251473cfb84c5fed3e76f929ae8b3c610a1d88f01bca6a17d07bd1b12aa52995ccbf5ca07bb5687c5731c87142e16dd71cced680a47aed5dc5bd9f7b916c97ac647b73e68e60d3bb1e65a08c142fa1dc82f2d4966d1b45dd462ad39a43078a1b1c6bceb8c99", 0x76, 0x800}, {&(0x7f0000000200)="6050c521c3353f565aba03c4c45bc1deaf5571dc60beb4e3e9", 0x19, 0xffffffffffffff7f}], 0x101800, &(0x7f0000000840)={[{@fat=@allow_utime={'allow_utime', 0x3d, 0xfff}}, {@dots}, {@nodots}, {@fat=@errors_continue}], [{@obj_user}, {@euid_lt}]}) pread64(r3, &(0x7f0000000280)=""/17, 0x11, 0x8) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:05:07 executing program 3: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x3, 0x4) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c010000100001000000000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="ac14140c0000000000000000000000000000000000000000ac1414bb00"/168], 0x13c}}, 0x0) readv(0xffffffffffffffff, &(0x7f0000000700)=[{0x0}, {&(0x7f0000000400)=""/202, 0xca}], 0x2) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x2007, @fd, 0xfffffffffffffff9, 0x0}, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f00000003c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x5, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x3) syz_io_uring_submit(0x0, r3, 0x0, 0x4) r5 = dup3(r4, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a63a85f508c53b74be1cc06a8682449c18237d779b4f25f709ca4b1d49", 0x1d}, {&(0x7f0000000280)}, {0x0}, {0x0}, {0x0}], 0x5}, 0x0, 0x4000000}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r6, r3, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_int(r5, 0x1, 0x3, &(0x7f0000000380)=0x7, 0x4) accept$unix(r5, &(0x7f0000000080)=@abs, &(0x7f0000000280)=0x6e) 11:05:07 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x141) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) openat(r2, &(0x7f0000000200)='./file0\x00', 0x102, 0x5) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x100000001) ioctl$int_in(r1, 0x5421, &(0x7f00000000c0)=0x1) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40000, 0xe2) sendfile(r5, r1, &(0x7f00000001c0)=0x24, 0x9) r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:05:07 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 59) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:05:07 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) open_tree(r1, &(0x7f00000000c0)='./file0\x00', 0x1) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file0\x00') ftruncate(r2, 0xfdef) 11:05:07 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000e00) 11:05:07 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) socket$inet6(0xa, 0x1, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) [ 1737.360607] FAULT_INJECTION: forcing a failure. [ 1737.360607] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1737.362164] CPU: 0 PID: 11383 Comm: Not tainted 5.10.222 #1 [ 1737.362882] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1737.363913] Call Trace: [ 1737.364253] dump_stack+0x107/0x167 [ 1737.364709] should_fail.cold+0x5/0xa [ 1737.365194] _copy_from_user+0x2e/0x1b0 [ 1737.365694] comm_write+0xbf/0x2a0 [ 1737.366140] ? proc_pid_permission+0x300/0x300 [ 1737.366720] do_iter_write+0x4f0/0x700 [ 1737.367223] vfs_writev+0x1ae/0x620 [ 1737.367694] ? vfs_iter_write+0xa0/0xa0 [ 1737.368193] ? __fdget_pos+0xf1/0x190 [ 1737.368676] ? lock_downgrade+0x6d0/0x6d0 [ 1737.369204] ? ksys_write+0x12d/0x260 [ 1737.369688] ? __fget_files+0x2f8/0x520 [ 1737.370209] do_writev+0x139/0x300 [ 1737.370657] ? vfs_writev+0x620/0x620 [ 1737.371147] do_syscall_64+0x33/0x40 [ 1737.371619] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1737.372251] RIP: 0033:0x7fbbbec6fb19 [ 1737.372715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1737.374982] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1737.375937] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1737.376816] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1737.377690] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1737.378582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1737.379467] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1737.440021] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1737.499359] FAT-fs (loop6): Unrecognized mount option "./file0" or missing value [ 1737.523393] attempt to access beyond end of device [ 1737.523393] loop4: rw=2049, want=276, limit=128 [ 1737.588959] FAULT_INJECTION: forcing a failure. [ 1737.588959] name failslab, interval 1, probability 0, space 0, times 0 [ 1737.590807] CPU: 1 PID: 11386 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1737.591906] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1737.593196] Call Trace: [ 1737.593675] dump_stack+0x107/0x167 [ 1737.594448] should_fail.cold+0x5/0xa [ 1737.595244] ? create_object.isra.0+0x3a/0xa20 [ 1737.596208] should_failslab+0x5/0x20 [ 1737.597003] kmem_cache_alloc+0x5b/0x310 [ 1737.597849] create_object.isra.0+0x3a/0xa20 [ 1737.598749] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1737.599827] kmem_cache_alloc+0x159/0x310 [ 1737.600685] ? __kernel_text_address+0x9/0x40 [ 1737.601621] jbd2__journal_start+0x190/0x7e0 [ 1737.602440] __ext4_journal_start_sb+0x214/0x390 [ 1737.603452] ext4_iomap_begin+0x485/0x700 [ 1737.604240] ? ext4_iomap_begin_report+0x5a0/0x5a0 [ 1737.605239] ? kasan_save_stack+0x1b/0x40 [ 1737.605996] ? ext4_file_write_iter+0xb26/0x18d0 [ 1737.606790] ? truncate_exceptional_pvec_entries.part.0+0x510/0x510 [ 1737.607846] ? splice_direct_to_actor+0x387/0x980 [ 1737.608641] ? do_splice_direct+0x1c4/0x290 [ 1737.609366] ? do_sendfile+0x553/0x11e0 [ 1737.610036] ? __x64_sys_sendfile64+0x1d1/0x210 [ 1737.610811] ? do_syscall_64+0x33/0x40 [ 1737.611480] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1737.612384] iomap_apply+0x164/0x810 [ 1737.613015] ? iomap_dio_rw+0x90/0x90 [ 1737.613665] ? trace_event_raw_event_iomap_apply+0x430/0x430 [ 1737.614637] ? mark_held_locks+0x9e/0xe0 [ 1737.615351] ? filemap_check_errors+0xa5/0x150 [ 1737.616129] __iomap_dio_rw+0x6cd/0x1110 [ 1737.616806] ? iomap_dio_rw+0x90/0x90 [ 1737.617479] ? iomap_dio_bio_actor+0xef0/0xef0 [ 1737.618250] ? ext4_orphan_add+0x253/0x9e0 [ 1737.618964] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 1737.619814] ? ext4_empty_dir+0xae0/0xae0 [ 1737.620516] ? jbd2__journal_start+0xf3/0x7e0 [ 1737.621299] iomap_dio_rw+0x31/0x90 [ 1737.621926] ext4_file_write_iter+0xb26/0x18d0 [ 1737.622723] ? ext4_file_read_iter+0x4c0/0x4c0 [ 1737.623510] ? kasan_save_stack+0x32/0x40 [ 1737.624214] ? kasan_save_stack+0x1b/0x40 [ 1737.624921] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1737.625782] ? iter_file_splice_write+0x16d/0xc30 [ 1737.626601] ? direct_splice_actor+0x10f/0x170 [ 1737.627593] ? splice_direct_to_actor+0x387/0x980 [ 1737.628583] ? do_splice_direct+0x1c4/0x290 [ 1737.629381] ? do_sendfile+0x553/0x11e0 [ 1737.630064] ? __x64_sys_sendfile64+0x1d1/0x210 [ 1737.630852] ? do_syscall_64+0x33/0x40 [ 1737.631535] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1737.632447] do_iter_readv_writev+0x476/0x750 [ 1737.633222] ? new_sync_write+0x660/0x660 [ 1737.633931] ? avc_policy_seqno+0x9/0x70 [ 1737.634630] ? selinux_file_permission+0x92/0x520 [ 1737.635481] ? security_file_permission+0xb1/0xe0 [ 1737.636316] do_iter_write+0x191/0x700 [ 1737.636989] ? trace_hardirqs_on+0x5b/0x180 [ 1737.637739] vfs_iter_write+0x70/0xa0 [ 1737.638405] iter_file_splice_write+0x762/0xc30 [ 1737.639224] ? generic_splice_sendpage+0x140/0x140 [ 1737.640110] ? security_file_permission+0xb1/0xe0 [ 1737.640936] ? generic_splice_sendpage+0x140/0x140 [ 1737.641779] direct_splice_actor+0x10f/0x170 [ 1737.642544] splice_direct_to_actor+0x387/0x980 [ 1737.643353] ? pipe_to_sendpage+0x380/0x380 [ 1737.644101] ? do_splice_to+0x160/0x160 [ 1737.644791] ? security_file_permission+0xb1/0xe0 [ 1737.645630] do_splice_direct+0x1c4/0x290 [ 1737.646345] ? splice_direct_to_actor+0x980/0x980 [ 1737.647168] ? avc_policy_seqno+0x9/0x70 [ 1737.647897] ? security_file_permission+0xb1/0xe0 [ 1737.648741] do_sendfile+0x553/0x11e0 [ 1737.649418] ? do_pwritev+0x270/0x270 [ 1737.650082] ? wait_for_completion_io+0x270/0x270 [ 1737.650913] ? rcu_read_lock_any_held+0x75/0xa0 [ 1737.651718] ? vfs_write+0x354/0xb10 [ 1737.652374] __x64_sys_sendfile64+0x1d1/0x210 [ 1737.653151] ? __ia32_sys_sendfile+0x220/0x220 [ 1737.653951] do_syscall_64+0x33/0x40 [ 1737.654591] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1737.655475] RIP: 0033:0x7f24f4026b19 [ 1737.656118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1737.659416] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1737.660703] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1737.661905] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 1737.663103] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1737.664325] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1737.665531] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1737.669944] attempt to access beyond end of device [ 1737.669944] loop4: rw=1, want=403, limit=128 [ 1738.050833] FAT-fs (loop6): Unrecognized mount option "./file0" or missing value 11:05:25 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x62080, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:05:25 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000f00) 11:05:25 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000540)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000) syz_mount_image$tmpfs(&(0x7f00000003c0), &(0x7f0000000400)='./file0/file0\x00', 0xacc, 0x2, &(0x7f0000000500)=[{&(0x7f0000000440)="40ee12fcccfc41bb10b79efeea9a2eb1734602302dec4cb885aab441c7f1dc4a6c123a474615d1a04b0a4a83c795e4ad6337b2d2dcaa473ec144388324fbe04735f4d72403c9491a0d027ac3b0114561afaacb121db04d2fd1eb8785116cca0728fc23a09fc74466841dba3935fc7dd95161d0a63a83", 0x76}, {&(0x7f00000004c0), 0x0, 0x10000}], 0x42410, &(0x7f0000000600)={[{@huge_always}, {@mode={'mode', 0x3d, 0x8}}, {@nr_inodes={'nr_inodes', 0x3d, [0x65, 0x35, 0x39, 0x67, 0x65, 0x2d]}}], [{@euid_eq}, {@fsuuid={'fsuuid', 0x3d, {[0x30, 0x36, 0x32, 0x30, 0x39, 0x32, 0x35, 0x38], 0x2d, [0x34, 0x30, 0x65, 0x37], 0x2d, [0x66, 0x34, 0x37, 0x38], 0x2d, [0x34, 0x65, 0x62, 0x61], 0x2d, [0x31, 0x38, 0x38, 0x34, 0x1f1a1c761dcc8f37, 0x63, 0x36, 0x30]}}}, {@dont_measure}, {@uid_lt={'uid<', r1}}]}) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000200), 0x100400, 0x0) openat(r3, &(0x7f0000000280)='./file0\x00', 0x1, 0x138) ioctl$AUTOFS_DEV_IOCTL_READY(r2, 0xc0189376, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {0xa1}}, './file0\x00'}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) setxattr$trusted_overlay_redirect(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x1) sendfile(r2, r4, 0x0, 0x100000001) openat(r2, &(0x7f0000000300)='./file0/file0\x00', 0x20000, 0x50) ftruncate(r0, 0xfdef) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000380)={0x6, 0x93, 0x6, 0x9, 0xa904}) 11:05:25 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) socket$inet6(0xa, 0x1, 0x0) write(r4, &(0x7f0000000240)="01", 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r5, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:05:25 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 60) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:05:25 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000200)={'sit0\x00', &(0x7f0000000dc0)=@ethtool_sset_info={0xa}}) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000400)={{{@in=@remote, @in=@multicast1, 0x4e23, 0x9, 0x4e24, 0xfffc, 0xa, 0x60, 0x0, 0x3a, 0x0, 0xee00}, {0x0, 0x2, 0x9, 0x3, 0x5, 0x8, 0x4, 0x7fffffff}, {0x4, 0x2, 0xac80}, 0xb, 0x6e6bbb, 0x1, 0x1}, {{@in=@rand_addr=0x64010101, 0x4d2, 0x6c}, 0xa, @in=@local, 0x0, 0x0, 0x3, 0x0, 0x81, 0x171, 0x5}}, 0xe8) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r1 = syz_io_uring_setup(0x6c6b, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0xff}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') readv(0xffffffffffffffff, 0x0, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r5, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x100000001) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f0000000140)={{0x1, 0x1, 0x18, r6, {0xee00}}, './file1\x00'}) 11:05:25 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x240000, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:05:25 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 62) [ 1755.498661] attempt to access beyond end of device [ 1755.498661] loop4: rw=2049, want=276, limit=128 [ 1755.516848] FAULT_INJECTION: forcing a failure. [ 1755.516848] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1755.518880] CPU: 0 PID: 11433 Comm: Not tainted 5.10.222 #1 [ 1755.519767] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1755.521046] Call Trace: [ 1755.521461] dump_stack+0x107/0x167 [ 1755.522029] should_fail.cold+0x5/0xa [ 1755.522632] _copy_from_user+0x2e/0x1b0 [ 1755.523259] comm_write+0xbf/0x2a0 [ 1755.523815] ? proc_pid_permission+0x300/0x300 [ 1755.524547] do_iter_write+0x4f0/0x700 [ 1755.525176] vfs_writev+0x1ae/0x620 [ 1755.525742] ? vfs_iter_write+0xa0/0xa0 [ 1755.526361] ? __fdget_pos+0xf1/0x190 [ 1755.526928] ? lock_downgrade+0x6d0/0x6d0 [ 1755.527584] ? ksys_write+0x12d/0x260 [ 1755.528205] ? __fget_files+0x2f8/0x520 [ 1755.528844] do_writev+0x139/0x300 [ 1755.529406] ? vfs_writev+0x620/0x620 [ 1755.530013] do_syscall_64+0x33/0x40 [ 1755.530594] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1755.531387] RIP: 0033:0x7fbbbec6fb19 [ 1755.531972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1755.534822] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1755.536002] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1755.537111] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1755.538215] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1755.539310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1755.540435] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1755.644219] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1755.651411] FAULT_INJECTION: forcing a failure. [ 1755.651411] name failslab, interval 1, probability 0, space 0, times 0 [ 1755.653242] CPU: 0 PID: 11430 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1755.654314] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1755.655584] Call Trace: [ 1755.656009] dump_stack+0x107/0x167 [ 1755.656585] should_fail.cold+0x5/0xa [ 1755.657184] ? create_object.isra.0+0x3a/0xa20 [ 1755.657898] should_failslab+0x5/0x20 [ 1755.658493] kmem_cache_alloc+0x5b/0x310 [ 1755.659137] create_object.isra.0+0x3a/0xa20 [ 1755.659835] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1755.660639] kmem_cache_alloc+0x159/0x310 [ 1755.661363] alloc_buffer_head+0x20/0x110 [ 1755.662037] alloc_page_buffers+0x14d/0x700 [ 1755.662707] create_empty_buffers+0x2c/0x640 [ 1755.663394] create_page_buffers+0x1bb/0x230 [ 1755.664086] __block_write_begin_int+0x1d1/0x19c0 [ 1755.664258] attempt to access beyond end of device [ 1755.664258] loop6: rw=2049, want=276, limit=128 [ 1755.664822] ? fat_add_cluster+0x100/0x100 [ 1755.664848] ? add_to_page_cache_locked+0x40/0x40 [ 1755.667572] ? __page_cache_alloc+0x10d/0x360 [ 1755.668279] ? remove_inode_buffers+0x300/0x300 [ 1755.668991] ? pagecache_get_page+0x243/0xc80 [ 1755.669679] ? unlock_page_memcg+0x96/0x170 [ 1755.670357] ? wait_for_stable_page+0x92/0xe0 [ 1755.671053] cont_write_begin+0x472/0x980 [ 1755.671704] ? fat_add_cluster+0x100/0x100 [ 1755.672352] ? nobh_write_begin+0xed0/0xed0 [ 1755.673016] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1755.673899] ? generic_write_end+0x20e/0x3f0 [ 1755.674541] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1755.675099] attempt to access beyond end of device [ 1755.675099] loop6: rw=0, want=147, limit=128 [ 1755.675318] fat_write_begin+0x89/0x180 [ 1755.677297] ? fat_add_cluster+0x100/0x100 [ 1755.677954] generic_perform_write+0x20a/0x4f0 [ 1755.678660] ? fat_direct_IO+0x1ef/0x380 [ 1755.679283] ? page_cache_prev_miss+0x310/0x310 [ 1755.680024] __generic_file_write_iter+0x2cd/0x5d0 [ 1755.680782] generic_file_write_iter+0xdb/0x230 [ 1755.681503] do_iter_readv_writev+0x476/0x750 [ 1755.682156] ? new_sync_write+0x660/0x660 [ 1755.682797] ? avc_policy_seqno+0x9/0x70 [ 1755.683418] ? selinux_file_permission+0x92/0x520 [ 1755.684170] ? security_file_permission+0xb1/0xe0 [ 1755.684919] do_iter_write+0x191/0x700 [ 1755.685520] ? trace_hardirqs_on+0x5b/0x180 [ 1755.686191] vfs_iter_write+0x70/0xa0 [ 1755.686784] iter_file_splice_write+0x762/0xc30 [ 1755.687522] ? generic_splice_sendpage+0x140/0x140 [ 1755.688322] ? security_file_permission+0xb1/0xe0 [ 1755.689067] ? generic_splice_sendpage+0x140/0x140 [ 1755.689819] direct_splice_actor+0x10f/0x170 [ 1755.690500] splice_direct_to_actor+0x387/0x980 [ 1755.691221] ? pipe_to_sendpage+0x380/0x380 [ 1755.691898] ? do_splice_to+0x160/0x160 [ 1755.692517] ? security_file_permission+0xb1/0xe0 [ 1755.693273] do_splice_direct+0x1c4/0x290 [ 1755.693910] ? splice_direct_to_actor+0x980/0x980 [ 1755.694651] ? avc_policy_seqno+0x9/0x70 [ 1755.695290] ? security_file_permission+0xb1/0xe0 [ 1755.696050] do_sendfile+0x553/0x11e0 [ 1755.696651] ? do_pwritev+0x270/0x270 11:05:25 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100001100) [ 1755.697243] ? wait_for_completion_io+0x270/0x270 [ 1755.698178] ? rcu_read_lock_any_held+0x75/0xa0 [ 1755.698893] ? vfs_write+0x354/0xb10 [ 1755.699482] __x64_sys_sendfile64+0x1d1/0x210 [ 1755.700182] ? __ia32_sys_sendfile+0x220/0x220 [ 1755.700898] do_syscall_64+0x33/0x40 [ 1755.701476] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1755.702260] RIP: 0033:0x7f24f4026b19 [ 1755.702835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1755.705632] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1755.706797] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1755.707895] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1755.708983] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1755.710074] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1755.711172] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1755.713850] attempt to access beyond end of device [ 1755.713850] loop4: rw=1, want=332, limit=128 11:05:25 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000180)='./file0\x00', 0x0, 0x6, &(0x7f0000002400)=[{&(0x7f0000000100)="5ce3e1fd9648c4a7d8b83b24115c1b10e73f8a99674cf15a638ad9fdc30e054932f798e7ae6c517a25d75c3c2713e2e46ce62d09ac60f963e45a654c39e77aeec6dac13ce097c321", 0x48, 0x3}, {&(0x7f0000000300)="119abfa697097d19e460ad56948be95bb02fdf47cce06ebe68baf5ad9933c76ea6eb436c5fab6bd4be984fd08b402273a3a81db70d2cab5a195bcc9b57f3e2f9a8f4dded6c09e9dc53bc2216c0054fd8e0fde9ca98136d496b0c8f8048836bab6e87166e74f2090980ce1c4679731a2395e1778bdf1aaabfe174ca9742bc5f006a017ab06d5ec2c5da1871ac737f4b5c56be9f060c27ef6137fae7009c7cfdd91dedbe11516e627ac5bd6d14b1167a471922b14aa648b6089f4ec774e29bac7313b9e9a53344d344496dd68b2394a3f603c4ae4f2c71f74ead010408e1bbde20af9bcc5463dc78740cd1ad9cd059af2810fb4a57faf6146b4112ba36c02630a191b740a009f31fffaa2fd21494b9ae569f0cb888d5c552e3eb98be81b842c48e8c29d1900d89cbfa57b7e32e076f19ed3dbf4b9332806ea11315f309d450047d3481577329ea8d6a0efd45cd02c5cbb7ba219c550bd7b2dee05f2a2194fb83e145a76275aba3496f54cc15dfff33847e5640d21f5fc562f3f2f5b9327e63adfeaaab4ec1e843c21e72fb7ddc1bf2aa988cb3871224ef48eb5dba48b85377d2911c6d5bd95c77471e8f63a52b453f3b7be5c28b01ad90139ee2c4def019384e785192dda4b6468342bbd237a1c681f54cb57e4dda46e39240cdd0e25bda43a5c69b21dfd11e4c121e8d5d0e02022deca709410183ba3e85d39482bab669a63370623f5d9139dfad1de6dfc94930e83079fd74993e3651b8c6d7626bf725f0d4bf3ede9751ef22b7ad477671bc45c6470dc083c2b83e7ada46202e141f551a52fd5923ed5440927ad2856e7a3f43bbcbf3430e439354c0adaf0172aba4739722dd527ac8345e88f1963f8db6bead7d57341024ee2e561961b22a4979af13c7a12b699aac31cacb9a218b41c64573a1d750a6c8635bee949edc7a3e97d5cffeeb528d69a1f31c0dcc9ca87fd109bea350b28f0638f3edc9c1b22b1fe3eeafb1eaaa02fb31fff4b799936dfe0b5864345be45ac91dbcbe600665b7866a795d2582604d2f2eba3908a86c593f7d56db26a0fc853b27ebf90dad4919755eaa7eff060a94c85252f21cb94a9002976bcde4ee4c93148a03daefe74d6bae54ace5dc5c4333e71acd820a950133aeee8e8cc9e7d783ec2dc3c2e67065ae4b7e537723e7f6a88dd72594b6eee718cdcbe579044262f9a37ae84b54febce440a53b65745c5cab84ae4c8773c058ded386405e22edc1e90a029ef9b06cdc2ffe0f6e01710ce35de1b4fcb82214b86a0d78801e2cb4dfebb42edfb1386cad367f4b9a95781f0bd2fe3c8c457bfeacdabf0b999a9bb5a67429bfaccbcfecacfcd2a165054184955af17ce4963639157f40fee321332f41ead41a91c556aa8b8927318abb1232058fa88a0500817f78613462856c07bd0e13d54252aa82f40627a2f7d1ceadb7bd69e0148463412c3cadbea1a3eaba7aeccd20c900e205bb9c0f6ff3b1a31c5d3fde71b8404a5d32a320a24f1a2eda2911c180c260b0154a63d21609c8d2329082f963be4b0fd505fec3bd4e808164caf137a91092641a89836ad284358cac75a5a25635b4c7f971e59cae8ad52495ed5ad045c2e59e3f3a97bb4acbac3132e22b9f805cf2c0b05db352a1ba5435487fcc67209af276926834e77e2dcd9b702a0e02d8096e722c0af21bb1be8f55606c621a1591904df32bff1f86647e30bd7808213d5e1d34bc662c3ab2914fe35c7595b94920d2fdf7e8635ff8ef11abc35f98db9706e45c5f7736cd4f6ca52b9363d9cef30479999e5ef9b6f80a3183585a4a78b4c85f60761e9c86f8abb5741e6047c3a1d4014d25f4575b90ac5055d4657de7fe1fbeb77c99299a1ac757e5ff01b809fb2d77a150c2ea298a1cad40b03a7741f03bfb695981a3a24f6de4ee722e15bd204fb858bc1f1e742168cd80886e5fba8afc02ae1e641a85013e511a7af909b92c590fa4af47dd94f05a6fb280d92141eb1245ef34416e46a9d85775180a6618cd431fd931150cffd0f431781c3e27593f452ea9657a8101b364a7d2ddd323b27cc054c270e8ee32c0ec2403b2bc18e7c96119040e4c09d3a5c6c2a11e7f621223db57cea098952a4a2092c0ef40d3776e45d8f412b05271d7790e3d60a24a4d0a77b71cc90caeb519e9011e4a9f35d70a804af4974a38b8c192a5cd39fecf743761932e4d231b6e285db1f6f9b3bb383f866a38863a73985a74cd8484154f510190e51462072350cca483691805916194012df820c8241f8b0f88b4fdbe4e4c8442e57d5e60a94599203b92a63097f6d2a4b3f985f9ccdd15c45287fb743b7f838adf086aba748a78b3e26e78bad87a716da36dd6526780e40b8849db929ba2044bc35a399713855072aa8a069b03cad71853f4de2fd8c94d517695420e76d16ad1aa4932e8e45485e9f05348827579e831884e3456849dbd9610b9f10d8c5daaae00593fa607549e52f7f483491fe36f169c082c54eb36e49f55da3fbba7f31160bc6a5d4798d19fa5147e686ea4235778e9e427bc285f73a83f618badb94a699bcd3e1f976abe1d40c36246411f0cd355954f94795dcdff77400d6c8f6d045812836221ea9a6b876c2090e31df1e757e6ed448c98d572bc72d016ccf1d384650d9acb57197e1d29bd93e00e48370314e3a35c9cfae7a1f14e9559f3eef339cad4f2d8eddc555d8a661926ec785b3a9f41425ba193558e51d099e16f30c3d4a8e90ef330c07cf19c914b388452d38bddffb51ddcdd3a63f235611db81b5924198f710f13fda4f9311ad1fe03a2c800ce6d80c9ae4d6ee692d7036a4d513ba2d3f8d5379512ea74f72c489193124e7870ef9e349aadecb12cf6c710ffe962ec278eefcd1d3853bb2b151772196715e639400a21e5df494c354678f1528b2121e4ac3b5acc16efe94b97abf11da39583ab839fdb8a296a0f85dfe1e1e1a85443e72a2336e82aa3a8ee92382f4d4007db4a31079613745b71e595aa80332e6bfb5e0f03b6513a4eee5cbd901bb501c9de04b00232168fd240b0ce8bcddfdebd6e64a812f07fb7680fffa2458f0dae2733bf350d79136074afd158ea9e3c3cca5dca8456a463c4e42233d539b1e7009158d5d5e22fbb54df0801254549f7d39e57cdc37c137e8522d3832dc8084d4f112cc8cd88f608dfdbb9be84a2cd723e224c8aae75ea8422d7e79975467b2425cbad0f7765ab8afc92ce807f7624232eb453c43449d8ccae333c23d780cdab03b339057a82cefdf602a10da1ab5a818f397fb8e48a3c09c933ce35269ac074c80509526cfa70b050b3ac805c519cfeaa013f32acdcdf81927d08627dd4652b008cc45a83334f8ad3608847446d78ebf533183c069c64ddab46fa17f91412efd751c27448f32a737a9ac2969b1f1bc96f4b3379d2ef22ca804ef0807330d10fffea90c3faf8a76adc8568873fb0b21e7bb37f4643972f63adccfc1bf1e9cebc2d242144b7c9e33d3837a09404ec06a3ba85f76570a139493a7108c6940654912ed7b33b711f180e652714221987bbf64189dc01bba575d35d3c6520d8aa8f45ce79c28ecc0a177dd9b128b73257b5ace8f974971e6a956c06ed2f60ccb8fb77f7b99252795126b50611257184f538e90527cdc8778a96cba1f034bcdf9faefc499007ec38ad388977b0c6a63990e712b06ad80127a38f829bc5aad8c8eee5ae4d22712ed0e0768d6e43aaff298dd34f8decb35249515188de8f8c9d5eb786df01db6d594627814426f77c418feb679e10f8356eafa2c0416263e55a418d3dbe5ef2f7b619ae7a4c3490d4cf6255127a6442d2bbe631e1d10d8474fbbf6ffdf22657fdb14dd9aba3be1fb192c5721cfd27288231476e1a1e8b26945e241fa2086d9889a768a3b8c91c7a21d75162e5334f9d3c5c4d629ed0777526b668a8956a1d7549110e34b9d6480d0ebd0b76e7cb0f2c4346e5706ddc61fbe5fef1e43eb63d40ce49794e26ea4c0eee54a515b0ce154f8756cf8dcfabd8d99553398c4388fb31f09a516d9276a65baeb85eac12ed1f951ab66222315b605f4a3becb4b50cde5e7a4f67d32d8c156a462a4fed111363a0e6a678a9ac25c0aa66827ff739d602c7f22dd5174e478b7f9c2d48b8381618809451e383314b77f52da2db50602fa31a4ba168205310f40ee342acde8ce8c09d25a392f8300cca3df251a4c7801206289d56ee36bcb43296ccb868375bf2253f93034db2b756eab936aba7d861f34ee99ccb2572e194b84dbd2f7d40e81153a0125c978a6d39180cfb95072371e41ddf603654f5cc7b55dffc66661ac7101d9dbb8ca93e9766a2442900a6da3314ef3170fa10c8aea6140290e9eaf887f93c34a63febb297615b55d4835afaa7dfa6c98af875e89c35d3ecfcaedaf5838512d733ab40c741f0b20c7b8663edf1e066e123e7c079a00b0c89167c92a2619e0652f598bafd40347a44ca12e34a6409ccf6f360f79e5eb236e61ceb77b8e13ffed08f69b76be3ef38bf3b7ccdf7b582a6206dccff1c0da9fb3d9c6633c26210997c1c7345f8a3eed69fe7ac30918dda0a32cbf58409859e4f743c1cdf78160effba7ae6a73fbf9a44be332a70ef175cce9398da2bcef6dd4e66fbc6970e7672ec83584c6de5b443f89ea8ffbdbaff47044b562b0a11d6a1caecdc5eea1a9dd527f09a476835c6da00c9dabcd6640cee681b4e096654e1568554d6ee72c2d75a3d7263b8682ae739cca860b4098c00f491c6dc0ee2a47cb4dc7d2c26e5402df67ce225d85b14b813aaf9a36457705fa0fa5be942dff99d89fec1c987fd4ab9000daa2808582d560207f1870861d0599eded49c6ee6e1e78c426998702793197a58544cc2eec74a368ccc395578ba41dc71ee6be1d74ae28a4ae6789a28dfe5d417c1d6d0ee30776d084579891be9cf406f13cc83467385b8591cca369a42a4f17bf1d8449e312e4648b6f7bc14194f19d5f2e850fef6874b1ae1eb7ce3a90530dd62e47c5e5c196ed37b09d617f73d198c3725c16cc1f6a851dce154dd49a2bfe429efe9233a1da1dfbc3e80266b2da4fec446887e24eaf870cc8243f33156322dfb1f9bbc1dabcb10bc007ec6d4b62544d93e882b4abfa0878ad7def5f29e5495a42273984fdd94c0d813344957254bd5dd197acd27900ef2a760097f1f817d3db6e79380766040ce27c16f61315ea9327ea438d106d36a0497db7100e8c996d3841487217e4343e117edf36bcf72bf43e34dc2aa8afc1d23897a144bfb3f53b4a499aba8183b9496c66ddb881ac04cb53ba896498e3c83f71fc20b2c7c87d59364ac868086a7fffc232fad81fe4b71e76e52d0e2fde3652c65a16e75f5584dea655ba0bce2e5bf0b565db974982bac514b2ee4986b0514ab6fe23c997908d796a8aa6ab90fb0cd48398911e56a24adf1b01f74f2a9d96d161bd91df83d7a2d5e79abeec83ebe2eb7a4f7f3320b8e25c5c5d64a6ab2fbfa320b83988c3d46a2a99c26ac6edf8db83e2f899598f439a29febcf2d846ff1a7809d36fd4ee72d4c3b6f2481af940291d7cd63366d8b0de9998cc04ee762cde695a5153432388b9b1c95360d63b93fa012654ce4fd00dd5b5cb092f62b9d321fc00d3ed33398c5efa269bba8d6639da717c6eed284aa9b3aae9ee678a546a239565f4d6b26421bcdf6dd4400c4a09143757e2723dc851b66aa2fd392686812ea69959357409a78a4c5333141972d34703165ba1a29b6d2c93b554732eb9e6c30a683f086985a6c436e271b1d140fd90d5a25f8fd2668ba78ea62", 0x1000, 0x81}, {&(0x7f00000001c0)="23548a5b9f9fcaf4bea521f022230dd8ee364756501f47c9aae44f89d810a321da9c383b6c87aa4234a68321ce763be29a90c956d3dace5e936d6588df94208366df3bb31ecc8fd5f368a210d064be1d5c697b8b2b1182f8a3a59a8d725e5a105768c4bd3ae5b8277c6b932ddda295", 0x6f, 0x2}, {&(0x7f0000000240)="5a1e62572259c72aea4341d69b5472ff7f232b460931f3f7d442872a59e49bccbbe389cf6771904f77d06df10628d9f0953167ef0686706018cfae9c85eb4d4c9b151606980a95da50f0280ca61ceeebbeb6f511ababf4025689ff26b35abc8712f6dccb944b57f9ac7a05156809876ed401ef4b26", 0x75, 0x100000002000000}, {&(0x7f0000001300)="16be65ac5192d02d1d302479ae3e4ddd97e8ad77853ec52d19bff121a0fb430ef29ad7bb89871d87c57b4de38f9540b67ae7858cca0f942e6d5c9573c7e58cb7b68edaa0ac98cc3e58777b1498a0ec7b853917a31e33d0181d3269d103e9a5ceec03c89d410f27ec3ddc1699e3a8eaa4bd70c0e264c84417554d4363f6ea8300bb02922f678d60e9262daf194f8b076d9c068d41e5da98f7b37fdc35103ef45ecfaca89b37b0b2902dd1906e58a61f0bf13c931ed2f8495eb2ae3df9ffefc165b1e419c9bdec1c15764d02e7282108e382a879cf46381cfa2735ee29ea02789f7eb5e29343ca6c024029bd97eca2fc2543bbcd3f693c621ee77fffb0b1a3b826554da735ee5f8963447f85bbbb279c00c41683053d94084f55400daa9514e87cb02a51158a6fa85ac170008b9a44c1773f333105f0f9b98241dfa403b659d095fdadd224f9fbb5181ff4f5efe00a53b4d2d4a3e979baf3f236559ee4cf118b4fa87617576b271de3884086f32da3896fc3aba8e98d633234c42c135ef034c7326e6754106b3cd9e83830e97b9e62712d42f0a9155036039bcbc0be78702365d6cb2f74f2c9c46fb87a1a5e17e92e0b8434c2154aac081570ae8a3b0cfa83b7a10495e2000000000100000002b739d4798d2d4facf69a8eb1395256eb45f8966201e4009b280e63063d680c8a7e5d01f8c2a9fbebc537c24044c754167c886fb809cd8a34b0f98bdaee557005d98a934d57bc3dadbc5ec0a233f31c0aa709733716da1d1b0fd36f59407d4db3c684ffa733a63bfcc17e71fee4c097b3e657cbd46d1bfec65048f365fd47f40d0d3ec7a597ecf9f957fdf2c97799944e96028a69733880f47c4ae710225bcf4c231cee223755ee9c95305437a2796226ef70b17b0a9b663271aaeaf8b0120fa2f330ea4219f4f41f20006b4644cea3b1602b1928bc1c9155ae1d745b1347d457195d9eeb10e3d292269add8ceae4eb62018ffdf887fc5f5659d3f4534dc4231eb5e5287512c57746f6f05bacf0b16d0cec3a39907c1f5cb73a5684b4dfe86ca6764c6633698e26e576c0051786199d1cc973bbd1a46b45329c77c7f012d536acbc9b9360f49ceb5d2df9583d882c4e6ff49bef44327185fa99d87436ef35db442cb0ecf6e08faa64542ccd968e2ea637b53f237e5c16397fc72e81b127a1588456e37d0e8f3a5a6802b266dbe5fcf8a5b0c5641cf33e22e759e1603748fd54507532024e80f63dbe8884993c502f0564600c999f4c896b790c3e8b16a8a305fc6ab1e7f0ae3ba0572b2a2d2cd75516c6fbc4c6e7f0ec18ee1ad5198b3b39bd84bcb3dfecfc5f060a10a10fabb1b12ca468a4ac4761273a3eb9437d66cd71d719058afec0a330e5edba8c07b97f602314527d1796dc67d5e283cfd994ddd92d0c6f5e687c812535aced3ef24f759d61dcc9dc233162dd81f0aae6798031e531874bd4f7ef93b9b6f13ab1e8767a4de1312f743d97f5d6c997a1849cc6489e2e05a9c9157d72811e7c95288aad894621203dc212eddae02bd272b8330bfe9ab92494b737e5285701ffb6896ec5797cb7d40cc59b86db1a6f0b628d8d54305501d2304413bbd930ebde451984932b6508fc59e86a18289d124d91f7dedaba9de3cbe860b3cd4587852df87d3c6fd63f56ec543685550cad02f09f1f902b74cc622304c3695ed4e9e570eb0d9f9024cf885486461c53257d538255f7b2310681fd4fc056c6e49c50c4d06e0e7b20df2f97c789b605095b09625798a485b7cb8f0217453dbf318ad186f6e3ee161d62818b8d3789872498127be3c9619905974af47a3968c83315356fa78a877263641d47321648cc7fecf31010c42f05353b9e6c961658e9505d6c1dbf88fd318d78b6ab1b40e359919cce3958d319dd6a96f5ec976da4f67c7c01c6a19377cfb9259cb782975088dc516d8a9e767e7a819aaf287470a0269022c7779c05bacb15817fc5f66d2089452d5e2a85b7ba5074c906a934ac45de4aa7d30167795f8e6c0860d5980b0bde0fe37f074c5b792e64102ec4adcfd1441590671504a305fb75276d7213e969e05d9cf6d03e524b44e88e791ffd8689949d4a623bdc07ee3402610be55e5b5af5126d08c9d00efa2423c3e52c027871a7b344fb618e81c6d15c0de155fedb0b24af1da2bfa1cbfc79515720054740177684839e1d8b85d80c4bb7c3ee5d1ee5af2a5b4f7329eb08ed40d53c374cbc15096fb0d1e0ca9ccce884955eb3bf132eeec6b7334fa08e61910e67a6c21b79a85fdab7d27a2696c5695308f7d1b67490d5585afdf170870df7019e572403578f401c95075ec54f5ff4f5cf7be158e8ad381c66eb5e1920a28113b4b0856fbf839dfbc74bdabfad4168d9baea26e7f7bf33b92bd2a5741fad6a8c07c285695042f10667e47ebed6ca3ea8e0c802d0726a57202fff727892305a2ccb293fa258fc25b98d88d51658d6df6f4d967579e6f1a2bd3a5cb0ccd4e5c8eea045d7cebf0e273a9af235c14d4b69fb631ad18038fec7b36147ec00ae12f1452970045ac24569f9980313aaae6a8d9d20df748c8d5d6a9b01d7217283370a13ccb412afb3e5c94c7a1f20e2386629cd6f6c03c003c21e65791329796f2284b3139876f8fcd35f78983e29338ea47ff390f233faa401ccf8ed33b6448830cb009dfc720b1e3cc3eb8dc9a57bf7fa705b1fe6893a4c230e2c0fa61722f4559430933b12f7b0d2fe958984abe716512ffaca60cbc55218143aca00a4add98babffcea782938bed3cafbaf17439ebef669029be441db9d81e4374f183f43c504bd858083d727099fa79e7a69b77325d45dcab9120adc3e1425218b80d8cd0a84ba875f7cb22bec53c4a903cc42a2c6252d14f75dde2da9e1e0bbaa13f903b7caf7a2927c8a0517d13571a764b8f06a98719b39c83eec3a2a206ef694265f6f2521b1640ddfa1621fab4fe3db32961b83a6c1eb2136e0aa9f8375544f02edc5d89edb29c6f7b32ab766361dba2ab3f407e91946996510321827c1b57dff43008f6d613963974111a854f970abe3b1c957c82c38c5a90f0cd661e3a00f39084e53a45975633464f5693bffef070b4efdcd92a8e46fb26259e99b6c8d8243948a86097a08c7b456db1f3cc0c45273b7342deb3f7a05df624614696adac62fc46e2f005e74dc29badf9f4b44ad2b6d35431451a5439612520a8b5616546bfbb19b371fa8c3000df3060dd099df278bbcd398105939cdec3e2f27f681d36b0e4d796ef5993d5df2e24cca586f0385f165b792490432cf73b0ba89d42568deeddbf61d55342f33fdbeae85c308ec57f9a3cd5629fb28cb9c3320dd971d386f8410f2aa6dbb1f681d27d32e392298a063d794658ed08841ca87af95ed7aa4ddb50bd3186a80199c358976d1a1b802e018e5fbda617b68722c7d27bb68726b87d427327a84937d63b0d76ba1ae13e5ae22cf6adb3aab29b1736096ebb0dd22769e0d6738fedc2043ff8f9841731f4f10cb3dec79cf089d4861f4639aae0ffc289af6b3e427cb069ab7b33e84cd36052275af6b73e10eb71870ebfbb25045a62f5ab28e861d956673011f81f3d3ee5102dd60d49ae3b5a57f552f8459ba80a42a05146793850ac15306ab01ea23a5a92709cd33d271818d8f39907430f1978732d9c67a6527d99809f68d4052285e9f105213b053d81e462a102bd2d3a74e89b515042877ed8967eaf788928036f72d5d836eb61fbf6518fd85b709b3d9e34691b41ba29c18214d0256d258d50794ef6dde2fa454a3944858787fb39740a84c294f780b2d9bd57938239e9cd30b4c4dae2defaad93c7fb4a4446b66ef26f252e89bf89809a6546221749e27fd11de874d2a920550424565956421a7c013288d4e63cbbd49eb086c349983acb8941ebbefea645e8c006080afa9c499a0687d453e2ac3f31fdd6661fb8d764537b23f4cb16e4870113f020528d56af91d506170a49767f6de04ec8d59d6304eb11a7ed317d1393252c2ff0090c54cbf6b54fe6bc8eb67fc4430e66da73a092fcf75aeb2f4681ceadc1a7b6faa6c010896787cca9ad1fd5acffc9b1e442d2639b37d86760571f89c48d11757541926b099021a623baafcddabb8fcc30bdfd2715222dd6947f76bbdfb904af0c0b3016c3cfa7073dd49c43cf988d2c84617270586a02d0045cd1cde3528b4a1183b16ede465f5ef9fe576ff2c8024163ce63f108a18944bd7c1dc1789a011bfa2b6c0305e26da2ea62ca914340567c6bc4c590daa6fd05bd1ab2edb0359782618a6245fa62eb5437a98a1b14f053b0fa680071cded31f7dc44187057647b45e2b680d959f2dbb0717d55c14520614d4b5eabec5717eed6f55f4b86dbc6c3c9f723bd283d1b5d6a234ef5e49caecc116a77e1e951d5a1dd999b85403c18ca15a20e16856ebdd52f7feee8335cb80052bce0da6e6a2f87180ee70b9edf4ec74d97f97fba6883e85a21a7373a17fe43411b07b19d98c2143927a5dff1b10d43eab316bf8eedf4f3d368bfc9c440372f9aa10430e61d0e5c52854e74df363848b9980c5e0fa181507cefce861e9fabcc529e22549f594bbbe909f98ae197f53875173b054e530498dad395d88e5db5383585166d262cc66582730fd0ef1e94baa47248a6bfd524e0428a45a1ae2724401c44f682e3f7d31f43e7bae273e944a4178adc46fb1f61b42d42218acfde49d3a0746c750a59f45821d289c73840173d49c11d07cc425b3b45304ca26502ddf94c9edd6079fddccbe42d6ce72fb025f0b7cf691d26d112dbaae79337cfda43a09e6985ba56b76c943b4e37c54d87d7dcf41dd2c562707d20a76b9b3dba30b454de57e16ffe2749d2b02fbf0a3b2629a63073981b44c3c5f2044334f9abe8665d29a741cd3e53310259aedc5f5cc038911ac9e785ff94dfb5124d2b0e85699dc01462452b34bca14b026132a0eabad68334b2f542de63e65d305e4b8cf5ea2816de98d2ebd2290e94640b919300a47fe30fc9048c2806e6cb148e7e3fe3b2ee3bc1e146e5ea8f6db20dc7ebb7120691271021a0c850c6495f69553f29d43bec8607e6eecd4f9da9a572aa60e30269df65cecce06f7bedc79643849c1a0a789793a80d87ade2734061f95fe33a539a9a5f5bd700235adbe930038db888fb1f03d5ea1fd0dbeb14030ab8eeff048e3355898255e95e1449921c06b9a4f90b6de8242853c9bf1c795e541507b6221981f47d4c02140aad1a85b3f6ff24a3a7eaf23b11a854826d1965a28ba0c97436c3b27cff38bdc73bfc28608247970fbc15c18a4dfba356ef2e1bf8c4f958caedd431ea570ee20093b8a4fb6da9986cb7e8fd189f3b6393dba1782085d63e3d3d022d13c9f45760d9c61ce2fc23d556d437d3198413faebaa3762395063035e7520fba7d4cd4056876bdfeaa2db4e0a57bdd3e4c5327540219b82336963df20c1ca74619d43eb3c20533583790882ee41b8a215eae439079b42524a0952558c399e333b06f1b44683075383ec3e01916178dab7a35159e31a2efa2c18be702b713fc41a60c666cbfb4cc9304dda78cee3d707f6fdeecaf3b808a2b4ef8f80dc3923aa31e6465b950178b5a38461aa1c25f67b401b29628d0789e569e162e65453ccdaaa0a7ac57b537ff50f8a1fd7984f7a6451e584f2147ea89063aeba0de49693f1b5a820c105c66d4fc364603713fba2290f42397ee127dd8a542b2cb4d493e18f2e8b3757a856a0947d63bad0e925a45f57ba0bc195b30ac97690d88331160cc9ede36b98f97f8aec75", 0x1000, 0x6}, {&(0x7f00000024c0)="4bd47b38c42d410796bb7454a407f9b391b4efd40ae9e052f9702fbe662fe7998f0a9b8392c09bb1dfef71620d820d67d988913c3e27daf51d4cd69ed5f0b9614ad8f61398f3a0ebd84419a9aa648d648157e744675dc5cc014f94b568a4f23bdaadbd7b38c23cd5c3dd5e46e0809ee5398ba98a55d1b6533f6ef33d0841daaf03679bfeb6bf55d6171c4cbd68f0bae9f799eae17456a2c5cada55b18f5789adfd8a2366cba503e7a6cfe3065d11c5961c52b319517eb8190972dfde7f24c265ca1a835094ef1f751256432bfbad90815350d05bbf851ca0d6dfb9c4c2bb43201d", 0xe1, 0x4}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) r3 = getpid() fcntl$lock(r2, 0x7, &(0x7f00000002c0)={0x2, 0x3, 0x5, 0x1, r3}) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x100000001) perf_event_open(&(0x7f0000003ac0)={0xc2674c2a13a0ead5, 0x80, 0xc7, 0x5, 0x20, 0x1f, 0x0, 0x6, 0x800, 0xa, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0xfb8, 0x0, @perf_config_ext={0x3ff, 0x7}, 0x200, 0x7ff, 0xa7, 0x6, 0xffffffff, 0x6, 0xe6c, 0x0, 0x910, 0x0, 0x2}, r3, 0xffffffffffffffff, r5, 0x1) r6 = openat(0xffffffffffffff9c, &(0x7f0000002300)='./file0\x00', 0x101200, 0x0) recvmsg$unix(r1, &(0x7f0000003a80)={0x0, 0x0, &(0x7f0000003980)=[{&(0x7f0000002340)=""/99, 0x63}, {&(0x7f00000025c0)=""/73, 0x49}, {&(0x7f0000002640)=""/185, 0xb9}, {&(0x7f0000002700)=""/216, 0xd8}, {&(0x7f00000023c0)=""/32, 0x20}, {&(0x7f0000002800)=""/92, 0x5c}, {&(0x7f0000002880)=""/220, 0xdc}, {&(0x7f0000002980)=""/4096, 0x1000}], 0x8, &(0x7f0000003a00)=[@cred={{0x1c, 0x1, 0x2, {0x0}}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x58}, 0x4007) ioprio_get$pid(0x1, r7) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r6, r8, 0x0, 0x100000001) ioctl$FIGETBSZ(r6, 0x2, &(0x7f00000000c0)) ftruncate(r0, 0xfdef) [ 1755.857557] attempt to access beyond end of device [ 1755.857557] loop5: rw=2049, want=276, limit=128 11:05:25 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) ioctl$TUNGETIFF(r1, 0x800454d2, &(0x7f0000000200)={'macsec0\x00'}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = syz_mount_image$nfs4(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x20, 0x7, &(0x7f0000000780)=[{&(0x7f0000000300)="cdad28d3f8cb45b56fb59b400ff708db7f24a95653fdd16b9b41048e708e611348825eb89462d3cc75fea49f374e0e5cabf2dc10ff9ff419a7a0d71499ce9250c741a7b74fd6f44d7f8d05ed61361b53c51b29b0bd06", 0x56, 0xac08}, {&(0x7f0000000900)="8265ab7c7ddcdd347ae16684ea5961c324b3e57cf56c97dc130a8782a9961f89d1f8cb7159d55711e95abbcb6395f9cee9d833c2a04053e685bc0944598cfc96218b215f56025d361f05270c2e9797368c6800f7641c90d71f4b1c1b546c62611bb989379b2a2f550d288540f3c1d57b82d51876f132b0041d6674f79b4c490f1d7b2771d7061738afc867f3a034d78009733bd6a53e4e3c58d4de8a9e4f5d5dda3da191d0111a07cba9ffe167f90d5b79b55c999d32fd094c09a52054f1545f2a22eb123fe5fa72223426270bf82e332413b3653d0c2ffd1f80b5287327cf1e01ec9d1614ebd9e8361f60c69a1a640d8d76b3af35a0f1ba970c4cffa8199eaac4a13ec1f29a7f54732462f6917f829c402ff4d1ecca714166796c66dd49ba70ba365c9131709d5ef2eb3c7dd26aed99fe715f646f6d9ac662c3c1ed34a8ad3a2b078656df3f5d24ce9c703c24e8b4b2f32bc06793e39b6991c4ee3ad6331fd07d771839e5c870ad53a140418bffc5f82113a1d123ccff8a6fdd3d1c8ad7518fd7bf08e7f415da2b386010cc97c7b4a3d5a14367af", 0x195, 0x180000000}, {&(0x7f0000000200), 0x0, 0x80000001}, {&(0x7f0000000480)="ac5684ae5103a38b6ea897f384103749d6f3911f65e5210e333206bf097a50f3a7684bb8fa45d38acd4530339cee2b4ee915e2173c8522f8402522554a5bee88ad7aaedad3fd41065b4ea4872acd2d8cef7784c31f4d8df2dd96e12a1181e28e64d42871fc6a27a343c6198175268e1789303498b8418f47a1afa9fdd0eeb55701f948a5e9880da1147d9893a34cd35a68f84d82a36b4f37c4a1", 0x9a, 0x9}, {&(0x7f0000000540)="6eb9f8ca6ce63c332f4552ab7f7acddb76ce5c5770bad74a8cc58cb746efe9bbc10c2f0d115c6c98919b58f4e0a6a1538e8ff83a32f88da030083c4dd12a91cdfde6418e31cf665b18a9a1de0d83dfe34361d80898bc004c7c029be929953b30b6a1d9b661176531d53c8865d41f62adf4d8e366e5657658e3a63c92bb5e45a581e56d2f64851527dbd2ded3a249e3446fa9f370491cc7d74cd33620fd2447a1ae310cc7fa8b474738edb19349de53", 0xaf, 0x7}, {&(0x7f0000000600)="226ddf39fde8eef1e1716b6cf05afb6198795f3f77499a52da5ad52efdc90d53815f0f29ae7a4410664b4bd074ec9fc74b51e50936f9670f4179614f4a021fa812c821ac302bd9d83c5b605c69137a8a9a54dff56c84a2c5c2d2e709e42820790fc273230628270250e55267000c5b8d214b422812d5c664", 0x78, 0x223}, {&(0x7f0000000680)="8b32cf3075e919dd2a33cd47768bcc6c2ace5899aaac68335ecef85b96fd78663c7fa2af3a87393b7de194d512e4c5a56dd0f3f04853b72742f586d328842e8b58e135b698f833151232e4126405e62c8057cd0bb0bd4be2bc96d147189ba575ee75ed42e02fbf96f4a449e42be02914d6f5ecd453525bc3d00e3f265bc0c542cb0e504293e38aaab8d94a8e5b94e6cb05d3bd0d2037c7d4028ad1d67b0995cb801f48f29a8efa43a58e28439c9820c79042c69ca593f97c2d630dfa0f980770733b5392e8efbdbc273c2247442603616ca8d6", 0xd3, 0x80000001}], 0x3303c84, &(0x7f0000000840)={[{'$-&d#%:$'}, {'\xad,:\x10:'}], [{@pcr={'pcr', 0x3d, 0xf}}, {@fsmagic={'fsmagic', 0x3d, 0x400}}, {@obj_type={'obj_type', 0x3d, '[:'}}, {@fowner_eq}, {@func={'func', 0x3d, 'PATH_CHECK'}}, {@pcr={'pcr', 0x3d, 0x36}}, {@smackfstransmute={'smackfstransmute', 0x3d, '^,)'}}, {@measure}]}) fspick(r4, &(0x7f0000000280)='./file0\x00', 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0x100000001) ioctl$FS_IOC_GETVERSION(r3, 0x80087601, &(0x7f00000000c0)) 11:05:25 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 61) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:05:26 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:05:26 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 63) [ 1756.099357] FAULT_INJECTION: forcing a failure. [ 1756.099357] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1756.101353] CPU: 1 PID: 11462 Comm: Not tainted 5.10.222 #1 [ 1756.102276] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1756.103599] Call Trace: [ 1756.104058] dump_stack+0x107/0x167 [ 1756.104654] should_fail.cold+0x5/0xa [ 1756.105285] _copy_from_user+0x2e/0x1b0 [ 1756.105938] comm_write+0xbf/0x2a0 [ 1756.106522] ? proc_pid_permission+0x300/0x300 [ 1756.107282] do_iter_write+0x4f0/0x700 [ 1756.107949] vfs_writev+0x1ae/0x620 [ 1756.108543] ? vfs_iter_write+0xa0/0xa0 [ 1756.109185] ? __fdget_pos+0xf1/0x190 [ 1756.109792] ? lock_downgrade+0x6d0/0x6d0 [ 1756.110467] ? ksys_write+0x12d/0x260 [ 1756.111094] ? __fget_files+0x2f8/0x520 [ 1756.111779] do_writev+0x139/0x300 [ 1756.112351] ? vfs_writev+0x620/0x620 [ 1756.112973] do_syscall_64+0x33/0x40 [ 1756.113564] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1756.114377] RIP: 0033:0x7fbbbec6fb19 [ 1756.114970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1756.117889] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1756.119100] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1756.120247] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1756.121377] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1756.122508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1756.123650] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1756.132627] attempt to access beyond end of device [ 1756.132627] loop6: rw=2049, want=276, limit=128 [ 1756.143005] attempt to access beyond end of device [ 1756.143005] loop6: rw=0, want=147, limit=128 [ 1756.187810] attempt to access beyond end of device [ 1756.187810] loop6: rw=34817, want=148, limit=128 11:05:26 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="01", 0x1) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r4, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) [ 1756.335616] attempt to access beyond end of device [ 1756.335616] loop6: rw=1, want=340, limit=128 11:05:26 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000100)="ebecb5160ae73c906d6b66732e66617400020801000670", 0x17, 0x800}, {0x0, 0x0, 0x8000}], 0x810000, &(0x7f0000000140)=ANY=[@ANYBLOB="3dc13f8d82fffc91e48ca2bfc766d19a760a61276a22b7c507ec7ded266c4c4a7bb50a0c1d950ca4b266afa435dafd6d223e4c", @ANYRES16, @ANYRESDEC=0x0]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x1cd1c3, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) [ 1756.371311] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1756.406955] FAULT_INJECTION: forcing a failure. [ 1756.406955] name failslab, interval 1, probability 0, space 0, times 0 [ 1756.408547] CPU: 1 PID: 11483 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1756.409597] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1756.410774] Call Trace: [ 1756.411120] dump_stack+0x107/0x167 11:05:26 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100001200) [ 1756.411584] should_fail.cold+0x5/0xa [ 1756.412209] ? create_object.isra.0+0x3a/0xa20 [ 1756.412788] should_failslab+0x5/0x20 [ 1756.413275] kmem_cache_alloc+0x5b/0x310 [ 1756.413793] create_object.isra.0+0x3a/0xa20 [ 1756.414347] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1756.414992] kmem_cache_alloc+0x159/0x310 [ 1756.415522] alloc_buffer_head+0x20/0x110 [ 1756.416063] alloc_page_buffers+0x14d/0x700 [ 1756.416614] create_empty_buffers+0x2c/0x640 [ 1756.417177] create_page_buffers+0x1bb/0x230 [ 1756.417739] __block_write_begin_int+0x1d1/0x19c0 [ 1756.418347] ? fat_add_cluster+0x100/0x100 [ 1756.418880] ? add_to_page_cache_locked+0x40/0x40 [ 1756.419488] ? __page_cache_alloc+0x10d/0x360 [ 1756.420092] ? remove_inode_buffers+0x300/0x300 [ 1756.420676] ? pagecache_get_page+0x243/0xc80 [ 1756.421251] ? wait_for_stable_page+0x92/0xe0 [ 1756.421824] cont_write_begin+0x472/0x980 [ 1756.422348] ? finish_task_switch+0x126/0x5d0 [ 1756.422902] ? finish_task_switch+0xef/0x5d0 [ 1756.423457] ? fat_add_cluster+0x100/0x100 [ 1756.424006] ? nobh_write_begin+0xed0/0xed0 [ 1756.424548] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1756.425284] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1756.425913] ? io_schedule_timeout+0x140/0x140 [ 1756.426488] fat_write_begin+0x89/0x180 [ 1756.426983] ? fat_add_cluster+0x100/0x100 [ 1756.427521] generic_perform_write+0x20a/0x4f0 [ 1756.428118] ? fat_direct_IO+0x1ef/0x380 [ 1756.428628] ? page_cache_prev_miss+0x310/0x310 [ 1756.429228] __generic_file_write_iter+0x2cd/0x5d0 [ 1756.429846] generic_file_write_iter+0xdb/0x230 [ 1756.430430] do_iter_readv_writev+0x476/0x750 [ 1756.430994] ? new_sync_write+0x660/0x660 [ 1756.431511] ? avc_policy_seqno+0x9/0x70 [ 1756.432034] ? selinux_file_permission+0x92/0x520 [ 1756.432639] ? security_file_permission+0xb1/0xe0 [ 1756.433252] do_iter_write+0x191/0x700 [ 1756.433744] ? trace_hardirqs_on+0x5b/0x180 [ 1756.434292] vfs_iter_write+0x70/0xa0 [ 1756.434774] iter_file_splice_write+0x762/0xc30 [ 1756.435370] ? generic_splice_sendpage+0x140/0x140 [ 1756.436016] ? security_file_permission+0xb1/0xe0 [ 1756.436612] ? generic_splice_sendpage+0x140/0x140 [ 1756.437220] direct_splice_actor+0x10f/0x170 [ 1756.437773] splice_direct_to_actor+0x387/0x980 [ 1756.438354] ? pipe_to_sendpage+0x380/0x380 [ 1756.438893] ? do_splice_to+0x160/0x160 [ 1756.439386] ? security_file_permission+0xb1/0xe0 [ 1756.440008] do_splice_direct+0x1c4/0x290 [ 1756.440522] ? splice_direct_to_actor+0x980/0x980 [ 1756.441112] ? avc_policy_seqno+0x9/0x70 [ 1756.441624] ? security_file_permission+0xb1/0xe0 [ 1756.442230] do_sendfile+0x553/0x11e0 [ 1756.442717] ? do_pwritev+0x270/0x270 [ 1756.443195] ? wait_for_completion_io+0x270/0x270 [ 1756.443827] ? rcu_read_lock_any_held+0x75/0xa0 [ 1756.444400] ? vfs_write+0x354/0xb10 [ 1756.444876] __x64_sys_sendfile64+0x1d1/0x210 [ 1756.445431] ? __ia32_sys_sendfile+0x220/0x220 [ 1756.446011] do_syscall_64+0x33/0x40 [ 1756.446487] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1756.447116] RIP: 0033:0x7f24f4026b19 [ 1756.447576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1756.449815] RSP: 002b:00007f24f157b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1756.450732] RAX: ffffffffffffffda RBX: 00007f24f413a020 RCX: 00007f24f4026b19 [ 1756.451592] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1756.452468] RBP: 00007f24f157b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1756.453329] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1756.454191] R13: 00007ffc75df54bf R14: 00007f24f157b300 R15: 0000000000022000 11:05:26 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) open_tree(r1, &(0x7f00000000c0)='./file0\x00', 0x1) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file0\x00') ftruncate(r2, 0xfdef) [ 1756.509966] FAT-fs (loop6): Unrecognized mount option "=Á?Ť‚˙ü‘䌢żÇfŃšv [ 1756.509966] a'j"·Ĺě}í&lLJ{µ [ 1756.509966] • ¤˛fŻ¤5Úým">L˙˙00000000000000000000" or missing value 11:05:26 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 62) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1756.637650] FAT-fs (loop6): Unrecognized mount option "=Á?Ť‚˙ü‘䌢żÇfŃšv [ 1756.637650] a'j"·Ĺě}í&lLJ{µ [ 1756.637650] • ¤˛fŻ¤5Úým">L˙˙00000000000000000000" or missing value 11:05:26 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="01", 0x1) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r4, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) [ 1756.691689] FAULT_INJECTION: forcing a failure. [ 1756.691689] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1756.693342] CPU: 1 PID: 11498 Comm: Not tainted 5.10.222 #1 [ 1756.693995] attempt to access beyond end of device [ 1756.693995] loop4: rw=2049, want=276, limit=128 [ 1756.694034] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1756.694041] Call Trace: [ 1756.694070] dump_stack+0x107/0x167 [ 1756.696827] should_fail.cold+0x5/0xa [ 1756.697308] _copy_from_user+0x2e/0x1b0 [ 1756.697868] comm_write+0xbf/0x2a0 [ 1756.698369] ? proc_pid_permission+0x300/0x300 [ 1756.698941] do_iter_write+0x4f0/0x700 [ 1756.699436] vfs_writev+0x1ae/0x620 [ 1756.699893] ? vfs_iter_write+0xa0/0xa0 [ 1756.700379] ? __fdget_pos+0xf1/0x190 [ 1756.700845] ? lock_downgrade+0x6d0/0x6d0 [ 1756.701364] ? ksys_write+0x12d/0x260 [ 1756.701857] ? __fget_files+0x2f8/0x520 [ 1756.702365] do_writev+0x139/0x300 [ 1756.702797] ? vfs_writev+0x620/0x620 [ 1756.703277] do_syscall_64+0x33/0x40 [ 1756.703743] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1756.704354] RIP: 0033:0x7fbbbec6fb19 [ 1756.704811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1756.707003] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1756.707924] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1756.708783] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1756.709637] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1756.710487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1756.711342] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1756.739606] FAT-fs (loop3): Unrecognized mount option "./file0" or missing value [ 1756.778579] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue 11:05:26 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x210000, 0x2) socket$inet(0x2, 0xa, 0x300) syz_emit_ethernet(0x26, &(0x7f0000000140)={@local, @dev, @val={@void}, {@arp={0x806, @generic={0x0, 0x0, 0x6, 0x0, 0x0, @dev, "", @remote}}}}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f00000001c0)=@abs, 0x6e, &(0x7f0000000880)=[{&(0x7f0000000280)=""/36, 0x24}, {&(0x7f0000000300)=""/214, 0xd6}, {&(0x7f0000000400)=""/144, 0x90}, {&(0x7f00000004c0)=""/145, 0x91}, {&(0x7f0000000580)}, {&(0x7f00000005c0)=""/170, 0xaa}, {&(0x7f0000000680)=""/235, 0xeb}, {&(0x7f0000000780)}, {&(0x7f00000007c0)=""/56, 0x38}, {&(0x7f0000000800)=""/125, 0x7d}], 0xa}, 0x0) openat(r0, &(0x7f0000000180)='./file0\x00', 0x300, 0x52) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x705540, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) ftruncate(r1, 0xfdef) 11:05:40 executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="01", 0x1) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r4, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:05:40 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) sendfile(r2, r4, 0x0, 0x72d) 11:05:40 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x100000001) r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x100000001) r8 = syz_io_uring_setup(0x59d2, &(0x7f00000080c0)={0x0, 0xf4d2, 0x0, 0x0, 0x89, 0x0, r3}, &(0x7f0000ff6000/0x9000)=nil, &(0x7f0000ff6000/0x1000)=nil, &(0x7f0000008140), &(0x7f0000008180)) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000008200)=[{{&(0x7f00000016c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001ac0)=[{&(0x7f0000001740)="75038c7418950545a01037b54719a44d3e20feb2e4edb59fdd5b3f61ff527f5aedb3e727e54cf272408ce14f367c7d1953c706c6932ea248e84010c175042b20bf426e91f52419103d942748", 0x4c}, {&(0x7f00000017c0)="da99c7aca8b067677f6190e0566deb00dfb56927ad8a8f3180b0265cf306987d2ed5ed26792f7ff55d7cd90bcba380630f720b2aca1470014e6a5165", 0x3c}, {&(0x7f0000001800)="5ef535a0464f5f17f112dcd7975b32c1fd8c3fd6fa275fe2a62dbdd4b718cd8f102aaf610bc1e9ead048afd7c7f9ba8dfa9e6e198331f50b661fcbe03f388646a4e03a5ab2346f84d3a0615c032b4379a31f5ff774a7a7e43b1cd689ac360cd9b9be5d3361c98884a2c0f74e0e5dc9ae0747a2bbdb456fe32c465465dd180de88a9d699dbdda18a2267d418cb33c11dbdf0e7a1f85294eec733b259fe2d17dcac837180a4777", 0xa6}, {&(0x7f00000018c0)="71a1e3645758063bf82136fffc5f92ed566aa3580941ed01ad21dea29a817f6909a2441cb45520fe116ef8bc9726a2a6aa6a3b73b314d487880d8a52335e583feff1aef2af3bd2211ee844ff2d2f45dc57343479b692eee51dbaee4666f6cdb5ecaf46f9faa1317ea0ee99496cfca77e62", 0x71}, {&(0x7f0000001940)="c5f12b01f38cf9ae059bead85879b0650d59a44a45302438a206dd07eaa4aead9d7d7c75ce8d475863d9a71047ec805bfc01b34e8abc9fdcbf965ec170b9ddb600e62e60f88eb8f8dd411905c73c0d07ed09f2b9f0c1a82dc68b", 0x5a}, {&(0x7f00000019c0)="e2e0c7fae604c7d2bb6a310d2e5734c13408da07b549d9f676a4cd40e8b785cdf959c2dda5116f8df6171324b0aaa2ed98d33a79d2a0d4ccacc91fe09bb95fc67fc10c0c11464a1fc7e5787675da0fff0b7baf06f5303976b0ad53bb2f86c50a1adafa64cdfa6d3c326caba085dc418406aa9d7305932e743bf5b1377f50cb7f7cd3fe292bb8eb75e6ee0b925cd28dc59844f5efbabe0fa46029803c8b10ddf281d68f7ecbdd0b18689b42fad46427dff38f58c7b0f10bb65cb3a73895cc6a887fd6a46ca5d6d32033569d6822fc3a83c3af7a511ee18ce7d9", 0xd9}], 0x6, 0x0, 0x0, 0x50}}, {{0x0, 0x0, &(0x7f0000001bc0)=[{&(0x7f0000001b40)="03ef3bd787709d475039e8c2e3baa0cf88e057c0e846c29cf325d47d1a1d6951cc6917b05b57d4b0aad982", 0x2b}, {&(0x7f0000001d00)="36eb3e9c26189476ffa27341614d592a145129d83dc4bc58e729fc8506564831cf856abeba08ecc67977440946528c5e31ff0e92a8653d7a56148e1ed5ba188eeddaa32ae759a1216365e893bcef80cea2146d886c5e56040696cd160b3fad08e75bb796fa8cf9176624e87b1a3dcecb477e836c6952f1c16c62e12b562f66b00dabe6eb6b244929f868f04e37dcbc6b308302c301bbf51a7f379d8be59fc9ef7a1024", 0xa3}, {&(0x7f0000001dc0)="7b0f911b67436c9c387a1941afe60591d4bc5c367185e03ec7f4bb653384cdadfe546fb73d650c3f03fe47d6201f093a89c8a5c2924d308d21ff971e7470ece355ea209fa1152a14c3d647997d8e7b419840c07301017f79c8604d8d8a6f70f4b846fb825e4757fefcaf317e44a176ce29db6380fe7042159ce3e6b32de96f9b862c11c4dffd6b34b640c0877d4800d40db302867f3212390b7c1fd9", 0x9c}, {&(0x7f0000001b80)="b78a175c36dc8905da82ea4a580bb0583f8d63556c40ef4906c9764446", 0x1d}], 0x4, &(0x7f0000001e80)=ANY=[@ANYBLOB="1c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB='\x00D\x00\x00'], 0x20, 0x10}}, {{0x0, 0x0, &(0x7f0000002040)=[{&(0x7f0000001ec0)="993d038f09c26456195ff96bd97b8849155f4fc263da6a61731fcbf9e4a3980dc8042bd57a8da87fb79f91a603370efacc1f815427e7f703173cc04166c89ebce6fcce91e26f4acab27daaf8b031381f0116a7f8525f63c9afe6715965bbcf52a2df155a2197f97f1795737d9e79d55eddc61fe0f37f321dc092c2b0ce2b750239bd", 0x82}, {&(0x7f0000001f80)="98f9a72bb2d61747cf164d5af47cc8b63d498e35412c0d06f8e451e66d4011c07296c0d58db635a89373bc483286454b1992e450494065d4bc6c6555118ac21704cc52eb6783c3081e58ab0623e20afe57ac512daead6cf5b289ac99a8d4d25bf39dbc3587fbbd766842358e02fe7ce38bae0a81a6a152e71b8d9cab225682faae9a8c3bea5cb2338ed9b083a8d7709707dc48ea58691d95de31341adb37a3fc626c", 0xa2}], 0x2, &(0x7f0000003800)=[@rights={{0x34, 0x1, 0x1, [r1, r0, 0xffffffffffffffff, 0xffffffffffffffff, r0, r0, 0xffffffffffffffff, r1, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x50, 0x8000}}, {{0x0, 0x0, &(0x7f0000003bc0)=[{&(0x7f0000003880)="15cd90c55f37f5fd9f530cc5c2bbda3cac6ab8a6d94eef6621e260630ca8333da830c341f23609dc241cf96e101661ed33c29035f42defd91f1224", 0x3b}, {&(0x7f0000002080)="2426a44c314841fa6b72cc2726df36aec48c9efc97e2469e0271a766032e39b62ff0142a82e5b699c495f89887300cdf11a9f2a273edc222f93ce28d5c3905c28d49c5d31e61406c8a0adba8b874e3f5a79f1a294917496706084baaf21e72bdc8274e91f49fec1129ad8f2909c7ae52b4189644653c31321c2481a2e7cce2d3e2c4aafaff7675ed589df96998a448309a8e8cea56d3ba9ea82d2a4477cecc866d05763d969d6846299a60d5c34d154bb89f2814d2b516ff6e2e1dd8260a963ccc1adccd9b67b0bf52b2b881b745eb0a", 0xd0}, {&(0x7f00000039c0)="be610381a86a7b43ea6c9fa912041aa28127250b2e5f7a2838e62cb6f70fb700b14e1bedf859ece62373a6c03dc40f5a287519e28ed6c4ab7b06c1a3de5820e41ab4747ed0fc69efafb3d4e9b85565de8518257ff2c158f4a1159dbb74a18ba248b85c963a419c05909f6379f6387ac6", 0x70}, {&(0x7f0000003a40)="21ddfe30e0dff0c8b648d1e50bac77614308a14bf1236acf89fe7e55c7f6c79892a3c3c3417d973942c813feec54c6f4267e7ab7715bdfcf7a5fd97d11fcbd73d61e5247a65047363a609fd23f732da4fc55f386c8c4cdd7ac56a4c0a19539f1bb42962c3952b31d5a32939932776ec1ca47447134ddb9648483ea4cd32c2603bb9288beb686f04b06e98d615e83f1e6e0395e9ab4644ad04a0618e00b6f1a22e68ff2bb73", 0xa5}, {&(0x7f0000003b00)="7becd87485cae63391013391a57da506327f08dcb9a07af4959f4e7bd5a72b7a31ae0c8bb2dd884efe543597095aa63ac91a19", 0x33}, {&(0x7f0000003b40)="e013ab73cd9cbdfb757590c3f401cf972bf1736e58e23b55052145eeb14abb6689aa929f1665b8ffffaf7adae46b3d57bd75d210b61e4305c69999db6f76313df4b95caf7a6d721702a17e4d8b1c525ed90e3795146a2a44acd0f071b927296f397c8deb14734ff88cebaf8b08cc1f84e98095cf5b", 0x75}], 0x6, &(0x7f0000003f00)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}, @rights={{0x1c, 0x1, 0x1, [r3, 0xffffffffffffffff, r2]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, 0xffffffffffffffff}}}, @rights={{0x20, 0x1, 0x1, [r1, 0xffffffffffffffff, r2, r1]}}], 0x100, 0x4000800}}, {{&(0x7f0000004000)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000004340)=[{&(0x7f0000004080)="b45391e7d76a7c3ce47b81030cc736257db8f16173e90e418aaf4ff8bc348f488bc1517348f29b81b7e98cc4f30f5dc819378e437d5ebf31dc3643f6c47ca4b7449e8744954a01c3db2b1da7f3eebe7842daec775f21b89633f10bc91ca353877cd28ee2183557d5b3e8e8266e4cda94f15b82775989eb8e7ee473bf0ec863d8a0401c", 0x83}, {&(0x7f0000004140)="13cf9f2567bcf1b6ee97389fc233b755dbfc11cce6e78a5ff757247c359b8c5595b3beead0300841e36fb0e1dc7beb0d7ff89b20cff6a3de31cc585bb555658c3dc15f82dbbc739063977966f8123551260139e03ff9149c837c70d1ad182a43594a2566056191f617acb322f5f56d55e63d05fb0b462a88cf9b7f7c137b6a0523a1224824b729a56efebfb4cf638bb6102a5c23aac25e7446a6e041931a12d7253ccc", 0xa3}, {&(0x7f0000004200)="e12e5f8d64c09bc2826a761b4234ddee1faef060363eae5f575e7f5ce37c26492240cc601776d2bea992adfab171e1cc6c5f09db40e82550f5212265b6e3f1502c91409a7fd47416dbbf678382514d65023a923eede8cf28d70b628b13cde1c9fe36a7935ee94f1a36547741b1af281524bb4b904ca54f6cd5135e6033cbb02e9173a4cb0a12dcf620207d6a127b9c5ba12f8987f4c449218ceca4367f35958a38fa885c44fb5fbfb7bf2610fa30d8e5cdf6c0f4b96e26c3082bf198f50b184c304c72b1af290f5a75432cb3619056b24053fc548a0983537154c94c7ab8dd192565bf5cb5103dfce450", 0xea}, {&(0x7f0000004300)="bae6", 0x2}], 0x4, &(0x7f0000004440)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}], 0x40, 0x4890}}, {{0x0, 0x0, &(0x7f0000005680)=[{&(0x7f0000004480)="03de7f94313e1eb15f2ec0ef93fdceff87a8f77f541e0b72b66e2c35986564f5d79af9de9744aa929d25c012271c69d841518760b6b74ce286b0d6b9c1ecedc93c51e1db7e1cafc26d1ef5a63ab19f3750625f56e3bb7062b4d28c26bdd435b7894b4be21158ec98304d7d84d612bc5425f9a2f613cf8af3b0bfcd6d7af19b1c25114d39b15b7780b2aca6124857104ddb27afcc31d2d1ee6ed50b9d", 0x9c}, {&(0x7f0000004540)="40ede70016f55e25abb64b52b37423e51aa3ca73b8e38166435552a9f39c1395a1d348fa4dc93545aab7f7d18453cefcbdb61d103fce0353130b76a288e9211d9a5b8dde312596853872e5a2fd58703d71", 0x51}, {&(0x7f00000045c0)="dad58974476bb1a801895f5967dd58159cc87403abfd55843888e8df2ee727daed0ec82c7cc767a7cd837414acaadd7046a0781c9b8dd183576edeef9a0c233112a4c81b832ddf2aa278cf5b9a4b8158fb7294bad2a18c3085991939134516f13324f6c70fda2494c12b1bf149162807b01c776d2a546a65ea7f8b9db015892e331d6453ba5f955931081f1385ddbc222908073797bdb0619f65c4de6c0081f2f57ca2aa7e7cb014297369d4a2d34ee0c1b3351a0d4329f17b7fa69ca420eccdb3e339676df4811f39456db5c42e80844b70087ebb5f9595f4a0eb3df808a0ad39b03d4667b180f63bd2adf7375a52775b97f8b37d575cad6885a28adfcbe40d9af3585cda9fc04a92668d5a651511e4e512277fbafe99455b9187eb60830b467f5246c3ef48e92ca85e414b0c415363f2da58cfaf323a72bb60b0a2cfc5dcb3ab0d6ae370abef2597c489e3da894d82529610c5279a89edaa3e7bb4a1691845c0376ded0f221ff3cf9283b63df1c4ab237142a7263d9a1328befa1b79f20ea75cce27e92499819ffd4fe480754a0f68c678c8f6f1df1fa7804e72f755d6641cd9e154eabe479469228b538e1bbee25c71122b64179c72574fdb13a1250433a5c47c2397cedfd050af50b55d26f06ccfdf0bd0d197ba7206f54b01c2dabed077981afafc2f7a2c030fe53b08630a56d95e9427bef91358933e92e3fad35e0a1ea82d69e7215362fa69f7d6e377c7cbfb02f919041225f274bfb64ca8fe2f89cac866796bd50ca78de16f2629bfa87d590fb598f07ae7196d80765bfe012a529332f52e6bda25d4c25cdd7d4bfe5da40dd94193a256564ded7e0802fbb5df4f2757db0a5730d9428b770998e392f97fb50e343a19ea64a6587cb871b29d64ccb2b9eb9dbf6f8de468979cd3a6c657635448d5ebc377f51cd80edb3f7f8d987b220d8e934b24d00ac1204faa0c43d72f608f6e9c268b4b7719023bc566d331b0158068d93a3f3c3033826bcc5db74d0ce3c13bea4deb3844bacf3aed6573b01e9fec435f8a302d13a30f145f87a097e1fa7f9f5292b9dfdccb69d4c3a808e4fc4b55003fa53ba9288207a86685ce223fcbd1dd47762b4b44de7a0f947b0364957ede3b6086f894442cba2c6b10d67eb4d43bd0e535ca6ba29c2dcdad1e315f56b6094dfcffa1fbdd543f2d6d925954a1ad2b2aa9acc337d33c47ff685d16e26a3f01319d6d4216a1e0540c636711c7c4353a7f5bc456ca1e9e1cfef5f9679d40ff0854f72a61d3914eb7bd037ef4f1c8be8c12ba4cf1a9009fc8473fa26ca20a0e62b2b85b6e661bb49c98bf1a09db1aceb81d53bbe5aebeb5009b044b765c1def97fd5bab49aa3e47ab86f1025898dcd386c30fff77d94f58f27d864650c5f569b2e9250ee66cd8420ab4bb62b08318e418b43a506a50d594f2810bb55e05b4badbd38a10d94d48fe57bc62de67eb416e5d80655742ad00775d1a498c8901c70347f4751656fb9bf32e2f6cba6b6f33748aaf0df8416a9b3a77bcef46cea7f54cef35cd15aff76eb18269d510288839b44b310cf513fa8f1ce7232840f163724adb9412cbff26323c341ee2e024e1dd6c381a36b093358b6097a0b461979a918c9cb3eb30d1fe58000e4228b4a2e4f650b4a04572117a4011c412bc05a84684fab4bb7e9572c56c5c7d46923dff10afe34ff5550eb2bc539abc9f9374fa590272aac2758494283935be997f9645f5112b24d2164510ef02baff1d398f67244a96be24827f8d5c42e6f5c5234c9db31a3d3e9dac9c040345e61e4a3349fb2ca52572ac005f217511f5e49c8e4f8c8d65432877f9155b51674b3a1c2336101700c2d637bba49372e183e22a7801d996e4883e3142614e9ab66b2d1c95e06a8a0f20b8e93a3e26540eaa4ed7438fddafa175ec41c886f48cc2d8864612def425d38eb58bd6479e3b7c96c54ea8f663302e4428220a3d164304ac4bc89ae644b95fbca899a02e44d861458d02b08bdf4c6ecc5d82e9b59b739a86cebb615a14f89bff9db0a0e76eefcf803f32a415594af4af255e6741cd4501b45ce5a4a8206a50b015ed639725539da7a61f06a43cbe8e3df10687cb4fb3c65534b492e63485f4197f1cfc7819a23eba78039b2e8130e3d7a9797174298dfb0b2e356890efa8c27cf0f7f91b0320b7e17fdd653d2415fb5e42c667e60de02a1291e8e804aba97dfd40842342c09a9912d22c1f7bceedea8785e536327ee3cbd3006970c8c7cfff9771644028ce26ddc120e97f4564836e28d5f33aa58efbe9012b5a8ca294916a7d487652a1d43d8b1a94e82579c93593310f1ae218f49fb2d9b10eda32f72a3376389e386139b23733dcb8820556782ee96cb591e198df12d9017c497f32d5985e022a9798ac0a251df0a3cb8ae24dace731a9a5b3e1fd0bb6a467739578cb94cf4437296667ff8136d23fc5c88afed688cb4b9df6cdb1b334485b809e3ecd4a2af1dc3658c9a7b4d4985d6934cb2ad6a8bac48e0df25ab303cc34084474052a9892270ee43995ea7852c17368a19f8c11714606abd757ba748012525f962688a521b74bfc0e4616e9ab107f2dfabcd4a2cf57c93332c25599300bbc86a01884a9ac0865c38ec0cac19924b50d7ce10c3e341e00452b130dfb0b53327a7209a8e1d4d5525c1aa0f0cd9dbaa91830f9d593f5428caef33b89c636b81f3591c9f86968cabf758bd5239403290fb3c9dcb372a77bff87fbf01e654f7298ed906698e6d3a6f4b836a78a61b0450b262fd44a859fcbb08b256fe2ab630281c0b0b6db627207f044ee5d94d1044d5dd6c6a710bdf24f7540aa6caccdfe6c250982e9bb7f226c7ae2cf2ef74036f8e660eaad9aa8acda92d2cb642d828ff9b77d2c672a73595aabfdfdc1dbf3367149628f69b550f6fa69dc293b49465ef66a94d2f150a2ffd5dd2cfe74ff609387b78e1d24647aaba8839aafd49c4b9e3df6b3b3eed654becccfe3d5717dcd9dcc393db784f02d221d7c8e518accf8f601b5a5b53e5efd362e390465e3f58cd9719156906d68eba83bbb603d45b281b586be54c2adf7151718854c498d4d5bf35633ed227b517d4f9ffd3d5957a924fd74f2d782c87325d6e8a3ceaed9b13e4eceb7fd70fe8e6dda0e4c82b320a8b6bb3ce79fb89a5193fcf26c85c9b0897794887c4bf544e8eb7c5520e5e4a03645dfde7f5400f91d495b2bb0aef2e2a0898580727c82b0d32835b44d12c2e107f8bc80781836830b9dd243733fddf1811d255a849acbd94e5b1dff0d8cfb09777f5aa907c12e2338f9881f61d1dbab711b8623bef492a97a1bed9dcbabddb2a947bb1426f55c684f5557e2004c4263a934a80771c1de899790184dd9c23d89754901a510ae43e11c82553102b6233b031eba6a6956444250cf433cda115b1f57759f2bd0277d181289a3f337caa6532f5e9235b3b9119750c76ce14cb80f9e267e66afddd406a625fd86b5638cfe23184248b3816fb88f07a843d72dcfe1bbd4bd928049290719e062432c6a6623a4ed4570645517998d2d46d689a160c05276c02fb3bd0d14eeae51b53bcbacba07353a6fef924931b46cc5c45ab2ac9e1147effb1e6e02e21a97a6ce296c84b94c42b83ec8a7a8ec8109ab6883cf98afc09ce420a71b3450a73bc1630e43fbe98fda7cccb780cd683ee02b49fd5f0b3e88787088ab2d41de4e289c87687f9bd9d4f2e040a27410a3f711fc2fe9b5ccb070e5392e5f859e2809fdf1eac44bd683197cabba4b079f17f932127cbe0d2bf26c82611425fe3c4894e450a42168d8865a80ebfd56b9ee4ce192be31268ee79e439ecd9b88e966a7e7eb0e933cc422298c6bc34aa0ed9458f6d4471b0343b416ca1c0f44fe5937ae168d3dd67ddc93b3d648ad2e23d7d9966f04899eff8ca8acd626a3cc2fb918c591a3445f5bd5eaed0ead691763a0e089666bfdf0b3792403642b33ae62c61411a4d942ad67286185504f95beb21bde01718871b41bac1fa46102fef426685f423e14069ed50898483837306c9cf211783992b81784f3279c20d4b95a4c0c81c686873c56f9ac52edde11fef0fb28aff1b1765d50d57b427ce1cdaf60b8baaa94af94e340a22993bd328d0b94b3fa507777651af0f85046dffb98d754c10d35c350f3ba32dd90e9d764880884d31991e5c3afd2ed70cc468b2fa13cff234c16569b36eaa13272d04b487847d50d4ac7f03f78045c6cfe02ac9fd56d695b4e3076757929791dba67f01ae9d779ae559d79fee6d07ab08e37b20a4ce7d9fe4b54f2a9f8a77dd6c933fbdb34b8d87fe8caaf15580f25ab14e488138c1419f438a787ae63f2b3533f77481ba674e730d17fa4194c1c1adb370a1d5a0ee11608dc22f7e2d4cc9e1f82cfc392a773634a3e02ec6f85ea8f3f35c8ebbff967e42aa907ff268a48f4e230ae2ed25a44a9ec953d35324b4b9609a54b6335ce0c1d5ffe0aca88574587bc5a348ebf990c780761a72b9d5bfd670f3ad8535a16aeb2afe74af7b339c92933f43ad6ba78658fd58e7674a47b3cb892e9ce7150d411b4b214f8df0e5f373a6d0ba61b7e0fe1de7334ef0d679865d456ff23403081a7a65aac73d1ed3062c8a743821b294a90b871fb652aa887f6e88749acd4737bfdfc77ea9d315d4e8bf2e389149233f54a3d93ec973685682ace0bbd68779aa9d041c1e690b29a24eb4ceacd3e71f4d7d6b40688919d5bf67ef5f7085542642bea7240677f9631572399f66eeae165073c05eee17391fb6b72cb2bc72ea5e93573a21c62039390b4e446642923d7982910ca850a326d6a247bfb6d073412590509a67001a7e20e75f9b3bf6a2a9cb3cb8dbf383dff7c52fa0c6033dcfe9691be8e32e066a3e640a4f9d270a883118b8b824aa5c060848a6b504e1d5b905bab74d2b29c5655fcfbe0d13565e4d7ad824fc50cdd6106a9566baf0cb5af8888e82d6f9a991ec99fa24bd808fdeabd55ce3c155aa1ab24ea3708215b19ed237eb4009f51c6a7beb61d63b9d3797020105d7c00d11508cf60e12f3cfcbf2a1444336ff56e89a943336c6f095d40dc08b0efe17edd8c89d6d02a9f80584aed79dd476240310237ff0617856f9cb05ef86f2b3ba498c7dde17e7c02d2d3282d21f52d4de03b5042d41d8aa3e849945fc30adaa20ef38be71219ec9fda8f5a49b23763ad4205032c91e1d15dd8ce3ae54f50b9cdec3978f0a5c12e2b90d5eac98885aa94e2959c5b35e2501f992ce2039f913e0421d970e353136b2b3339083993430bf26facf4adbf870ed260327ecb8a62b6ef1dbf47d98b88474677dbdbb1480d7b8f6c240ae82c8f019cf36c66ea3e4822f4a676fb414a67fa9fb3e742d53d176c7defc441eca3d7240032544f53c3ddf6198f74e03c1b63315a1b4bbd47e171e46e31b2e60ee8ddc0186aa90865459253154d69a379b6abcbd243605d641d39319688d98aff5bc4008d67279ccd08a227d71bb12c6862a78d0d6ef7e55c336ceb29371b83650f3fcd08f4b55d3dbf54eb788a7428e7785985b571f306fdd65db3aae3d0d91b99ac3ed7ecc55d98bba60e3961498e94caecd75053cfd79028b37ba4402da1f786d71851c58643d5abed8ce699d0770fed314dc3eac5f311a989c6b2a73e3b7477e3c84f7198632b102c6c1bbdf4b7271a29ac89cecd39b3dee468bf958ec0efbc9afd41f93746064dfbd8084ea4610a647f890efd27486580cf06b02787dd9f278b0bf4722390c6e7c9a3efc79484a2702d43744e4fb0e0af6e51c9cc2cca353816440390", 0x1000}, {&(0x7f00000055c0)="f464c0aa7a0e14ecb73f4970251f5990ee2ec0c3afe7876c1859f7a3da404a1abaec7547f12984aeea92cc21e88015bf4bbca3c629e159eb1e7f0a47e1e767066d90e8ebfb4d2452c6f16f0904b4e07281f3c4e0e6141d6c1be5c88e13b2d00fadc63f32886f59b0ebc34cbf2f36b2d77502094f6b64818d9ae17247ec032ed00054ef1f3d070b837602d9ea25eeb465cbd93b6d22", 0x95}], 0x4, &(0x7f0000006f00)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xffffffffffffffff}}}, @rights={{0x24, 0x1, 0x1, [r0, 0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffffffff}}}], 0x80, 0x40001}}, {{0x0, 0x0, &(0x7f0000008080)=[{&(0x7f0000006f80)="b6484529dabbc0782f0d54b2412f452cd82365ab291b71ede448a5e30b87b4ba2f90616bcf7622fbe65f954e66d77aaab55fa841e326cbc7b6ccab025b9f8a8bda761c9944981be04139de5cbdd3b236813fe9", 0x53}, {&(0x7f0000007000)="8209a07871d3759636424d2715086c22655a5f47009e5b0213ff70d4ba19b6aa3b7b977ca76bcf1db5d537c15bda302480273d8f2c3d8aab267fa890df2e858ada5b92c97646ee664d92e88932f48c7a06b2e0cfcc04fea62f76f6122b5f6ec01cf827f1a6780bbc39542854dd7c70cd915f2ba7", 0x74}, {&(0x7f0000007080)="5eec36dce78e88f869aa19b259716d7e16a5611ac164be824ce797e98527267688fef1d22225334b61c103933cb3d908379044cfc57d8c11323f35abbd53a4e82699e75b3f1021e13858beab694801bfb4620b6f7c91e1497ebaf17907b5c673db464ffad73cae1900f145e6bed796859678bc5d838620bb3b3387c2173d6e94762ecc3dd0f7e357eb1ba3d8ae1a2429ffa344f1cf991c34da4d6b28fa4ec8fdcf291b1410f356e31729d3a3795a425a2e7c5af9049e8801b04e04da9b601577fd606ee24e2f2c9c4c6aa201fed2ecaf133efdfb0e49114e6c35a24ce1ed6974f080286a5f8ca92aa0259926a0e1bad52cac2bf04c6b687414dda6bcb67bf38eb71c747149b81a5236a1a0a8962c7a0083a813ae15dd289b21da9a297a1cf2ad0be796ca111f72ae8e26f9aa6f3a2fe864609fc54cfc1ea1b2e37ed982dc52e87f8576cd3247d6867edee393a574d87c096ebe53fabefd1208d91d178c29184055e3495ea887ea9ef6e8510d70e0db4598298c7b5963650523ba4f313b30b1d517f0f76f16fa1f840ee8dfe6087bb16866c9e51483f9d19f17644bb12c615b546e2b7c67577bc238a6c831b3cedd594fb18958ab757cc3cd0512103338c8c01ad5d831baa24682aecd7804d1869dbbb401883ae4ffe874c5b82cabdce05b8fbf6249c03de53e6c86d175d51abdb463ffaa33ce4f8067f8cc8ffa85e0263e3cbce82b1dffaa662212b08f742264214a10448c5335cd24e93ed35edf30d5d4b625270350a38e4462b2757c6c649fc10b59fb9dd01ffc05acecb54106c9777439d617da56b2f0ac6bdebeab0a7080fae80f22d4adcbaaaeb7a418de098bb3dbb436693f4aa6e182b766bd218b7788faa72fe5b6fd0bc3660a36868ed2d635965763448afbafa18daec7c7274e8ce51538e9655bbfbceda30c52c344939c39ad64d8024d252424a4db0af7d610b4fa2d2010b67a9bf8f939c541f29742396994513595018430e82495c4be4af9ce0acf4e57939136b440c202bde2543a1c0ef43132e2cdc60bdce33f5fe05c055af605848e63a63b8fd7027347d43d9ecf6986b13229c647de43d64a0ff5639dff3a69996b394324229e3367d260b56a0f8379994870b26fa264fac135a9765fde02c184c96425fe5fed9f93cfe817c94d510835fbd9230830aba6304c124e67a6aa314a658343cba31d59207fbc6467c1eb73899f2b9645f783c501ee46b887a0b72ddc37df7cee6083091ed841584a06937ba8b3177b810f2b3515995d7f384211647fbbc4e44f48abc02e61aa4601d06838feb86edc28f103c3298a30a7d7391011296d46c1a11fe322b7e3e414ed9ddd136e75f300d94380e3d7bb2a43a5b21a44dae95e227cde934e29b87f0d7c35ffbba565478a014caf604710a5c23b4397c05d97fcc7e24905ad8257c42b0e32bb5259f3bae00e920b993a1a0f05f06cadc2d563bc8172bd5a06a450220696d6c7fb836f446afdc66820e2344b6586f0ad3e2e9ad1ab976f8ad8bf7a6254523f3a9181e6132463e39d59266544bd328702b408e02fa7738997a473bf47972f8de5e7ee3391a0437609406bd10f3187cbe33683ce2b7fcb121c6c04d44c25e95c756e53043b2f207ca5e6bc9355adbceac89fd4a351e79b7d15d721cada6348afb74b3a97961b963ff4169eed0cb5b681cb5047208d1ba7d3a0ba6841693a328b15c54893ad916783a29a8874056f8b76978542532bf10c9caa8a1a5e49fc1adb4971a81f745ad11e6b4215f0e0cd9a614a38a50bc00747eeefbbb20a55395e74f0fb985fe521ec06ede1b87a2dd4e0095fdb62106e55d808ccd0db2cb2523f5a01fef86b6540b25ae2efcb629a1bd4a1a6155316017a1f3e896adec589858195e5de70116897b77453ca389fd667ae4944be20e48d4fb43ae511a0faa2e38d9b0db4e631a77686b660e2b36823e5976af67e532777b5c2e1aa7113cc8679400a457c7ef4809b22300cdda2ad4aab04eb1df938b72a398f0d1b38b5a4ab1efb0df3fe9baec75917472445243319420af3e101b0bdda61beb49815965b527377a2f455f073b6d2132b98a1a9aefaf0daeab9f2fd270f9bf1eb8cc073cacc4f761ff140385acfac0137d2bf2377de823f2c3fc82c6c03c3a27dde9aa3c036e19d029a49f113e7e9f84bb21945e3b12d736f861a69df208641cf29a4c49c8e1b71bd1dcd515610479959eba48c05705804599fdce8568de11e46a90ca84a701751d35d4b7b9ba102c7ce9ed07a8387c4c8195643766cd84ae0bc21d521fccbe599699b9eb2dac59ce2bfd4202bb00093503b5ee318a2b31934e0bd0432d66eb9bb5e657aee9791757c2a028ca55e320d6aee4974174fa0180aad08cc5705019deb3e7d9ee04cdc8d1d2d67429dfa62dda6fec1fcdeca563be3afeb97056bcb49cfefdacf35415e1dd8c8f404e6a58cd93f5bd978231cf282e52f989d76f5d4e34c4f580cf638572f1796d14954c877893a3ebec6e489416b2a160ef48afddb2732f6777a5fc3879a0397947c87b075ed626953e2697e2f8fbd99061a5bae1de3b88934cfad1670880ae36ab219ca0c1a91094260217d471de444e30602d5028b334ecb47fb5cb15fff8a88befc88170a789b0c02563ca2e9f1b78950dbd0bde638b915eea35c8ec551ce9dda504fd1abeef945feaf20309da4ae90b04dde023fed5239564e7de3667416d08866cdf2435b6274b991ef12b0b30694e0512ee3b3a250ccb98580e7578c5d77416b2e6cb0e630fd9d836d9b90c8023e083c40ddf079b3b3a82e8541dcf143929f00285062b3c66e2df7acf720ff823907d16d1fcde385d7586ca4b715b2f20d3b4ac1a1d8cf694990c42071e63d33cf86eeffe773962e3c5a74ace359b24f5c3328a440e61a13f728383a25464e9bac2ad8d924ed9057be4355205143bb563aafc9569ff7ce717b32f7bcb1627397a4de7ce61a823983497abaf12a4854b604067ee15842b77216f7b4ff2053dddd242c7e3369b50d13e4fd163e259b35a4d0cf338cfd3155bfd37ecec4e3cf947a726276de6a42690bc79655c068caf78f521cb6be3607998d2e22addc5f02ac1d2278d2d7e44316b8adef5433f2da7f51d60f64d9f3acccf89343265ecac714ae33993d3713061a82cfaf78480a7d509d236ab93cd32e2bd796cb4be29f75bdaf47c4756ee20cc119415cc58921744a010fdf66037a89bb2df9efa80dbcc2c2bbbe65404b5e8d164c0829dda0ae8e13a4756d8051dd8d71582a1b24cbe7c6099de6629ef3ed0fd5f5e32d6a9658fd0f43a093d064b3634869cfe15f48a2377254f3b1a49d39eb47267e726a4eecc9f944e0f9a6f36f54c1f8492e04fb5c545f63aa8f0459088a382fed76bb3b9923eb715aacdcf421cc1f60f54e7b45cee2343bbe2b7e5170b5ba8a8e81953f4cedb3ff2c8c2c83f8fc4bab6be9139ddd4d0eda9655f2b849695564d42a7f5e3c5f8c35db1f01eae15ddf22bb042cf71ce49108a2b2df21bf2c66e2e7379fb4231c95b28984e80ee302005f817ed0a9e6ae2ce04d7048bc7cc080652ee5492f48138c8d37ae9268b23e6e36d2d24cd83ad47adfe1600e4ab71cd988e67f6f8f64492039fc2a93adfc45bd14ea8c977831779152adb1ad5e425641250159a165a8d8099b3ce78aef56a0d64423dbd962b65780494b7200ef3197e920c23c85175d5529808f3d724676095590b74292dc3529fcc8cbcff88e670682fe52bedae7550ea4bb96d2334440239e305725b1e082e8bf979c338601e1b224dda44a6fcc888a386feb87811d483e2735bc853d46a1c08457dda8734605327f952625da3ee6310312e114364afb01dc6c5c882a9fb2193db1615a536aa0ee70c420d1435193528861d8d53edc5215eb3a60b5fb8283b7970815ff6252514c0dc7f6d63e3973dd3e7ffc032e7ec3154eaf87dbc2a831f530af060a8576abc9f61c2627063eb2b92651ee453901f784156dcb0ddd3a5679f853d23a62a7b316c78dc362d5a1f68114b5bc66ee808d6d2ed8f04d3b40db65885160b2566dfb18b918a0e864fbd601598f28b1757a78edc4e30f6a4a42d92010e8e5cf89d1d38d555eb994e3416b49ce71354b21d61cd85fad19768ac1ae5eac8a1d35c620541618825dc1bb09de912c602a6c9739652a1cf4bf04931104fbde2c209025bb089065a5a727d42a0f9a046450849ce29bc72ac9c32a2137924595aea1e56e3fd53330c9e217c4c3c39d8a985d3e4e7537bf4f65129b161134c78e468d5627af920d9f7abbf5f5486f36b7c39441835b4e9cf779b10a731c8681b8d4d5eebc77e8197a22d90739fe08be2a0ccf07f567d38becb120521f222243c2c803cd67f92d5d66fca46ac10056ec2b81d7ba4945a9b376490b940bbb502262622504226b410dd35cbd3a7c845468f3c000f21b08ab694e8ceaecc09ed050e03af036fc2d965275ab627ff9ae8bf95a0d13797c851690a13fea510d14b8fd9b7b23e3aa632d5efe6006bbdc329ab8fae971a8241dc12b5a3b5d372472615edb78d22a5bc9d14e4ade31441bf1672d7b6d6992d69bc55e201de83a0309540c63cf34491203e91ec57d879d12774537012c81d52aae62746387ef93f747ac833426cbe33f30275b9cf3b081689f9b6d3679ce0f736feeba425cfff93c9608f38e946c0788888ecd321e9f8b48594d8a9499e90c39b778c485d6ab03a7ec18456f8c6622729556434f0c8263a3b275aaa59a9e41a9ba0e1897c6b29fec45b8edf440813a0d9a91b77b6c1f4acd7f998ea15f665383e6808fbc5b3880e3ae798418f9cb8568c7d1a28675b4f12b7258f6a1ce802a37f3b1abbf40b840b94f27844d2c477520309cde1e65a2bff20396cdb258e2126337d15b36eead41fcb89722095a9cc7161f367b43fb23c232fa74baed032a48a5d4b695325a487b87f5117816613cf263a9291abcdab2cb7c6f52227e991b551f2fdc48cbdff3115ec0d5f2c11f6148f67fc47af6c149ab9dd5d9d9e35f93631da45b444f5cf743936c9a7999560af3cb7c00545fea83d4234c310d58df1909ea2450b897f548c1c2db9fe338367f574b0eeba98e68ed70c76a89a2decccbb598a955a5a962a89975d87903f133f0c5f13cc7ad9352bca7e85c7c6fb1898204965b3789312c77936653005163764e23cb6bfffab29662717eeb6ca490e700c0ed3c52bd54a6c7d3134db61abea59ce823655017a863ab7a400f3b530525e790bac9e412272af9ae7b4225f930d75d047da445a4b8f4292ac650218ae2094cb7d0c28984072ee8e460024a54f5de3a26753b262b4094d9412913ef6b8529dab9787a3aca5aa62bbfdf356cee9ea17cc6b94c8ddaa8d29ad043f978cfdc33c88566b7aa1fb654f86d1dfe34b451b58aee2ceff3a52281a11334fb9a16e702e9e08f90da2071482587dd775894dd8c282c0dd34215351f925a380812a10fba0ba906ad824f317dfce5b774edbec9a9b00be5c005f29959e410381145b07cbf426435dff60a0a924cf83ef04f0a041e900b8d242969a7d0b8bfedb4dd95eb4c8287db443084d15e9a095d9631db30f60a72564380a2c9d70a6b8688f85bb45de746a3317de8de5a0398bff8fd30938660f52b4c81607e4674c72d14d1c758962be0eafe340200f0740cd83fd43983ad8fb57ea1650ff9bc1f1357b8f9ec237608711926e7e66cf9d4929151973c98cd9ffbe914585830fd661ec276021e4680b4dffe8aa8c3c956149689db1b822a78fbdea49c33ee1ad9162a6891", 0x1000}], 0x3, &(0x7f00000081c0)=[@rights={{0x34, 0x1, 0x1, [r1, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r2, r5, r7, r8]}}], 0x38, 0x840}}], 0x7, 0x10) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r9, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r10, 0x0) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x2, 0x6, &(0x7f0000001500)=[{&(0x7f0000000300)="08294cf3a8f0ade060a3fc3b39921a9db6881e90f67995995ef6f97cb662c56791d1443ba0ec54dfacb0e4fadb3df16ffc73e2fc6eca84380b0ec46d98de50bcf2d7706f1c2475f68251b4e28e77255aa9301cc415442652318fdd40b9ed7dacc3666942d1ac9775d536e1a530f917a3de15a08e3f7c564685c4be7dde8e8f84197a34fee930fdd42c60b2335bb619ddf02ef196cb39cdf3a37ec7663f3358f54ff1a904afe7d8c1b7f9e4bbb244ce7fe6f1e183f86f762b128923688cc072cbd55164b948bf22f6972742907b3f8cfa924570b2f893170fb42b4b3a912a5ff77b7809597b30562d6ace6654edf055715b2dc30cb002b4b8c7ebde93eec87051e845facb41a614c98b9066865e0f4d11522faeb8ec0e159088d12903e30e234fae43dccc93308c91ba4a9c60fd57950905c8ac7cc1c7fc7feaa8fa77fa8904388f59d359878bb129115e6f3024a90ff966ddd368e2c7d4cf19825d34f68dbb0548a03c45eeb58176519fb9210849ad2c16da2e5fc908e6d736c7d80a2f8ee27e8951aaf547d4523a0eb34b2bba6c3cf76d9ca12cf0dc5faf7265fd5491ca6a8a751e065a167b37a1925e59c98a12b31ac26083e1c3dafc1fb8cf0437e75731702eb541fb4b291a14330ded2b5c84ea91898b1f02e6991812cfaf2416d7aa611bef449eb49db1dbf2a893492f8b7cce6c769804ef8d870fce32fba79ee1c24a21373ffe6cd06022e3bcae63ebc560130185bfe494caf588d59fa0a97d8f27f9e16f4816ef42d1c6f0fecdc492987fece9392968f677e8fb8835d001e29ca37952e23661d1b0ea8c6c41b49148e8189699da82b7ee8b7fe8d2d77e1146cc5b3c1722b2d17b598fa7357315bd97c7102b718d673132bf834fdf6d4a1c7084cdb03efd5a16ce4b1ee792881ac1b34820fedff16b4d18bfcb0d5d48d220e4090b282ecede0bbe5065d2e20026488bcbb62414ba92e21b9f3cce6930709f13b707be76802ba2548d5a50d1559a753531fffa0f85ce438078a16fa0d8f18accbaeb09030bbd890833e46d447382e280ccf087514ae0db69ee6aa47f7170fa8863e4721d5d209db4d76549c7c717b759e3b041301219c3f6dc478b356ddf17efab382ce952ea782c54eceb20fce13125bc1b228b27dffa0e8359e07b1c4a0855bcf87668624382e427cd1566579c25eed2f115d480a54311d364a2535720487f1159697fded54df8949f4973623d0570561a6c8e47d16abe896f1f2f069d19a1a5ea5fdab56a33c5634b150a2a09ab19c719d6b607aad7d896489dd13b8291bb3d4c598e39c4c5d5a471f41ebcb803458d19048e0ca246ed852534eb645e5b3e1987bc6cb4f7d7d0d120b31f09ea91a75c6434d551ae8b6c5c743286992ea4a5c4137d846130c48a55cadc7d53241c4438f7e376a0adea79e49393e0aa70d6734a377bfd6f503af1e5260b37deca3a849a16fe347ee001608fd4850197cc4f9eb0142070e653150f20f75bbf425b0b737496cab67472ec5ec66cffbacf21f808cf1d3711d0c59497c05f4c880e657994d28a64ed016733106b369b4862fe3b07b01d124d147e121471f6485f02ba0b0ee0245aef3ec36918ee1d74e8140cba94974ffcdbd65dc1ad8f505f1efdca2fb12091d399031d61aaad5ed44ada2beb48bd416cb9ec687b87c222b5df85cccb79d4d3e63410f0b351548d43cc9dceffd0a0c9312741dd1d9f7d2c5ba80022f5224e45f84ad4e629975421ff206a255b16750da33230677dd68a4407baa05ae1ecc6c2f36fefae48835662282550740825506125b254ab6c3bdfb6759406f2fca22a6e4b368f526cd92eb38f3ba77dddf18c598d7e6021358fbbe0a5db9b0c01809eab24a63f29d48eb08f9734b0cd28c65f7e99d674fe7b204333b0723db1a1c4f8566f82f1ac2f830264debdf909eedd7844a7c10d9e1b0b75b4fd625f19571eb7f24e2567d875ef5bfd2cb63e19aab7460c0dadd9b7f0be04d93d71ca453176b0badb23bbd16c45076fcb7c680620eba996f935dc85018877c2c52be7001abe39d315ec5f307a4fec64760cffcd4cdcd33d53c5095ee948f19d00a509a23e56ea0d5878f9ac9ba70e9d5c61451ac39b0cad1fadb507ab8ce3692c2a29163f232f4cc3abdc0740131f2815423d32161e391f502c33b484edf54b81e5dd53b9953f54f032549b99f16014a2daf262301629e6dbff2d67233ef9e1d3982639253a56c02fde2deb8d9203ed663e0940b1c5941b3085d603b42a598d0ceb58cd1261bd42f439845e785fb3d6135be21324ebfb7453dfd22c9e14a90d9cbc88338d89f3777926a20ffeabdffab6942eafb80832d76234797ce795e6b7bc6f124a8d1f4e11c38220c616b62a03940d93c24d0094e8cbace950692ca453f8d9e2e29af3760d83fa9c0f956dbf130a27292207cadc4c202a6b7145eb4535c378c70bdb2c012d2c91887376d765668515b2c437d6a5e7e92fd6ba592bf76ebb5a2c74cbe32ce04723cb16b258ebb7b40756155efd649c05b014578e0236d4079b0e08abeaf21f54601de705d87a38171eb3dd235a5f707c3110723b171ebcbca3fce8847f5b2231afe657fe7860f9023dbe814f9a47faf25f46abc217d60aa80799ea2d7787878a1f341f870a8c82b25d5f60f362c2e3f549e5f0995716286a1a4ddfb64f5a47abe2313f05cdc73949433a662419e381f6d947d89eba8b85d552a1302f56b4567ea25e4d0b97247eec6d3c3a10ec9de7e737819be659eadb76d1be35864656046abc5818d46b918311f1e2d1bf13381ecf9199b81a0b22bc756a418140bebd2a728702e060a0e972eb029272c322390fdb064979317bb1a3d7505ae33be790810aa5004300619bc2eb24604d607479261623a8cd9f2a1bb1e29c0770d398d07a8964e08ea67b67ace007695be57e2845e45dbf062ff6767bde20c1f2330e67b8e875deab1949b47b1d02bdbf83912d7ad0e6b791e4e1e28c242b53fda47fe60ba5cf6686bfe13fec4ce639b0086797d8b4bed4b80d7c560e6790b118f632b7b3154ae57fe2fa6cb9025d7c7ef5df363547d949557effaf9ad1707d5fa07bda126023c4d46aa1a7f2c4de9253f5c471e5dc55a5127764243169453a4f9bcd2f92216c95f9fb992ffe3659e5e32182bbaae33de9f62c7d792d3f9925705ab38ab14472a09764fa06d851a419f98a7395205feb04e9754758a6e1fd4d1f921133fc92fbcc5f305b7f46b16b12a8e3d0d05b2df4f56a6fa4b4939ccd06fb40d781fd21b3333e3a5e3d26d90cbf0e3ab0e4f1a4f4d6257aecb02b25a8124587e6ac55d76dd135de955dfc9090e5f8c8d9f551e7bf3038d710b86fd5497788a2b071749d9bfc69ead09896937a41b1fa081cecbbba27f589f6b547885beee59afa86eb39d2a5da9187b46d2c1b6dd57255a233e425bc209601b6295cfe4601fd500267e42d3048cddef9b1d88ff1cdfae875cd71a6cf86eb41ab50fa5dc9c0cb7d4bfc0410752c1d04e6d78ec9a52db15eb024dc075c2e5111c29a1984389b337bca668d147cefc3f4b6c3717a004a8a3d34808a8b4a3f52f07fdc2bf2d4494f3fca14c2bd380f8199c644131e385e0b30f91b331396b2b81a36f5176fa199ef3ad43a18850cc9d60127c5857f9ec60e79f6518eba6c4e4a5d1bb2901a8dffccf8da5778a7d436c6635f9c2eb71bd667c1f6875b20e602b09039344ceb7320e0595a00f6e802309972d2a3933596d8fd1cd7889746689c9306827b339aea1549cb83a5509c48cd71f0a3964ef1b6d464c3406b49f8d9d5d10802938eee0ea1e3da0d8ba8c3d1d56a4b7dd32b19bec9922bcbd24d9bbe1529af6b1ddc2b8d954ce1f31b9cd72d8f682b2df836340dd127625500bbd9c982a874134e6740e29c606811c66fc1873f29becac4f896032d7b69b0113fd669fbee728f8833efd9a0c5644f94a44f60b5e0f9e343bbbe46ca0dc124a66967d0b074a6cb2f894e6dd42c3bc21b87c90d914be8196d4efd53c21caae4b778017c38474f2f675fabeff979992a3ac32f52d04850356c57aa131873621839427d904a7e1f09409a7bd7aee79bbe8882277f165e2fd6eaa05f9357f0b0b588f4ec5272d44d066f719a31d7af7f19f83bcb85a3fad02c5b87f2a825c52ebc289a27c2c3ba211bc83f61363ebb101817d91a2db76a2e04922373e6d77ad92bf54ad8fba8e522ba521da2a2607a039f686d4a05a9e6c246fe971ddd889e69cdaed5c3cdb7851d72b5532519a8ccae4e8fd260b45a095de13f6ad51554f2029bf6ec2be21e41dfe727c33e97017e7dd0953e701f37d9e723671825bcd4893b31c03b74d64cf68c4adda1847e114859be28b7df94eeb55b7d5af92f7c1f32dc609f23e4f85ea30d8332f18698863ee61171ccf5f0402dfe13a1e15ff57936ae19b5c60d6ea4c1c72c615f2cf363573d76daf77b8c12e444641d5fd2d9e2dee1b7f19b19d938319424ee5a41f88291c4ebcd0e01b52873fc138bee10603f50a6d0a8b3a719cf001583bc7515f2751da08535cf6e5d882719be49805a379effb1977338c01cde47a363517d9794c630d5da22dd4d08941bb8c54e88b47a9f7d518c37afd6e698af683d799981332653220e1e4b1e913ea728b3c1a70af97e6b0d1a9787ab3686620bf16f2e7976f92f008e44babd004c69beb312418108292c494f1d31fd8548e644050093a6bb09b67c56cd9869033e7724858012ae56a6749e59790280613d62c8a9e49adbcbdc8844a3cf61aa24211c6ed27bc8f4b413efeef7504835f0dfb2bc874790bb00bade8642be0527c24f9ea40be71fa5f701247be4e042c72c01b8af74ee6ccda6051da1fc3ebba8aa25214a0172ebad03142d757c63cf8b3afd78a3647337dd09dad87be193d80578621f3681db67882d65d735dac8b260b8dca8315a58c557081f3abd391a9ab7d67a0d1d8e04b011ee8576e65ece0e30bfdde2212737e9b98b2a1f9649c702347ae069dbc3c46c42a6f8550f4aa8450de24c60c3f0f222de48b48e8324f3b2b463a0b5679e14e31450f0d25bf5d91db566e66e2410d1b5e4e2822dcbb2bd6736a66c0b2c439c1e702e5a72842b2c916620885bead9d9a52c572254c32d2cdab7db6a9b430814baaf30bddf243b8ffa43c86501049596b960f53291bf8435c1676dcac7d623a06d4d8f89f50f477e32db73b9dce982ac6c9db73f5ae2a49bbfd6b5e15c35096d1de8ecd9e27e401f23b3074e33a47df3f9843441fa3ee64858c0cb67fc8c4546d32c574088f231a7a147aa392a4c97e1085aeb84a34d0fd1433f729c200c4eb92a9f3ae700f1afd53373f0080f320be845a8947f4961b36cd0c45933daf6ad154749f9dcd0ef3ffd6f1c037af6ec9838d95eb7c498da441917a39609661e0d714d5a7c476626f65cb3cf92aa4418b81cac78da81c6ac7dd3262649819f347399862f845fd3b90261934ecf56d448a6dd1e5197817c81a2764b23a5c8b00fab81e39faac22f6e5ab4d7103d3d768cb3368d30a95fbd6d69f54dfb8f3223b516d718c189217be0ddb53247b0530eccd7b646285746064cdddfe73519eadd6169945bc2442bddb45ba61c201317a9061aa348e9c4751d854da1ca47d424bc051f46e7ad982330f28f2e7e489f7e2383d3d601d3e635c6cab136cf649649dd3534b686ff5c10ff872e51986f402a4c95faba86d1a45888fd2f6a7ede98115311a5f79549bdc1f4c6c583f70ac2d2d73f69e4f35124d258b1831702e77f23b177c800c106c38ef972a3f679d0", 0x1000, 0x3ff}, {&(0x7f00000001c0)="b705a04091148a49a0c8d21c692d9bfd5167247b8c03e6032ba2c76b5c53125aa3f61d8105960e2e3832970d121fc44aec91c62ae8832e6f058ba002ce5f2b53384654620d693bb0f2a515a0974ade217bbbb34786abb4e2fe563487cbbbfb44b7ed2d9d44ecd9b3bb805268f5277482caca32796f4607bd75d5", 0x7a, 0x9}, {&(0x7f0000001300)="ee0ae0355ef78bae5bb21ad55378a7a49a591547e593acd628529cd9a6dde029e3b5285195eb12675446234123915ddc440d48e311421d73325fe1a0543d3eb6f2a323ed284e519c60550218a373aa87d6c91d531d852ccbb5d0049e7bca8bb800db0e1d43c371be5e1c853c104b91acc58959255ead21a9704859d05aad8b67dc0943e636eb6da14b8979a271023d7ba8b4757404059259", 0x98, 0x4}, {&(0x7f0000000280)="47b21b914c505d19de2250dcb3a64cee2b93351af0219a882425", 0x1a, 0x800}, {&(0x7f00000013c0)="df428c1a37d52498114f29dc73b95e3cb115dcfce5f50b5d314d0f245fe72839866eacf4368132c9ce0dfb3f5a1771ef8f3193bb2f8703272f8647bef6fe4b6ca8c592ebcf6d8580381eae6a74140749bfb8459b35023a0fe8a805fcd86512034f624374c5d08b3f29b49b30ff5b09c06a5b98463f21332cfd69697ad7642922ed30182b2dfbd59cf43c6298691c6a4e4a3f0e3c66fba27bf94b0268e9c80d236ae79af2aae8d1d516ec4c14eebcaa90098d66e341944132f28710f780587776bf298af5f6ffdfa4ffdfcfb6bd8aef0a5bdc567616", 0xd5, 0x5}, {&(0x7f00000014c0)="5bc678d81ef3539d16e56a78cc51accf840f0d789e89", 0x16, 0x7}], 0xa, &(0x7f00000015c0)={[{@shortname_winnt}], [{@fowner_lt={'fowner<', r9}}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@measure}, {@pcr={'pcr', 0x3d, 0x3c}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}, {@audit}, {@euid_eq={'euid', 0x3d, r10}}, {@appraise_type}]}) ftruncate(r1, 0xfdef) 11:05:40 executing program 1: creat(&(0x7f00000000c0)='./file0\x00', 0x183) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:05:40 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100001300) 11:05:40 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 64) 11:05:40 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="01", 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r3, 0xffff) sendfile(r2, 0xffffffffffffffff, 0x0, 0x20d315) [ 1770.875640] FAULT_INJECTION: forcing a failure. 11:05:40 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 63) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1770.875640] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1770.877222] CPU: 1 PID: 11521 Comm: Not tainted 5.10.222 #1 [ 1770.877881] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1770.878707] Call Trace: [ 1770.878987] dump_stack+0x107/0x167 [ 1770.879361] should_fail.cold+0x5/0xa [ 1770.879752] _copy_from_user+0x2e/0x1b0 [ 1770.880130] comm_write+0xbf/0x2a0 [ 1770.880428] ? proc_pid_permission+0x300/0x300 [ 1770.880814] do_iter_write+0x4f0/0x700 [ 1770.881149] vfs_writev+0x1ae/0x620 [ 1770.881442] ? vfs_iter_write+0xa0/0xa0 [ 1770.881769] ? __fdget_pos+0xf1/0x190 [ 1770.882095] ? lock_downgrade+0x6d0/0x6d0 [ 1770.882443] ? ksys_write+0x12d/0x260 [ 1770.882759] ? __fget_files+0x2f8/0x520 [ 1770.883094] do_writev+0x139/0x300 [ 1770.883389] ? vfs_writev+0x620/0x620 [ 1770.883705] do_syscall_64+0x33/0x40 [ 1770.884035] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1770.884460] RIP: 0033:0x7fbbbec6fb19 [ 1770.884770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1770.886274] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1770.886903] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1770.887488] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1770.888089] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1770.888670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1770.889259] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1770.922866] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 1770.966700] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1770.997944] handle_bad_sector: 2 callbacks suppressed [ 1770.997956] attempt to access beyond end of device [ 1770.997956] loop6: rw=2049, want=276, limit=128 [ 1771.009141] attempt to access beyond end of device [ 1771.009141] loop6: rw=0, want=147, limit=128 [ 1771.015324] FAULT_INJECTION: forcing a failure. [ 1771.015324] name failslab, interval 1, probability 0, space 0, times 0 [ 1771.015793] attempt to access beyond end of device [ 1771.015793] loop6: rw=34817, want=148, limit=128 [ 1771.016550] CPU: 1 PID: 11528 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1771.017941] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1771.018625] Call Trace: [ 1771.018856] dump_stack+0x107/0x167 [ 1771.019161] should_fail.cold+0x5/0xa [ 1771.019471] ? create_object.isra.0+0x3a/0xa20 [ 1771.019854] should_failslab+0x5/0x20 [ 1771.020183] kmem_cache_alloc+0x5b/0x310 [ 1771.020513] create_object.isra.0+0x3a/0xa20 [ 1771.020875] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1771.021284] kmem_cache_alloc+0x159/0x310 [ 1771.021636] alloc_buffer_head+0x20/0x110 [ 1771.021969] alloc_page_buffers+0x14d/0x700 [ 1771.022328] create_empty_buffers+0x2c/0x640 [ 1771.022698] create_page_buffers+0x1bb/0x230 [ 1771.023063] __block_write_begin_int+0x1d1/0x19c0 [ 1771.023456] ? fat_add_cluster+0x100/0x100 [ 1771.023806] ? add_to_page_cache_locked+0x40/0x40 [ 1771.024195] ? __page_cache_alloc+0x10d/0x360 [ 1771.024570] ? remove_inode_buffers+0x300/0x300 [ 1771.024952] ? pagecache_get_page+0x243/0xc80 [ 1771.025320] ? unlock_page_memcg+0x96/0x170 [ 1771.025675] ? wait_for_stable_page+0x92/0xe0 [ 1771.026039] cont_write_begin+0x472/0x980 [ 1771.026378] ? fat_add_cluster+0x100/0x100 [ 1771.026721] ? nobh_write_begin+0xed0/0xed0 [ 1771.027068] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1771.027548] ? generic_write_end+0x20e/0x3f0 [ 1771.027916] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1771.028317] fat_write_begin+0x89/0x180 [ 1771.028645] ? fat_add_cluster+0x100/0x100 [ 1771.029000] generic_perform_write+0x20a/0x4f0 [ 1771.029377] ? fat_direct_IO+0x1ef/0x380 [ 1771.029716] ? page_cache_prev_miss+0x310/0x310 [ 1771.030117] __generic_file_write_iter+0x2cd/0x5d0 [ 1771.030525] generic_file_write_iter+0xdb/0x230 [ 1771.030902] do_iter_readv_writev+0x476/0x750 [ 1771.031273] ? new_sync_write+0x660/0x660 [ 1771.031609] ? avc_policy_seqno+0x9/0x70 [ 1771.031954] ? selinux_file_permission+0x92/0x520 [ 1771.032345] ? security_file_permission+0xb1/0xe0 [ 1771.032756] do_iter_write+0x191/0x700 [ 1771.033081] ? trace_hardirqs_on+0x5b/0x180 [ 1771.033405] attempt to access beyond end of device [ 1771.033405] loop6: rw=2049, want=404, limit=128 [ 1771.033446] vfs_iter_write+0x70/0xa0 [ 1771.034657] iter_file_splice_write+0x762/0xc30 [ 1771.035049] ? generic_splice_sendpage+0x140/0x140 [ 1771.035466] ? security_file_permission+0xb1/0xe0 [ 1771.035873] ? generic_splice_sendpage+0x140/0x140 [ 1771.036284] direct_splice_actor+0x10f/0x170 [ 1771.036653] splice_direct_to_actor+0x387/0x980 [ 1771.037032] ? pipe_to_sendpage+0x380/0x380 [ 1771.037398] ? do_splice_to+0x160/0x160 [ 1771.037728] ? security_file_permission+0xb1/0xe0 [ 1771.038133] do_splice_direct+0x1c4/0x290 [ 1771.038475] ? splice_direct_to_actor+0x980/0x980 [ 1771.038873] ? avc_policy_seqno+0x9/0x70 [ 1771.039208] ? security_file_permission+0xb1/0xe0 [ 1771.039611] do_sendfile+0x553/0x11e0 [ 1771.039938] ? do_pwritev+0x270/0x270 [ 1771.040261] ? wait_for_completion_io+0x270/0x270 [ 1771.040656] ? rcu_read_lock_any_held+0x75/0xa0 [ 1771.041047] ? vfs_write+0x354/0xb10 [ 1771.041359] __x64_sys_sendfile64+0x1d1/0x210 [ 1771.041718] ? __ia32_sys_sendfile+0x220/0x220 [ 1771.042099] do_syscall_64+0x33/0x40 [ 1771.042405] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1771.042811] RIP: 0033:0x7f24f4026b19 [ 1771.043112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1771.044629] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1771.045251] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1771.045842] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1771.046432] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1771.046992] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1771.047582] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1771.063949] attempt to access beyond end of device [ 1771.063949] loop6: rw=1, want=403, limit=128 [ 1771.065283] Buffer I/O error on dev loop6, logical block 402, lost async page write 11:05:41 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 64) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1771.087499] attempt to access beyond end of device [ 1771.087499] loop4: rw=2049, want=276, limit=128 11:05:41 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10080, 0x0) sendfile(r1, r2, 0x0, 0x100000001) openat(r1, &(0x7f00000000c0)='./file0\x00', 0x10082, 0x80) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ftruncate(r0, 0xfdef) [ 1771.121930] FAULT_INJECTION: forcing a failure. [ 1771.121930] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1771.123002] CPU: 1 PID: 11556 Comm: Not tainted 5.10.222 #1 [ 1771.123476] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1771.124165] Call Trace: [ 1771.124395] dump_stack+0x107/0x167 [ 1771.124704] should_fail.cold+0x5/0xa [ 1771.125028] _copy_from_user+0x2e/0x1b0 [ 1771.125365] comm_write+0xbf/0x2a0 [ 1771.125664] ? proc_pid_permission+0x300/0x300 [ 1771.126044] do_iter_write+0x4f0/0x700 [ 1771.126381] vfs_writev+0x1ae/0x620 [ 1771.126691] ? vfs_iter_write+0xa0/0xa0 [ 1771.127022] ? __fdget_pos+0xf1/0x190 [ 1771.127340] ? lock_downgrade+0x6d0/0x6d0 [ 1771.127678] ? ksys_write+0x12d/0x260 [ 1771.128005] ? __fget_files+0x2f8/0x520 [ 1771.128349] do_writev+0x139/0x300 [ 1771.128461] attempt to access beyond end of device [ 1771.128461] loop5: rw=2049, want=276, limit=128 [ 1771.128660] ? vfs_writev+0x620/0x620 [ 1771.128680] do_syscall_64+0x33/0x40 [ 1771.128697] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1771.130552] RIP: 0033:0x7fbbbec6fb19 [ 1771.130866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1771.132367] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1771.132992] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1771.133560] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1771.134145] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1771.134707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1771.135285] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:05:41 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="01", 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r3, 0xffff) sendfile(r2, 0xffffffffffffffff, 0x0, 0x20d315) [ 1771.191284] attempt to access beyond end of device [ 1771.191284] loop4: rw=1, want=340, limit=128 11:05:41 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100001400) 11:05:41 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x400343, 0x133) sendfile(r1, r2, 0x0, 0x100000001) close(r2) ftruncate(r0, 0xfdef) 11:05:41 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 65) [ 1771.256459] attempt to access beyond end of device [ 1771.256459] loop6: rw=2049, want=276, limit=128 [ 1771.261508] attempt to access beyond end of device [ 1771.261508] loop6: rw=0, want=147, limit=128 [ 1771.287549] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue 11:05:41 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 65) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1771.349697] FAULT_INJECTION: forcing a failure. [ 1771.349697] name failslab, interval 1, probability 0, space 0, times 0 [ 1771.350691] CPU: 1 PID: 11576 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1771.351255] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1771.351933] Call Trace: [ 1771.352167] dump_stack+0x107/0x167 [ 1771.352474] should_fail.cold+0x5/0xa [ 1771.352796] ? bvec_alloc+0x148/0x2f0 [ 1771.353124] should_failslab+0x5/0x20 [ 1771.353442] kmem_cache_alloc+0x5b/0x310 [ 1771.353782] bvec_alloc+0x148/0x2f0 [ 1771.354088] bio_alloc_bioset+0x40a/0x600 [ 1771.354437] ? bvec_alloc+0x2f0/0x2f0 [ 1771.354760] ? iov_iter_npages+0x1fd/0xa70 [ 1771.355119] iomap_dio_bio_actor+0x518/0xef0 [ 1771.355496] iomap_dio_actor+0x36f/0x560 [ 1771.355836] ? __x64_sys_sendfile64+0x1d1/0x210 [ 1771.356225] ? do_syscall_64+0x33/0x40 [ 1771.356560] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1771.357001] iomap_apply+0x289/0x810 [ 1771.357310] ? iomap_dio_rw+0x90/0x90 [ 1771.357618] ? trace_event_raw_event_iomap_apply+0x430/0x430 [ 1771.358099] ? mark_held_locks+0x9e/0xe0 [ 1771.358444] ? filemap_check_errors+0xa5/0x150 [ 1771.358833] __iomap_dio_rw+0x6cd/0x1110 [ 1771.359167] ? iomap_dio_rw+0x90/0x90 [ 1771.359498] ? iomap_dio_bio_actor+0xef0/0xef0 [ 1771.359882] ? ext4_orphan_add+0x253/0x9e0 [ 1771.360243] ? jbd2_buffer_abort_trigger+0x80/0x80 [ 1771.360650] ? ext4_empty_dir+0xae0/0xae0 [ 1771.360989] ? jbd2__journal_start+0xf3/0x7e0 [ 1771.361365] iomap_dio_rw+0x31/0x90 [ 1771.361677] ext4_file_write_iter+0xb26/0x18d0 [ 1771.362063] ? ext4_file_read_iter+0x4c0/0x4c0 [ 1771.362437] ? kasan_save_stack+0x32/0x40 [ 1771.362781] ? kasan_save_stack+0x1b/0x40 [ 1771.363125] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1771.363538] ? iter_file_splice_write+0x16d/0xc30 [ 1771.363943] ? direct_splice_actor+0x10f/0x170 [ 1771.364320] ? splice_direct_to_actor+0x387/0x980 [ 1771.364719] ? do_splice_direct+0x1c4/0x290 [ 1771.365076] ? do_sendfile+0x553/0x11e0 [ 1771.365406] ? __x64_sys_sendfile64+0x1d1/0x210 [ 1771.365790] ? do_syscall_64+0x33/0x40 [ 1771.366118] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1771.366560] do_iter_readv_writev+0x476/0x750 [ 1771.366931] ? new_sync_write+0x660/0x660 [ 1771.367281] ? avc_policy_seqno+0x9/0x70 [ 1771.367603] ? selinux_file_permission+0x92/0x520 [ 1771.368013] ? security_file_permission+0xb1/0xe0 [ 1771.368417] do_iter_write+0x191/0x700 [ 1771.368739] ? trace_hardirqs_on+0x5b/0x180 [ 1771.369100] vfs_iter_write+0x70/0xa0 [ 1771.369421] iter_file_splice_write+0x762/0xc30 [ 1771.369811] ? generic_splice_sendpage+0x140/0x140 [ 1771.370231] ? security_file_permission+0xb1/0xe0 [ 1771.370631] ? generic_splice_sendpage+0x140/0x140 [ 1771.371036] direct_splice_actor+0x10f/0x170 [ 1771.371401] splice_direct_to_actor+0x387/0x980 [ 1771.371786] ? pipe_to_sendpage+0x380/0x380 [ 1771.372157] ? do_splice_to+0x160/0x160 [ 1771.372484] ? security_file_permission+0xb1/0xe0 [ 1771.372882] do_splice_direct+0x1c4/0x290 [ 1771.373226] ? splice_direct_to_actor+0x980/0x980 [ 1771.373620] ? avc_policy_seqno+0x9/0x70 [ 1771.373958] ? security_file_permission+0xb1/0xe0 [ 1771.374359] do_sendfile+0x553/0x11e0 [ 1771.374682] ? do_pwritev+0x270/0x270 [ 1771.375010] ? wait_for_completion_io+0x270/0x270 [ 1771.375411] ? rcu_read_lock_any_held+0x75/0xa0 [ 1771.375790] ? vfs_write+0x354/0xb10 [ 1771.376122] __x64_sys_sendfile64+0x1d1/0x210 [ 1771.376500] ? __ia32_sys_sendfile+0x220/0x220 [ 1771.376888] do_syscall_64+0x33/0x40 [ 1771.377199] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1771.377622] RIP: 0033:0x7f24f4026b19 [ 1771.377930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1771.379426] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1771.380069] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1771.380657] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 1771.381253] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1771.381837] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1771.382426] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 11:05:41 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000010000)="eb58906d6b66732e66617400028020000400000004f8000020004000030000000000000001", 0x25}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0f", 0xc, 0x4000}], 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="3d6370385f47ceef1e36312c00"]) 11:05:41 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(r0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x3) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) [ 1771.409861] FAULT_INJECTION: forcing a failure. [ 1771.409861] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1771.410928] CPU: 1 PID: 11581 Comm: Not tainted 5.10.222 #1 [ 1771.411403] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1771.412091] Call Trace: [ 1771.412316] dump_stack+0x107/0x167 [ 1771.412624] should_fail.cold+0x5/0xa [ 1771.412946] _copy_from_user+0x2e/0x1b0 [ 1771.413281] comm_write+0xbf/0x2a0 [ 1771.413578] ? proc_pid_permission+0x300/0x300 [ 1771.413961] do_iter_write+0x4f0/0x700 [ 1771.414295] vfs_writev+0x1ae/0x620 [ 1771.414604] ? vfs_iter_write+0xa0/0xa0 [ 1771.414933] ? __fdget_pos+0xf1/0x190 [ 1771.415244] ? lock_downgrade+0x6d0/0x6d0 [ 1771.415583] ? ksys_write+0x12d/0x260 [ 1771.415912] ? __fget_files+0x2f8/0x520 [ 1771.416260] do_writev+0x139/0x300 [ 1771.416557] ? vfs_writev+0x620/0x620 [ 1771.416890] do_syscall_64+0x33/0x40 [ 1771.417203] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1771.417610] RIP: 0033:0x7fbbbec6fb19 [ 1771.417923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1771.419424] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1771.420041] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1771.420632] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1771.421197] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1771.421781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1771.422347] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1771.456786] Buffer I/O error on dev loop6, logical block 402, lost async page write [ 1771.464163] FAT-fs (loop3): Unrecognized mount option "=cp8_GÎď61" or missing value 11:05:41 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(r1, &(0x7f00000002c0)='./file0\x00', 0x42000, 0x10) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) ioctl$BTRFS_IOC_RM_DEV(r3, 0x5000940b, &(0x7f0000000300)={{r0}, "989e17f7428cbf90ca580dafdc1d396adf9137834c83826257c4dc9815b7ab6fdbe49a4b229a270efeca260f67260004f6610da070f2acdd98e6f92699edf68dec975d40e62578415be4f8ead76a3523d8beb5c40daceb6f569e0581db1eb55e458b01d03a99692530fedbdd84f879f23e324731c7419cb2a29fe8ea63435110aa23c0e99cce8b0d760fa24fbc4050f27dd1a36aa5949526b5185af033878bfa371b5ed9e0b93e6326dfea7ad3d4635043a071ce003556f307d4cc2ac91a8057c25cb9be99078e896f00c259ec49e0589627473ff20ecec57882a21d00abca6222eb74cc9c6748da59fcf4d96d785f577709e71f92134ca10b9cbe0aa4484151f5aa7f91c6a9153ce2aff8aaa977eff04a11289c40c342ad094ffa725015ff8c1abde5167b5a48e3840e05a4bc6fed99ef6e535a6149cb8d48f11e9ab16a4b21facdaccb30987f3d728d5fdeba43b22078aee38250dc5ec2bed9430e296f1e98fbdff05595a7915c6bb29c923dd2393016f515b7c430ec28173988e52121d6bc0e9e1ca8633ebd05f3698b90324da16657f0325445a1c1cdb21a4c48477a4a6bf7fee52a6a5378144d836c74ffdf7f92a0bf3fb1e030b672d57e1073112cc38c7a5739d0eeafb04798483e5081cecebb7342503a8b61bf389469e3a6353a9b07c49552fef4fff6246130389d975342bd43021515fb86bd3b9775a17b15ea94bc22f137ed2fac75e66fed1efe32b2bdf7a72c96dc70acd5573f7d45b52943a332fa67449a906828d42d9defb3bc8d28474f63f3f3282f7b25f3d36afd2466592a83798674b7b852f1129dd28ba0ba8bc0aae3ae6340051707c24f782290d9da4bbe8fa6260e0f6c281acb881f2c62dafd2a32623dd81709e820484ab149e9421414b0413751ec3feaf23e49ef0c2225cc1d1c3e8c9a0f1c56ebed8f247d28da8dfdb530187abee21cb1ab0423b27d9d232aadc2f2d755c2ceb252054892b43ec41ea1907a4a4a56e671b05c956b8a1f01bfc28801128b6253e68132a193d3de78de342bed08176e354837b89fe6862d19d96800f8938a26ab3cbb206b24224d7ad8a2dbf5ce3aeae31b82f07450793bd75d94c03722869f7cba3b17e718b30a7f5460eb30e4ff35455701d631fe0a9b3a5a42a737a95e2da057cfbaef5e87f04a33c3308f5b700ad422e7acd87683bed0346a98198703595e8ed0a876d4e10c816a2a74740d5642f9b7bbf9229a7fca255ce72ce7e950bd7677143ed8352beef4bb1049dd9721fb8ef625ed062136823283680ba2811c7987db10d8fb5a5743209acae76f24194c8ee34acb49683049533ce13881f4d880a0f5f4ba2d92d11599021b02579a69b12e804fe4431acce454ba345954ab36726e20fa967db741472d9fdb6aeb3fcf9056bc721265ef343936681089718ecae4214f947f001931f22417be936a4b0b9f732fa9301f4ba3b5ed391854bb2685adbf612bf502a11306b52f9664afe7d3cd38c4f98b99b6e76e7ec1a59a7791a337caae3aa70c6c9a1160d0ad409c369f838fd08f6d5142a144344c49d82b1618aba24ac363c2c20a3fe1c26b57c8c6fdeac94baccfda2991d9b3ae0107e421e2ad8176fc7123653eb2c58da181bd4f1125ea1366c8fa655d733d58ae04710d1246ee616123116d7a6105ac0adcc35bd40e8b24ad9c79b5e617ee03492d27753b210fde5c6d5c23437b08e3e207469061019b6c7e14e6906ccf40cb6558da6fa451d276cb012e2c5de1f905fb6cab40ea2164ac6ae9a39fdd0e6449de6805fb5c267c434c96908dcac237ec9929043071e695cc53b7327db7551dd2d9b16abf0dda52c635f1c2d48968d48ec9939e057c6b1e70bec1618dc115c577b797763a4a26b4baf79b1f6c955f4db3ed93a38effd97f0167d98e9399b3ebc9d0a5d4275d4ac04bf1fb91748f1c1dd6273ea76500fcc6243a38b33cfde29d7582a37a4f6579a4046394e88e34102e139931ece3572704834d2e702d01780d0735d82a1c7db27cbacd55278256a7a601883d5fe218e768d50e3999952b4b966f452363c6b5329c5ccc24705bc267821977be3a7db735d8cbd77e07dced68d8ef0fc9f1974ed778b0ab5649127f618a501542effc6a3248f863d12265ae8f6461119eeec8b972fc75856543fae3fda92f314e8c1f48eb0ac60f96fec0d61dfe18241a1ddcb111dc8a86814a0393505838d4314bd4713c5ba1ab780c8fb9de2308e81e3fd577eb8b19073b79a3d4eeb5a0e2a3d746cba0e326cc5c8a54a5cbc75d3d5f226d722028148167f3c085becbaa5c3af0dfc6d07a697b114635297d55352ae3652c12c05ef21a3cdac742b31133da318b4d1d9e3e9e90fc4acffdb3d2d3ae10c28f1b21d63f2b599a0b3f6248ba48d10fc99f0d830c271f98c9c68af4efdab454788eba312c39d0fca4d50d0d02c70de961b07e7d482ba74e0135751583215cdf1d2b39acd53cfae3458fb2f57a70cd1902bc38ebdf78a5bca785bdb93855865002435993aa1b753e9dc7b43b6e3ed4f9c2d64596aa11fe1b2912d200f25c59c3c84057c966336bb9413cde00e0206aaa7fdd4c7e5a9e6d11b6d2d31cbd91afa0ef2643b226a2d9a46a70b3e41e75935e2af7dc97f602aadb56b239389408e79e336d47e330bd5cea5516ddb76187418f935408ed7cccb3e4ab16a290a45bc7f9feba1897af5b3ee5d09efe0c1fc9c9e8e29831311cb47cca9bdc072bc9cb516cd574d1583639b068df2e4a66c066519ec2689b233d19baec33be2a2b195f1cf96c1460587407b99328e5e3601c2e811a557455df6c65ec0cfa87728290a5415d4fdb5583e0dd133583126389afb40d4037442fbcf903ac28e4be9cba2b529be996b439f2b935a028124f2bbe4276b56968e9ab2fa1e3b40a6ae95d248192a29baef472a263cf825add9194eb78b097d77bfe1922a0e43b47a7aa15ce10aa1102f85756fc29b1e87f91185d24320081ab0b226e3b16f8c53f53f9d415f5bc635b189cf4511d5b46a4be535b686ae29506e61f770ef2c6bb1dc17214f5dc7ba51d41a5309274fd16b678fc6edb64d6a69b6b3a15ba422768cd9eaec106f43d089f60cd244a38572d1f9e8a91a80d6da297387558f82493c4050eabf6a8a32089bf11e291afa4a40c7a72f18ad4885350fcc03d8ecad4854eefbda53b198bff94ae2c15d248f9a93fb34fad99a65dc1308f7aed19f313dc27e33236e53637bf769d5b581a6ee8529eb76746075702fc626489a337451ad8cd69ee9d431b98f6cb2df7221bd86872e059e078f65fec8f7c034b2c71bbcd0a1d848f52a7170cd490b402b5aaee5f9bc780d75a9f8f3edec314be31423675cf6e8f044ed29679b85083ee65b518578b36620607354353cab625315e339e631c7670b791544ec5c3a65e473ee8dd425e80fd5a9f73f516462624fb8d238b31e10fcd894c192b6c137796c1aeec3b5d1ccbd23e5293e07b879c32963c651a4de23384d2d7c325b1f40cd6047f5888b5817d191beb63572fe4af1c131ad00d7b5789b89014822e304f4d4eb6d8d43d25126b1e8ebbb25ae354e877465e47effc7573db9056d86271ae2e05034c46502dc44406117c9da59d895e3805f67c5887a23fd176927220b71ff6ce79eafcac4cd36cf64ed2fd5f4a1a1020a24c01873d557fdae052fa87052deccbdea1af5298e140a196f2db56cc1915c7f93171a3f20bc3ac3f7415cbe1d9c85ac9f724fb6b15f780df300c140c2f21b86d9a9457fc0c96a14c642cb7d5f565651aa400966de57653024b7cccfe5c9a215c606189c17da528a76f6d84a028491f7b528a4d3d1a60a0e5e6714b2beebf82b830ea0333225c1fcc1267889ddfe2b5cf8a8e82769487f2d72d402d0847fbf2f57c8e4b4f719e3e8c30e13fd2d402f1c144ad440b910e01b4fff0e604d6ebb889cb9317648de009cd4fc2a698ebf448446aa97f472a95116522ffe6cf1346667b5b446be3f1c953b1082541c52648701b97a620fc941db1c30067fa73081bb60b07b4d0319bc32a9c89ec895edec93d367594fb307d09ce8879f9574836bc66b9f895c32ec0c473d87c29131643b7712014a05af690c32bf346cb17c7443e52fe013d3ed3397fe61d224ba50bd75c19da8873fdcadd65761942c4184651f8b1918b60cda18b6906a6a96389a18f119dd6074ec02489fe7d8347feac62643c0850bd88001cabaa65eeb77ceb047b71ade86e49418e6a8562270255ba53530414130229f19eed053e832c7b05f0aea54231de59d1a9d06ef9de0026f785f9f9fe7ee5cfdf261a5e974dce2b5dfa7c6dad677607f034305f1e5b602f3e2d351e8b85aa85f7627aae67e92848b0dbdbea4be6d4e4faec610be53e145f542675435b8aeca42178854daec6452f974ac056d18fe044d9e39dba51e64ee4cfde46550f9c7d649170a358992561dc6a06773cc0b2ff48c28873c7d6f07521c79c747cbd689c6c28fc35623abd65668336be12b73cfaad8912402fcdb81b8296c01cf8ff65dc0fb05249b845c914c9c946321dd75241def9afe12c00f882002fa3b6560bcf48ab40cbe8363df19812e0862abf06ff74b9f415142c8995fbcc891a2534df487cc6454e250cd1c653b92bb0b9b81fb8139997d71541078900f87a628bcf02a292671b4e4ff816684c84c720cf18745109320df986bb447ebe19564bb9fe26dd51793a12904f2b31c3e9cd1d10eaee15132dfb8be96c86942a5650f8d6cee0c7741f346c8ba09816205432292966049f3831afb3868702adb62c346e3578e09c22f8a967c4a687a0a8f47dbbd28f9a7a46fcabbb06b5bebb2548ac7e4cddb71cf76b2cb452c779de15b7e7eee4e497540ebd69bc19e6263a2560da8b52741ebff0cbdf25d56acc57a4a5e07489592e74f9d73f2e5b1840bfc36c12000298d6cfe8050db97354047c229516725a2777206fa2a1d18f142983bcb0da24c47cbd073db38c2d95fa4aabe1a0d861763e0f67bb799023b39c26148b6bff7ca96a4aab19e13a23411be7b0ed899a097428a60af1528ca44dcc7c5d66f8e62c5dd76932d9094eb8a3eba9fbfaa91dd2bd67e794269307a598f3762d877d3d202224fdf03f05cbe99127efb2102f46fe9d1800be2046c804db847e983c17d92c2227e5e96f1757ca121ed5d0d81327b0dbe2e056a3122ddac6e302e8d0e622b2d95d1444ff3d5e256a6d9fe703d623876897c38b01f2578dc037058e3e69dd5d313f6f84f93035ef0ac7ad6c6abcaa9ae22303ff03caae7cdf26501a3b748327ca99f6abd98b48e386f53ea29b2d728a3cc34bd618aa8e818049447a9eea318aee178f148c989fd733c9d28fea40e798377cb9b8b5c6c5cd5d62b3652d7761f45976a4eb766cccd9dbf9663bde54b1319980bd8c8912901c4f42146ab01c2d50607ff7efb5321e75da8abd146f467f11eb63d7deebcd1f63e42d81a5c884c443079cb0645a6ce12db269bacae6b22ef6d941dd118ad6dce12a98b1f0ab8a92d2cea0ba92253b9518fdf1ecca1c0437a9449779ef1b7c10de85569c94e92f5fe0af02c031cfde25be2af215c5d29d04339dc7732871fbc94892f002c93d54cef956485e38ab355fe32e584d25e2719306c336dfa7b5a8e3bc770c7463989f2ae013c2c026f8ad31732367c7f90fb82f55b765143ca884464e9945b163ea47acbe67f4df4341445fe048f927593185d8166f866c9ed1f654b8be5a04f7f0c4cb390c553ba98394ec9a3729ba580b0eecea4e87ea9ec3b69a"}) sendfile(0xffffffffffffffff, r1, &(0x7f00000000c0)=0x3ff, 0x95) ftruncate(r1, 0xfdef) [ 1771.496010] FAT-fs (loop3): Unrecognized mount option "=cp8_GÎď61" or missing value 11:05:55 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 66) 11:05:55 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 66) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:05:55 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100001500) 11:05:55 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) fallocate(r0, 0x31, 0x3, 0x6) ftruncate(r1, 0xfdef) 11:05:55 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) mknodat$null(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x4, 0x103) chdir(&(0x7f0000000040)='./file0\x00') r0 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000002, 0x8010, 0xffffffffffffffff, 0x10000000) syz_io_uring_setup(0x2a7b, &(0x7f00000004c0)={0x0, 0x3, 0x8, 0x0, 0x18c}, &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000480), &(0x7f0000000140)=0x0) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000180)=@IORING_OP_FILES_UPDATE={0x14, 0x3, 0x0, 0x0, 0x6, &(0x7f00000000c0)=[0xffffffffffffffff], 0x1, 0x0, 0x0, {0x0, r2}}, 0x6) syz_io_uring_submit(0x0, r0, &(0x7f00000001c0)=@IORING_OP_MADVISE={0x19, 0x5, 0x0, 0x0, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x17, 0x0, {0x0, r2}}, 0x1) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40000, 0x8e) sendfile(r4, r5, 0x0, 0x100000001) ftruncate(r3, 0xfdef) r6 = dup(r3) r7 = syz_io_uring_setup(0x20004d4f, &(0x7f00000002c0)={0x0, 0x0, 0x2, 0x0, 0x0, 0x0, r6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) r10 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r7, 0x0) syz_io_uring_submit(r10, r9, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) 11:05:55 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_POLL_REMOVE={0x7, 0x3, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x9) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:05:55 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x801, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) write$binfmt_elf64(r2, &(0x7f00000003c0)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0x4, 0x0, 0x1, 0xc000000000000000, 0x3, 0x3, 0x18c, 0x109, 0x40, 0x3a7, 0x8000, 0x4, 0x38, 0x2, 0x7, 0x101, 0x5}, [{0x70000000, 0x0, 0x8, 0x9, 0x1, 0x1, 0x3d, 0x9}, {0x6474e551, 0x1, 0x4, 0x0, 0x0, 0x3, 0x1, 0x6}], "4f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b", ['\x00']}, 0x299) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r3 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0xffffffffffffffff, 0xee01}}, './file0\x00'}) ioctl$EXT4_IOC_GROUP_EXTEND(r6, 0x40086607, &(0x7f0000000080)=0xc0) r9 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r9, 0xffffffffffffffff, 0x0) r10 = dup2(r9, r9) ioctl$HIDIOCINITREPORT(r10, 0x550c, 0x20000000) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40082404, &(0x7f0000000000)) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r10, 0xc018937b, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, {r7, r8}}, './file1\x00'}) syz_mount_image$ext4(&(0x7f0000000140)='ext3\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x20, 0x1, &(0x7f0000000300)=[{&(0x7f00000002c0)="fc470d9ce39234a46660e709509060a9625d2eaee0ea34c3b939", 0x1a, 0x2}], 0x2000, &(0x7f0000000680)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x6}}, {@dioread_lock}], [{@uid_gt={'uid>', r11}}, {@fowner_gt={'fowner>', r7}}, {@dont_appraise}, {@hash}, {@subj_user={'subj_user', 0x3d, '\x00'}}, {@dont_hash}, {@smackfsroot={'smackfsroot', 0x3d, '\x00'}}, {@hash}, {@smackfsfloor={'smackfsfloor', 0x3d, '\x00'}}, {@hash}]}) 11:05:55 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="01", 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r3, 0xffff) sendfile(r2, 0xffffffffffffffff, 0x0, 0x20d315) [ 1785.548023] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1785.608292] FAULT_INJECTION: forcing a failure. [ 1785.608292] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1785.610416] CPU: 0 PID: 11621 Comm: Not tainted 5.10.222 #1 [ 1785.611340] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1785.612675] Call Trace: [ 1785.613112] dump_stack+0x107/0x167 [ 1785.613703] should_fail.cold+0x5/0xa [ 1785.614328] _copy_from_user+0x2e/0x1b0 [ 1785.614977] comm_write+0xbf/0x2a0 [ 1785.615555] ? proc_pid_permission+0x300/0x300 [ 1785.616320] do_iter_write+0x4f0/0x700 [ 1785.616966] vfs_writev+0x1ae/0x620 [ 1785.617556] ? vfs_iter_write+0xa0/0xa0 [ 1785.618201] ? __fdget_pos+0xf1/0x190 [ 1785.618804] ? lock_downgrade+0x6d0/0x6d0 [ 1785.619470] ? ksys_write+0x12d/0x260 [ 1785.620096] ? __fget_files+0x2f8/0x520 [ 1785.620766] do_writev+0x139/0x300 [ 1785.621344] ? vfs_writev+0x620/0x620 [ 1785.621970] do_syscall_64+0x33/0x40 [ 1785.622576] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1785.623400] RIP: 0033:0x7fbbbec6fb19 [ 1785.623994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1785.626915] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1785.628145] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1785.629279] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1785.629521] handle_bad_sector: 4 callbacks suppressed [ 1785.629534] attempt to access beyond end of device [ 1785.629534] loop4: rw=2049, want=276, limit=128 [ 1785.630410] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1785.630424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1785.630442] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1785.780770] FAULT_INJECTION: forcing a failure. [ 1785.780770] name failslab, interval 1, probability 0, space 0, times 0 [ 1785.782640] CPU: 0 PID: 11615 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1785.783784] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1785.785121] Call Trace: [ 1785.785552] dump_stack+0x107/0x167 [ 1785.786136] should_fail.cold+0x5/0xa [ 1785.786755] ? create_object.isra.0+0x3a/0xa20 [ 1785.787479] should_failslab+0x5/0x20 [ 1785.788079] kmem_cache_alloc+0x5b/0x310 [ 1785.788736] create_object.isra.0+0x3a/0xa20 [ 1785.789428] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1785.790228] kmem_cache_alloc+0x159/0x310 [ 1785.790883] alloc_buffer_head+0x20/0x110 [ 1785.791535] alloc_page_buffers+0x14d/0x700 [ 1785.792228] create_empty_buffers+0x2c/0x640 [ 1785.792930] create_page_buffers+0x1bb/0x230 [ 1785.793624] __block_write_begin_int+0x1d1/0x19c0 [ 1785.794386] ? fat_add_cluster+0x100/0x100 [ 1785.795052] ? add_to_page_cache_locked+0x40/0x40 [ 1785.795824] ? __page_cache_alloc+0x10d/0x360 [ 1785.796541] ? remove_inode_buffers+0x300/0x300 [ 1785.797272] ? pagecache_get_page+0x243/0xc80 [ 1785.797974] ? unlock_page_memcg+0x96/0x170 [ 1785.798734] ? wait_for_stable_page+0x92/0xe0 [ 1785.799478] cont_write_begin+0x472/0x980 [ 1785.800161] ? irqentry_enter+0x26/0x60 [ 1785.800848] ? fat_add_cluster+0x100/0x100 [ 1785.801558] ? nobh_write_begin+0xed0/0xed0 [ 1785.802275] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1785.803179] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1785.803969] ? fat_write_end+0x80/0x220 [ 1785.804626] fat_write_begin+0x89/0x180 [ 1785.805251] ? fat_add_cluster+0x100/0x100 [ 1785.805918] generic_perform_write+0x20a/0x4f0 [ 1785.806640] ? fat_direct_IO+0x1ef/0x380 [ 1785.807274] ? page_cache_prev_miss+0x310/0x310 [ 1785.808030] __generic_file_write_iter+0x2cd/0x5d0 [ 1785.808815] generic_file_write_iter+0xdb/0x230 [ 1785.809549] do_iter_readv_writev+0x476/0x750 [ 1785.810251] ? new_sync_write+0x660/0x660 [ 1785.810896] ? avc_policy_seqno+0x9/0x70 [ 1785.811527] ? selinux_file_permission+0x92/0x520 [ 1785.812306] ? security_file_permission+0xb1/0xe0 [ 1785.813079] do_iter_write+0x191/0x700 [ 1785.813695] ? trace_hardirqs_on+0x5b/0x180 [ 1785.814382] vfs_iter_write+0x70/0xa0 [ 1785.814979] iter_file_splice_write+0x762/0xc30 [ 1785.815723] ? generic_splice_sendpage+0x140/0x140 [ 1785.816531] ? security_file_permission+0xb1/0xe0 [ 1785.817313] ? generic_splice_sendpage+0x140/0x140 [ 1785.818093] direct_splice_actor+0x10f/0x170 [ 1785.818783] splice_direct_to_actor+0x387/0x980 [ 1785.819517] ? pipe_to_sendpage+0x380/0x380 [ 1785.820217] ? do_splice_to+0x160/0x160 [ 1785.820863] ? security_file_permission+0xb1/0xe0 [ 1785.821627] do_splice_direct+0x1c4/0x290 [ 1785.822277] ? splice_direct_to_actor+0x980/0x980 [ 1785.823022] ? avc_policy_seqno+0x9/0x70 [ 1785.823672] ? security_file_permission+0xb1/0xe0 [ 1785.824441] do_sendfile+0x553/0x11e0 [ 1785.825057] ? do_pwritev+0x270/0x270 [ 1785.825655] ? wait_for_completion_io+0x270/0x270 [ 1785.826407] ? rcu_read_lock_any_held+0x75/0xa0 [ 1785.827130] ? vfs_write+0x354/0xb10 [ 1785.827721] __x64_sys_sendfile64+0x1d1/0x210 [ 1785.828431] ? __ia32_sys_sendfile+0x220/0x220 [ 1785.829159] do_syscall_64+0x33/0x40 [ 1785.829740] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1785.830537] RIP: 0033:0x7f24f4026b19 [ 1785.831107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1785.833925] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1785.835102] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1785.836211] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1785.837311] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1785.838412] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1785.839524] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1785.843709] attempt to access beyond end of device [ 1785.843709] loop4: rw=1, want=403, limit=128 [ 1785.843776] attempt to access beyond end of device [ 1785.843776] loop6: rw=1, want=275, limit=128 11:05:55 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100001600) [ 1785.981555] attempt to access beyond end of device [ 1785.981555] loop5: rw=2049, want=276, limit=128 11:05:56 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="01", 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r3, 0xffff) sendfile(0xffffffffffffffff, r2, 0x0, 0x20d315) 11:05:56 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 67) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:05:56 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_OPENQRY(r4, 0x5600, &(0x7f00000000c0)) sendfile(r0, r3, 0x0, 0x9) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x100000001) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r5, 0x89f9, &(0x7f0000000200)={'ip6tnl0\x00', &(0x7f0000000180)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x6, 0x40, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x20, 0x8, 0x3ec0, 0x1}}) sendfile(r2, r3, 0x0, 0x100000001) ftruncate(r1, 0xfdef) [ 1786.012298] FAULT_INJECTION: forcing a failure. [ 1786.012298] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1786.013326] CPU: 1 PID: 11638 Comm: Not tainted 5.10.222 #1 [ 1786.013790] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1786.014463] Call Trace: [ 1786.014688] dump_stack+0x107/0x167 [ 1786.014989] should_fail.cold+0x5/0xa [ 1786.015306] _copy_from_user+0x2e/0x1b0 [ 1786.015637] comm_write+0xbf/0x2a0 [ 1786.015938] ? proc_pid_permission+0x300/0x300 [ 1786.016322] do_iter_write+0x4f0/0x700 [ 1786.016651] vfs_writev+0x1ae/0x620 [ 1786.016956] ? vfs_iter_write+0xa0/0xa0 [ 1786.017282] ? __fdget_pos+0xf1/0x190 [ 1786.017592] ? lock_downgrade+0x6d0/0x6d0 [ 1786.017955] ? ksys_write+0x12d/0x260 [ 1786.018280] ? __fget_files+0x2f8/0x520 [ 1786.018611] do_writev+0x139/0x300 [ 1786.018908] ? vfs_writev+0x620/0x620 [ 1786.019232] do_syscall_64+0x33/0x40 [ 1786.019533] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1786.019954] RIP: 0033:0x7fbbbec6fb19 [ 1786.020270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1786.021747] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1786.022367] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1786.022949] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1786.023535] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1786.024146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1786.024756] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1786.052731] attempt to access beyond end of device [ 1786.052731] loop4: rw=2049, want=276, limit=128 11:05:56 executing program 3: syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x20, 0x0, 0x0, 0x0, 0x0, 0x62, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x782, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x9, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmctl$SHM_LOCK(0x0, 0xb) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0) shmctl$SHM_INFO(0x0, 0xe, &(0x7f00000001c0)=""/224) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000012c0)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = shmget$private(0x0, 0x4000, 0x800, &(0x7f0000ffc000/0x4000)=nil) shmat(r0, &(0x7f0000ff9000/0x4000)=nil, 0x4000) r1 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) shmat(r1, &(0x7f0000ffe000/0x2000)=nil, 0x4000) shmat(r1, &(0x7f0000ffc000/0x2000)=nil, 0x6000) shmctl$SHM_LOCK(r1, 0xb) shmctl$SHM_UNLOCK(r0, 0xc) shmctl$SHM_INFO(r0, 0xe, &(0x7f0000001300)=""/239) shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x2000) shmctl$SHM_INFO(r0, 0xe, &(0x7f00000002c0)=""/4096) shmctl$SHM_UNLOCK(0x0, 0xc) shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000100)=""/182) shmctl$SHM_STAT(0xffffffffffffffff, 0xd, &(0x7f00000000c0)=""/22) 11:05:56 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 67) 11:05:56 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000240)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) getsockname$packet(r0, 0x0, &(0x7f00000002c0)) chdir(&(0x7f0000000040)='./file0\x00') r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x100000001) ftruncate(r3, 0xfdef) [ 1786.107475] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1786.225887] FAULT_INJECTION: forcing a failure. [ 1786.225887] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1786.227091] CPU: 1 PID: 11647 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1786.227686] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1786.228530] Call Trace: [ 1786.228771] dump_stack+0x107/0x167 [ 1786.229107] should_fail.cold+0x5/0xa [ 1786.229453] __alloc_pages_nodemask+0x182/0x600 [ 1786.229859] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1786.230390] ? find_get_entry+0x2c8/0x740 [ 1786.230754] ? lock_chain_count+0x20/0x20 [ 1786.231136] alloc_pages_current+0x187/0x280 [ 1786.231493] __page_cache_alloc+0x2d2/0x360 [ 1786.231850] pagecache_get_page+0x2c7/0xc80 [ 1786.232217] ? unlock_page_memcg+0x96/0x170 [ 1786.232566] grab_cache_page_write_begin+0x64/0xa0 [ 1786.232967] cont_write_begin+0x448/0x980 [ 1786.233312] ? fat_add_cluster+0x100/0x100 [ 1786.233653] ? nobh_write_begin+0xed0/0xed0 [ 1786.234008] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1786.234470] ? generic_write_end+0x20e/0x3f0 [ 1786.234827] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1786.235255] fat_write_begin+0x89/0x180 [ 1786.235576] ? fat_add_cluster+0x100/0x100 [ 1786.235929] generic_perform_write+0x20a/0x4f0 [ 1786.236321] ? fat_direct_IO+0x1ef/0x380 [ 1786.236647] ? page_cache_prev_miss+0x310/0x310 [ 1786.237046] __generic_file_write_iter+0x2cd/0x5d0 [ 1786.237442] generic_file_write_iter+0xdb/0x230 [ 1786.237822] do_iter_readv_writev+0x476/0x750 [ 1786.238198] ? new_sync_write+0x660/0x660 [ 1786.238537] ? avc_policy_seqno+0x9/0x70 [ 1786.238864] ? selinux_file_permission+0x92/0x520 [ 1786.239265] ? security_file_permission+0xb1/0xe0 [ 1786.239654] do_iter_write+0x191/0x700 [ 1786.239986] ? trace_hardirqs_on+0x5b/0x180 [ 1786.240352] vfs_iter_write+0x70/0xa0 [ 1786.240660] iter_file_splice_write+0x762/0xc30 [ 1786.241102] ? generic_splice_sendpage+0x140/0x140 [ 1786.241583] ? security_file_permission+0xb1/0xe0 [ 1786.241979] ? generic_splice_sendpage+0x140/0x140 [ 1786.242448] direct_splice_actor+0x10f/0x170 [ 1786.242882] splice_direct_to_actor+0x387/0x980 [ 1786.243308] ? pipe_to_sendpage+0x380/0x380 [ 1786.243656] ? do_splice_to+0x160/0x160 [ 1786.244000] ? security_file_permission+0xb1/0xe0 [ 1786.244401] do_splice_direct+0x1c4/0x290 [ 1786.244752] ? splice_direct_to_actor+0x980/0x980 [ 1786.245164] ? avc_policy_seqno+0x9/0x70 [ 1786.245496] ? security_file_permission+0xb1/0xe0 [ 1786.245896] do_sendfile+0x553/0x11e0 [ 1786.246242] ? do_pwritev+0x270/0x270 [ 1786.246554] ? wait_for_completion_io+0x270/0x270 [ 1786.246979] ? rcu_read_lock_any_held+0x75/0xa0 [ 1786.247420] ? vfs_write+0x354/0xb10 [ 1786.247724] __x64_sys_sendfile64+0x1d1/0x210 [ 1786.248123] ? __ia32_sys_sendfile+0x220/0x220 [ 1786.248522] do_syscall_64+0x33/0x40 [ 1786.248830] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1786.249281] RIP: 0033:0x7f24f4026b19 [ 1786.249583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1786.251059] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1786.251686] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1786.252305] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1786.252917] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1786.253507] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1786.254085] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1786.255411] attempt to access beyond end of device [ 1786.255411] loop4: rw=1, want=403, limit=128 [ 1786.279547] attempt to access beyond end of device [ 1786.279547] loop5: rw=2049, want=276, limit=128 11:06:11 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') lstat(&(0x7f0000000400)='./file0/file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_tcp(&(0x7f00000000c0), &(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0), 0x40480, &(0x7f00000004c0)={'trans=tcp,', {'port', 0x3d, 0x4e23}, 0x2c, {[{@afid={'afid', 0x3d, 0xfa2}}, {@cache_mmap}, {@msize={'msize', 0x3d, 0x5}}, {@cache_none}, {@access_client}, {@nodevmap}, {@privport}], [{@fsuuid={'fsuuid', 0x3d, {[0x36, 0x34, 0xcafd68260c0b63c1, 0x66, 0x61, 0x63, 0x66, 0x66], 0x2d, [0x66, 0x36, 0x61, 0x35], 0x2d, [0x30, 0x33, 0x63, 0x34], 0x2d, [0x38, 0x65, 0x0, 0x62], 0x2d, [0x65, 0x62, 0x31, 0x63, 0x37, 0x39, 0x32, 0x30]}}}, {@fsname={'fsname', 0x3d, 'vfat\x00'}}, {@fowner_gt={'fowner>', r1}}]}}) open$dir(&(0x7f0000000200)='./file0\x00', 0x10080, 0x84) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000280)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) dup2(r2, r4) r5 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x100000001) ftruncate(r5, 0xfdef) 11:06:11 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f00000000c0)) newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0), 0x400) ftruncate(r1, 0xfdef) 11:06:11 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100001700) 11:06:11 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 68) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:06:11 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x10, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) signalfd(r0, &(0x7f00000000c0)={[0xfffffffffffffff7]}, 0x8) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xa1, 0x1f, 0xa3, 0x8, 0x0, 0x1, 0x40821, 0x9, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x4, @perf_config_ext={0x6, 0x7}, 0x8000, 0x100000000, 0x1, 0xc, 0x9, 0x9, 0x5, 0x0, 0x400, 0x0, 0x6}, r1, 0x5, r0, 0x2) mq_open(&(0x7f0000000cc0)='euid>', 0x40, 0x0, &(0x7f0000000d00)={0x8, 0x80000001, 0x80}) 11:06:11 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 68) 11:06:11 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="01", 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r3, 0xffff) sendfile(0xffffffffffffffff, r2, 0x0, 0x20d315) 11:06:11 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) r3 = signalfd(r1, &(0x7f00000001c0)={[0x8001]}, 0x8) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) poll(&(0x7f00000000c0)=[{r5, 0x4}], 0x1, 0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r5, 0x50009418, &(0x7f0000000440)={{}, r4, 0x0, @inherit={0x68, &(0x7f0000002100)=ANY=[@ANYRESDEC]}, @subvolid=0x2}) r6 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r6, 0x84009422, &(0x7f0000001480)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_DEV_INFO(r7, 0xd000941e, &(0x7f0000002e00)={r8, "a8e34dde3033a3af2e67d6e44eec0fda"}) ioctl$BTRFS_IOC_RM_DEV_V2(r3, 0x5000943a, &(0x7f0000000380)={{r3}, r4, 0x10, @unused=[0x8, 0x0, 0x2, 0x9], @devid=r8}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x1000004, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@nodevmap}], [{@appraise_type}]}}) [ 1801.261809] FAULT_INJECTION: forcing a failure. [ 1801.261809] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1801.263926] CPU: 0 PID: 11681 Comm: Not tainted 5.10.222 #1 [ 1801.264841] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1801.266127] Call Trace: [ 1801.266551] dump_stack+0x107/0x167 [ 1801.267133] should_fail.cold+0x5/0xa [ 1801.267740] _copy_from_user+0x2e/0x1b0 [ 1801.268382] comm_write+0xbf/0x2a0 [ 1801.268946] ? proc_pid_permission+0x300/0x300 [ 1801.269679] do_iter_write+0x4f0/0x700 [ 1801.270315] vfs_writev+0x1ae/0x620 [ 1801.270898] ? vfs_iter_write+0xa0/0xa0 [ 1801.271523] ? __fdget_pos+0xf1/0x190 [ 1801.272125] ? lock_downgrade+0x6d0/0x6d0 [ 1801.272800] ? ksys_write+0x12d/0x260 [ 1801.273407] ? __fget_files+0x2f8/0x520 [ 1801.274056] do_writev+0x139/0x300 [ 1801.274615] ? vfs_writev+0x620/0x620 [ 1801.275232] do_syscall_64+0x33/0x40 [ 1801.275815] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1801.276623] RIP: 0033:0x7fbbbec6fb19 [ 1801.277209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1801.280044] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1801.281235] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1801.282339] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1801.283443] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1801.284333] attempt to access beyond end of device [ 1801.284333] loop6: rw=2049, want=276, limit=128 [ 1801.284556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1801.284578] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1801.294496] attempt to access beyond end of device [ 1801.294496] loop6: rw=0, want=147, limit=128 [ 1801.324862] 9pnet: Insufficient options for proto=fd [ 1801.351991] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1801.423864] FAULT_INJECTION: forcing a failure. [ 1801.423864] name failslab, interval 1, probability 0, space 0, times 0 [ 1801.425786] CPU: 1 PID: 11691 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1801.426838] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1801.427697] attempt to access beyond end of device [ 1801.427697] loop6: rw=2049, want=404, limit=128 [ 1801.428057] Call Trace: [ 1801.428084] dump_stack+0x107/0x167 [ 1801.428120] should_fail.cold+0x5/0xa [ 1801.431016] ? create_object.isra.0+0x3a/0xa20 [ 1801.431708] should_failslab+0x5/0x20 [ 1801.432281] kmem_cache_alloc+0x5b/0x310 [ 1801.432906] create_object.isra.0+0x3a/0xa20 [ 1801.433563] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1801.434328] kmem_cache_alloc+0x159/0x310 [ 1801.434959] alloc_buffer_head+0x20/0x110 [ 1801.435583] alloc_page_buffers+0x14d/0x700 [ 1801.436244] create_empty_buffers+0x2c/0x640 [ 1801.436924] create_page_buffers+0x1bb/0x230 [ 1801.437594] __block_write_begin_int+0x1d1/0x19c0 [ 1801.438326] ? fat_add_cluster+0x100/0x100 [ 1801.438965] ? add_to_page_cache_locked+0x40/0x40 [ 1801.439693] ? __page_cache_alloc+0x10d/0x360 [ 1801.440380] ? remove_inode_buffers+0x300/0x300 [ 1801.441081] ? pagecache_get_page+0x243/0xc80 [ 1801.441760] ? unlock_page_memcg+0x96/0x170 [ 1801.442420] ? wait_for_stable_page+0x92/0xe0 [ 1801.443102] cont_write_begin+0x472/0x980 [ 1801.443740] ? fat_add_cluster+0x100/0x100 [ 1801.444387] ? nobh_write_begin+0xed0/0xed0 [ 1801.445220] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1801.446094] ? generic_write_end+0x20e/0x3f0 [ 1801.446758] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1801.447531] fat_write_begin+0x89/0x180 [ 1801.448134] ? fat_add_cluster+0x100/0x100 [ 1801.448790] generic_perform_write+0x20a/0x4f0 [ 1801.449494] ? fat_direct_IO+0x1ef/0x380 [ 1801.450112] ? page_cache_prev_miss+0x310/0x310 [ 1801.450840] __generic_file_write_iter+0x2cd/0x5d0 [ 1801.451593] generic_file_write_iter+0xdb/0x230 [ 1801.452293] do_iter_readv_writev+0x476/0x750 [ 1801.452987] ? new_sync_write+0x660/0x660 [ 1801.453611] ? avc_policy_seqno+0x9/0x70 [ 1801.454238] ? selinux_file_permission+0x92/0x520 [ 1801.454985] ? security_file_permission+0xb1/0xe0 [ 1801.455741] do_iter_write+0x191/0x700 [ 1801.456354] ? trace_hardirqs_on+0x5b/0x180 [ 1801.457028] vfs_iter_write+0x70/0xa0 [ 1801.457618] iter_file_splice_write+0x762/0xc30 [ 1801.458353] ? generic_splice_sendpage+0x140/0x140 [ 1801.459130] ? security_file_permission+0xb1/0xe0 [ 1801.459870] ? generic_splice_sendpage+0x140/0x140 [ 1801.460626] direct_splice_actor+0x10f/0x170 [ 1801.461311] splice_direct_to_actor+0x387/0x980 [ 1801.462039] ? pipe_to_sendpage+0x380/0x380 [ 1801.462715] ? do_splice_to+0x160/0x160 [ 1801.463330] ? security_file_permission+0xb1/0xe0 [ 1801.464082] do_splice_direct+0x1c4/0x290 [ 1801.464732] ? splice_direct_to_actor+0x980/0x980 [ 1801.465470] ? avc_policy_seqno+0x9/0x70 [ 1801.466111] ? security_file_permission+0xb1/0xe0 [ 1801.466866] do_sendfile+0x553/0x11e0 [ 1801.467478] ? do_pwritev+0x270/0x270 [ 1801.468075] ? wait_for_completion_io+0x270/0x270 [ 1801.468834] ? rcu_read_lock_any_held+0x75/0xa0 [ 1801.469545] ? vfs_write+0x354/0xb10 [ 1801.470131] __x64_sys_sendfile64+0x1d1/0x210 [ 1801.470848] ? __ia32_sys_sendfile+0x220/0x220 [ 1801.471575] do_syscall_64+0x33/0x40 [ 1801.472154] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1801.472970] RIP: 0033:0x7f24f4026b19 [ 1801.473553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1801.476380] RSP: 002b:00007f24f157b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1801.477550] RAX: ffffffffffffffda RBX: 00007f24f413a020 RCX: 00007f24f4026b19 [ 1801.478645] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1801.479737] RBP: 00007f24f157b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1801.480846] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1801.481954] R13: 00007ffc75df54bf R14: 00007f24f157b300 R15: 0000000000022000 [ 1801.519186] attempt to access beyond end of device [ 1801.519186] loop5: rw=2049, want=276, limit=128 11:06:11 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000380)={&(0x7f0000000240)=@getsa={0x13c, 0x12, 0x800, 0x70bd2d, 0x25dfdbfb, {@in=@broadcast, 0x4d2, 0x2, 0x2b}, [@replay_esn_val={0x28, 0x17, {0x3, 0x70bd2b, 0x70bd28, 0x70bd29, 0x70bd2d, 0xceaf, [0x5, 0x9, 0x400]}}, @proto={0x5, 0x19, 0x3c}, @user_kmaddress={0x2c, 0x13, {@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in=@empty, 0x0, 0x2}}, @algo_comp={0xa2, 0x3, {{'lzjh\x00'}, 0x2d0, "58c892fc3bce229824e54bfeacb8c580ee55d1af2c942ea020922ec69b32de5a67650652d92e42e69f5207bb594d30c93c06c1351d6ed108fdd210c5849cc050eb64ce3438e93ac7162f24a3c54be69fc50cfbfe9bce345328cb"}}, @srcaddr={0x14, 0xd, @in6=@mcast2}]}, 0x13c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$nl_xfrm(r0, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="940100001a0001000000000000000000ac1414bb0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ac1414000000000000000000000000000000000032000000ac1414aa00000000000000120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000003e43b39424f37c460000000000fffffffffffffff30000000000000000000000005c001400636d61632861657329000079f8bd3d000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000008000034d39f653c40d78d5cf0eac0082d5e5"], 0x194}}, 0x0) [ 1801.583923] attempt to access beyond end of device [ 1801.583923] loop4: rw=2049, want=276, limit=128 [ 1801.627338] attempt to access beyond end of device [ 1801.627338] loop6: rw=1, want=403, limit=128 [ 1801.628884] Buffer I/O error on dev loop6, logical block 402, lost async page write 11:06:11 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x1000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) unlinkat(r2, &(0x7f0000000200)='./file0\x00', 0x200) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) open_tree(r3, &(0x7f0000000280)='./file0\x00', 0x0) ftruncate(r0, 0xfdef) 11:06:11 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 69) 11:06:11 executing program 3: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x10, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f0000000000)=0x4, 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000200)={{{@in, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@remote, 0x0, 0x2b}, 0x0, @in=@loopback}}, 0xe8) 11:06:11 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 69) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1801.807836] FAULT_INJECTION: forcing a failure. [ 1801.807836] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1801.808709] attempt to access beyond end of device [ 1801.808709] loop4: rw=1, want=292, limit=128 [ 1801.809884] CPU: 1 PID: 11709 Comm: Not tainted 5.10.222 #1 [ 1801.811841] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1801.813206] Call Trace: [ 1801.813602] dump_stack+0x107/0x167 [ 1801.814131] should_fail.cold+0x5/0xa [ 1801.814694] _copy_from_user+0x2e/0x1b0 [ 1801.815285] comm_write+0xbf/0x2a0 [ 1801.815800] ? proc_pid_permission+0x300/0x300 [ 1801.816493] do_iter_write+0x4f0/0x700 [ 1801.817080] vfs_writev+0x1ae/0x620 [ 1801.817612] ? vfs_iter_write+0xa0/0xa0 [ 1801.818206] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1801.818962] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1801.819738] ? trace_hardirqs_on+0x5b/0x180 [ 1801.820379] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1801.821185] do_writev+0x139/0x300 [ 1801.821701] ? vfs_writev+0x620/0x620 [ 1801.822267] do_syscall_64+0x33/0x40 [ 1801.822804] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1801.823536] RIP: 0033:0x7fbbbec6fb19 [ 1801.824081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1801.826696] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1801.827794] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1801.828829] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1801.829849] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1801.830870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1801.831885] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:06:11 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100001800) [ 1801.948139] attempt to access beyond end of device [ 1801.948139] loop6: rw=34817, want=148, limit=128 [ 1801.954796] attempt to access beyond end of device [ 1801.954796] loop6: rw=0, want=147, limit=128 11:06:12 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 70) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1802.011472] FAULT_INJECTION: forcing a failure. [ 1802.011472] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1802.013236] CPU: 1 PID: 11712 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1802.014247] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1802.015438] Call Trace: [ 1802.015836] dump_stack+0x107/0x167 [ 1802.016379] should_fail.cold+0x5/0xa [ 1802.016952] __alloc_pages_nodemask+0x182/0x600 [ 1802.017639] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1802.018516] ? find_get_entry+0x2c8/0x740 [ 1802.019129] ? lock_chain_count+0x20/0x20 [ 1802.019747] alloc_pages_current+0x187/0x280 [ 1802.020405] __page_cache_alloc+0x2d2/0x360 [ 1802.021045] pagecache_get_page+0x2c7/0xc80 [ 1802.021673] ? unlock_page_memcg+0x96/0x170 [ 1802.022313] grab_cache_page_write_begin+0x64/0xa0 [ 1802.023032] cont_write_begin+0x448/0x980 [ 1802.023651] ? fat_add_cluster+0x100/0x100 [ 1802.024265] ? nobh_write_begin+0xed0/0xed0 [ 1802.024905] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1802.025739] ? generic_write_end+0x20e/0x3f0 [ 1802.026381] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1802.027122] fat_write_begin+0x89/0x180 [ 1802.027708] ? fat_add_cluster+0x100/0x100 [ 1802.028341] generic_perform_write+0x20a/0x4f0 [ 1802.029012] ? fat_direct_IO+0x1ef/0x380 [ 1802.029620] ? page_cache_prev_miss+0x310/0x310 [ 1802.030322] __generic_file_write_iter+0x2cd/0x5d0 [ 1802.031051] generic_file_write_iter+0xdb/0x230 [ 1802.031737] do_iter_readv_writev+0x476/0x750 [ 1802.032410] ? new_sync_write+0x660/0x660 [ 1802.033011] ? avc_policy_seqno+0x9/0x70 [ 1802.033603] ? selinux_file_permission+0x92/0x520 [ 1802.034311] ? security_file_permission+0xb1/0xe0 [ 1802.035024] do_iter_write+0x191/0x700 [ 1802.035597] ? trace_hardirqs_on+0x5b/0x180 [ 1802.036243] vfs_iter_write+0x70/0xa0 [ 1802.036814] iter_file_splice_write+0x762/0xc30 [ 1802.037516] ? generic_splice_sendpage+0x140/0x140 [ 1802.038256] ? security_file_permission+0xb1/0xe0 [ 1802.038965] ? generic_splice_sendpage+0x140/0x140 [ 1802.039683] direct_splice_actor+0x10f/0x170 [ 1802.040060] attempt to access beyond end of device [ 1802.040060] loop6: rw=2049, want=276, limit=128 [ 1802.040318] splice_direct_to_actor+0x387/0x980 [ 1802.040355] ? pipe_to_sendpage+0x380/0x380 [ 1802.042897] ? do_splice_to+0x160/0x160 [ 1802.043483] ? security_file_permission+0xb1/0xe0 [ 1802.044192] do_splice_direct+0x1c4/0x290 [ 1802.044806] ? splice_direct_to_actor+0x980/0x980 [ 1802.045504] ? avc_policy_seqno+0x9/0x70 [ 1802.046108] ? security_file_permission+0xb1/0xe0 [ 1802.046822] do_sendfile+0x553/0x11e0 [ 1802.047390] ? do_pwritev+0x270/0x270 [ 1802.047952] ? wait_for_completion_io+0x270/0x270 [ 1802.048664] ? rcu_read_lock_any_held+0x75/0xa0 [ 1802.049340] ? vfs_write+0x354/0xb10 [ 1802.049892] __x64_sys_sendfile64+0x1d1/0x210 [ 1802.050547] ? __ia32_sys_sendfile+0x220/0x220 [ 1802.051226] do_syscall_64+0x33/0x40 [ 1802.051776] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1802.052525] RIP: 0033:0x7f24f4026b19 [ 1802.053068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1802.055893] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1802.057289] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1802.058312] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1802.059464] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1802.060628] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1802.061656] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 11:06:12 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="01", 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r3, 0xffff) sendfile(0xffffffffffffffff, r2, 0x0, 0x20d315) 11:06:12 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x10d700, 0x80) sendfile(r0, r1, 0x0, 0x100000001) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x100000001) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000013c0)=ANY=[@ANYRES64=r1, @ANYRES32=r2, @ANYBLOB="2c5aeca3a47c2542e70906b6f11c9d045f98fcd3afd29990069f75fe4f4e3477f6266580d6e6f29280699e0804a800c1feaff41dcaf453117045726d17b56fa9d96d0a92a99c5335af4d73c719b615d6cd28ed7fa4cd7c2383daa336afd378ca6c898b81568ef1db3922334c156df8c1fc6fc24fa3705316a1aef5284444d8790392850de6225a0bded44154a8af60c6271ebd35c72526206dd8d3f77e10febedb205210f7f0be1c805e250014dd704c9f05c866ca381d083946aa2ea8bd05c66cca55748c316fe2f018156193fc9ea748269e8ad70ed91c564d43c60148bba3bc113035e3af9431ca9606ae8b2c423ae6b19d2271c2e75d7eec87899fc7eb514a164e6030e534b07d1394b8bcca0381e9ef805e9d4828030b92efd9992aa2e6987562be1c2e157a883e33bb2c534f2fe77e930beda08ed810213fe6dbd6fa2168da0c6544792f0d99c1ec270311ba43b475186b7281e9395dff5ee827ea64c50c5de95360a831c6761238309200cbce87c6a32ee1255be74e8ea9a48dd22c7beb83ea5624908203f574fc948bb32c57365182f934ebb379ecaffcf9639043fb06a275f03cbbad8bb97d944f4b06d2307e479759beeda51e24931355d76abbdfb9949d56e2ec07dcbaa5cd0a0d5d67daa8ff680d434af903e3fa1e12c7dfafa0637995114943065e6586a1852cce2b32464894255aeef0e6508d6b6f023df33e4f38525f992397bb8124a896892a00a8efeac6bfe99ed21254b8f93ad09ee0ca112795d8a04795f4456185e8ed63029a5b0025dad7622f9ecf3c3ff8beb3e49b7745e7ce98445dcbdef0bf4751b4ef6ad7586e160d52391671ec27e81859ede69ea118bce797c4d04363b64f05c5efc45d08319925f9393865eb10877fc778c2f5ec477915d4b7db50ed96ae4c8e942a2bdfa0b44a77a2f24867e21449fa5c05c440e32b96872062c6607615b078661023f3211abdb9de30665db44422c4d03fb90ac8eee8b0c8de4058e029c2d02bb74f7be440c63503a88aafcd124ee5d66b6c2d0c4e2f9d55d7d7254fc7c227a5d7be21af5d366f637336387e20952b8d065298598c15190a7145768e7f4c73899343189f1d98b72bd1012c5351548ff16c73455f52f05880c22b6a198c376e4528f1afb26ce67a63eb4288278731a907beab8c3608896c93fa35d5eacb2501edcb4c1568599180a2dbb7657a5f0e3d053a8126b99ffc4102b62a05a5e3b31cdbd7d51effb504109acf63323d507aa7ab873ac0c74dc73b74c17698a63ddacef65f4089f83419a3acc8fd90d4728446affd053845e52e79853bb3358ee625033d117bddab55ad80c17d6224489e00153e726d0d4682c3ef8055429e8e4745ed9258065c38aa134398176ce9fc6efcee4c163b39d108d14938f81d874459c57b3c0dbcef274039e3164287d31fb3570522ab7a3411ec19e4fb1df1cb87c926685b0b4eeaf11779bb372f0559cb66ea08524328e06e820a9f93e676ce3760aebb6a996bdb52a39de95c64bd497ce06be70fa9a287c0fbb0edd8c972e30e54555ddb4d0640b191f67a52e488a045ed08193f3d049f74027c293b240060fb038a0ee6f52447e5a23dce53576f233f758293e6ecff6bf7a0fd9a05e030e91b2bb47c4107885f9a9eb0f7d943fdb69165f0bf6a6ea528589079776e8ab9bcd7252673b18756744e5238678ff628db1da74012eadbb2949993ec715004e119744d63f0d99c7b9fa76c7bfc27e54153250d0ebdaf88454dd64d7ecb1ee905039749fc901978f6dcee1c80733c8160ff9b8e542181014d9f1abec85946dda2fee9cf2bbe16469f9c4fcea5f814617ba60faa8df6a8151616d8dac8429a7787e5828e3715bfa1be0c2135b70d471e9543e086458526d6c7782a8240f2c133890c103f0811bececa51e4f76b14610f01f003a47fe3632ee55fccc7aa01ec985b1720916092ac8255a4bc0dbaa8fa3d5153b14f937b7b5a3b849ad5fbbd917ec188af77e3c8bcd89cb1d8de1a6186476858704cd4bb3aec93bf67240a43f10f18e882b666de8bb7830e81e9111b5226f0331ce5632bad32ad0f134b933b1dbafbcdbed1c31beac0fab24a9ea48741b4361f69eff50f78135c42ec6fa8f0bd9d7ee89100dc041df0113d82f0f02a941b79d9751c8fab8d1eb03bc21c9505aff0b6eee5c0919132fddef9f5c83e89d7a802eb9ceae46a318454e61e12bd254d57ff09ed5498204fae724ec1ec1d6059066184537e7c832bfbdb9014f27ef00664a5da9da5028192e2c6eeb9636557354907a8bf68442abd3902db3dfddb673253da89ba2a0cdbefb218d7774582e230f1f1277d0a9ab3d5d463c426c7ac4e8e700c88b4600bfd14e7358d2737bf57224ec83e691b5ef2715e5f5dad88cbf32bf82a77acc6a9b009412c45515e9f5d2879af5dd58bcfa61b8f56f810fd124d405386ec37a6f44a21d27992b25019e6928cdd3b424165aa08e92cf1524838a967729d514b1d6b37160173f7e19c668133bb540f4d81c04673c21869cdfb675fb54dd850ff9b8f4032e392ff8dfb8325fbd7cbd49625d37c6de591778de23a8f8db9c1773900dbbe06ac23fb539a0fe40b8fab2517fc1148a894fc489b3fb73c495e0af9cd4f0e96fc22d7c9ac9566bb7166644068f1c78382e082e0ac81bdac34d847f177eb265a715dd552aae3f5f0c8adf9e9344721b4f005c9f0b140871c59b8d773b5b51f595494e184f9ddd4f46c24b4ed0ff9e532d4db5f5f106829818bab5bd87d722d1dc03cb04454199d2d022ce92e1b2ca90ddeefa1f80cfc5f8bf58491cfef361e7c2871331305cba50c8a91a7383cca216fa45c561368ae0eab6554158db325092283a49b04d06da9bef0d0ca0d9e20d9a623aac1da1bece058914ca3d7c6b4604bfdf6d09a53df16b986a680f43663c73d73e0f3a64a2136a1dff7a48aa65941bd3c6897dc1631697b43c4d92b662e0f53d263ef0f6afb8acc8289773c25f3012e38bad17e388c6a4b58c2387f155dfb9cb4ac5d9ae5429a15ab28554a00fa83f98060da77a9eb0b955537c3e4db5c5658dfc543f46567094347c8b7e73dcc68706362538adccea0e123bb3c2bf232394b553025f57778cedb5911fe5293117b78159aca18c376bf5ecb92531b41c19cea56c318ee423080cf80dcb6a358270898bff7c6193e8fde907ce6ab0fd989e9f4518c355adab219337d961a5b9847c83656daea7e4a280630fa2d927fa911187b81e301498d9b60d4b71b4777d347d0e3e750ef1239ba4a08d240aa7962965a7bdb54eee197652c560d0d92b89b2aade90fec73a6f76408c92ebd33e7cb0b0349a7685aea244edad1ede0162449d1652654455ad1acd17dbe87d799c5bee63a74f151249f799fec20993012371ba59e2e8047abeb95696896ed76fceb6fd376f1df12d8675ae37a994e16aefde4b61a5c0502c0968e744c14d2f2edcee34f1410045faaefc9940bea402db40a7b01c8356d2df9d28bdd334041bd5266435a94fe58977b779a8022f4361283cb07681c0e472c16c2d23720497c7ac5eaeb79dcf89d88e77859c5ac3848545a60c4f9e33e8932102e38afa78557328329557e799c12b63afae674aa91db55050ff1d62fd9b7312756622ac86201a14963a47d55afd28949fc0f9845408d630f9ab0801283ec0f67f4ac3d72b7e8b445ce82bd9a51456600db55050f6d1d444ae60dd52e87ed426d2a57ce0dcba2b8eeb444227789d1161f75be8c290e0a2bae5f7a1e31386ac2eb777e905972c61a25499ae3e2110e74eef60dcc0b488e9100a344b191b35977efee98c45fbd5d2742152cf40aecbff5122b911941ce9e492f13c2e47e4dcbd5dee37c33e063ac78adca67769d7ce1cbc7df1426f3de6896075360c654155f320f2462a515772bfaf75f275dc0fbd38b207c29db7b6811336103b753e9405af113c447faa6cff4857f4c93fd45396fae2888a6068a00975684173ad0f68e36dccefd71a5d375242f7147d18ec0869dd0206986e3f9493fb844a28bac1514a699a2878bed29c2273872e9239a75640f216942a6c571ef4d020fde154af3f12c30e44b045b35099ab0c3f3f82551af6aef8bfac6b8a3c4e6ea2fc2fb14055fdac12959300995fb4eb5a511f5d49a0d8c59a483dcaae7677f58d2c07447ccf2fd811be55a15953905c178ccaf48fa381bb361133d73954d9e734b8be6911b5f311ac6befc0ed7c8a5370fedf9fc58709eef74588368547994bfafc96f05a41ec48db75d497dbde05565827727d6b73328389a6908dc3e648edaf7dc1641b9c5fe9421aff076f04d5bff024553cb64eea005e0dc5852e4e6fda990fa4d5b32b3666980b366d946ccbee9bcc771cecf4f26b154697e939a0a88a8fa78afee9c08b3b492f2a1a72d76c305a3301b68a4b39d8e12fc4c37267216819936e307d9fe962050a1f14e4bc922d12b645c8fe706a7662bcbc0aeec115fa0c0b4ca27ff09e19145ee258f1aa465304dd33f50c4d8e823bd38f27649225f5e4f56920858871cf44d51c04e61d01bc526547d0e991258fe5d70ea6a82b37d50a786a1ddcfe87b89deb8e24b3f38058d278fae5e1bec75518f854b261ce2f45497890c2a34c3338a66f3e9dcda1a93b9084aac5216b392b283c42954c54b725508c628b88911aa1727332d689a9c8cd0ef23d0212e79ba10bfb3c931448e978a12c52ad11830c37ee85d1039b6915eab73f771ebd8147e2e4895da59b8af63c63c1c8ec5e42e8235d6b60e940bc6047f0722d56fe97093d330bcce1c0f3eaa25085a8405a8fea4b05259f6f3071af896ce2c34284048acbfa9f6a77c4ee21fa6e96535531e1de376649c7193231041d1e791438aae9dd901fbccd11ed85a5daad2d97f54656b718baa48261b38705ad14873f0076c68a98537f417323eafd22ba33c9f7100c5423d4a61cb20741d6441449fabf28c39d70783a470850f2523344f23a4b3bef5ad9eaac08ee0226b989a658c5ea637c11cd70d439ed0435a73657a7c9279441434ae97ded9be8ecb0ceb21b70f23f1a5c40c2b64a6c3b5390fd75bd6b5eb805f9381cfbcc2a1faeac6a6780bc18342b71f38d66bc565b34a500e75e3fd160a9ca2368b921297390d14e53e64f345f90d661c9fde934df999a0fc5c1e648f35e804b4832032be6a6b3eac6a5c25e8f34804858dabacdada05c388911c8767dba7b12d730fd0ee480dccdc6d5a3404a244cf37e0e22f0b9dabb83c49977fdf9261516bf49d73fe959b5f00dbee41240703f98388f7804c8d4ff2f4082b7ac9050389f927294262fb6081fe9000cc8778a82b6d080a0fb832d4bd24f50ec7abfb6dcb1df5a9338b2a755671088e74698ca7186ad69c36d80281c9e7f0f795b62d54b66a29ce9200a05f1f9abaf88b2b8b9d13911e82495c720c1cb471c394df0b6c2ea3c50db0e6fcbac637670935d1d8f6b123071ae3de84ef3e5d2f8436f6467541862cc048a07f47035958213514c99d4f26fab4e7d7e2ac621cac671c7d56a4248e50cd462de9856a90202d3f9209eff9c4684d52774d01f65072952d3e18b7c7ece29ee5626c39b1377f02085f7c5ad5fac24d68889dacd309f9fc201933257aa5edee773bd1a22bc05e1f06694f26358127c3ba833d3fc1685a5ff3e923acb44cdd7eeb886786e6c1203d53bb12b2c332f0cea591451b076a63c653eaa45b1e8f09799d33c874a5a5b539997548d56fc7e9c6c80ce68720284a88e3dad4fe32c3b3fdb86f495d53115ae0fe011fd6d9ed16cc503604bd1acd66ffdb5e60e472051cfea80b7e111b8a165d609ac260124e64a6ec7403d6eb831bbc06e850da111b7a52a8a6fd4f0e0579dc176432e24c10bcebe5209e05c4e804b7e1a93b5b93878b2dcc814dfa231f6bf0df6d9428922f7cc1ef979a62a44b3e90b0de2bce024596dbcb60295f0a814e807b66247c6460d57a7d7a9d1de7faddf9f09769e7b596f6546cfcf7b1029b393d819f02"]) chdir(&(0x7f0000000040)='./file0\x00') newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x400) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x100000001) r7 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0x100000001) fspick(r7, &(0x7f0000000200)='./file0\x00', 0x0) ftruncate(r4, 0xfdee) ftruncate(r5, 0xdf) 11:06:12 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') lsetxattr(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000180)=@known='trusted.overlay.nlink\x00', &(0x7f00000001c0)='vfat\x00', 0x5, 0x1) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) pwrite64(r4, &(0x7f0000000300)="ee4a1f66c2a07814f2bfa8616cb13ca323de0fbac36a71f75d9657ad82541f5e515863b766a1deec936d74a2606052356f3431dac4423026a00a7a5763124ead110a93bed8debb2b4d6b7b71eb47885c9821918673ffca3ce753786d79fa87ec8130e1d57766d250c041e1a51e49973ef51f08917f564974e2fcb93314f5c38c0e0056e766843d31880f937c236d138d3a4ac25aef200ba2edd83b185bc470131f2f99827d125a3a45cbdac642b59e16c8", 0xb1, 0x80) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x100000001) sendfile(r7, r0, 0x0, 0xf0) sendfile(r2, r5, 0x0, 0x100000001) ftruncate(r1, 0xfdef) [ 1802.134452] FAULT_INJECTION: forcing a failure. [ 1802.134452] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1802.136215] CPU: 0 PID: 11724 Comm: Not tainted 5.10.222 #1 [ 1802.136999] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1802.138116] Call Trace: [ 1802.138494] dump_stack+0x107/0x167 [ 1802.138998] should_fail.cold+0x5/0xa [ 1802.139530] _copy_from_user+0x2e/0x1b0 [ 1802.140090] comm_write+0xbf/0x2a0 [ 1802.140631] ? proc_pid_permission+0x300/0x300 [ 1802.141280] do_iter_write+0x4f0/0x700 [ 1802.141833] vfs_writev+0x1ae/0x620 [ 1802.142340] ? vfs_iter_write+0xa0/0xa0 [ 1802.142886] ? __fdget_pos+0xf1/0x190 [ 1802.143415] ? lock_downgrade+0x6d0/0x6d0 [ 1802.143991] ? ksys_write+0x12d/0x260 [ 1802.144535] ? __fget_files+0x2f8/0x520 [ 1802.145102] do_writev+0x139/0x300 [ 1802.145593] ? vfs_writev+0x620/0x620 [ 1802.146131] do_syscall_64+0x33/0x40 [ 1802.146639] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1802.147337] RIP: 0033:0x7fbbbec6fb19 [ 1802.147849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1802.150330] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1802.151366] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1802.152345] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1802.153307] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1802.154267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1802.155242] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:06:12 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 70) [ 1802.271495] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1802.372721] FAULT_INJECTION: forcing a failure. [ 1802.372721] name failslab, interval 1, probability 0, space 0, times 0 [ 1802.374200] CPU: 0 PID: 11735 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1802.375030] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1802.376012] Call Trace: [ 1802.376347] dump_stack+0x107/0x167 [ 1802.376791] should_fail.cold+0x5/0xa [ 1802.377252] ? create_object.isra.0+0x3a/0xa20 [ 1802.377798] ? create_object.isra.0+0x3a/0xa20 [ 1802.378350] should_failslab+0x5/0x20 [ 1802.378791] kmem_cache_alloc+0x5b/0x310 [ 1802.379272] create_object.isra.0+0x3a/0xa20 [ 1802.379778] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1802.380379] kmem_cache_alloc+0x159/0x310 [ 1802.380870] alloc_buffer_head+0x20/0x110 [ 1802.381355] alloc_page_buffers+0x14d/0x700 [ 1802.381858] create_empty_buffers+0x2c/0x640 [ 1802.382380] create_page_buffers+0x1bb/0x230 [ 1802.382893] __block_write_begin_int+0x1d1/0x19c0 [ 1802.383454] ? fat_add_cluster+0x100/0x100 [ 1802.383943] ? add_to_page_cache_locked+0x40/0x40 [ 1802.384508] ? __page_cache_alloc+0x10d/0x360 [ 1802.385031] ? remove_inode_buffers+0x300/0x300 [ 1802.385575] ? pagecache_get_page+0x243/0xc80 [ 1802.386096] ? unlock_page_memcg+0x96/0x170 [ 1802.386601] ? wait_for_stable_page+0x92/0xe0 [ 1802.387128] cont_write_begin+0x472/0x980 [ 1802.387626] ? fat_add_cluster+0x100/0x100 [ 1802.388139] ? nobh_write_begin+0xed0/0xed0 [ 1802.388667] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1802.389327] ? generic_write_end+0x20e/0x3f0 [ 1802.389851] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1802.390462] fat_write_begin+0x89/0x180 [ 1802.390919] ? fat_add_cluster+0x100/0x100 [ 1802.391435] generic_perform_write+0x20a/0x4f0 [ 1802.391986] ? fat_direct_IO+0x1ef/0x380 [ 1802.392487] ? page_cache_prev_miss+0x310/0x310 [ 1802.393046] __generic_file_write_iter+0x2cd/0x5d0 [ 1802.393626] generic_file_write_iter+0xdb/0x230 [ 1802.394173] do_iter_readv_writev+0x476/0x750 [ 1802.394693] ? new_sync_write+0x660/0x660 [ 1802.395179] ? avc_policy_seqno+0x9/0x70 [ 1802.395663] ? selinux_file_permission+0x92/0x520 [ 1802.396228] ? security_file_permission+0xb1/0xe0 [ 1802.396821] do_iter_write+0x191/0x700 [ 1802.397281] ? trace_hardirqs_on+0x5b/0x180 [ 1802.397807] vfs_iter_write+0x70/0xa0 [ 1802.398251] iter_file_splice_write+0x762/0xc30 [ 1802.398806] ? generic_splice_sendpage+0x140/0x140 [ 1802.399396] ? security_file_permission+0xb1/0xe0 [ 1802.399976] ? generic_splice_sendpage+0x140/0x140 [ 1802.400572] direct_splice_actor+0x10f/0x170 [ 1802.401105] splice_direct_to_actor+0x387/0x980 [ 1802.401650] ? pipe_to_sendpage+0x380/0x380 [ 1802.402155] ? do_splice_to+0x160/0x160 [ 1802.402615] ? security_file_permission+0xb1/0xe0 [ 1802.403184] do_splice_direct+0x1c4/0x290 [ 1802.403666] ? splice_direct_to_actor+0x980/0x980 [ 1802.404220] ? avc_policy_seqno+0x9/0x70 [ 1802.404708] ? security_file_permission+0xb1/0xe0 [ 1802.405283] do_sendfile+0x553/0x11e0 [ 1802.405734] ? do_pwritev+0x270/0x270 [ 1802.406181] ? wait_for_completion_io+0x270/0x270 [ 1802.406737] ? rcu_read_lock_any_held+0x75/0xa0 [ 1802.407300] ? vfs_write+0x354/0xb10 [ 1802.407750] __x64_sys_sendfile64+0x1d1/0x210 [ 1802.408272] ? __ia32_sys_sendfile+0x220/0x220 [ 1802.408821] do_syscall_64+0x33/0x40 [ 1802.409255] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1802.409843] RIP: 0033:0x7f24f4026b19 [ 1802.410283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1802.412387] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1802.413269] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1802.414093] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1802.414913] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1802.415732] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1802.416561] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 11:06:28 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100001900) 11:06:28 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000180), &(0x7f00000001c0)={0x0, 0xfb, 0x75, 0x4, 0x67, "02d593ec414d7cd5e003a3952642c1ac", "4f63b1ada77ccf0602d4e14f5a812cb04862d9459d89b226f11ac0147d498a3d4d89c03eabfc02077762eed1e0e39d53c378a0a6d75a1877be266da0c3be9a20d4c7bd52db84779a528c94068f487cf30abce7f3693bdcfb723b7129ef69367c"}, 0x75, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:06:28 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:06:28 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) fchmodat(r0, &(0x7f00000000c0)='./file0\x00', 0x0) chdir(&(0x7f0000000040)='./file0\x00') r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ftruncate(r2, 0xfdef) 11:06:28 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, 0x0) set_mempolicy(0x0, &(0x7f00000000c0), 0x7fff) pwrite64(r0, &(0x7f0000000300), 0x0, 0x5) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x40101, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000001480)={0x0, ""/256, 0x0, 0x0}) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f0000000080)={r6, 0x2, 0x6, @dev}, 0x10) dup2(0xffffffffffffffff, r4) fallocate(0xffffffffffffffff, 0x1b, 0x9, 0x8000000000000000) r7 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000053000)={0x376, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0x6, "5c83c9bf8af498"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r7, 0x81f8943c, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000004c340)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}, {}, {0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}], 0xad, "7e9ac7272717f4"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000000480)={0x4, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r10}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}], 0x7f, "ec582a3bf89fd9"}) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000100)=@ccm_128={{0x303}, "1af2ce5918b4faa4", "51979d7f70ab76d160d89ed9929e8ae7", "d6d5882a", "7a4166b31983f32b"}, 0x28) 11:06:28 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="01", 0x1) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r4, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:06:28 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 71) 11:06:28 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 71) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1818.437849] FAULT_INJECTION: forcing a failure. [ 1818.437849] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1818.439842] CPU: 1 PID: 11765 Comm: Not tainted 5.10.222 #1 [ 1818.440691] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1818.441896] Call Trace: [ 1818.442288] dump_stack+0x107/0x167 [ 1818.442817] should_fail.cold+0x5/0xa [ 1818.443373] _copy_from_user+0x2e/0x1b0 [ 1818.443956] comm_write+0xbf/0x2a0 [ 1818.444472] ? proc_pid_permission+0x300/0x300 [ 1818.445154] do_iter_write+0x4f0/0x700 [ 1818.445732] vfs_writev+0x1ae/0x620 [ 1818.446265] ? vfs_iter_write+0xa0/0xa0 [ 1818.446836] ? __fdget_pos+0xf1/0x190 [ 1818.447402] ? lock_downgrade+0x6d0/0x6d0 [ 1818.448009] ? ksys_write+0x12d/0x260 [ 1818.448571] ? __fget_files+0x2f8/0x520 [ 1818.449175] do_writev+0x139/0x300 [ 1818.449701] ? vfs_writev+0x620/0x620 [ 1818.450267] do_syscall_64+0x33/0x40 [ 1818.450800] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1818.451538] RIP: 0033:0x7fbbbec6fb19 [ 1818.452084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1818.454668] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1818.455775] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1818.456820] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1818.457866] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1818.458905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1818.459945] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:06:28 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) sendmsg$nl_netfilter(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="34000000010801042dbd7000fcdbdf25d100000a08409500", @ANYRES32, @ANYBLOB="14004600c4ac8a5d90fedf5acebda8dd0000000000000000e16b8d9f221df9193bbd1d3037a0bff547b14fc76a961672afaea6e05c5a6dfcb86cd6c7f65a763e3f2c0275ff6226d0f7374bd3f93302789aa315997d86b17e144a99200ae4de1c4f8d48def24d12e703738b94253c6fe681f4447fc3b31283a8e75613ff5e969b5ca4ff643c9e18901f28d93e2f518248eabad7ffede05908916a62aecf7186eb684beb05c9f1"], 0x34}, 0x1, 0x0, 0x0, 0x40020}, 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) [ 1818.523620] handle_bad_sector: 5 callbacks suppressed [ 1818.523637] attempt to access beyond end of device [ 1818.523637] loop6: rw=0, want=147, limit=128 [ 1818.544279] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1818.555859] attempt to access beyond end of device [ 1818.555859] loop6: rw=2049, want=276, limit=128 [ 1818.586836] attempt to access beyond end of device [ 1818.586836] loop4: rw=2049, want=276, limit=128 11:06:28 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x40000, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='romfs\x00', 0x40000, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x82040, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7fff, 0x1}, 0x0, 0x8000, 0x0, 0x8, 0x1000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000080)) ioctl$sock_SIOCGIFINDEX(r0, 0x8914, &(0x7f0000000140)={'lo\x00'}) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/class/rtc', 0x4800, 0x40) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000180)={@loopback, 0x0, r3}) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e24, 0x5, @private2, 0xfffffc01}, 0x1c) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f00000000c0)={'veth0_to_bridge\x00'}) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000006e80)={&(0x7f0000006ec0)={0x34, 0x0, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @ETHTOOL_A_FEATURES_WANTED={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x10}]}]}, 0x95}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'gretap0\x00', &(0x7f0000000240)={'gre0\x00', r3, 0x40, 0x7, 0x20, 0x40, {{0x8, 0x4, 0x2, 0x26, 0x20, 0x65, 0x0, 0x4, 0x4, 0x0, @private=0xa010102, @rand_addr=0x64010100, {[@ssrr={0x89, 0xb, 0xb1, [@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000780)={0x244, 0x0, 0x200, 0x70bd25, 0x25dfdbfb, {}, [{{0x8}, {0xbc, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r3}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffffa}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r5}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x1f}}}]}}, {{0x8, 0x1, r6}, {0x120, 0x2, 0x0, 0x1, [{0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x6, 0x0, 0x18}, {0x6, 0x7f, 0x5, 0xf22}]}}}, {0x74, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x44, 0x4, [{0x8, 0x2, 0x3, 0x9}, {0x6, 0x8, 0xff, 0xdee}, {0xe8, 0x0, 0x80, 0x1}, {0xf801, 0xc7, 0x20, 0x5}, {0x4, 0xfb, 0xff, 0x4}, {0x9, 0x20, 0x4, 0x2}, {0x6, 0x4, 0x6, 0xfffffffb}, {0x1, 0x0, 0x40, 0x400}]}}}, {0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x5, 0x6b, 0x2, 0x1}, {0x101, 0x1, 0x23, 0xb4}, {0x0, 0x0, 0x9, 0x800}, {0x7, 0x8, 0x7f, 0x7}, {0x4, 0x1, 0x4, 0x2}, {0x3, 0x2c, 0x4, 0x40}]}}}]}}]}, 0x244}}, 0x200440d0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x45, 0xfc, 0x0, 0x0, 0x5e, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0}, 0x0, 0x3, 0x1004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8914, &(0x7f0000000140)={'lo\x00'}) [ 1818.661157] FAULT_INJECTION: forcing a failure. [ 1818.661157] name failslab, interval 1, probability 0, space 0, times 0 [ 1818.663049] CPU: 1 PID: 11772 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1818.664066] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1818.665292] Call Trace: [ 1818.665697] dump_stack+0x107/0x167 [ 1818.666252] should_fail.cold+0x5/0xa [ 1818.666829] ? create_object.isra.0+0x3a/0xa20 [ 1818.667507] should_failslab+0x5/0x20 [ 1818.668074] kmem_cache_alloc+0x5b/0x310 [ 1818.668706] create_object.isra.0+0x3a/0xa20 [ 1818.669367] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1818.670105] kmem_cache_alloc+0x159/0x310 [ 1818.670733] alloc_buffer_head+0x20/0x110 [ 1818.671336] alloc_page_buffers+0x14d/0x700 [ 1818.671960] create_empty_buffers+0x2c/0x640 [ 1818.672615] create_page_buffers+0x1bb/0x230 [ 1818.673268] __block_write_begin_int+0x1d1/0x19c0 [ 1818.673972] ? fat_add_cluster+0x100/0x100 [ 1818.674598] ? add_to_page_cache_locked+0x40/0x40 [ 1818.675303] ? __page_cache_alloc+0x10d/0x360 [ 1818.675940] ? remove_inode_buffers+0x300/0x300 [ 1818.676626] ? pagecache_get_page+0x243/0xc80 [ 1818.677268] ? unlock_page_memcg+0x96/0x170 [ 1818.677903] ? wait_for_stable_page+0x92/0xe0 [ 1818.678541] cont_write_begin+0x472/0x980 [ 1818.679158] ? fat_add_cluster+0x100/0x100 [ 1818.679756] ? nobh_write_begin+0xed0/0xed0 [ 1818.680387] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1818.681232] ? generic_write_end+0x20e/0x3f0 [ 1818.681868] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1818.682600] fat_write_begin+0x89/0x180 [ 1818.683175] ? fat_add_cluster+0x100/0x100 [ 1818.683797] generic_perform_write+0x20a/0x4f0 [ 1818.684468] ? fat_direct_IO+0x1ef/0x380 [ 1818.685060] ? page_cache_prev_miss+0x310/0x310 [ 1818.685755] __generic_file_write_iter+0x2cd/0x5d0 [ 1818.686477] generic_file_write_iter+0xdb/0x230 [ 1818.687159] do_iter_readv_writev+0x476/0x750 [ 1818.687796] ? new_sync_write+0x660/0x660 [ 1818.688399] ? avc_policy_seqno+0x9/0x70 [ 1818.688985] ? selinux_file_permission+0x92/0x520 [ 1818.689697] ? security_file_permission+0xb1/0xe0 [ 1818.690414] do_iter_write+0x191/0x700 [ 1818.690988] ? trace_hardirqs_on+0x5b/0x180 [ 1818.691627] vfs_iter_write+0x70/0xa0 [ 1818.692186] iter_file_splice_write+0x762/0xc30 [ 1818.692890] ? generic_splice_sendpage+0x140/0x140 [ 1818.693633] ? security_file_permission+0xb1/0xe0 [ 1818.694339] ? generic_splice_sendpage+0x140/0x140 [ 1818.695048] direct_splice_actor+0x10f/0x170 [ 1818.695692] splice_direct_to_actor+0x387/0x980 [ 1818.696373] ? pipe_to_sendpage+0x380/0x380 [ 1818.697011] ? do_splice_to+0x160/0x160 [ 1818.697594] ? security_file_permission+0xb1/0xe0 [ 1818.698304] do_splice_direct+0x1c4/0x290 [ 1818.698909] ? splice_direct_to_actor+0x980/0x980 [ 1818.699602] ? avc_policy_seqno+0x9/0x70 [ 1818.700208] ? security_file_permission+0xb1/0xe0 [ 1818.700932] do_sendfile+0x553/0x11e0 [ 1818.701502] ? do_pwritev+0x270/0x270 [ 1818.702060] ? wait_for_completion_io+0x270/0x270 [ 1818.702762] ? rcu_read_lock_any_held+0x75/0xa0 [ 1818.703435] ? vfs_write+0x354/0xb10 [ 1818.703991] __x64_sys_sendfile64+0x1d1/0x210 [ 1818.704654] ? __ia32_sys_sendfile+0x220/0x220 [ 1818.705330] do_syscall_64+0x33/0x40 [ 1818.705871] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1818.706610] RIP: 0033:0x7f24f4026b19 [ 1818.707143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1818.709784] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1818.710882] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1818.711909] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1818.712937] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1818.713963] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1818.714989] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1818.718700] attempt to access beyond end of device [ 1818.718700] loop4: rw=1, want=403, limit=128 11:06:28 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) ioctl$F2FS_IOC_WRITE_CHECKPOINT(r3, 0xf507, 0x0) sendfile(r1, r2, 0x0, 0x100000001) r5 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) fchmodat(r5, &(0x7f0000000180)='./file0/file0\x00', 0x1) ftruncate(r0, 0xfdef) [ 1818.828579] attempt to access beyond end of device [ 1818.828579] loop5: rw=2049, want=276, limit=128 11:06:28 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100001a00) 11:06:28 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4305, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000900), r1) r3 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='configfs\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) mkdirat(r4, &(0x7f0000000180)='./file0\x00', 0x0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000180)={0x0, 0xfffffffffffffe9a, &(0x7f0000000040)={&(0x7f00000000c0)={0x34, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}]}, 0x34}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="100228bd7000fbdbdf2501000000080007007f000001080002000300000008000800ffffffff080004000000000014000500ff010000000000000000000000000001090001007068793100000000080008000a010100140005000000e2ffffffffffffffffff7f000001"], 0x70}}, 0x4000) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) statx(r3, &(0x7f00000002c0)='./file0\x00', 0x400, 0x200, &(0x7f0000000300)) 11:06:28 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 72) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1819.000160] attempt to access beyond end of device [ 1819.000160] loop4: rw=2049, want=276, limit=128 [ 1819.081845] FAULT_INJECTION: forcing a failure. [ 1819.081845] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1819.085500] CPU: 1 PID: 11803 Comm: Not tainted 5.10.222 #1 [ 1819.086467] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1819.087763] Call Trace: [ 1819.088158] dump_stack+0x107/0x167 [ 1819.088713] should_fail.cold+0x5/0xa [ 1819.089478] _copy_from_user+0x2e/0x1b0 [ 1819.090161] comm_write+0xbf/0x2a0 [ 1819.090705] ? proc_pid_permission+0x300/0x300 [ 1819.091473] do_iter_write+0x4f0/0x700 [ 1819.092177] vfs_writev+0x1ae/0x620 [ 1819.092848] ? vfs_iter_write+0xa0/0xa0 [ 1819.093432] ? __fdget_pos+0xf1/0x190 [ 1819.093986] ? lock_downgrade+0x6d0/0x6d0 [ 1819.094604] ? ksys_write+0x12d/0x260 [ 1819.095166] ? __fget_files+0x2f8/0x520 [ 1819.095817] do_writev+0x139/0x300 [ 1819.096382] ? vfs_writev+0x620/0x620 [ 1819.097053] do_syscall_64+0x33/0x40 [ 1819.097614] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1819.098498] RIP: 0033:0x7fbbbec6fb19 [ 1819.099112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1819.101981] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1819.103159] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1819.104373] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1819.105426] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1819.106643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1819.107667] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1819.149982] attempt to access beyond end of device [ 1819.149982] loop4: rw=1, want=300, limit=128 [ 1819.358642] FAT-fs (loop6): Unrecognized mount option "/dev/null" or missing value 11:06:47 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 72) 11:06:47 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) 11:06:47 executing program 3: perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) unshare(0x0) unshare(0x20080) unshare(0x20040300) unshare(0x4000180) 11:06:47 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(r0, &(0x7f00000000c0)='./file0\x00', 0x101000, 0xc8) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x100000001) sendfile(r2, r3, 0x0, 0x100208001) ftruncate(r1, 0xfdef) 11:06:47 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="01", 0x1) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r4, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) 11:06:47 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100001b00) 11:06:47 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 73) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:06:47 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ftruncate(r0, 0xfdef) inotify_add_watch(r2, &(0x7f00000000c0)='./file0\x00', 0xa0000004) [ 1837.842712] FAULT_INJECTION: forcing a failure. [ 1837.842712] name failslab, interval 1, probability 0, space 0, times 0 [ 1837.844715] CPU: 1 PID: 11839 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1837.845707] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1837.846889] Call Trace: [ 1837.847276] dump_stack+0x107/0x167 [ 1837.847794] should_fail.cold+0x5/0xa [ 1837.848348] ? create_object.isra.0+0x3a/0xa20 [ 1837.849090] should_failslab+0x5/0x20 [ 1837.849707] kmem_cache_alloc+0x5b/0x310 [ 1837.850315] create_object.isra.0+0x3a/0xa20 [ 1837.850945] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1837.851686] kmem_cache_alloc+0x159/0x310 [ 1837.852435] alloc_buffer_head+0x20/0x110 [ 1837.853120] alloc_page_buffers+0x14d/0x700 [ 1837.853882] create_empty_buffers+0x2c/0x640 [ 1837.854531] create_page_buffers+0x1bb/0x230 [ 1837.855233] __block_write_begin_int+0x1d1/0x19c0 [ 1837.855988] ? fat_add_cluster+0x100/0x100 [ 1837.856662] ? add_to_page_cache_locked+0x40/0x40 [ 1837.857597] ? __page_cache_alloc+0x10d/0x360 [ 1837.858344] ? remove_inode_buffers+0x300/0x300 [ 1837.858756] FAULT_INJECTION: forcing a failure. [ 1837.858756] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1837.859019] ? pagecache_get_page+0x243/0xc80 [ 1837.859047] ? wait_for_stable_page+0x92/0xe0 [ 1837.859073] cont_write_begin+0x472/0x980 [ 1837.859097] ? finish_task_switch+0x126/0x5d0 [ 1837.859112] ? finish_task_switch+0xef/0x5d0 [ 1837.859134] ? fat_add_cluster+0x100/0x100 [ 1837.859161] ? nobh_write_begin+0xed0/0xed0 [ 1837.865131] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1837.865946] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1837.866684] ? io_schedule_timeout+0x140/0x140 [ 1837.867360] fat_write_begin+0x89/0x180 [ 1837.867938] ? fat_add_cluster+0x100/0x100 [ 1837.868561] generic_perform_write+0x20a/0x4f0 [ 1837.869225] ? fat_direct_IO+0x1ef/0x380 [ 1837.869809] ? page_cache_prev_miss+0x310/0x310 [ 1837.870504] __generic_file_write_iter+0x2cd/0x5d0 [ 1837.871219] generic_file_write_iter+0xdb/0x230 [ 1837.871897] do_iter_readv_writev+0x476/0x750 [ 1837.872555] ? new_sync_write+0x660/0x660 [ 1837.873158] ? avc_policy_seqno+0x9/0x70 [ 1837.873737] ? selinux_file_permission+0x92/0x520 [ 1837.874440] ? security_file_permission+0xb1/0xe0 [ 1837.875151] do_iter_write+0x191/0x700 [ 1837.875708] ? trace_hardirqs_on+0x5b/0x180 [ 1837.876342] vfs_iter_write+0x70/0xa0 [ 1837.876902] iter_file_splice_write+0x762/0xc30 [ 1837.877602] ? generic_splice_sendpage+0x140/0x140 [ 1837.878361] ? security_file_permission+0xb1/0xe0 [ 1837.879073] ? generic_splice_sendpage+0x140/0x140 [ 1837.879784] direct_splice_actor+0x10f/0x170 [ 1837.880446] splice_direct_to_actor+0x387/0x980 [ 1837.881155] ? pipe_to_sendpage+0x380/0x380 [ 1837.881788] ? do_splice_to+0x160/0x160 [ 1837.882405] ? security_file_permission+0xb1/0xe0 [ 1837.883178] do_splice_direct+0x1c4/0x290 [ 1837.883786] ? splice_direct_to_actor+0x980/0x980 [ 1837.884484] ? avc_policy_seqno+0x9/0x70 [ 1837.885084] ? security_file_permission+0xb1/0xe0 [ 1837.885802] do_sendfile+0x553/0x11e0 [ 1837.886381] ? do_pwritev+0x270/0x270 [ 1837.886944] ? wait_for_completion_io+0x270/0x270 [ 1837.887654] ? rcu_read_lock_any_held+0x75/0xa0 [ 1837.888334] ? vfs_write+0x354/0xb10 [ 1837.888900] __x64_sys_sendfile64+0x1d1/0x210 [ 1837.889547] ? __ia32_sys_sendfile+0x220/0x220 [ 1837.890231] do_syscall_64+0x33/0x40 [ 1837.890777] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1837.891528] RIP: 0033:0x7f24f4026b19 [ 1837.892074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1837.894726] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1837.895841] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1837.896885] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1837.897929] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1837.898967] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1837.900003] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1837.901143] CPU: 0 PID: 11851 Comm: Not tainted 5.10.222 #1 [ 1837.902006] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1837.903386] Call Trace: [ 1837.903788] dump_stack+0x107/0x167 [ 1837.904329] should_fail.cold+0x5/0xa [ 1837.904912] _copy_from_user+0x2e/0x1b0 [ 1837.905509] comm_write+0xbf/0x2a0 [ 1837.906035] ? proc_pid_permission+0x300/0x300 [ 1837.906723] do_iter_write+0x4f0/0x700 [ 1837.907316] vfs_writev+0x1ae/0x620 [ 1837.907855] ? vfs_iter_write+0xa0/0xa0 [ 1837.908442] ? __fdget_pos+0xf1/0x190 [ 1837.909016] ? lock_downgrade+0x6d0/0x6d0 [ 1837.909634] ? ksys_write+0x12d/0x260 [ 1837.910210] ? __fget_files+0x2f8/0x520 [ 1837.910818] do_writev+0x139/0x300 [ 1837.911346] ? vfs_writev+0x620/0x620 [ 1837.911924] do_syscall_64+0x33/0x40 [ 1837.912474] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1837.913231] RIP: 0033:0x7fbbbec6fb19 [ 1837.913779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1837.914285] attempt to access beyond end of device [ 1837.914285] loop6: rw=0, want=147, limit=128 [ 1837.916383] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1837.916406] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1837.916429] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1837.921061] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1837.922228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1837.923268] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1837.952593] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1838.004424] attempt to access beyond end of device [ 1838.004424] loop6: rw=2049, want=276, limit=128 11:06:48 executing program 3: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000002c0)=0x0) r1 = open_tree(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x81001) perf_event_open(&(0x7f0000000200)={0x3, 0x80, 0x7, 0x6, 0xff, 0xff, 0x0, 0x100000001, 0x8000, 0x6, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f00000001c0), 0x5}, 0x0, 0xb89, 0xfffffe00, 0x5, 0x0, 0x400, 0x5, 0x0, 0x1, 0x0, 0x9}, r0, 0x3, r1, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c00000000000500000000005344ce83ca84648eae700ce6f8e67bf091c29bfe2b3be25931922bc964a375d578217bd78f1f8e5c40b2763557a0ea13032c6c42c899754b05a231722b51c04d93a41821d0a030f5ab0c48f1b821a4b0a26f7af95841f858ed665930781ee7876494a2b384b0d04d71a3d143ff637200a9dfe16ebee3fa8d3bb6b1f848577520afb40fd5c6686bae585a5b44b8bb7c71791a0bbd13fedcf3000000000000ffffaa5b049eecbcab24cce896f64858f5b30f1664b499dc61dabc23e47fc0a754e2aa9d94eef542928051ed5772f43a6801262b9552a706bc9a3b2c9335aab461f4bf65da33a90d2ccb547ccecf4734dd8377cfd958abb6099fe9752180bb43b22880f6"], 0x1c}}, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000440)={0x0, 0xffffffffffffff79, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="06000000175bd71de44e2e24b7b3a1f5cf953417f6616528cf26d881a3a4f7", @ANYRES16=r4, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r6, @ANYBLOB="10005a80"], 0x2c}}, 0x0) sendmsg$NL80211_CMD_SET_REG(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, r4, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_DFS_REGION={0x5, 0x92, 0xff}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x24}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x4) openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x8000, 0xc0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000140)={'wlan0\x00'}) [ 1838.137614] attempt to access beyond end of device [ 1838.137614] loop6: rw=2049, want=403, limit=128 11:06:48 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 74) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1838.225949] selinux_netlink_send: 28 callbacks suppressed [ 1838.225969] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11866 comm=syz-executor.3 [ 1838.267276] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 11:06:48 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1ff, 0x3, &(0x7f0000000380)=[{&(0x7f0000000140)="eb3c906d6b66732e98a27400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}, {&(0x7f0000000340)="e5c3400190b213cfa22c58fbd3eb4e57457b21b44e5473b9", 0x18, 0x4}], 0x846400, &(0x7f0000000200)=ANY=[@ANYRESHEX, @ANYRESHEX]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) r3 = syz_open_dev$evdev(&(0x7f0000000280), 0x7, 0x800) ioctl$EXT4_IOC_GROUP_EXTEND(r3, 0x40086607, &(0x7f0000000300)=0x7d) ftruncate(r0, 0xfdef) symlink(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file0\x00') r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x100000001) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f00000000c0)={0x0, r1, 0xa, 0x4, 0x1ff, 0x4}) [ 1838.333513] FAULT_INJECTION: forcing a failure. [ 1838.333513] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1838.336686] CPU: 1 PID: 11870 Comm: Not tainted 5.10.222 #1 [ 1838.337529] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1838.338713] Call Trace: [ 1838.339101] dump_stack+0x107/0x167 [ 1838.339619] should_fail.cold+0x5/0xa [ 1838.340177] _copy_from_user+0x2e/0x1b0 [ 1838.340749] comm_write+0xbf/0x2a0 [ 1838.341284] ? proc_pid_permission+0x300/0x300 [ 1838.341954] do_iter_write+0x4f0/0x700 [ 1838.342533] vfs_writev+0x1ae/0x620 [ 1838.343053] ? vfs_iter_write+0xa0/0xa0 [ 1838.343627] ? __fdget_pos+0xf1/0x190 [ 1838.344178] ? lock_downgrade+0x6d0/0x6d0 [ 1838.344780] ? ksys_write+0x12d/0x260 [ 1838.345343] ? __fget_files+0x2f8/0x520 [ 1838.345933] do_writev+0x139/0x300 [ 1838.346456] ? vfs_writev+0x620/0x620 [ 1838.347018] do_syscall_64+0x33/0x40 [ 1838.347548] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1838.348271] RIP: 0033:0x7fbbbec6fb19 [ 1838.348802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1838.351412] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1838.352499] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1838.353525] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1838.354532] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1838.355549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1838.356561] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 11:06:48 executing program 1: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) ftruncate(0xffffffffffffffff, 0xfdf0) [ 1838.382654] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1838.383380] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11872 comm=syz-executor.3 11:06:48 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100004000) 11:06:48 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="01", 0x1) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r4, 0xffff) sendfile(r2, r3, 0x0, 0x20d315) [ 1838.500571] attempt to access beyond end of device [ 1838.500571] loop5: rw=2049, want=276, limit=128 11:06:48 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 75) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1838.594610] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1838.666894] FAULT_INJECTION: forcing a failure. [ 1838.666894] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1838.668784] CPU: 0 PID: 11892 Comm: Not tainted 5.10.222 #1 [ 1838.669602] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1838.670678] Call Trace: [ 1838.671039] dump_stack+0x107/0x167 [ 1838.671517] should_fail.cold+0x5/0xa [ 1838.672027] _copy_from_user+0x2e/0x1b0 [ 1838.672550] comm_write+0xbf/0x2a0 [ 1838.673028] ? proc_pid_permission+0x300/0x300 [ 1838.673639] do_iter_write+0x4f0/0x700 [ 1838.674166] vfs_writev+0x1ae/0x620 [ 1838.674646] ? vfs_iter_write+0xa0/0xa0 [ 1838.675168] ? __fdget_pos+0xf1/0x190 [ 1838.675667] ? lock_downgrade+0x6d0/0x6d0 [ 1838.676217] ? ksys_write+0x12d/0x260 [ 1838.676728] ? __fget_files+0x2f8/0x520 [ 1838.677282] do_writev+0x139/0x300 [ 1838.677752] ? vfs_writev+0x620/0x620 [ 1838.678267] do_syscall_64+0x33/0x40 [ 1838.678760] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1838.679424] RIP: 0033:0x7fbbbec6fb19 [ 1838.679909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1838.682268] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1838.683248] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1838.684168] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1838.685093] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1838.686009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1838.686930] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1838.816231] attempt to access beyond end of device [ 1838.816231] loop4: rw=2049, want=276, limit=128 [ 1838.898703] attempt to access beyond end of device [ 1838.898703] loop4: rw=1, want=403, limit=128 11:07:02 executing program 3: perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) unshare(0x0) unshare(0x2000280) 11:07:02 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 73) 11:07:02 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) lsetxattr$trusted_overlay_upper(&(0x7f0000002880)='./file0\x00', &(0x7f00000028c0), &(0x7f0000002900)={0x0, 0xfb, 0x17, 0x2, 0x20, "f0b6c86e721867e66d5a3ad68e71eb44", "d805"}, 0x17, 0x0) ftruncate(r0, 0xfdef) syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x8, 0x9, &(0x7f0000002740)=[{&(0x7f0000000300)="2909641aa6e4dea6c4cc0ceadce629858db7b080c5cd5cc389bae7979659f1b878ee52c099db06a99c3b02c0f40334271a1c3b544270233e0915105ff5062d2cfa0b302e4ebe9553648876ae9354cb9e82e79b6b1a368ad396529ae8697676840ac2491bcc3647d39d0993e0d7b3f79be9b6983732096708424e2cc4d9de9775236117ec4e4610e6b82e045eec4d30a2a919ebe313ae1df3a3c2b0989eb575a0d4e8ef1e8f14acb49a18770791b6da02079f2d72e2ae456673b89d580847d3c462fce5d6cc30c4a6cda382c6bb1804cbafcff3ee5eaff9e669b2c9ae3bf7f874b9737d2671acc57724c651ffde367c8a2a447483ede79a29c98247f1b21518ee19aa5f80c3f621ba1a730636a23fa4ad769b15fbd92251b8016c92fcec3b3572a6edcfb9e4f464294263cf36d1433d31bc9c3a116647168d48e5b6e23a9c245cbd3a32c3e108ba17e8b273a201c5fbc6a592f677d3788bc3984053de3e23c27a0978dd8e50cb280cccb0e92426b0d8034a27a96371ac22a5e13a1c46a791ca0cf8bd6946dc4d044e847cf8a833c866614cef7f76b7c0766948a2137c636a66c834d5f8974f5ffb57756b4971501ab9f49dd8329dde26dff36d66dae4eb6386944acd6e72e82570db1ca655ab3e0e0295d4192394cb7708d33f9c9a1bb72f0446aee2c7c0a209593c73ab02d36c302805aeefdbebab33502e48140060514de4351012c8b55d7f5972b63f54b2a2694f592232023b0eb9e4f5b2ae9b12ce1946e705606c09f65c3ccaf287c5abe2af7c360258009e5c114d60fc2db2277b4c64f1801110f3541f91c921265ea85f83a8032daafa9de0a5524f8642cb44d535c424cf0aad9c5bb21e508fa42a2fc567a94f32b9f8a25bad8fb2c7b348807e176850f19de7423e7856bfe1e4fa104adcb8e4283311acb6ff8c0e6494dceeaf61f5616d7c1ece354d14dbf2be51a6d12f09e8afd04013ceda3291aa1053b2e7c79fc3b6e6f3ffd426f97dfd0047b198e2ff704ae205a17c502eb229496b2f89d58426f6eb0672dbdb5ec10243fa8668e8d2ad6099c5da6ebffdfdff2344a188e2d0fdee9e0d6a0058e8ea46c01b91172b50ebd53d85ab64a3e6cc2b54985cf9762db2550709ce6bd25fb2983575572bd3e4f6b6f84ecab9ef42a67cbb3500a2db2435aa807f714b218872274e2d915df8d78e36f494fedbee495b4b681711be7872c2ad8d2abe94015f6cc38d796e8479e33ac0e50686bfad6b20bc22a0176bfada4f3d0173dd97c0d6d11696ea19c3bb4825ed2cae4e8954069ea598c634ad6f38761e5bf7f3b4701674c1d737ddb3ab279af464f4f246c110ac1c469c8fca93a912618d5e91def7e6fe4294357963c0cbe9eb604965abf6ccdbb71a47ee4362eff72eb428e1ef819eb22e22f29ff7f037d1167662bd335245a66315c05ef1ceb006825831153969177268489594bb42d66dd5213cec90e04c565021a407f59dc09bb843b06dd0d47e027381ffd66bfc0b01cb799cd44674a69e4e33502d862f1993d87db8f0d4122bb6517f8ea130cbe0d325856c2ba59b50d08627af7fdf412ee8a1ffaaf27e3461ff9a9f1aba7a0dd194f5b0c8397879f6121b5ea04787cb60e89b2ceffce3fb775da781ce82c6e730dca73e9fd0eee521d3fec9bd666628adc836fe20026e1b1d27c4034026b85672662019f8d79806c09db68d1c0c1377d0f7a4a1004fa46511a050477561f773e3dccc592fb93e6daaadb28a14b391cc11bd86d3a287dd01b6aebfb12a92cafb47182b3f60dfe17b9003470b10a100ec52a54d3544980b472d3864b5bc918dfbb760d6c36cffef6bfbc183bbfb7d5c5a058d54c92010138a5d495698d33ceaf40e0b7dbee52cbeff86a84bdeb089acef2301edd1eb78afa435a8e249bab91558dd792c9e5827b0d1102bd99520178401c9cf7133ef6c838e859790a2b9c6ab302d032526aa0e9564018c5432fc1430a8bf279cfe7f340bd82b8f4790b5cb1b6cc117e1e9f7a8eb25a2f318dd82705eeb1cda5d27b0ebf2765748222c5a1b5e3db6e4bdcafdfbf1b7766890db15fe9f2a1820f34bd88dd9f872832b2ffba086f6b290ddaa28bffc0f86cdc2f15ee05cd2c320dd3f36c77a153fc0449ca4d86fdaf1ffe934222cdce39f5b4686e5d8010371667322331450f7ef51da7ee8c44c2886470941278b591bf44a7e01458625370e18ed34554bf7d66a3e55b8355e3e2743f1ed9e2fcb07df6515639e87169ed9eb3cbfa6a0d4ae5db1b5cb3e7da779e3c03977508f1fcaf54a99bda2a8ab87c65e60d25db39190c74478736f2adb595a6f9ff0ae1f804ccfe4d6b835aaae646bcbe647d6947be21467750d530867103ba98ba039d3c5a8b2777ac297bd3cfb34ff9a959adacbbb17dbf372a67fb23c3ebf415fc95256864247de6fd1ac3a5d8d2557e367bd7b3052b71008aa95900c71bf0dd1bc845007cf0b8de2cb77826be7df4ebccca60bbb746c2e4f907325c88cae6a5e7d1024ac9be93e8902020a001da227fe09379047f90b645f86ad9d2e746a927f6cfacc1a1095a5def68afc3c1c1f2ae80991cbf06bbb4591f4633dfa0813da721dee94b9a1841cc8696cc62b4fe4c9c490260ccdbd8e25c68e305112e5f2167c1f85814f3e60f8c0dcdf7e93cc880e6fbce89a67f82daf4e7a3436a63f2634243f5da2fd8c88c7346eed87355fe7c46810be330aaa193b6e8b7195a2727649a42c03527a68bdb254bdddb556333d975d8cb18369de5a59c47c51d394d9ae2b39edc18b9dcb42b58993be03b4050e31744f36d6e40bd9d7802898576a8a904b7d8e7552df32de0b4204bfc638cc985b0c50f09028325e521e989792ef2dfec038b37492315d68840bd101d111e4670c920f68029b03e30b6ae41d6147b70160f2fb052947be629b3f74854dc847945edd57f9d3c58d93c1d5da9711f2efacfcd511c98eda76387e36efd5c00fbd29f11aa8e468a9f862c8b86c42dba11c4fcdfee7bd02f06d18d4abac673255834b6539af33d5793e903b77a9a02ba71a139150964742b65b42abb19401596db4571469798a547868cadd8069cd2bae7851d56297dcc6136fbf7ddaf5a2106f8eae36f04400b1b02c1d88f0d2655698176db5e7edab7b78b47718fc6d27d899f3398089ed7e5252e143b625b46e185d23a4fedf94d083a6c9e1920c2bd7fdc23670d8211209586746a8ec5f4b6bcf02e2573994e01599429fad20eadcd493c7efc8935a127f2faa0d51da2b8a843e10d026c7d5e565ef44e2e153dd161e7aee6d0ee5c7af76367bfece6b46d50491be8754651b61a800a3d01b768c4c5d03f8d23d69c87b1c840247a4880eaa159d4cbe28886e2acd90039336ebcabb7643f844444dd7367705fcfcd1775b594a95a6c016cbd1337c4ee60ee46f3201a5dd48c644fb9be26137ad71a0d39f15d1fb61818fca31570e44f6fc849347ec30f87b9242166589a4a984a194860c0b47b4f661a52a5575c54ff01125de64d050f8222126dc71d0881274a564c69231a3ce18c0285dc0e68f7cdedba97825123ba37744e80d0e9ec7da2dc005501e7ec0796f39801404256484c024f9fca93c00c2034079b5c546637f779df9729d3baf696c751a01801b9d1cfaecc3da6de98d38431e019b170cbb49fa1eba627c756e89057eb88c733d0256685a09116f059c3d5e57e361b50bf2d0330122390e24df4c30f792751d3d0e4de26accb059107c2682b4cabb97d72c6994e79ea1d0e81cbefafaa43648dc5fbec35f9811ece1a613dc3b1ef323cb0741dc79cfb949c91398ccf4c31a0c64703caee6efd6c375d5e1b98b72a97315bfb83d58c53d008ac8d215ca6040fd228b95179c754033733d9c3842c6deda894b3e8e804c9c8705fcf71235b37772b9133e6eb651155b948a118370d491d74b3b08e4a9b92ae1f23ee91cc81a4aa5ea64da4aed3ddf45c08f2f081e70705904d615b1deaceace0e9399da71f561a271c1dc33efb6f5dfc514495da5f6a4efff6df0fe3ea2e88fdc01ea5ce81de030e78f6113dcb1c68d537230bf7556da9e7d966a9c1046695ddbd59e1fb5907842cba53470e1220c16e2b7a63bf98bed889c6cb85a3345f73add4e8cf6a87ca0a0fcc6714b753a7bb8ee630a2b08df6ce6be12dabd92cadee7f172659a31a03955cbccaa11f7ef5c06a6cc0b6a0a5e8c9629e97284536efe80d812229fe113e1d440a6c24b744490f877cdc1165918387774288891e814d19a7d09e35d4e0d981256d8314d72ef7e9e2ce344be57314f59d4f0c0b00e8af12b2c8fec92123a06e8e68f3205683c001712ebba7c5fde7fd34a94e87cdf734aeb8c758590ad49c6e51f54c626d6bc11ba1f07b6bb014d67312a83358297b5492682932c0a8503b68b7f7b4ccba8b6c8fbca80792f44f62b7ff7c1bd22192ccf454ecde26a3f8a5bff0301568e960df0a55e9ed8de996b55bea54a1dd26953bf48c54c241b56fb0c0926b867a51d0eb3e1c71692abf74393ac5b46c09005d8b7f126776889e49553aae9157b34c7a339e4832ed0bc7e935645479cffac3431fe80e5f3fd03fd807bc9a477cbdd5003c70efcfe94d6699caab800aa3aaaea1514781435c8bbba8f6014d633ebe72afa00b24091e61e7c4231631998b4ab1d2b3847b1c5b03982713eb4c9119fa79fe54d66000e487705bcad1ca89ecc8bcba63c8bdfe40085dda0dca25fe0ab85f21fa6bd2829adc7578c2450315ee24772724417b6171aec6f78c0204469f1ecd3ad10ddb193179cdf17db01c6875ff584d298ba3ab49d42498f9c16e3d20baa5ff9728fd47dd501dbafe360d618b2353b81dcff38f87949d4fa0dc680827d0c885f32845c0fa9c912faea0b7717b7a648069d8fe3b2727bc8d8737a3cbd599d41cc650a635737dee0bf33d14053b18c7b300115ba224d864df6d521eb7c0de0ce4147e0388c2ef68eea0817365cd2ff23483da55d89f43c52093da67e72f5b0e466cd03dc1f61d09b26761f27b0f07eb109e1f125a62c17bfb597fd2fc4aaab9b7932df14bd2fba970f08689d3c95f2169e66267923ad2a8ae690eec26aea41cf5b9fb359a1fa599d151750cbe7729499c3b924c60c86fcd5f09f7b2862ab5536f01171fafbd6721dbed1951105190076c5d83d6c9e262ad7e5ffc191f98dc83185e9aba6f431fc21c963e7abcc4eea1da9e4ff04590e834ba19503b59d3e89f24d3bfc07efb47a973c2c384ab60415c2d186b41889192fcdc8856987c3e25f5d100268105de2b771f4576b3cf9df72ca1012b4d846c277683bbe36d397e248996cd660b39300e6f1a2b57b6c084e77348e890d2d5ca885f29af42fd09e02f00dd62a05bbef35ec80e6b698ec3f02fb889b57f47b44a84566efd05f34a3e5b822eaed641ff663aaab16fbdf9a2f70dedc99fa18d211c02d3a12d9acdf691ae5f6dead63240dfa17c7359f9198fc14d456e4d4b4e9215cb5e9fe2aed83b6cf9c8e9a76fab5ac2b023e0653b913dc0dc8806f38c236aa3459e45c729aa6b0adb9e5c42cd94bb5152ce68401a75f5e84586f6d11c990a6790e9dfd6cc2c75752410ac4670c28b221660f6ff1c66197e4b1fc3664f21421db23f2585c71a13ca2d8c3d3ae38482f25f946a8ca4cf1e7b86732f6cb3c1dada02c460e0b3b3e48a43f6c3da0e631ae479d264c9c954f86cc1dc9766b0e582cdcd5e1ff6935fdea14d6d66613e61cd626ba80dca66b4687454af6aa660eb82e6afec5f460f35646dd43c8eea6bb4bb323890599c0", 0x1000, 0xe3}, {&(0x7f0000001300)="866d7cb0a08037e65ba7103f20247a33a401084f1843291009b1683d2e34830aec194a4d2104db1d038eadf93a24e8b0d34af2f8db5f1d519e743480a56f8c9ba1e1c4eab8d504837dbd88a842b34f4c7f6665cb68ecc410d73ca3c3574beaa5fcf9e0a0137772c4124a9f54b40e216a6a8b001623b44d37aa39ebec04c4e92e18afaef656aeea19290cec1ba20da85feeeb94f9e2c3ee6e76ba3c199d9c111ad66f5afcde466a5c", 0xa8, 0x7}, {&(0x7f00000013c0)="71314eaac1f5aaf5b6088d33c2e9503ca4404031933ebc4f51328e0fbf6a057272fd0ca674110d37b4ec01ffd7a75d1b2c6f3605f38306462e2f29e7a25af913776b9ae6dcf31c609dec36b9a854daa27f010d2a8bc4c4d093a7942ec9cdbe83b33b87546e5356fca4eea91e44ceaa31a78f4d86fae90c72faae0ba17514583a3ff92206cb33d79dc85d06893595911863f57c9058e8acbe52f5842d566b93d4ac", 0xa1, 0x1}, {&(0x7f0000001480)="9eb3ed9c65413ccb215e40939fde4198a37af1229aa104ae0fb3f710a8d5b2080bc1271ef63988c30a8bc740e9144da2d1ee7ad579867abf9edb44b2ecfdaa68fef636d56d8adbd0de0922447855555e951f247422ddc9755dd0ec9c4081e0eecabacad71f58fee53118aa5c47be626cbd0d5ace3e86515c655761a641023083b0e9163f0bf6cff88794d93099cd6d7fd9f18edac3aa5595645c952f4b9c4e523715e7901998253630240bc62deafe579ee59076", 0xb4, 0x1a30}, {&(0x7f00000001c0)="59201974b2f73f39cddce0185c366dbc8bf98e037ff5aae1904d7db60806d79078b981f45698207b66f26e6421cbc094caf40f3a4952243c4c6416180595f2a8bd713824e5157a6b3b5b1a0eb42df0389a0f46c32dbc89bc6f7023668fabe30751", 0x61, 0x9}, {&(0x7f0000001540)="0f9b29fd4431acb1cf0b996e21581a213996547dc01c49329f404623fa7ae913166080a02e6bc2022de5bb7fdf1721d9284f446feeac64196535d1c3e7cb6ec76f7256b08cafb8f4a400145a1f8c2e796850bc18c17ffc0c9917f6f846d3026f7f75150558fcf0ed4aacbdd631e2199e2ee67228d2125dbbdcf6942da8775fbc706bd4b6920e9106aa99b6c5d27e353a97677ecfcdbcd7e0b4602b18525f76219902145fdce90d28b28bae29331dfdb2abcbe8878c6d44a57177fb8edb2752c60eff8483aa8c0c1dbfa7e26997b19134f2d28c544014e82031b72bc8e29e2dc7bb4e7141a4ca59c23c650667eeb3d4fe1f76e26e7d0783ecdd89b96507fb66bb63ffbea96179b8560100aef65843a9086408be2fc977094a7a2c1223a4b6ea33852e13e5d5a8c9088494c4737a660ebebfa7650c0f2f1f76a1e0d357e42154ecfb8690d80fcceefdbde027f35d88d01dd7226a66596261c0ff662832505814f184f317fd02d6cd9ede8791cc72cd4dc20e5ab9c7f256a658eb41e29243bcbde97c3809b6a02767bb50fb1a08508541d519415870f713ee80d065638ee52b7c1a6caf12db168b1e439dc2bafa57d9b0d286f064bba1df1a90d89ca2ee352aecf53940a418205adbc37e6206d551867de72a6a94b3cf46da5f55d48f738230d7c76417de53812b1240bf1748a1eec792ee9be8971c927d2bb2e256dab85f2eeca2daff8e3fa4ebc40ee66b8d395ab2dcf609e1b5c6b0380a300f83f4048f79bf10fad26ddffb890cd43e89675b76c9f237979c47197ac7508679bdb8aa89f4d24919d9b619390068ba86e7a300146eddc45d1eed1f83f2d440a012c256442bade0b90020ae98051431cc99d4498b6a794e88d971d8194b096cdf25aa8c475ce064238efbe833b458d43ea7c0c2aa6596e539c1a7f7630541cdf121be01d4be4db0486ff2e51faf079380e4bf821b13a4e56b29c7d35a1398b75b94bb01cd594930489bf6bcb791cc643d9572d3d04ec81bdbac68762b7d15b7b91290af4db042ed53fe2126c2614d85f90c9a61f1b76a6e2fe3e6ab0f580cc7a0ea309b0164e92cf0b0487406a0a5de3e917f0ed55ce1986dc2871bace8903586e2f96860ac79ebf68d646052bd56c9d7f1ec8cb521adb1e38726adf4e3a93d8b6a5249faa390ae8508ddebe3d48a8dec8024a75d5df2f1c0fc483320bcec4544404cabfb7a2940c41bc84e983b48d6404e091b9aed3311e97730e926a1508e5edebc7800759eff7c9bbe4680e2548e00a39824f2551aa00c889b0a18532bfab411fea5e3fe51926bc999b6c45203ffad19151b89a5db25d3b2d64b47817007f9a9170fdb2f0529d88326caaa27b1773fed602dce1b1b578b0263e9135eeab8a52028b6908e384553e462099e933966b3d31ae0358e865b2eab6f183ab1e11eea5c9b808c6ed2d61d41befd372d9caa895ae58775b137701d546be95420317d7ae07fb438c2511ad812dba77588ac0f988db74aefdd94a3558b4134a62c1dac9e66656fbc8ce812c9c1daa7d906236854d30b41118c922c971d256f680f876de3c63884d54affccf14f3bed1ee5cbd3b1d279a75ed87132227ae17887a26c585a3552989459fe2ee356572b7332758f17c53a3242f3ac359bc3b4390ed169ce4bb94e2219c49f3479c2a1d40b810db1e158111214c1c3aeb059e81da99892a312706f5a4736859425f3606e505bb33ca0cef3a27a557d8d024a5b4016b494909cea79a78aaf7f3fe686eb979d6c32285f66e2d21b26737106fbdcc60fe0602a8871d4ef9f833fcecb20908ec842446203a9dfb69331533dffe5151910d0e5f73e445bb2e0bee2800c1311237b21846e13ecb4500300dd2cc6408906258b3f6522283d05fb31cbe7a276b20395f4b116b838c7572726fb18f5af6deaffe5cec353856f0ca5fab883dcdf922b0f0deec5ff63d50ee0b6e26d8f786be7d5af1a52b5aa3ada54d7c367c087da3336dd6b434a47c108ba420be1b609044b0f1d6f00f96a0f34d6d2a1323e78af980e995e564e7060ac800bb66030c1f6c291f8c752f12e040c8d3e0287ca79a78159f16fd3f21b8b0a487b486e0c56dd870fa1e9111b5d47f3181854fa29c190db236a429434350f6cfda54f8bc7829103eac866e73a5e0bc6d16cb8df3aa0b2a01812df0e449d8d5e947aa81381a16bd810384a3e0b1ab9bae6995a2cc126afc041c24724e59f722acdfc166d836ffc258265d92a8e3ba344de3b463011294a27995ef1f2383c097294828dfa93118fecb477139c7353b854c5f9fd1859b4ada5189c90581e390ce4bedd6ad6d748c8e64c408b69a67e170dd032d1ba7f6a20e16f81beb3e06df42ab8e87b19f301bb8160538a09aaafb67d95a354d4a390b1dd513285c4d404ab20c168fe395063e718a89506421c87f536f680d8a7af6bae15a75ccb78246bd563e5fe712401abf22e23c54ac90845b41f6346a92bc5638150b9843001d7559089e7c54defbedefa9fad8c388e4e835728319cd9c84e68569c85f87a48404b711f87941b693823bd5b39aab6f17eb3f8d495190fcd07e20fbc34c374ea0cfebd340f63275d761c66c574d552e40f5e47fdd94d3bfdf36e079a91b58e3990700ebe6a52ad4d2cedef5907fa8979640d2ba8f5d351581b23a0572ef9d9164652094c861937fcfe6ecdbd75fd93cf9d79ebeda2a05e76e9e96b4407d1af9f565acf1b0ead5e98fb0871456cafe7e0dc1d72f05b83d01e8fa5055176126a42427106dda490bb4a84117bb0c320f6d9494411511b7aebdb18e28ff726965b05a5f195d5ecd8ed67201b5384c5c2af80225f45293ba86631abdcdf280c8f099410ca4d6e616e285f35c9ae916d2985296be78a665b89f78c676e7708380ce286ffae2fd834e7fc098a442ae8944c4a6c764558ff5e891be6e2e0a4174da87da80d0abe404fdd881b23e4691f5e1ed5904853f2d54c645e501e07f8892fb66a87191ecb45a228d9037f8572f163f79cc8989c36df2b2231e8edde8d076be708cd17f16cc0239de7d2f987fcb08f7937e531ff0defe6e046f823ad2e0e7fbd22796e0fa4b9e9b90ee1e6e60eedaae1fb3ddbf99ead5754de70c145300ba45ea2201de58f0672e87d63301f91b9c889aedd96fbc6ccd7a1a814fe31b6934d537814125528cf2e8650c323e1c8dc38b2ff0184bdff6607be926dd240fcc30683758fed1789fd12b7c15933675d407c9699b343c648e211b643cbf0e6a600c3f3ee5a2e16084bce5ac247f04f871f9e3f4eff0ef4e425580c8fac74385ad24560c46ed74ca83dfdcfad1d91d40ec8dc977186eec2292187f9094d7ea53523a48e1fade5d8ddd99b9a531c2f19a6a5166844b80a7146fce17bf1276bd621f7e9dd40dd140abbbe74478c6a0bab39c7b222d887810fc602d9336beeb509443074046344e3ee331d530d3ebc158973a2e3d2a131d8b60d7d0625b60250ed80a0a2381a8baee9b7090005a10a5db19e38052dd8062d498e85dac3419987d076c0b2a29ff4309f484ce50f9ea782cbee2c90e022158efe42cb708dfc3aac8f25d0ade751555c54d80d1466568d7644866972ed6451ad6007e480e2d551fe38b8d353e6d9dc254aa4ed72cc00c7dc6b976a20bacd379e3f6723c6b936da2a8046aeb6f945f4f1a4c9d1fd4674afc8c8bd1f94f4e1e6cd1c76e3e6640059f971fd1b57e52b82513b308b90af593e162d36a34c29b88b94703f38639227ba8ba621dfb2f9ef44663a497ae4de857b6c96beb6433449b6226c091a478f2d6e4ab0c2866f2fcbe5913f4f16e0624e8fd21e28a24e4994ac98d6c48081b25e5cc40d13a3594d5abb4fa3fbafa5df293687c2dfe3983f01b327e5c9e22c31ed8fe8ebb9091f0efbeff89a09b222c1963b2083810539ea87d1f43e8f2e2d2b08c154b1d96ee9b35a912532b72c847e6ee320bb7dcfb1a8242d4ffb013062f2d618d3a64f2ac8140d82373d667acdfe46057090f2815c01c46fd7eb167c8e1be1fef893fee4be99cfe08dc70f96a9167c59bcf35c7e60b6fbcab1f10ad18f90b347f0c58bc3a30984cffd571a889ba7bd34c057b179b2f1986f48991e4242d37b4925bd2dfa963a84e6a29cbb0d9325da170a12c6c01f01f9fd384b5fa187738bf9b3c669041708a22103cbaa07e9f5adbf4359789f1de1b6b9a7bb61d60fe9afcd350842cd306df67a8475b05f1bd5cf8d756bb3290b9e05642d969fdd2b9707950ca9bac8c1d81d15bde3a33d2ab89cf93a22b26b2cf7957cffbe9ce3e58eaf4b4564b4f50a9d2e6bc0285ce33c6be81d4ac754bd418be4324832b0be523b80bfd1a15b2008cb34d3170604023503fd34c971de5558a01b3bccc5c2413d0f97cdd6e651a523fcf6f50f2038fc8b2dc264cae7bf8fc5e0ae5dded0927f24a65029e9e2c30966b20c571e8afe1e38e51e298b772efeb1085b312f053b9b6b70f8bc6c792b04608ccdbeb9ed87910f429b58b5bc284eb56472232609c081c7c900059750c07cb964f5eba1011c5de8fc2353c171e6fdf8f8ee703e79af906bea4fa7304075d084496307f4d847f2866828c6fb6cab8ef7e8f98beac4ad13f242905a34974a6522fae26c9f761183bcb012732bcb5ffefc0b8f3f82c6feeacd5726e6a9fca8229bf7dd27bc4fd47c45341d82696e06023f9e4ac64184a9de959ac8ad2b5d6aad0b9b4734d543e2569e7b710781b085f45f0a7e5cb8e0e931342292e620837bfd63549013d6d678e503d34ab75157ec8b8faacdeb339f4f652793ee1715a355a9421f72d49096fd16fe928a71e566b174b18bdf5b5320ba61110efdf1d0dba2f712be8b926e967f099ab176694d5ffa880625fca5a9d06915adf04193ebb3a1e6e78445ffea35a06a984323bcf8f3cf2133b52ea6dcabd3abee9b4414194d3489067cc7ecc758024a37291e10fee2b927c11db8aca1131b89c501b24d84286642c97bcf9b27a6d14139cd599a6cfa5769661cf81ab7fe1899f747aac63a95cf76069f2c920b2ccde7e07b166a40229bc60351b085e21e26e466f501528aab3b36703618cf3bf2e4c4b364283d18de87764b100074cb75200eeda5117eb13c7946cc7c1f3c3f5b1e13e9d01ccd08d2eea7f5f9d18fd272ba5d73b31e8f1c054df629be158d148f838bd010b139df696196352751ba07405550527f515b124086ba40e55ef6615722f0640e43c762ae30fb972efa575831d7bc18317f4d509f041e84fd1a0bc5e1ccf54270540b7aab4366c796e224d07db5c410e96d0c9ebbfc36d33f0c4c30dbca0b910cc5cf8b474be59162aef6f103f36ebb30e68b8929e71ab48fdb729928a42bcc6159670aac771ca63b9ff5a5e728980a39d2f1eb2d7711ce5b07991cd45c00961a9b6c372192c86ff50f6a0cbabc39d22f2247aab5f320106658a55e2a10ac4d8fbbfdbf353a321f69c10393e905d60743bf5cd56344aa702e7d9febdcf9dcbeff193d49113a75515bbca1023d46eb6a10b7c6cab1f4899ed3208ddea6efff91913588fd22078d9573855712bd6e182698bddc974a176c327c5c27fee996f3ccc386d30b9835e6c4be4116d74b895613f7f4634addac944f2741d02dd016db9063e9d1a53c2b94c852e94eab1547f48931876aafd0548686396b73bace94b3579a5a5273502faec1b39a606deb3cdb1a8ffe95aa2e3f5ea41cf41d8d710d8d1f329a34ea84b1ee3fb0348542033e511b0df4451bab925fa0eb3b892a4651c0dc2ef6cae4bb4eaac6fc02e345ef7f4a9cda2fb4", 0x1000, 0xfffffffffffffc01}, {&(0x7f0000000280)="04f462f13f212964ddb53ec812fa", 0xe, 0x1}, {&(0x7f0000002540)="3f25257703adee04e8a9642b3fa461de2c572cccabc66848349e0475f12469c554d2198841157eedc7ced0252666817af7e96678f8db4e5903ac048b56f593e3c034385978c3ae42c149f682217d4ed6d5bb1ec0627d32f1279c1ff78399dd41380f84de0163e4fb8171f55e72262fc5fd363985a28d20b71343e72e898eaff205d6f2335452dee0fddd2ea117053b6a67d310678aadd8f472b4101ee632a9f56d93fa0b6f931fa9fcb78fdba1ea5e566144db29d68c9e744d4e652e26bf9f7fead3efa236ec5abbfa670ff981c270186ff05e1259f5830f0b06e00a62", 0xdd, 0x2}, {&(0x7f0000002640)="22e9d34932bf10fb105761a9bbfc05513cfbf42dd3dbb67cc025497cc94b117e91441a3aac225da580370766e7ec9d421e3e4ce3a9d0d1fd36787652ca59cf3d9b07cd026508fa050b0bc0d6fd7564e2f73625e8f9828a0af75689c824addc86885e34f4b72dbcb1d8e5b190a2f66f6a78e184b1d5ab4fcd89653cabab38ffc83191fbd1dc0396fcb683b31a8b494afa305d1f85fdbfb7e0c983def58faf2bc32375aeae96ba33e7c01ac437f028de80c8c8d735f2bb4b47c7b0c21701b1ea7d990609fff25b4a03eba9b97d0105c8e0cf2ed535814740e5ee99dfc1a13ff16f78fece6fa21e6440be89a9702426fe836b", 0xf1, 0x40}], 0x1218018, &(0x7f0000002840)={[{@size={'size', 0x3d, [0x78, 0x70, 0x34, 0x65, 0x78, 0x15, 0x33, 0x67, 0x32]}}, {@nr_blocks={'nr_blocks', 0x3d, [0x38, 0x32, 0x38, 0x67, 0x39, 0x2d]}}]}) 11:07:02 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 76) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:07:02 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000002, 0x8010, r0, 0xf2276000) ftruncate(0xffffffffffffffff, 0xfdef) 11:07:02 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100004100) 11:07:02 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$INCFS_IOC_CREATE_FILE(r0, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="01", 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r3, 0xffff) sendfile(r1, r2, 0x0, 0x20d315) 11:07:02 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) r3 = openat$incfs(r0, &(0x7f00000000c0)='.pending_reads\x00', 0x102, 0x4) ioctl$AUTOFS_IOC_PROTOSUBVER(r3, 0x80049367, &(0x7f0000000180)) ftruncate(r0, 0xfdef) [ 1852.514537] FAULT_INJECTION: forcing a failure. [ 1852.514537] name failslab, interval 1, probability 0, space 0, times 0 [ 1852.515691] CPU: 1 PID: 11909 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1852.516302] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1852.517038] Call Trace: [ 1852.517342] dump_stack+0x107/0x167 [ 1852.517740] should_fail.cold+0x5/0xa [ 1852.518060] ? create_object.isra.0+0x3a/0xa20 [ 1852.518555] should_failslab+0x5/0x20 [ 1852.518966] kmem_cache_alloc+0x5b/0x310 [ 1852.519409] create_object.isra.0+0x3a/0xa20 [ 1852.519765] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1852.520256] kmem_cache_alloc+0x159/0x310 [ 1852.520704] alloc_buffer_head+0x20/0x110 [ 1852.521045] alloc_page_buffers+0x14d/0x700 [ 1852.521411] create_empty_buffers+0x2c/0x640 [ 1852.521853] create_page_buffers+0x1bb/0x230 [ 1852.522299] __block_write_begin_int+0x1d1/0x19c0 [ 1852.522841] ? fat_add_cluster+0x100/0x100 [ 1852.523185] ? add_to_page_cache_locked+0x40/0x40 [ 1852.523570] ? __page_cache_alloc+0x10d/0x360 [ 1852.524007] ? remove_inode_buffers+0x300/0x300 [ 1852.524497] ? pagecache_get_page+0x243/0xc80 [ 1852.524855] ? unlock_page_memcg+0x96/0x170 [ 1852.525284] ? wait_for_stable_page+0x92/0xe0 [ 1852.525728] cont_write_begin+0x472/0x980 [ 1852.526001] FAULT_INJECTION: forcing a failure. [ 1852.526001] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1852.526976] ? fat_add_cluster+0x100/0x100 [ 1852.526998] ? nobh_write_begin+0xed0/0xed0 [ 1852.527899] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1852.528365] ? generic_write_end+0x20e/0x3f0 [ 1852.528716] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1852.529136] fat_write_begin+0x89/0x180 [ 1852.529455] ? fat_add_cluster+0x100/0x100 [ 1852.529795] generic_perform_write+0x20a/0x4f0 [ 1852.530176] ? fat_direct_IO+0x1ef/0x380 [ 1852.530501] ? page_cache_prev_miss+0x310/0x310 [ 1852.530882] __generic_file_write_iter+0x2cd/0x5d0 [ 1852.531286] generic_file_write_iter+0xdb/0x230 [ 1852.531659] do_iter_readv_writev+0x476/0x750 [ 1852.532019] ? new_sync_write+0x660/0x660 [ 1852.532357] ? avc_policy_seqno+0x9/0x70 [ 1852.532687] ? selinux_file_permission+0x92/0x520 [ 1852.533081] ? security_file_permission+0xb1/0xe0 [ 1852.533480] do_iter_write+0x191/0x700 [ 1852.533793] ? trace_hardirqs_on+0x5b/0x180 [ 1852.534147] vfs_iter_write+0x70/0xa0 [ 1852.534457] iter_file_splice_write+0x762/0xc30 [ 1852.534839] ? generic_splice_sendpage+0x140/0x140 [ 1852.535251] ? security_file_permission+0xb1/0xe0 [ 1852.535637] ? generic_splice_sendpage+0x140/0x140 [ 1852.536032] direct_splice_actor+0x10f/0x170 [ 1852.536390] splice_direct_to_actor+0x387/0x980 [ 1852.536768] ? pipe_to_sendpage+0x380/0x380 [ 1852.537127] ? do_splice_to+0x160/0x160 [ 1852.537451] ? security_file_permission+0xb1/0xe0 [ 1852.537841] do_splice_direct+0x1c4/0x290 [ 1852.538182] ? splice_direct_to_actor+0x980/0x980 [ 1852.538564] ? avc_policy_seqno+0x9/0x70 [ 1852.538898] ? security_file_permission+0xb1/0xe0 [ 1852.539293] do_sendfile+0x553/0x11e0 [ 1852.539607] ? do_pwritev+0x270/0x270 [ 1852.539917] ? wait_for_completion_io+0x270/0x270 [ 1852.540312] ? rcu_read_lock_any_held+0x75/0xa0 [ 1852.540685] ? vfs_write+0x354/0xb10 [ 1852.540989] __x64_sys_sendfile64+0x1d1/0x210 [ 1852.541365] ? __ia32_sys_sendfile+0x220/0x220 [ 1852.541740] do_syscall_64+0x33/0x40 [ 1852.542042] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1852.542462] RIP: 0033:0x7f24f4026b19 [ 1852.542764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1852.544222] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1852.544831] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1852.545414] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1852.545984] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1852.546558] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1852.547126] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1852.547723] CPU: 0 PID: 11920 Comm: Not tainted 5.10.222 #1 [ 1852.548585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1852.549667] Call Trace: [ 1852.550020] dump_stack+0x107/0x167 [ 1852.550497] should_fail.cold+0x5/0xa [ 1852.551005] _copy_from_user+0x2e/0x1b0 [ 1852.551532] comm_write+0xbf/0x2a0 [ 1852.551998] ? proc_pid_permission+0x300/0x300 [ 1852.552608] do_iter_write+0x4f0/0x700 [ 1852.553144] vfs_writev+0x1ae/0x620 [ 1852.553623] ? vfs_iter_write+0xa0/0xa0 [ 1852.554143] ? __fdget_pos+0xf1/0x190 [ 1852.554639] ? lock_downgrade+0x6d0/0x6d0 [ 1852.555183] ? ksys_write+0x12d/0x260 [ 1852.555687] ? __fget_files+0x2f8/0x520 [ 1852.556225] do_writev+0x139/0x300 [ 1852.556689] ? vfs_writev+0x620/0x620 [ 1852.557210] do_syscall_64+0x33/0x40 [ 1852.557701] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1852.558372] RIP: 0033:0x7fbbbec6fb19 [ 1852.558866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1852.561264] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1852.562258] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1852.563189] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1852.564118] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1852.565046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1852.565980] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1852.580228] attempt to access beyond end of device [ 1852.580228] loop6: rw=2049, want=276, limit=128 [ 1852.581652] attempt to access beyond end of device [ 1852.581652] loop6: rw=0, want=147, limit=128 11:07:02 executing program 3: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) flock(r0, 0x8) r1 = syz_open_dev$sg(0x0, 0x0, 0x2001) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$RTC_AIE_ON(r2, 0x7002) r3 = fcntl$dupfd(r0, 0x0, r0) ioctl$BTRFS_IOC_RM_DEV(r1, 0x5000940b, &(0x7f00000004c0)={{r3}, "a91015570c2b1212fef93b65fe385e2d9b770b143a3711ffcc6c3bd6bd0beb2b2e178875fab4997fe62f46291447f18528de2ad12d74630a1ff601c550c74fe958fe1f41841a30a1e27b439db5f907f702c5686bc217e2f050e9f05c291ab7e555bda11f1a85612b892d2880ef5759786a118d3e436a17619c22e38390f7933ca6be7f3123b1af1509c23873c08d12e1a875a74ed37917af4deaca0ce8ee7ac2811ea232df2957c140e004ec648fcf1436890c1d89bb24c00495511dbfb831be5f9ae722d40d8ed5845ce160c7fd28478103ff65e167b8b5b978d519fe9160c194697ee0d92e40d873ffc656bfd9d4da1887cc216868bdbb6a49246f93417f0a3e41b3efdf75fd77e9076dbd9110b53eee892da9b170a097016dc1efa96517bc89094f573be024b7b3779b3e205929eba3b34402a79f3f4854334e9a3176cb5ee22cb90ff72d96d14f2900e8ccefc56d49bffef30c4e848e294d80d8aad90ab0744d9159de80f8e957a7e43cfc6d479324d2e254492f6c6b10a4fd522ce89be179d60131f8b675a81e88ce7395057a88d0aefa37f72df24f7ac1789287b0ada4e6d5554ef594d6bf12df5b328afa43c69e84feae91d8d674334d6277df5611a2263dff6fcc9e3e91feb86f483ed7d2dd302cec4545dd63f3cb336867396e8fbfb9cc5335c8d5dee5af13a44ce6c7db71f9c5413a1d68736a0e1eb5f67a44c0eecd32ba247658df10d90bcb7ecfa58467d2e73b9bed926ac25ffe65bb4a0a5dc43c9c0decdbe1a6dd79a2c17c2003f4776acb73ba6cda0a5bedf119169a133a5ee2cba81e5a993287e5abb98af71a9cb811977e1134140a43856f7e5f170b1e1e61838765b27e110807a6278062cc90f080c455937ea247e89876abad48dc08e3af539a57ce119a1e6dc3c0a4a72ea55cc1949e204d1e3ae5eed287efef7e5227ced5cbbd5e2e8b8fa7b06a4f411766760707421aee1eae8da5679dfc51a47fa4f228b2262e803030ed9e5ef0b523c12903c360e3f25c95d1cea576ef7a628882f239ee24b8056a76d573a810b60ce7a76f07b71e42b1c459a83132477ec5f133323aa6462781f8427f44a8c2130300e5afd2c80b41351010ce38a6b2a0a4b2133c56441dfcb590930ae10164212c71157af515e305da72079e0e0b405dfa323450ddcb3a112cb4df360679e638027bf81a4d15cc8eeddab19123ec6d7ad7909a30fb9feccec524c08273f8ac08c97cbfb562f049545ce328c590b076d79eacb5a7343cf0d19efc70d33b2aefb0f07c482b0486e8f20087667d4ff07ab39e5b3c2e10be9f08190d0053379285e3fccdd6b6f8224b960908953f1cfefca81f985e5f5faf2756ea8cf621ca3a80509ad4ec0f02cdaf795b68cb1267745f21aeda36d1224b2e5688620f599e537126718f7bd26cfb67b73fca181bbb49fe5e4a239e009999acb21870d6380364bc41c18b90b831e8371efdf62b8fe1bc871825a52722ae4294a97fc70fc83e81e48a7381e23f299b89fa5fa95cc672483ad3b1eb2be1cd2bddb9e4bf221b425af208386b2bf99118e8a38496c3feebfcf32bf8f1492bd4718b256dfeb3bd5da1bc12fe3e62816b978c7f388884bee72f42b6658eb85cc34fcc2afb395dca870dd17acc1616811aeea9cbdcfae962ed52c402eb4e5e14d323e18125876d1136dae79450576dd3ad21f3b3125d9270d196aa91021b2e5a3e5dd5caa7120f3c669c60c8380f1923b5f22dc99dd3246dcc77835d597e843fa95a9bc0147ad58fd30c1c8ec70b9bcb7042994c916d50e2e08e43ef78995d509d2a599642ce5ec8850a8a15c4c02ba543b487cb60a6153ed600b661c1667eb96a5817b74e2ee4caeed172abd94ea9ea829235f13f5195b43f2dfb4613f6731c2e4e538f65d67ed06f82ff47bb585a3299eb6d8f7d3d67544d89d9b7f96b9e65a0d73f6a9bc61508a6ad0ff62cdda01cf3dfb2c1367dccec640f4260c4127bb9c58993410fcb9365c04c506e277a08ae71a655a69d03d86cd6c76acbac0166f44c55ffd580bc30efdbd38bc77ee368ab29a0b1ce5cd61991fea455bf25ea88687299f0b9d8d3df06687d9f730dc1d1914a87b232aed0d7a0ecdc74ff75eeb74d5fa6c4cbc50ea66097bb2873d9a2a988c6924c9b487af7257f4dc0bae9033aac8a0f4ab35992c1887466723fbd4f4f5573e9c0639ed80d7ac681b2aaae23208b546b0b725756c7df7956505136ad76808619d173201a404c3e4df32085101fcb36b0e8bd534eaa3407b0546dd68ec8df17960593457df139196de1496a5959f4cb469d86ff54766ab80acb9b438a23d04ed7f63d61c756f7c42ec6359c53004f5e8889328945460a6d499ab6e1a651a5544f83f3ea6c9206aefa1f015a535cd5d94e5f3965c01e1bc6c8d0a337d8fbf70c35f8846c44ba1becceff84b8c80e3d1db5c51ecd0f947632bab653fd876cf4ffff1929415c92c735ab340401c51d94e116b2ad6c0c9a5eadbd5740158b6fd13c0871a0c6af7194b35bbd13c238b67caca7137122b68c2e0067e2101256d7e7cd7dc35d11ec02921f1ef7745beca98eb349b36875ad147316274aebbac846d57d8134a9457cc49457fcb3aacfbaec1fdb21dae6edf6aa13595adbba2c20dc900dd0fd7a2ba4318bc34ba0cd0633de6609712c4861a4467643a483a60a96fe9da85311fe2d15934c6a6f6b8c01c1438e28658f456b469144c936d9a083453e82e19379c8831ff98538698fadac54c380f4a8dee8c9683c0189ad42db5ab585f5c147dedd77cd156ca5a080ca0fd63e9bcf4ca0944a814c60c9fcc52b6159e4011dd077fc9c99fbf886751b7b667940317d934029f5d5c25214851a5b7e09748f3b36bc50b144787026188904417b80bc273cdef25df69f4c683e233cf72be4e01d5d766f483c478ad3552707fb9abf4981bd379c31f1f26b10be9105362c7df415657b62384c4d01508a26bfd97115a67b424dfab7ecdd5b4f806f8d4c7843b2b227bd2360e51b2a611915c5be66cc669f5884570dec2da5f1368b5d1c5689524fcad4ca206f1f0cf8f64f32c92a215308b3c56955f5f50ca3bbc0a1397742c9a8fad8af5fac93d092bc575fb0a3117533ca51cd172e5401368dd6653b7534da16fa3c2466bba2556f6af6ac34b3a9513b5fcdde32ed38cd76703bc35433a68c72c689025ca179108e8f31617e62a9428aa6020041e3a46941202bfc22b71f958000862b9587db704d338674afdbdf4dde9b6f2210d05f3f39f6bcc0dc3c738cf21fc04a3617128b1b67c2db0405680196e37c437fdcb27a4589a9258f678ebe499ae679f9c3b8271644c293cb54c15e0ac813e76ed3abfbbfa8cb3b4b494352aeede313a9288090b70d9432c503f5ef59c598e0daec141b92432a281c954d9ae463b595430f7f4cc4e9aae649c6e53d9b0332497835e3353342e109fa10009fd53d5c0be619894d0857668f5b26971deb83e0c6a60ac0ec2a6e7683808c331e4631457c7249b9174cd65add991adb3d4c42429dc8ac32e5faf2100042335152a44d5dfbf3c53aa33de1fc3d8597c1cef1010bf548ede642476830b5a7bde58bd6036f861f3a69ddd2d1cdd851e538133d5fe95094d189641d8f0ee12a34d0a094bc79e7f0253c05dfb9c0cb961ad743d892b40bcc8377dc88e1922435e90785d10ddf18dc7bd539ef60050f9ecf990c518ac3dc4ebb16cdac31a0419d3fe3fd95c718c52ce744d21348ac0db6cb056a8e8ce0400a4975e8ceda498b5da9e4124ccf35e11c2177e771b94b26c2dcdfce581c00e687357a900b56eee112c7bafaa317666b96c63634c05a01bb7a0fb67ce1233714f7c375d8cd78e4b3089fd84945a8a740abc2342205403435e94cf3d377ca8852699feeab4dd7347734236c2b07200d620de7b92adc4924da2b648659066ab7b3f0e9d1de5efd8335b4c7616ac8c9b16ba1dbbe79fe9ec7e059b832195627d187b5743b9f6aa937084d85bf4e0d7983500b3627f8cf133c4395d3860c00629aabd528f3b2751b7d15ff3ca64a09629410ad4594066cba421186df2b912cd40e20fc81e417591b5d27c7bd641a0dd8b558632a2b630033a64f1c7c8cc19804ea28958c277dc8cf0988492a58f78a4fd616571cd5904f90b64e91c5ab7af6c912b5bdce9bbc711adeda8e519a28683f95f9aa405c91d5cee9b936d426c5c2b6ffd53e42c1f6dc8c954c04be62656ac536e13d78542ce561aaa9b6fe8e320fdd88812dc0ddc666306851ca37e7d8372c60cc62e9ecb294f8bd7d3e1960082e3a6a8597f11ded6dbd521eea2b035b9663769ecd7937da35c58ddf5c4ce54ceda88f577562c7e9e77522476d8dd7784a9ba443d06f8c8875c587d12329c20b914f174cfc3d1c21ebe0147f76e6262b5a5e5d8e710fcb3094715802adc10b974b1457ddfe9387db6e9c70eacf6b6a02959b5a2e5b655eb7e827f4ae0cffd1a27af6294a29ed8e48f30f15d084ed1d207d12ecda4ed1910737899ba0a3216d308a3e5ba299cff85d72e2b5ec37994a7c87d5e2ef3093088b1c76297caa285decb22c1be3b4c00d09c3761087f819d1bb8cdb7c2bbc8214d53e89994c180a28f1f14a05412ab26022072fed07539b11db0245bea4a2a4a84f7fb1562b2da90640f43713e701dd79f80983dad045f814031f94a5014cce25de476f79cd2ea1a8e57fce776e62425205531978967e34952af594e93b19a984cd291caa0c9461614e43d3ee0ee2bf1ad960a93cbbf49054ca2c9eb22534b668f86a0fba3fe3fd402c9512114d7842ee2a2e17a70dca0e2bd361fd7ff9b9bc0c867a357dc9a20185c02967230fa29704c960202f4133cc4dde1cfe47358051e55e5c2f53aaa40bfa1e8218bec10241840622b49f9add496b76931f4f08e82ed56418b5f43bcb632b765095f6de7015aa61a7799df03a0f426ac568847f0de0240e3d69c62d0484db6ac0770411b8e3ffdda54811e2767002b240c8615d5dff43b0b3bd7d7ecdfe1507a415fa7c733e6119695d8ce47cc8d16f7f8930bd275e6f4fc6f23c10a56bbdd7ba1e69e3440dc4026adcbc7d8b900612aab5afb4e6b66f3767fec32f940c67a5087d1516fcf76feafe926d75437b3a987aa49f51f7cf72afd21d277bd55498830597244a1652a3d5b6bc2ea56be758d68f0bb0dec7af1d23efbcf70359b05b197cf154f45c81a5f4fc9c7dea57797acf5cceaaf47f2e1f7a8ee8f1536bf6d8df2d344a43739c72d13e71afc990ca36547ce0a62fd1ce7218787bb74c5be8e1b78bebfd4d9b70094400889fc3a73565c012abc35143cfcc93889b28aaef0bb2bd61eeb2ae6c9c29171d523a4b1a22a5597dac5152e349eb376740e8b404e3a18cf19c6bfa2c565db59368a9b518177b9ddd86042b0f7bc97d9092da360ddab4849b9b6de57e356832c5d77a352a77264ab2364a266558e3038b0329d488b481f85caff7da6747d97667540616caa5e869eac722b8bba446ee9c54bd9b1f4abc2fcf8e8ba02e71c77b33adee6c73e957b718aa9970183b30ea452f8a5c4613ccd7a4077a132119b4703d67537538eeda50ae652c6e9de14ecf10a7a9114cb8c7bea24adc8db399087f24cba3e5e3bfc1047ee0597ffadc95dce0f8b092c6d0f6cc668d2d1e72bff8a1302088815b87bc42b40ae5b60aa8f6847a7d5241c52cf68f2736bb66e848982db3b8dd5b763de9cebba82433ff52fb854770fcde56144028713b6d549467500deb06dbc5fe6f5a34ac00"}) r4 = socket$inet(0x2, 0x2, 0x0) signalfd4(r2, &(0x7f0000000180)={[0x6]}, 0x8, 0x800) r5 = openat$incfs(r3, &(0x7f0000000200)='.log\x00', 0x220000, 0x1) ioctl$SG_SET_FORCE_PACK_ID(r5, 0x227b, &(0x7f0000000140)) ioctl$sock_inet_SIOCSARP(r4, 0x8955, &(0x7f0000001780)={{0x2, 0x0, @remote}, {0x308}, 0xac1414bb, {0x2, 0x4e20, @remote}, 'batadv_slave_0\x00'}) fallocate(r4, 0x1d, 0xfffffffffffffffe, 0xb35c) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x5, &(0x7f0000000440)=[{&(0x7f0000000040)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000e0f4655fe0f4655f0100ffff53ef010001000000dff4655f000000000000000001000000000000000b0000000001", 0x5a, 0x400}, {0x0, 0x0, 0x4e0}, {0x0, 0x0, 0xffffffffdffffff8}, {&(0x7f0000010400)="000000000000ed9f62", 0x9, 0x800}, {&(0x7f0000011600)="ed41000000080000dff46552e0f4655fe0f4655f000000000000040104", 0x1d, 0x2100}], 0x0, &(0x7f00000000c0)={[{@noacl}]}) [ 1852.584813] attempt to access beyond end of device [ 1852.584813] loop4: rw=2049, want=276, limit=128 [ 1852.607842] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1852.644596] attempt to access beyond end of device [ 1852.644596] loop6: rw=2049, want=404, limit=128 11:07:02 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000010500)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) ioctl$INCFS_IOC_CREATE_FILE(r0, 0xc058671e, &(0x7f00000005c0)={{}, {0x5}, 0x114, 0x0, 0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)="409202cc9ad696c0", 0x8, 0x0, &(0x7f0000000480)={0x2, 0xb3, {0x1, 0xc, 0x1b, "d616442e78ee25ef12f0032fb5469a5777f3217af64c6eb3290c3b", 0x8b, "be64701553f209d1e5b20cf77a4256319e7bea11556717c0c7cb59a1d361e7934b1006b5ebcb2965638de137d53a0d92991055999db59f6a16a4c6a75de056352a1ef24b2f22ea1e8535521b5cc19f9cba35778044fa8b56c4d63fefb0c6276f3d2e0870e36015168815d37758e1de2b1fc7f196f9d81ec54f2874bd285f1b7833b8a300dcea31f62ee70d"}, 0x5c, "5b62e0823758557253ad47163334c87576a8970ea20bb949760697fa6bb2ea4f025af9be7a736947fde634fdc5372dbcc9c029390fae2aecb6e7581935e44cb357863d3a10b8227db3ab64507cc019859c03577825cd7bd0ae298928"}, 0x11b}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6(0xa, 0x1, 0x0) write(0xffffffffffffffff, &(0x7f0000000240)="01", 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105142, 0x0) ftruncate(r3, 0xffff) sendfile(r1, r2, 0x0, 0x20d315) [ 1852.708333] attempt to access beyond end of device [ 1852.708333] loop4: rw=1, want=403, limit=128 [ 1852.728404] kauditd_printk_skb: 8 callbacks suppressed [ 1852.728415] audit: type=1326 audit(1722078422.789:228): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11931 comm="syz-executor.3" exe="/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6066a02b19 code=0x7ffc0000 [ 1852.730875] audit: type=1326 audit(1722078422.791:229): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11931 comm="syz-executor.3" exe="/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6066a02b19 code=0x7ffc0000 11:07:02 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 77) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) 11:07:02 executing program 4: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100008100) [ 1852.739522] attempt to access beyond end of device [ 1852.739522] loop6: rw=1, want=403, limit=128 [ 1852.740301] Buffer I/O error on dev loop6, logical block 402, lost async page write 11:07:02 executing program 0: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffff9c, 0x40106614, &(0x7f00000000c0)) ftruncate(r0, 0xfdef) 11:07:02 executing program 6: r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x100000001) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xc763, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX, @ANYRES64]) chdir(&(0x7f0000000040)='./file0\x00') r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x100000001) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) futimesat(r3, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)={{r4, r5/1000+60000}, {r6, r7/1000+10000}}) r8 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r10 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r9, r10, 0x0, 0x100000001) fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0x8, 0x1) ftruncate(r8, 0xfdef) lsetxattr$trusted_overlay_opaque(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480), &(0x7f00000004c0), 0x2, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2000, 0x100) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x10, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r8}, 0x2c, {[{@loose}, {@version_9p2000}, {@access_uid={'access', 0x3d, 0xee01}}, {@aname={'aname', 0x3d, 'vfat\x00'}}, {@cache_mmap}], [{@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}}) [ 1852.813656] FAULT_INJECTION: forcing a failure. [ 1852.813656] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1852.815457] CPU: 0 PID: 11944 Comm: Not tainted 5.10.222 #1 [ 1852.816249] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1852.817374] Call Trace: [ 1852.817744] dump_stack+0x107/0x167 [ 1852.818245] should_fail.cold+0x5/0xa [ 1852.818774] _copy_from_user+0x2e/0x1b0 [ 1852.819325] comm_write+0xbf/0x2a0 [ 1852.819816] ? proc_pid_permission+0x300/0x300 [ 1852.820455] do_iter_write+0x4f0/0x700 [ 1852.821007] vfs_writev+0x1ae/0x620 [ 1852.821525] ? vfs_iter_write+0xa0/0xa0 [ 1852.822067] ? __fdget_pos+0xf1/0x190 [ 1852.822588] ? lock_downgrade+0x6d0/0x6d0 [ 1852.823170] ? ksys_write+0x12d/0x260 [ 1852.823696] ? __fget_files+0x2f8/0x520 [ 1852.824259] do_writev+0x139/0x300 [ 1852.824749] ? vfs_writev+0x620/0x620 [ 1852.825291] do_syscall_64+0x33/0x40 [ 1852.825795] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1852.826488] RIP: 0033:0x7fbbbec6fb19 [ 1852.826990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1852.829428] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1852.830449] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1852.831396] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1852.832350] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1852.833308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1852.834264] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1852.856370] attempt to access beyond end of device [ 1852.856370] loop5: rw=2049, want=276, limit=128 [ 1852.867256] EXT4-fs (loop3): Mount option "noacl" will be removed by 3.5 [ 1852.867256] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 1852.867256] [ 1852.885841] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1852.887215] EXT4-fs (loop3): group descriptors corrupted! 11:07:02 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0xfdef) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) (fail_nth: 74) 11:07:02 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470000000f801", 0x17}, {0x0, 0x0, 0x8000}], 0x0, &(0x7f00000000c0)=ANY=[]) chdir(&(0x7f0000000040)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001640)=[{{&(0x7f00000001c0), 0x6e, &(0x7f0000000280)=[{&(0x7f0000000300)=""/129, 0x81}, {&(0x7f00000003c0)=""/99, 0x63}], 0x2, &(0x7f0000000440)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x80}}, {{&(0x7f00000004c0), 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000540)=""/219, 0xdb}, {&(0x7f0000000640)=""/101, 0x65}], 0x2, &(0x7f0000000700)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x40}}, {{&(0x7f0000000740)=@abs, 0x6e, &(0x7f0000000840)=[{&(0x7f00000007c0)=""/114, 0x72}], 0x1, &(0x7f0000000880)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb8}}, {{&(0x7f0000000940)=@abs, 0x6e, &(0x7f0000000b40)=[{&(0x7f00000009c0)=""/179, 0xb3}, {&(0x7f0000000a80)=""/161, 0xa1}], 0x2}}, {{&(0x7f0000000b80), 0x6e, &(0x7f0000000c80)=[{&(0x7f0000000c00)=""/82, 0x52}], 0x1, &(0x7f0000000cc0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}, @cred={{0x1c}}], 0x40}}, {{0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000d00)=""/176, 0xb0}, {&(0x7f0000000dc0)=""/189, 0xbd}, {&(0x7f0000000e80)=""/74, 0x4a}, {&(0x7f0000000f00)=""/236, 0xec}, {&(0x7f0000001000)=""/126, 0x7e}], 0x5}}, {{&(0x7f0000001100)=@abs, 0x6e, &(0x7f00000011c0)=[{&(0x7f0000001180)=""/23, 0x17}], 0x1, &(0x7f0000001200)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000001240)=@abs, 0x6e, &(0x7f00000012c0), 0x0, &(0x7f0000001300)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x50}}, {{&(0x7f0000001380)=@abs, 0x6e, &(0x7f00000014c0)=[{&(0x7f0000001400)=""/85, 0x55}, {&(0x7f0000001480)=""/27, 0x1b}], 0x2}}, {{0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000001500)=""/37, 0x25}, {&(0x7f0000001540)=""/7, 0x7}], 0x2, &(0x7f00000015c0)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x48}}], 0xa, 0x100, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x100000001) openat(r5, &(0x7f00000012c0)='./file0\x00', 0x2000, 0x0) setresuid(0xffffffffffffffff, r4, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x800, &(0x7f00000018c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_L}, {@cache_fscache}, {@cache_none}, {@noextend}, {@access_user}, {@dfltgid={'dfltgid', 0x3d, r3}}, {@dfltgid={'dfltgid', 0x3d, 0xee01}}, {@posixacl}], [{@fsname={'fsname', 0x3d, '-'}}, {@euid_eq={'euid', 0x3d, r4}}, {@seclabel}]}}) r7 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x105142, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r8, r9, 0x0, 0x100000001) ftruncate(r7, 0xfdef) [ 1852.902308] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 1852.906449] FAT-fs (loop6): Unrecognized mount option "0xffffffffffffffff˙˙˙˙˙˙˙˙" or missing value [ 1852.957145] audit: type=1326 audit(1722078423.016:230): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11931 comm="syz-executor.3" exe="/syz-executor.3" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f6066a02b19 code=0x7ffc0000 [ 1852.959665] audit: type=1326 audit(1722078423.016:231): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11931 comm="syz-executor.3" exe="/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6066a02b19 code=0x7ffc0000 [ 1852.968765] audit: type=1326 audit(1722078423.016:232): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11931 comm="syz-executor.3" exe="/syz-executor.3" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6066a02b19 code=0x7ffc0000 [ 1852.980961] audit: type=1326 audit(1722078423.016:233): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11931 comm="syz-executor.3" exe="/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6066a02b19 code=0x7ffc0000 [ 1853.003468] audit: type=1326 audit(1722078423.016:234): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11931 comm="syz-executor.3" exe="/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6066a02b19 code=0x7ffc0000 [ 1853.005739] audit: type=1326 audit(1722078423.016:235): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11931 comm="syz-executor.3" exe="/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6066a02b19 code=0x7ffc0000 [ 1853.008587] audit: type=1326 audit(1722078423.016:236): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11931 comm="syz-executor.3" exe="/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6066a02b19 code=0x7ffc0000 [ 1853.011064] EXT4-fs (loop3): Mount option "noacl" will be removed by 3.5 [ 1853.011064] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 1853.011064] [ 1853.026222] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1853.027055] EXT4-fs (loop3): group descriptors corrupted! 11:07:03 executing program 7: r0 = dup(0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10018, 0x0, 0x2, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xa, &(0x7f0000000380)={0x0, 0xda0}, &(0x7f00000003c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='comm\x00') writev(r1, &(0x7f00000015c0)=[{&(0x7f0000000140)="f3", 0x1}], 0x1000000000000197) (fail_nth: 78) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) prlimit64(r2, 0xd, &(0x7f00000000c0)={0x3, 0x4}, &(0x7f0000000100)) prlimit64(r2, 0x7, &(0x7f0000000240)={0x8, 0x3}, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000080)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000580)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}, 0x80000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000200)={0x3ff, 0x1f, 0x100, 0xfffffff9, 0x80, "4ec3a6001e81a666b37608380bd56bf0fcb54b", 0x8, 0x4}) [ 1853.029826] audit: type=1326 audit(1722078423.017:237): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11931 comm="syz-executor.3" exe="/syz-executor.3" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6066a02b19 code=0x7ffc0000 [ 1853.083699] FAULT_INJECTION: forcing a failure. [ 1853.083699] name failslab, interval 1, probability 0, space 0, times 0 [ 1853.084799] CPU: 1 PID: 11960 Comm: syz-executor.5 Not tainted 5.10.222 #1 [ 1853.085540] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1853.086404] Call Trace: [ 1853.086640] dump_stack+0x107/0x167 [ 1853.086956] should_fail.cold+0x5/0xa [ 1853.087287] ? create_object.isra.0+0x3a/0xa20 [ 1853.087679] should_failslab+0x5/0x20 [ 1853.087996] kmem_cache_alloc+0x5b/0x310 [ 1853.088333] create_object.isra.0+0x3a/0xa20 [ 1853.088691] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1853.089150] kmem_cache_alloc+0x159/0x310 [ 1853.089497] alloc_buffer_head+0x20/0x110 [ 1853.089837] alloc_page_buffers+0x14d/0x700 [ 1853.090191] create_empty_buffers+0x2c/0x640 [ 1853.090553] create_page_buffers+0x1bb/0x230 [ 1853.090916] __block_write_begin_int+0x1d1/0x19c0 [ 1853.091310] ? fat_add_cluster+0x100/0x100 [ 1853.091656] ? add_to_page_cache_locked+0x40/0x40 [ 1853.092052] ? __page_cache_alloc+0x10d/0x360 [ 1853.092426] ? remove_inode_buffers+0x300/0x300 [ 1853.092803] ? pagecache_get_page+0x243/0xc80 [ 1853.093177] ? unlock_page_memcg+0x96/0x170 [ 1853.093530] ? wait_for_stable_page+0x92/0xe0 [ 1853.093899] cont_write_begin+0x472/0x980 [ 1853.094246] ? fat_add_cluster+0x100/0x100 [ 1853.094590] ? nobh_write_begin+0xed0/0xed0 [ 1853.094944] ? __wb_update_bandwidth.constprop.0+0xe00/0xe00 [ 1853.095413] ? generic_write_end+0x20e/0x3f0 [ 1853.095771] ? iov_iter_fault_in_readable+0x9a/0x410 [ 1853.096185] fat_write_begin+0x89/0x180 [ 1853.096509] ? fat_add_cluster+0x100/0x100 [ 1853.096854] generic_perform_write+0x20a/0x4f0 [ 1853.097238] ? fat_direct_IO+0x1ef/0x380 [ 1853.097570] ? page_cache_prev_miss+0x310/0x310 [ 1853.097957] __generic_file_write_iter+0x2cd/0x5d0 [ 1853.098362] generic_file_write_iter+0xdb/0x230 [ 1853.098743] do_iter_readv_writev+0x476/0x750 [ 1853.099111] ? new_sync_write+0x660/0x660 [ 1853.099450] ? avc_policy_seqno+0x9/0x70 [ 1853.099780] ? selinux_file_permission+0x92/0x520 [ 1853.100179] ? security_file_permission+0xb1/0xe0 [ 1853.100578] do_iter_write+0x191/0x700 [ 1853.100899] ? trace_hardirqs_on+0x5b/0x180 [ 1853.101265] vfs_iter_write+0x70/0xa0 [ 1853.101579] iter_file_splice_write+0x762/0xc30 [ 1853.101972] ? generic_splice_sendpage+0x140/0x140 [ 1853.102390] ? security_file_permission+0xb1/0xe0 [ 1853.102786] ? generic_splice_sendpage+0x140/0x140 [ 1853.103189] direct_splice_actor+0x10f/0x170 [ 1853.103550] splice_direct_to_actor+0x387/0x980 [ 1853.103934] ? pipe_to_sendpage+0x380/0x380 [ 1853.104292] ? do_splice_to+0x160/0x160 [ 1853.104621] ? security_file_permission+0xb1/0xe0 [ 1853.105021] do_splice_direct+0x1c4/0x290 [ 1853.105365] ? splice_direct_to_actor+0x980/0x980 [ 1853.105755] ? avc_policy_seqno+0x9/0x70 [ 1853.106095] ? security_file_permission+0xb1/0xe0 [ 1853.106497] do_sendfile+0x553/0x11e0 [ 1853.106819] ? do_pwritev+0x270/0x270 [ 1853.107131] ? wait_for_completion_io+0x270/0x270 [ 1853.107527] ? rcu_read_lock_any_held+0x75/0xa0 [ 1853.107902] ? vfs_write+0x354/0xb10 [ 1853.108212] __x64_sys_sendfile64+0x1d1/0x210 [ 1853.108584] ? __ia32_sys_sendfile+0x220/0x220 [ 1853.108965] do_syscall_64+0x33/0x40 [ 1853.109283] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1853.109698] RIP: 0033:0x7f24f4026b19 [ 1853.110004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1853.111474] RSP: 002b:00007f24f159c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1853.112093] RAX: ffffffffffffffda RBX: 00007f24f4139f60 RCX: 00007f24f4026b19 [ 1853.112671] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004 [ 1853.113248] RBP: 00007f24f159c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1853.113819] R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000002 [ 1853.114393] R13: 00007ffc75df54bf R14: 00007f24f159c300 R15: 0000000000022000 [ 1853.134104] attempt to access beyond end of device [ 1853.134104] loop4: rw=2049, want=276, limit=128 [ 1853.147708] FAULT_INJECTION: forcing a failure. [ 1853.147708] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1853.148983] CPU: 1 PID: 11970 Comm: Not tainted 5.10.222 #1 [ 1853.149478] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1853.150359] Call Trace: [ 1853.150698] dump_stack+0x107/0x167 [ 1853.151085] should_fail.cold+0x5/0xa [ 1853.151399] _copy_from_user+0x2e/0x1b0 [ 1853.151726] comm_write+0xbf/0x2a0 [ 1853.152014] ? proc_pid_permission+0x300/0x300 [ 1853.152393] do_iter_write+0x4f0/0x700 [ 1853.152722] vfs_writev+0x1ae/0x620 [ 1853.153020] ? vfs_iter_write+0xa0/0xa0 [ 1853.153350] ? __fdget_pos+0xf1/0x190 [ 1853.153656] ? lock_downgrade+0x6d0/0x6d0 [ 1853.153994] ? ksys_write+0x12d/0x260 [ 1853.154308] ? __fget_files+0x2f8/0x520 [ 1853.154645] do_writev+0x139/0x300 [ 1853.154933] ? vfs_writev+0x620/0x620 [ 1853.155252] do_syscall_64+0x33/0x40 [ 1853.155556] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1853.155966] RIP: 0033:0x7fbbbec6fb19 [ 1853.156267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1853.157731] RSP: 002b:00007fbbbc1e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1853.158344] RAX: ffffffffffffffda RBX: 00007fbbbed82f60 RCX: 00007fbbbec6fb19 [ 1853.158915] RDX: 1000000000000197 RSI: 00000000200015c0 RDI: 0000000000000004 [ 1853.159485] RBP: 00007fbbbc1e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1853.160057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1853.160626] R13: 00007ffeb503112f R14: 00007fbbbc1e5300 R15: 0000000000022000 [ 1853.212475] attempt to access beyond end of device [ 1853.212475] loop4: rw=1, want=403, limit=128 [ 1853.240633] attempt to access beyond end of device [ 1853.240633] loop5: rw=2049, want=276, limit=128 [ 1853.324070] 9pnet: Insufficient options for proto=fd VM DIAGNOSIS: 11:12:03 Registers: info registers vcpu 0 RAX=ffffffff83e74f90 RBX=0000000000000000 RCX=ffffffff83e5cd8c RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff83e75598 RBP=fffffbfff09c6450 RSP=ffffffff84e07e38 R8 =0000000000000001 R9 =ffff88806ce3c12b R10=ffffed100d9c7825 R11=0000000000000001 R12=0000000000000000 R13=ffffffff85675788 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff83e74f9e RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f088792b010 CR3=000000000b8bc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00ac02fe016c6c6f502e726567616e61 XMM02=646e616320636578650e0a0100010101 XMM03=6169727420636578650b006574616469 XMM04=7a696d696e696d20636578650d006567 XMM05=78650a007a7a75662063657865090065 XMM06=6820636578650a006873616d73206365 XMM07=736465657320636578650a0073746e69 XMM08=636578650b006574616469646e616320 XMM09=696d20636578650d0065676169727420 XMM10=7a756620636578650900657a696d696e XMM11=650a006873616d7320636578650a007a XMM12=20636578650a0073746e696820636578 XMM13=61746f7420636578650a007364656573 XMM14=7473657220726f74756365786511006c XMM15=00006e65672063657865080073747261 info registers vcpu 1 RAX=ffffffff83e74f90 RBX=0000000000000001 RCX=ffffffff83e5cd8c RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff83e75598 RBP=ffffed1001130000 RSP=ffff88800898fe70 R8 =0000000000000001 R9 =ffff88806cf3c12b R10=ffffed100d9e7825 R11=0000000000000001 R12=0000000000000001 R13=ffffffff85675788 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff83e74f9e RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005636c4557678 CR3=000000000b8bc000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=0000000000000000415248ea00000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000