7f538282e69c
[ 2365.669908] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 2365.671899] RSP: 002b:00007f537fdf1170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2365.672739] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f538282e69c
[ 2365.673527] RDX: 000000000000000f RSI: 00007f537fdf11e0 RDI: 0000000000000006
[ 2365.674308] RBP: 00007f537fdf11d0 R08: 0000000000000000 R09: 0000000000000000
[ 2365.675098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2365.675858] R13: 00007ffe5ff5756f R14: 00007f537fdf1300 R15: 0000000000022000
[ 2365.683090] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2365.685667] EXT4-fs (loop7): VFS: Can't find ext4 filesystem
01:47:11 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 4)

01:47:11 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x0) (fail_nth: 1)

[ 2365.706506] EXT4-fs (loop3): VFS: Can't find ext4 filesystem
[ 2365.711100] FAULT_INJECTION: forcing a failure.
[ 2365.711100] name failslab, interval 1, probability 0, space 0, times 0
[ 2365.712497] CPU: 1 PID: 14759 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2365.713219] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2365.714111] Call Trace:
[ 2365.714395]  dump_stack+0x107/0x167
[ 2365.714788]  should_fail.cold+0x5/0xa
[ 2365.715196]  ? xas_alloc+0x336/0x440
[ 2365.715592]  should_failslab+0x5/0x20
[ 2365.716014]  kmem_cache_alloc+0x5b/0x360
[ 2365.716467]  ? SOFTIRQ_verbose+0x10/0x10
[ 2365.716921]  xas_alloc+0x336/0x440
[ 2365.717314]  xas_create+0x60f/0x10d0
[ 2365.717734]  xas_store+0x8c/0x1c40
[ 2365.718145]  ? xas_find_conflict+0x4b5/0xa70
[ 2365.718637]  __add_to_page_cache_locked+0x708/0xd10
[ 2365.719187]  ? file_write_and_wait_range+0x130/0x130
[ 2365.719739]  ? lock_downgrade+0x6d0/0x6d0
[ 2365.720193]  ? memcg_drain_all_list_lrus+0x720/0x720
[ 2365.720760]  add_to_page_cache_lru+0xe6/0x2e0
[ 2365.721248]  ? add_to_page_cache_locked+0x40/0x40
[ 2365.721783]  ? __page_cache_alloc+0x10d/0x360
[ 2365.722283]  page_cache_ra_unbounded+0x419/0x6f0
[ 2365.722812]  ? read_pages+0xbc0/0xbc0
[ 2365.723237]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2365.723759]  ondemand_readahead+0x8e5/0x1150
[ 2365.724253]  page_cache_sync_ra+0x138/0x170
[ 2365.724735]  generic_file_buffered_read+0xc74/0x28f0
[ 2365.725310]  ? pagecache_get_page+0xc80/0xc80
[ 2365.725806]  ? kasan_save_stack+0x32/0x40
[ 2365.726266]  ? do_splice_direct+0x1c4/0x290
[ 2365.726739]  ? do_sendfile+0x553/0x1090
[ 2365.727180]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2365.727693]  ? do_syscall_64+0x33/0x40
[ 2365.728124]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2365.728712]  ? perf_trace_lock+0xac/0x490
[ 2365.729151]  ? lock_chain_count+0x20/0x20
[ 2365.729619]  generic_file_read_iter+0x33f/0x490
[ 2365.730153]  ext4_file_read_iter+0x184/0x4c0
[ 2365.730642]  generic_file_splice_read+0x455/0x6d0
[ 2365.731175]  ? pipe_to_user+0x170/0x170
[ 2365.731612]  ? _cond_resched+0x12/0x80
[ 2365.732045]  ? avc_policy_seqno+0x9/0x70
[ 2365.732501]  ? selinux_file_permission+0x92/0x520
[ 2365.733033]  ? lockdep_init_map_type+0x2c7/0x780
[ 2365.733555]  ? pipe_to_user+0x170/0x170
[ 2365.733995]  do_splice_to+0x10e/0x160
[ 2365.734427]  splice_direct_to_actor+0x2fe/0x980
[ 2365.734944]  ? pipe_to_sendpage+0x380/0x380
[ 2365.735419]  ? do_splice_to+0x160/0x160
[ 2365.735861]  ? security_file_permission+0x24e/0x570
[ 2365.736416]  do_splice_direct+0x1c4/0x290
[ 2365.736876]  ? splice_direct_to_actor+0x980/0x980
[ 2365.737404]  ? selinux_file_permission+0x92/0x520
[ 2365.737921]  ? security_file_permission+0x24e/0x570
[ 2365.738498]  do_sendfile+0x553/0x1090
[ 2365.738920]  ? do_pwritev+0x270/0x270
[ 2365.739345]  ? wait_for_completion_io+0x270/0x270
[ 2365.739876]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2365.740391]  ? vfs_write+0x354/0xa70
[ 2365.740798]  __x64_sys_sendfile64+0x1d1/0x210
[ 2365.741301]  ? __ia32_sys_sendfile+0x220/0x220
[ 2365.741790]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2365.742337]  do_syscall_64+0x33/0x40
[ 2365.742733]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2365.743294] RIP: 0033:0x7ff709825b19
[ 2365.743702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2365.745711] RSP: 002b:00007ff706d9b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2365.746541] RAX: ffffffffffffffda RBX: 00007ff709938f60 RCX: 00007ff709825b19
[ 2365.747329] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2365.748108] RBP: 00007ff706d9b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2365.748885] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2365.749670] R13: 00007ffdbcd37b1f R14: 00007ff706d9b300 R15: 0000000000022000
[ 2365.755904] FAULT_INJECTION: forcing a failure.
[ 2365.755904] name failslab, interval 1, probability 0, space 0, times 0
[ 2365.757155] CPU: 1 PID: 14783 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2365.757899] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2365.758787] Call Trace:
[ 2365.759065]  dump_stack+0x107/0x167
[ 2365.759461]  should_fail.cold+0x5/0xa
[ 2365.759869]  ? create_object.isra.0+0x3a/0xa20
[ 2365.760358]  should_failslab+0x5/0x20
[ 2365.760759]  kmem_cache_alloc+0x5b/0x360
[ 2365.761195]  create_object.isra.0+0x3a/0xa20
[ 2365.761663]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2365.762217]  __kmalloc+0x16e/0x330
[ 2365.762600]  alloc_pipe_info+0x1e5/0x590
[ 2365.763036]  splice_direct_to_actor+0x774/0x980
[ 2365.763526]  ? _cond_resched+0x12/0x80
[ 2365.763942]  ? inode_security+0x107/0x140
[ 2365.764374]  ? pipe_to_sendpage+0x380/0x380
[ 2365.764835]  ? selinux_file_permission+0x92/0x520
[ 2365.765357]  ? do_splice_to+0x160/0x160
[ 2365.765787]  ? security_file_permission+0x24e/0x570
[ 2365.766328]  do_splice_direct+0x1c4/0x290
[ 2365.766772]  ? splice_direct_to_actor+0x980/0x980
[ 2365.767289]  ? selinux_file_permission+0x92/0x520
[ 2365.767821]  ? security_file_permission+0x24e/0x570
[ 2365.768377]  do_sendfile+0x553/0x1090
[ 2365.768804]  ? do_pwritev+0x270/0x270
[ 2365.769223]  ? wait_for_completion_io+0x270/0x270
[ 2365.769756]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2365.770274]  ? vfs_write+0x354/0xa70
[ 2365.770696]  __x64_sys_sendfile64+0x1d1/0x210
[ 2365.771199]  ? __ia32_sys_sendfile+0x220/0x220
[ 2365.771708]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2365.772235]  do_syscall_64+0x33/0x40
[ 2365.772651]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2365.773208] RIP: 0033:0x7f23c5d5cb19
[ 2365.773609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2365.775628] RSP: 002b:00007f23c32b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2365.776462] RAX: ffffffffffffffda RBX: 00007f23c5e70020 RCX: 00007f23c5d5cb19
[ 2365.777242] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2365.778025] RBP: 00007f23c32b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 2365.778801] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2365.779577] R13: 00007ffda14b703f R14: 00007f23c32b1300 R15: 0000000000022000
01:47:11 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x0)
sendfile(r0, r1, 0x0, 0x20d315)

01:47:11 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:47:11 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)

[ 2365.819162] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
01:47:11 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x0)

01:47:11 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2365.925886] EXT4-fs (loop5): VFS: Can't find ext4 filesystem
[ 2365.927020] EXT4-fs (loop3): VFS: Can't find ext4 filesystem
01:47:11 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:47:11 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 8)

01:47:11 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 5)

01:47:11 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x8008, 0x0)

[ 2365.970466] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:47:11 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x1da688, 0x0)

[ 2366.035003] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:47:11 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)

[ 2366.121319] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2366.141873] FAULT_INJECTION: forcing a failure.
[ 2366.141873] name failslab, interval 1, probability 0, space 0, times 0
[ 2366.143071] CPU: 1 PID: 14813 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2366.143816] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2366.144716] Call Trace:
[ 2366.144999]  dump_stack+0x107/0x167
[ 2366.145397]  should_fail.cold+0x5/0xa
[ 2366.145812]  ? create_object.isra.0+0x3a/0xa20
[ 2366.146322]  should_failslab+0x5/0x20
[ 2366.146724]  kmem_cache_alloc+0x5b/0x360
[ 2366.147157]  create_object.isra.0+0x3a/0xa20
[ 2366.147628]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2366.148167]  kmem_cache_alloc+0x159/0x360
[ 2366.148616]  xas_alloc+0x336/0x440
[ 2366.149003]  xas_create+0x60f/0x10d0
[ 2366.149419]  xas_store+0x8c/0x1c40
[ 2366.149795]  ? xas_find_conflict+0x4b5/0xa70
[ 2366.150272]  __add_to_page_cache_locked+0x708/0xd10
[ 2366.150823]  ? file_write_and_wait_range+0x130/0x130
[ 2366.151379]  ? lock_downgrade+0x6d0/0x6d0
[ 2366.151841]  ? memcg_drain_all_list_lrus+0x720/0x720
[ 2366.152408]  add_to_page_cache_lru+0xe6/0x2e0
[ 2366.152902]  ? add_to_page_cache_locked+0x40/0x40
[ 2366.153432]  ? __page_cache_alloc+0x10d/0x360
[ 2366.153932]  page_cache_ra_unbounded+0x419/0x6f0
[ 2366.154468]  ? read_pages+0xbc0/0xbc0
[ 2366.154881]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2366.155405]  ondemand_readahead+0x8e5/0x1150
[ 2366.155898]  page_cache_sync_ra+0x138/0x170
[ 2366.156378]  generic_file_buffered_read+0xc74/0x28f0
[ 2366.156952]  ? pagecache_get_page+0xc80/0xc80
[ 2366.157443]  ? kasan_save_stack+0x32/0x40
[ 2366.157904]  ? do_splice_direct+0x1c4/0x290
[ 2366.158397]  ? do_sendfile+0x553/0x1090
[ 2366.158833]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2366.159341]  ? do_syscall_64+0x33/0x40
[ 2366.159771]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2366.160353]  ? perf_trace_lock+0xac/0x490
[ 2366.160807]  ? lock_chain_count+0x20/0x20
[ 2366.161267]  generic_file_read_iter+0x33f/0x490
[ 2366.161787]  ext4_file_read_iter+0x184/0x4c0
[ 2366.162285]  generic_file_splice_read+0x455/0x6d0
[ 2366.162822]  ? pipe_to_user+0x170/0x170
[ 2366.163260]  ? _cond_resched+0x12/0x80
[ 2366.163697]  ? avc_policy_seqno+0x9/0x70
[ 2366.164142]  ? selinux_file_permission+0x92/0x520
[ 2366.164681]  ? lockdep_init_map_type+0x2c7/0x780
[ 2366.165202]  ? pipe_to_user+0x170/0x170
[ 2366.165648]  do_splice_to+0x10e/0x160
[ 2366.166090]  splice_direct_to_actor+0x2fe/0x980
[ 2366.166612]  ? pipe_to_sendpage+0x380/0x380
[ 2366.167090]  ? do_splice_to+0x160/0x160
[ 2366.167534]  ? security_file_permission+0x24e/0x570
[ 2366.168093]  do_splice_direct+0x1c4/0x290
[ 2366.168562]  ? splice_direct_to_actor+0x980/0x980
[ 2366.169093]  ? selinux_file_permission+0x92/0x520
[ 2366.169631]  ? security_file_permission+0x24e/0x570
[ 2366.170202]  do_sendfile+0x553/0x1090
[ 2366.170634]  ? do_pwritev+0x270/0x270
[ 2366.171059]  ? wait_for_completion_io+0x270/0x270
[ 2366.171592]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2366.172108]  ? vfs_write+0x354/0xa70
[ 2366.172525]  __x64_sys_sendfile64+0x1d1/0x210
[ 2366.173023]  ? __ia32_sys_sendfile+0x220/0x220
[ 2366.173541]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2366.174079]  do_syscall_64+0x33/0x40
[ 2366.174499]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2366.175069] RIP: 0033:0x7ff709825b19
[ 2366.175476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2366.177497] RSP: 002b:00007ff706d9b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2366.178355] RAX: ffffffffffffffda RBX: 00007ff709938f60 RCX: 00007ff709825b19
[ 2366.179146] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2366.179926] RBP: 00007ff706d9b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2366.180720] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2366.181507] R13: 00007ffdbcd37b1f R14: 00007ff706d9b300 R15: 0000000000022000
[ 2366.186990] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2366.206829] FAULT_INJECTION: forcing a failure.
[ 2366.206829] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2366.209907] CPU: 1 PID: 14818 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2366.211599] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2366.213588] Call Trace:
[ 2366.214234]  dump_stack+0x107/0x167
[ 2366.215122]  should_fail.cold+0x5/0xa
[ 2366.216051]  __alloc_pages_nodemask+0x182/0x690
[ 2366.217165]  ? xa_load+0x12d/0x2c0
[ 2366.218046]  ? lock_downgrade+0x6d0/0x6d0
[ 2366.218985]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2366.220308]  alloc_pages_current+0x187/0x280
[ 2366.221260]  __page_cache_alloc+0x2d2/0x360
[ 2366.222212]  page_cache_ra_unbounded+0x207/0x6f0
[ 2366.223251]  ? read_pages+0xbc0/0xbc0
[ 2366.224069]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2366.225091]  ondemand_readahead+0x8e5/0x1150
[ 2366.226044]  page_cache_sync_ra+0x138/0x170
[ 2366.226954]  generic_file_buffered_read+0xc74/0x28f0
[ 2366.228080]  ? pagecache_get_page+0xc80/0xc80
[ 2366.229047]  ? kasan_save_stack+0x32/0x40
[ 2366.229943]  ? do_splice_direct+0x1c4/0x290
[ 2366.230879]  ? do_sendfile+0x553/0x1090
[ 2366.231735]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2366.232736]  ? do_syscall_64+0x33/0x40
[ 2366.233578]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2366.234728]  ? perf_trace_lock+0xac/0x490
[ 2366.235617]  ? lock_chain_count+0x20/0x20
[ 2366.236520]  generic_file_read_iter+0x33f/0x490
[ 2366.237467]  ext4_file_read_iter+0x184/0x4c0
[ 2366.238439]  generic_file_splice_read+0x455/0x6d0
[ 2366.239480]  ? pipe_to_user+0x170/0x170
[ 2366.240331]  ? _cond_resched+0x12/0x80
[ 2366.241134]  ? avc_policy_seqno+0x9/0x70
[ 2366.241981]  ? selinux_file_permission+0x92/0x520
[ 2366.243036]  ? lockdep_init_map_type+0x2c7/0x780
[ 2366.244059]  ? pipe_to_user+0x170/0x170
[ 2366.244920]  do_splice_to+0x10e/0x160
[ 2366.245746]  splice_direct_to_actor+0x2fe/0x980
[ 2366.246777]  ? pipe_to_sendpage+0x380/0x380
[ 2366.247717]  ? do_splice_to+0x160/0x160
[ 2366.248573]  ? security_file_permission+0x24e/0x570
[ 2366.249663]  do_splice_direct+0x1c4/0x290
[ 2366.250569]  ? splice_direct_to_actor+0x980/0x980
[ 2366.251603]  ? selinux_file_permission+0x92/0x520
[ 2366.252652]  ? security_file_permission+0x24e/0x570
[ 2366.253749]  do_sendfile+0x553/0x1090
[ 2366.254598]  ? do_pwritev+0x270/0x270
[ 2366.255424]  ? wait_for_completion_io+0x270/0x270
[ 2366.256465]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2366.257410]  ? vfs_write+0x354/0xa70
[ 2366.258240]  __x64_sys_sendfile64+0x1d1/0x210
[ 2366.259208]  ? __ia32_sys_sendfile+0x220/0x220
[ 2366.260199]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2366.261246]  do_syscall_64+0x33/0x40
[ 2366.262057]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2366.263159] RIP: 0033:0x7f23c5d5cb19
[ 2366.263965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2366.267955] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2366.269604] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2366.271155] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000005
[ 2366.272696] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2366.274257] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2366.275798] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2366.384348] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:47:27 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:47:27 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)

01:47:27 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(0xffffffffffffffff, r0, 0x0, 0x20d315)

01:47:27 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x8800000, 0x0)

01:47:27 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:47:27 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 9)

01:47:27 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 6)

01:47:27 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2382.390000] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2382.408398] EXT4-fs (loop5): VFS: Can't find ext4 filesystem
[ 2382.431146] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2382.435810] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2382.452533] FAULT_INJECTION: forcing a failure.
[ 2382.452533] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2382.455355] CPU: 0 PID: 14860 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2382.456818] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2382.458548] Call Trace:
[ 2382.459103]  dump_stack+0x107/0x167
[ 2382.459217] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2382.459891]  should_fail.cold+0x5/0xa
[ 2382.459931]  __alloc_pages_nodemask+0x182/0x690
[ 2382.459958]  ? xa_load+0x12d/0x2c0
[ 2382.464001]  ? lock_downgrade+0x6d0/0x6d0
[ 2382.464854]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2382.466107]  alloc_pages_current+0x187/0x280
[ 2382.467026]  __page_cache_alloc+0x2d2/0x360
[ 2382.467923]  page_cache_ra_unbounded+0x207/0x6f0
[ 2382.468908]  ? read_pages+0xbc0/0xbc0
[ 2382.469684]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2382.470679]  ondemand_readahead+0x8e5/0x1150
[ 2382.471596]  page_cache_sync_ra+0x138/0x170
[ 2382.472477]  generic_file_buffered_read+0xc74/0x28f0
[ 2382.473541]  ? pagecache_get_page+0xc80/0xc80
[ 2382.474470]  ? kasan_save_stack+0x32/0x40
[ 2382.475319]  ? do_splice_direct+0x1c4/0x290
[ 2382.476189]  ? do_sendfile+0x553/0x1090
[ 2382.477001]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2382.477945]  ? do_syscall_64+0x33/0x40
[ 2382.478768]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2382.479848]  ? perf_trace_lock+0xac/0x490
[ 2382.480691]  ? lock_chain_count+0x20/0x20
[ 2382.481543]  generic_file_read_iter+0x33f/0x490
[ 2382.482517]  ext4_file_read_iter+0x184/0x4c0
[ 2382.483414]  generic_file_splice_read+0x455/0x6d0
[ 2382.484395]  ? pipe_to_user+0x170/0x170
[ 2382.485201]  ? _cond_resched+0x12/0x80
[ 2382.485999]  ? avc_policy_seqno+0x9/0x70
[ 2382.486845]  ? selinux_file_permission+0x92/0x520
[ 2382.487834]  ? lockdep_init_map_type+0x2c7/0x780
[ 2382.488806]  ? pipe_to_user+0x170/0x170
[ 2382.489622]  do_splice_to+0x10e/0x160
[ 2382.490415]  splice_direct_to_actor+0x2fe/0x980
[ 2382.491368]  ? pipe_to_sendpage+0x380/0x380
[ 2382.492250]  ? do_splice_to+0x160/0x160
[ 2382.493053]  ? security_file_permission+0x24e/0x570
[ 2382.494085]  do_splice_direct+0x1c4/0x290
[ 2382.494947]  ? splice_direct_to_actor+0x980/0x980
[ 2382.495919]  ? selinux_file_permission+0x92/0x520
[ 2382.496910]  ? security_file_permission+0x24e/0x570
[ 2382.497939]  do_sendfile+0x553/0x1090
[ 2382.498749]  ? do_pwritev+0x270/0x270
[ 2382.499537]  ? wait_for_completion_io+0x270/0x270
[ 2382.500527]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2382.501477]  ? vfs_write+0x354/0xa70
[ 2382.502261]  __x64_sys_sendfile64+0x1d1/0x210
[ 2382.503181]  ? __ia32_sys_sendfile+0x220/0x220
[ 2382.504122]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2382.505106]  do_syscall_64+0x33/0x40
[ 2382.505871]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2382.506929] RIP: 0033:0x7ff709825b19
[ 2382.507691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2382.511424] RSP: 002b:00007ff706d7a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2382.512978] RAX: ffffffffffffffda RBX: 00007ff709939020 RCX: 00007ff709825b19
[ 2382.514443] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
[ 2382.515891] RBP: 00007ff706d7a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2382.517349] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2382.518829] R13: 00007ffdbcd37b1f R14: 00007ff706d7a300 R15: 0000000000022000
[ 2382.538535] FAULT_INJECTION: forcing a failure.
[ 2382.538535] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2382.540990] CPU: 0 PID: 14865 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2382.542552] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2382.544249] Call Trace:
01:47:28 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2382.544796]  dump_stack+0x107/0x167
[ 2382.545699]  should_fail.cold+0x5/0xa
[ 2382.546524]  __alloc_pages_nodemask+0x182/0x690
[ 2382.547480]  ? xa_load+0x12d/0x2c0
[ 2382.548209]  ? lock_downgrade+0x6d0/0x6d0
[ 2382.549065]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2382.550333]  alloc_pages_current+0x187/0x280
[ 2382.551245]  __page_cache_alloc+0x2d2/0x360
[ 2382.552141]  page_cache_ra_unbounded+0x207/0x6f0
[ 2382.553126]  ? read_pages+0xbc0/0xbc0
[ 2382.553883]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2382.554873]  ondemand_readahead+0x8e5/0x1150
[ 2382.555770]  page_cache_sync_ra+0x138/0x170
[ 2382.556661]  generic_file_buffered_read+0xc74/0x28f0
[ 2382.557704]  ? pagecache_get_page+0xc80/0xc80
[ 2382.558627]  ? kasan_save_stack+0x32/0x40
[ 2382.559460]  ? do_splice_direct+0x1c4/0x290
[ 2382.560339]  ? do_sendfile+0x553/0x1090
[ 2382.561137]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2382.562091]  ? do_syscall_64+0x33/0x40
[ 2382.562880]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2382.563955]  ? perf_trace_lock+0xac/0x490
[ 2382.564782]  ? lock_chain_count+0x20/0x20
[ 2382.565618]  generic_file_read_iter+0x33f/0x490
[ 2382.566578]  ext4_file_read_iter+0x184/0x4c0
[ 2382.567469]  generic_file_splice_read+0x455/0x6d0
[ 2382.568438]  ? pipe_to_user+0x170/0x170
[ 2382.569251]  ? _cond_resched+0x12/0x80
[ 2382.570038]  ? avc_policy_seqno+0x9/0x70
[ 2382.570877]  ? selinux_file_permission+0x92/0x520
[ 2382.571856]  ? lockdep_init_map_type+0x2c7/0x780
[ 2382.572831]  ? pipe_to_user+0x170/0x170
[ 2382.573631]  do_splice_to+0x10e/0x160
[ 2382.574417]  splice_direct_to_actor+0x2fe/0x980
[ 2382.575361]  ? pipe_to_sendpage+0x380/0x380
[ 2382.576247]  ? do_splice_to+0x160/0x160
[ 2382.577054]  ? security_file_permission+0x24e/0x570
[ 2382.578080]  do_splice_direct+0x1c4/0x290
[ 2382.578942]  ? splice_direct_to_actor+0x980/0x980
[ 2382.579923]  ? selinux_file_permission+0x92/0x520
[ 2382.580908]  ? security_file_permission+0x24e/0x570
[ 2382.581937]  do_sendfile+0x553/0x1090
[ 2382.582731]  ? do_pwritev+0x270/0x270
[ 2382.583513]  ? wait_for_completion_io+0x270/0x270
[ 2382.584494]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2382.585436]  ? vfs_write+0x354/0xa70
[ 2382.586194]  __x64_sys_sendfile64+0x1d1/0x210
[ 2382.587137]  ? __ia32_sys_sendfile+0x220/0x220
[ 2382.588084]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2382.589071]  do_syscall_64+0x33/0x40
[ 2382.589831]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2382.590889] RIP: 0033:0x7f23c5d5cb19
[ 2382.591659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2382.595409] RSP: 002b:00007f23c32b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2382.596956] RAX: ffffffffffffffda RBX: 00007f23c5e70020 RCX: 00007f23c5d5cb19
[ 2382.598423] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[ 2382.599872] RBP: 00007f23c32b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 2382.601328] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2382.602786] R13: 00007ffda14b703f R14: 00007f23c32b1300 R15: 0000000000022000
01:47:28 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)

01:47:28 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:47:28 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(0xffffffffffffffff, r0, 0x0, 0x20d315)

01:47:28 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2382.917247] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:47:42 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 10)

01:47:42 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:47:42 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:47:42 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:47:42 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 7)

01:47:42 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)

01:47:42 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x88a61d00, 0x0)

01:47:42 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(0xffffffffffffffff, r0, 0x0, 0x20d315)

[ 2396.939758] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2396.972805] FAULT_INJECTION: forcing a failure.
[ 2396.972805] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2396.974147] CPU: 1 PID: 14892 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2396.974891] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2396.975773] Call Trace:
[ 2396.976059]  dump_stack+0x107/0x167
[ 2396.976454]  should_fail.cold+0x5/0xa
[ 2396.976866]  __alloc_pages_nodemask+0x182/0x690
[ 2396.977359]  ? xa_load+0x12d/0x2c0
[ 2396.977751]  ? lock_downgrade+0x6d0/0x6d0
[ 2396.978199]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2396.978857]  alloc_pages_current+0x187/0x280
[ 2396.979329]  __page_cache_alloc+0x2d2/0x360
[ 2396.979801]  page_cache_ra_unbounded+0x207/0x6f0
[ 2396.980314]  ? read_pages+0xbc0/0xbc0
[ 2396.980718]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2396.981228]  ondemand_readahead+0x8e5/0x1150
[ 2396.981701]  page_cache_sync_ra+0x138/0x170
[ 2396.982165]  generic_file_buffered_read+0xc74/0x28f0
[ 2396.982744]  ? pagecache_get_page+0xc80/0xc80
[ 2396.983223]  ? kasan_save_stack+0x32/0x40
[ 2396.983675]  ? do_splice_direct+0x1c4/0x290
[ 2396.984134]  ? do_sendfile+0x553/0x1090
[ 2396.984558]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2396.985051]  ? do_syscall_64+0x33/0x40
[ 2396.985477]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2396.985893] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2396.986049]  ? perf_trace_lock+0xac/0x490
[ 2396.986067]  ? lock_chain_count+0x20/0x20
[ 2396.988698]  generic_file_read_iter+0x33f/0x490
[ 2396.989222]  ext4_file_read_iter+0x184/0x4c0
[ 2396.989716]  generic_file_splice_read+0x455/0x6d0
[ 2396.990245]  ? pipe_to_user+0x170/0x170
[ 2396.990686]  ? _cond_resched+0x12/0x80
[ 2396.991121]  ? avc_policy_seqno+0x9/0x70
[ 2396.991569]  ? selinux_file_permission+0x92/0x520
[ 2396.992103]  ? lockdep_init_map_type+0x2c7/0x780
[ 2396.992623]  ? pipe_to_user+0x170/0x170
[ 2396.993062]  do_splice_to+0x10e/0x160
[ 2396.993482]  splice_direct_to_actor+0x2fe/0x980
[ 2396.994004]  ? pipe_to_sendpage+0x380/0x380
[ 2396.994490]  ? do_splice_to+0x160/0x160
[ 2396.994930]  ? security_file_permission+0x24e/0x570
[ 2396.995481]  do_splice_direct+0x1c4/0x290
[ 2396.995927]  ? splice_direct_to_actor+0x980/0x980
[ 2396.996463]  ? selinux_file_permission+0x92/0x520
[ 2396.997006]  ? security_file_permission+0x24e/0x570
[ 2396.997571]  do_sendfile+0x553/0x1090
[ 2396.998003]  ? do_pwritev+0x270/0x270
[ 2396.998425]  ? wait_for_completion_io+0x270/0x270
[ 2396.998969]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2396.999480]  ? vfs_write+0x354/0xa70
[ 2396.999900]  __x64_sys_sendfile64+0x1d1/0x210
[ 2397.000397]  ? __ia32_sys_sendfile+0x220/0x220
[ 2397.000904]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2397.001445]  do_syscall_64+0x33/0x40
[ 2397.001853]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2397.002426] RIP: 0033:0x7ff709825b19
[ 2397.002851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2397.004893] RSP: 002b:00007ff706d9b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2397.005735] RAX: ffffffffffffffda RBX: 00007ff709938f60 RCX: 00007ff709825b19
[ 2397.006528] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2397.007320] RBP: 00007ff706d9b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2397.008103] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2397.008891] R13: 00007ffdbcd37b1f R14: 00007ff706d9b300 R15: 0000000000022000
[ 2397.019874] FAULT_INJECTION: forcing a failure.
[ 2397.019874] name failslab, interval 1, probability 0, space 0, times 0
[ 2397.020045] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2397.021122] CPU: 1 PID: 14922 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2397.023669] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2397.024579] Call Trace:
[ 2397.024876]  dump_stack+0x107/0x167
[ 2397.025268]  should_fail.cold+0x5/0xa
[ 2397.025679]  ? xas_alloc+0x336/0x440
[ 2397.026086]  should_failslab+0x5/0x20
[ 2397.026504]  kmem_cache_alloc+0x5b/0x360
[ 2397.026933]  ? SOFTIRQ_verbose+0x10/0x10
[ 2397.027380]  xas_alloc+0x336/0x440
[ 2397.027763]  xas_create+0x60f/0x10d0
[ 2397.028175]  xas_store+0x8c/0x1c40
[ 2397.028472] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2397.028559]  ? xas_find_conflict+0x4b5/0xa70
[ 2397.028578]  __add_to_page_cache_locked+0x708/0xd10
[ 2397.028596]  ? file_write_and_wait_range+0x130/0x130
[ 2397.031826]  ? lock_downgrade+0x6d0/0x6d0
[ 2397.032270]  ? memcg_drain_all_list_lrus+0x720/0x720
[ 2397.032821]  add_to_page_cache_lru+0xe6/0x2e0
[ 2397.033308]  ? add_to_page_cache_locked+0x40/0x40
[ 2397.033845]  ? __page_cache_alloc+0x10d/0x360
[ 2397.034350]  page_cache_ra_unbounded+0x419/0x6f0
[ 2397.034880]  ? read_pages+0xbc0/0xbc0
[ 2397.035301]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2397.035815]  ondemand_readahead+0x8e5/0x1150
[ 2397.036315]  page_cache_sync_ra+0x138/0x170
[ 2397.036778]  generic_file_buffered_read+0xc74/0x28f0
[ 2397.037358]  ? pagecache_get_page+0xc80/0xc80
[ 2397.037839]  ? kasan_save_stack+0x32/0x40
[ 2397.038304]  ? do_splice_direct+0x1c4/0x290
[ 2397.038775]  ? do_sendfile+0x553/0x1090
[ 2397.039222]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2397.039730]  ? do_syscall_64+0x33/0x40
[ 2397.040166]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2397.040751]  ? perf_trace_lock+0xac/0x490
[ 2397.041209]  ? lock_chain_count+0x20/0x20
[ 2397.041673]  generic_file_read_iter+0x33f/0x490
[ 2397.042194]  ext4_file_read_iter+0x184/0x4c0
[ 2397.042697]  generic_file_splice_read+0x455/0x6d0
[ 2397.043236]  ? pipe_to_user+0x170/0x170
[ 2397.043675]  ? _cond_resched+0x12/0x80
[ 2397.044115]  ? avc_policy_seqno+0x9/0x70
[ 2397.044561]  ? selinux_file_permission+0x92/0x520
[ 2397.045101]  ? lockdep_init_map_type+0x2c7/0x780
[ 2397.045623]  ? pipe_to_user+0x170/0x170
[ 2397.046068]  do_splice_to+0x10e/0x160
[ 2397.046491]  splice_direct_to_actor+0x2fe/0x980
[ 2397.047005]  ? pipe_to_sendpage+0x380/0x380
[ 2397.047488]  ? do_splice_to+0x160/0x160
[ 2397.047928]  ? security_file_permission+0x24e/0x570
[ 2397.048492]  do_splice_direct+0x1c4/0x290
[ 2397.048952]  ? splice_direct_to_actor+0x980/0x980
[ 2397.049483]  ? selinux_file_permission+0x92/0x520
[ 2397.050030]  ? security_file_permission+0x24e/0x570
[ 2397.050601]  do_sendfile+0x553/0x1090
[ 2397.051034]  ? do_pwritev+0x270/0x270
[ 2397.051463]  ? wait_for_completion_io+0x270/0x270
[ 2397.052000]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2397.052515]  ? vfs_write+0x354/0xa70
[ 2397.052944]  __x64_sys_sendfile64+0x1d1/0x210
[ 2397.053446]  ? __ia32_sys_sendfile+0x220/0x220
[ 2397.053957]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2397.054504]  do_syscall_64+0x33/0x40
[ 2397.054920]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2397.055492] RIP: 0033:0x7f23c5d5cb19
[ 2397.055913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2397.057943] RSP: 002b:00007f23c32b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2397.058787] RAX: ffffffffffffffda RBX: 00007f23c5e70020 RCX: 00007f23c5d5cb19
[ 2397.059580] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2397.060371] RBP: 00007f23c32b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 2397.061164] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2397.061952] R13: 00007ffda14b703f R14: 00007f23c32b1300 R15: 0000000000022000
01:47:42 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)

[ 2397.076238] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:47:42 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2397.192023] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:47:42 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x20d315)

[ 2397.292462] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2397.420380] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:48:00 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 11)

01:48:00 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x20d315)

01:48:00 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0xffffffff000, 0x0)

01:48:00 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:48:00 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:48:00 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 8)

01:48:00 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)

01:48:00 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2415.243932] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2415.267338] FAULT_INJECTION: forcing a failure.
[ 2415.267338] name failslab, interval 1, probability 0, space 0, times 0
[ 2415.269630] CPU: 0 PID: 14947 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2415.271212] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2415.271525] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2415.272904] Call Trace:
[ 2415.272930]  dump_stack+0x107/0x167
[ 2415.272959]  should_fail.cold+0x5/0xa
[ 2415.272983]  ? create_object.isra.0+0x3a/0xa20
[ 2415.273011]  should_failslab+0x5/0x20
[ 2415.278359]  kmem_cache_alloc+0x5b/0x360
[ 2415.279229]  create_object.isra.0+0x3a/0xa20
[ 2415.280130]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2415.281173]  kmem_cache_alloc+0x159/0x360
[ 2415.282029]  xas_alloc+0x336/0x440
[ 2415.282756]  xas_create+0x60f/0x10d0
[ 2415.283543]  xas_store+0x8c/0x1c40
[ 2415.284277]  ? xas_find_conflict+0x4b5/0xa70
[ 2415.285205]  __add_to_page_cache_locked+0x708/0xd10
[ 2415.286244]  ? file_write_and_wait_range+0x130/0x130
[ 2415.287300]  ? lock_downgrade+0x6d0/0x6d0
[ 2415.288159]  ? memcg_drain_all_list_lrus+0x720/0x720
[ 2415.289216]  add_to_page_cache_lru+0xe6/0x2e0
[ 2415.290140]  ? add_to_page_cache_locked+0x40/0x40
[ 2415.291140]  ? __page_cache_alloc+0x10d/0x360
[ 2415.292073]  page_cache_ra_unbounded+0x419/0x6f0
[ 2415.293065]  ? read_pages+0xbc0/0xbc0
[ 2415.293853]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2415.294836]  ondemand_readahead+0x8e5/0x1150
[ 2415.295751]  page_cache_sync_ra+0x138/0x170
[ 2415.296636]  generic_file_buffered_read+0xc74/0x28f0
[ 2415.297714]  ? pagecache_get_page+0xc80/0xc80
[ 2415.298632]  ? kasan_save_stack+0x32/0x40
[ 2415.299497]  ? do_splice_direct+0x1c4/0x290
[ 2415.300380]  ? do_sendfile+0x553/0x1090
[ 2415.301193]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2415.302142]  ? do_syscall_64+0x33/0x40
[ 2415.302956]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2415.304040]  ? perf_trace_lock+0xac/0x490
[ 2415.304890]  ? lock_chain_count+0x20/0x20
[ 2415.305746]  generic_file_read_iter+0x33f/0x490
[ 2415.306730]  ext4_file_read_iter+0x184/0x4c0
[ 2415.307637]  generic_file_splice_read+0x455/0x6d0
[ 2415.308633]  ? pipe_to_user+0x170/0x170
[ 2415.309450]  ? _cond_resched+0x12/0x80
[ 2415.310259]  ? avc_policy_seqno+0x9/0x70
[ 2415.311100]  ? selinux_file_permission+0x92/0x520
[ 2415.312097]  ? lockdep_init_map_type+0x2c7/0x780
[ 2415.313078]  ? pipe_to_user+0x170/0x170
[ 2415.313881]  do_splice_to+0x10e/0x160
[ 2415.314637]  splice_direct_to_actor+0x2fe/0x980
[ 2415.315602]  ? pipe_to_sendpage+0x380/0x380
[ 2415.316469]  ? do_splice_to+0x160/0x160
[ 2415.317289]  ? security_file_permission+0x24e/0x570
[ 2415.318330]  do_splice_direct+0x1c4/0x290
[ 2415.319207]  ? splice_direct_to_actor+0x980/0x980
[ 2415.320190]  ? selinux_file_permission+0x92/0x520
[ 2415.321187]  ? security_file_permission+0x24e/0x570
[ 2415.322226]  do_sendfile+0x553/0x1090
[ 2415.323034]  ? do_pwritev+0x270/0x270
[ 2415.323826]  ? wait_for_completion_io+0x270/0x270
[ 2415.324809]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2415.325759]  ? vfs_write+0x354/0xa70
[ 2415.326538]  __x64_sys_sendfile64+0x1d1/0x210
[ 2415.327476]  ? __ia32_sys_sendfile+0x220/0x220
[ 2415.328427]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2415.329425]  do_syscall_64+0x33/0x40
[ 2415.330195]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2415.331266] RIP: 0033:0x7f23c5d5cb19
[ 2415.332029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2415.335805] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2415.337357] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2415.338823] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2415.340278] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2415.341727] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2415.343190] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2415.366326] FAULT_INJECTION: forcing a failure.
[ 2415.366326] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2415.369061] CPU: 0 PID: 14978 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2415.370557] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2415.372244] Call Trace:
[ 2415.372780]  dump_stack+0x107/0x167
[ 2415.373533]  should_fail.cold+0x5/0xa
[ 2415.374330]  __alloc_pages_nodemask+0x182/0x690
[ 2415.375281]  ? xa_load+0x12d/0x2c0
[ 2415.376003]  ? lock_downgrade+0x6d0/0x6d0
[ 2415.376850]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2415.378095]  alloc_pages_current+0x187/0x280
[ 2415.379016]  __page_cache_alloc+0x2d2/0x360
[ 2415.379915]  page_cache_ra_unbounded+0x207/0x6f0
[ 2415.380901]  ? read_pages+0xbc0/0xbc0
[ 2415.381682]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2415.382658]  ondemand_readahead+0x8e5/0x1150
[ 2415.383592]  page_cache_sync_ra+0x138/0x170
[ 2415.384482]  generic_file_buffered_read+0xc74/0x28f0
[ 2415.385553]  ? pagecache_get_page+0xc80/0xc80
[ 2415.386470]  ? kasan_save_stack+0x32/0x40
[ 2415.387332]  ? do_splice_direct+0x1c4/0x290
[ 2415.388217]  ? do_sendfile+0x553/0x1090
[ 2415.389022]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2415.389961]  ? do_syscall_64+0x33/0x40
[ 2415.390776]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2415.391850]  ? perf_trace_lock+0xac/0x490
[ 2415.392691]  ? lock_chain_count+0x20/0x20
[ 2415.393544]  generic_file_read_iter+0x33f/0x490
[ 2415.394510]  ext4_file_read_iter+0x184/0x4c0
[ 2415.395428]  generic_file_splice_read+0x455/0x6d0
[ 2415.396415]  ? pipe_to_user+0x170/0x170
[ 2415.397232]  ? _cond_resched+0x12/0x80
[ 2415.398032]  ? avc_policy_seqno+0x9/0x70
[ 2415.398886]  ? selinux_file_permission+0x92/0x520
[ 2415.399877]  ? lockdep_init_map_type+0x2c7/0x780
[ 2415.400850]  ? pipe_to_user+0x170/0x170
[ 2415.401666]  do_splice_to+0x10e/0x160
[ 2415.402452]  splice_direct_to_actor+0x2fe/0x980
[ 2415.403420]  ? pipe_to_sendpage+0x380/0x380
[ 2415.404323]  ? do_splice_to+0x160/0x160
[ 2415.405137]  ? security_file_permission+0x24e/0x570
[ 2415.406170]  do_splice_direct+0x1c4/0x290
[ 2415.407029]  ? splice_direct_to_actor+0x980/0x980
[ 2415.408013]  ? selinux_file_permission+0x92/0x520
[ 2415.409015]  ? security_file_permission+0x24e/0x570
[ 2415.410047]  do_sendfile+0x553/0x1090
[ 2415.410866]  ? do_pwritev+0x270/0x270
[ 2415.411654]  ? wait_for_completion_io+0x270/0x270
[ 2415.412632]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2415.413576]  ? vfs_write+0x354/0xa70
[ 2415.414346]  __x64_sys_sendfile64+0x1d1/0x210
[ 2415.415273]  ? __ia32_sys_sendfile+0x220/0x220
[ 2415.416214]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2415.417212]  do_syscall_64+0x33/0x40
[ 2415.417992]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2415.419061] RIP: 0033:0x7ff709825b19
[ 2415.419832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2415.423584] RSP: 002b:00007ff706d7a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2415.425116] RAX: ffffffffffffffda RBX: 00007ff709939020 RCX: 00007ff709825b19
[ 2415.426572] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2415.428042] RBP: 00007ff706d7a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2415.429493] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2415.430954] R13: 00007ffdbcd37b1f R14: 00007ff706d7a300 R15: 0000000000022000
[ 2415.445148] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2415.455069] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2415.464224] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2415.473887] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
01:48:01 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:48:01 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)

01:48:01 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x20d315)

01:48:01 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 9)

[ 2415.704899] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
01:48:01 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:48:01 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 12)

01:48:01 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2415.768114] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
01:48:01 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2415.809193] FAULT_INJECTION: forcing a failure.
[ 2415.809193] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2415.811635] CPU: 1 PID: 14990 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2415.812996] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2415.814641] Call Trace:
[ 2415.815180]  dump_stack+0x107/0x167
[ 2415.815906]  should_fail.cold+0x5/0xa
[ 2415.816665]  __alloc_pages_nodemask+0x182/0x690
[ 2415.817572]  ? xa_load+0x12d/0x2c0
[ 2415.818274]  ? lock_downgrade+0x6d0/0x6d0
[ 2415.819097]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2415.820296]  alloc_pages_current+0x187/0x280
[ 2415.821162]  __page_cache_alloc+0x2d2/0x360
[ 2415.822014]  page_cache_ra_unbounded+0x207/0x6f0
[ 2415.822997]  ? read_pages+0xbc0/0xbc0
[ 2415.823737]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2415.824662]  ondemand_readahead+0x8e5/0x1150
[ 2415.825535]  page_cache_sync_ra+0x138/0x170
[ 2415.826385]  generic_file_buffered_read+0xc74/0x28f0
[ 2415.827413]  ? pagecache_get_page+0xc80/0xc80
[ 2415.828283]  ? kasan_save_stack+0x32/0x40
[ 2415.829099]  ? do_splice_direct+0x1c4/0x290
[ 2415.829936]  ? do_sendfile+0x553/0x1090
[ 2415.830724]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2415.831628]  ? do_syscall_64+0x33/0x40
[ 2415.832392]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2415.833422]  ? perf_trace_lock+0xac/0x490
[ 2415.834230]  ? lock_chain_count+0x20/0x20
[ 2415.835055]  generic_file_read_iter+0x33f/0x490
[ 2415.835963]  ext4_file_read_iter+0x184/0x4c0
[ 2415.836815]  generic_file_splice_read+0x455/0x6d0
[ 2415.837743]  ? pipe_to_user+0x170/0x170
[ 2415.838505]  ? _cond_resched+0x12/0x80
[ 2415.839274]  ? avc_policy_seqno+0x9/0x70
[ 2415.840056]  ? selinux_file_permission+0x92/0x520
[ 2415.840994]  ? lockdep_init_map_type+0x2c7/0x780
[ 2415.841910]  ? pipe_to_user+0x170/0x170
[ 2415.842678]  do_splice_to+0x10e/0x160
[ 2415.843447]  splice_direct_to_actor+0x2fe/0x980
[ 2415.844355]  ? pipe_to_sendpage+0x380/0x380
[ 2415.845198]  ? do_splice_to+0x160/0x160
[ 2415.845966]  ? security_file_permission+0x24e/0x570
[ 2415.846948]  do_splice_direct+0x1c4/0x290
[ 2415.847748]  ? splice_direct_to_actor+0x980/0x980
[ 2415.848674]  ? selinux_file_permission+0x92/0x520
[ 2415.849611]  ? security_file_permission+0x24e/0x570
[ 2415.850588]  do_sendfile+0x553/0x1090
[ 2415.851355]  ? do_pwritev+0x270/0x270
[ 2415.852094]  ? wait_for_completion_io+0x270/0x270
[ 2415.853028]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2415.853921]  ? vfs_write+0x354/0xa70
[ 2415.854649]  __x64_sys_sendfile64+0x1d1/0x210
[ 2415.855523]  ? __ia32_sys_sendfile+0x220/0x220
[ 2415.856412]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2415.857348]  do_syscall_64+0x33/0x40
[ 2415.858069]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2415.859074] RIP: 0033:0x7f23c5d5cb19
[ 2415.859791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2415.863293] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2415.864759] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2415.866120] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2415.867507] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2415.868865] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2415.870221] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2415.906035] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2415.909331] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:48:01 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x800800000000, 0x0)

[ 2415.964943] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2415.972427] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
01:48:01 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)

01:48:01 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x0)

[ 2415.993656] FAULT_INJECTION: forcing a failure.
[ 2415.993656] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2415.996287] CPU: 0 PID: 15005 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2415.997758] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2415.999604] Call Trace:
[ 2416.000188]  dump_stack+0x107/0x167
[ 2416.000982]  should_fail.cold+0x5/0xa
[ 2416.001842]  __alloc_pages_nodemask+0x182/0x690
[ 2416.002882]  ? xa_load+0x12d/0x2c0
[ 2416.003685]  ? lock_downgrade+0x6d0/0x6d0
[ 2416.004615]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2416.005990]  alloc_pages_current+0x187/0x280
[ 2416.006991]  __page_cache_alloc+0x2d2/0x360
[ 2416.007968]  page_cache_ra_unbounded+0x207/0x6f0
[ 2416.009058]  ? read_pages+0xbc0/0xbc0
[ 2416.009894]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2416.010972]  ondemand_readahead+0x8e5/0x1150
[ 2416.011974]  page_cache_sync_ra+0x138/0x170
[ 2416.012937]  generic_file_buffered_read+0xc74/0x28f0
[ 2416.014097]  ? pagecache_get_page+0xc80/0xc80
[ 2416.015099]  ? kasan_save_stack+0x32/0x40
[ 2416.016023]  ? do_splice_direct+0x1c4/0x290
[ 2416.016975]  ? do_sendfile+0x553/0x1090
[ 2416.017858]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2416.018906]  ? do_syscall_64+0x33/0x40
[ 2416.019773]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2416.020940]  ? perf_trace_lock+0xac/0x490
[ 2416.021851]  ? lock_chain_count+0x20/0x20
[ 2416.022784]  generic_file_read_iter+0x33f/0x490
[ 2416.023828]  ext4_file_read_iter+0x184/0x4c0
[ 2416.024806]  generic_file_splice_read+0x455/0x6d0
[ 2416.025868]  ? pipe_to_user+0x170/0x170
[ 2416.026754]  ? _cond_resched+0x12/0x80
[ 2416.027622]  ? avc_policy_seqno+0x9/0x70
[ 2416.028859]  ? selinux_file_permission+0x92/0x520
[ 2416.030021]  ? lockdep_init_map_type+0x2c7/0x780
[ 2416.031119]  ? pipe_to_user+0x170/0x170
[ 2416.032080]  do_splice_to+0x10e/0x160
[ 2416.033008]  splice_direct_to_actor+0x2fe/0x980
[ 2416.034139]  ? pipe_to_sendpage+0x380/0x380
[ 2416.035192]  ? do_splice_to+0x160/0x160
[ 2416.036190]  ? security_file_permission+0x24e/0x570
[ 2416.037486]  do_splice_direct+0x1c4/0x290
[ 2416.038551]  ? splice_direct_to_actor+0x980/0x980
[ 2416.039661]  ? selinux_file_permission+0x92/0x520
[ 2416.040473]  ? security_file_permission+0x24e/0x570
[ 2416.041308]  do_sendfile+0x553/0x1090
[ 2416.041933]  ? do_pwritev+0x270/0x270
[ 2416.042569]  ? wait_for_completion_io+0x270/0x270
[ 2416.043351]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2416.044135]  ? vfs_write+0x354/0xa70
[ 2416.044733]  __x64_sys_sendfile64+0x1d1/0x210
[ 2416.045461]  ? __ia32_sys_sendfile+0x220/0x220
[ 2416.046180]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2416.046976]  do_syscall_64+0x33/0x40
[ 2416.047606]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2416.048416] RIP: 0033:0x7ff709825b19
[ 2416.049005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2416.051959] RSP: 002b:00007ff706d9b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2416.053175] RAX: ffffffffffffffda RBX: 00007ff709938f60 RCX: 00007ff709825b19
[ 2416.054335] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2416.055503] RBP: 00007ff706d9b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2416.056648] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2416.057790] R13: 00007ffdbcd37b1f R14: 00007ff706d9b300 R15: 0000000000022000
[ 2416.075810] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2416.137803] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
01:48:01 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 10)

[ 2416.211988] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:48:01 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:48:01 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2416.263141] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2416.284074] FAULT_INJECTION: forcing a failure.
[ 2416.284074] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2416.285916] CPU: 1 PID: 15037 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2416.286992] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2416.288265] Call Trace:
[ 2416.288674]  dump_stack+0x107/0x167
[ 2416.289242]  should_fail.cold+0x5/0xa
[ 2416.289831]  __alloc_pages_nodemask+0x182/0x690
[ 2416.290547]  ? xa_load+0x12d/0x2c0
[ 2416.291116]  ? lock_downgrade+0x6d0/0x6d0
[ 2416.291759]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2416.292710]  alloc_pages_current+0x187/0x280
[ 2416.293406]  __page_cache_alloc+0x2d2/0x360
[ 2416.294097]  page_cache_ra_unbounded+0x207/0x6f0
[ 2416.294865]  ? read_pages+0xbc0/0xbc0
[ 2416.295455]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2416.296195]  ondemand_readahead+0x8e5/0x1150
[ 2416.296893]  page_cache_sync_ra+0x138/0x170
[ 2416.297568]  generic_file_buffered_read+0xc74/0x28f0
[ 2416.298384]  ? pagecache_get_page+0xc80/0xc80
[ 2416.299089]  ? kasan_save_stack+0x32/0x40
[ 2416.299741]  ? do_splice_direct+0x1c4/0x290
[ 2416.300406]  ? do_sendfile+0x553/0x1090
[ 2416.301021]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2416.301740]  ? do_syscall_64+0x33/0x40
[ 2416.302342]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2416.303181]  ? perf_trace_lock+0xac/0x490
[ 2416.303818]  ? lock_chain_count+0x20/0x20
[ 2416.304463]  generic_file_read_iter+0x33f/0x490
[ 2416.305190]  ext4_file_read_iter+0x184/0x4c0
[ 2416.305871]  generic_file_splice_read+0x455/0x6d0
[ 2416.306621]  ? pipe_to_user+0x170/0x170
[ 2416.307248]  ? _cond_resched+0x12/0x80
[ 2416.307852]  ? avc_policy_seqno+0x9/0x70
[ 2416.308480]  ? selinux_file_permission+0x92/0x520
[ 2416.309233]  ? lockdep_init_map_type+0x2c7/0x780
[ 2416.309975]  ? pipe_to_user+0x170/0x170
[ 2416.310596]  do_splice_to+0x10e/0x160
[ 2416.311206]  splice_direct_to_actor+0x2fe/0x980
[ 2416.311933]  ? pipe_to_sendpage+0x380/0x380
[ 2416.312606]  ? do_splice_to+0x160/0x160
[ 2416.313221]  ? security_file_permission+0x24e/0x570
[ 2416.314003]  do_splice_direct+0x1c4/0x290
[ 2416.314642]  ? splice_direct_to_actor+0x980/0x980
[ 2416.315409]  ? selinux_file_permission+0x92/0x520
[ 2416.316151]  ? security_file_permission+0x24e/0x570
[ 2416.316933]  do_sendfile+0x553/0x1090
[ 2416.317537]  ? do_pwritev+0x270/0x270
[ 2416.318124]  ? wait_for_completion_io+0x270/0x270
[ 2416.318869]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2416.319581]  ? vfs_write+0x354/0xa70
[ 2416.320160]  __x64_sys_sendfile64+0x1d1/0x210
[ 2416.320855]  ? __ia32_sys_sendfile+0x220/0x220
[ 2416.321563]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2416.322315]  do_syscall_64+0x33/0x40
[ 2416.322905]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2416.323691] RIP: 0033:0x7f23c5d5cb19
[ 2416.324264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2416.327085] RSP: 002b:00007f23c32b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2416.328253] RAX: ffffffffffffffda RBX: 00007f23c5e70020 RCX: 00007f23c5d5cb19
[ 2416.329349] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2416.330440] RBP: 00007f23c32b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 2416.331529] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2416.332618] R13: 00007ffda14b703f R14: 00007f23c32b1300 R15: 0000000000022000
[ 2416.357516] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2416.516157] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2416.544029] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
01:48:17 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 13)

01:48:17 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:48:17 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:48:17 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)

01:48:17 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:48:17 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x0)

01:48:17 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 11)

01:48:17 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0xf0ffffff0f0000, 0x0)

[ 2431.977428] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2431.977578] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2432.010341] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2432.015054] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:48:17 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2432.019432] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2432.022806] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2432.029956] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2432.071651] FAULT_INJECTION: forcing a failure.
[ 2432.071651] name failslab, interval 1, probability 0, space 0, times 0
[ 2432.074693] CPU: 0 PID: 15086 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2432.076189] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2432.077987] Call Trace:
[ 2432.078565]  dump_stack+0x107/0x167
[ 2432.079375]  should_fail.cold+0x5/0xa
[ 2432.080199]  ? ext4_find_extent+0xa3d/0xd30
[ 2432.081129]  should_failslab+0x5/0x20
[ 2432.081953]  __kmalloc+0x72/0x330
[ 2432.082721]  ext4_find_extent+0xa3d/0xd30
[ 2432.083660]  ext4_ext_map_blocks+0x1c8/0x5c20
[ 2432.084650]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2432.085784]  ? SOFTIRQ_verbose+0x10/0x10
[ 2432.086663]  ? perf_trace_lock+0xac/0x490
[ 2432.087572]  ? SOFTIRQ_verbose+0x10/0x10
[ 2432.088462]  ? ext4_ext_release+0x10/0x10
[ 2432.089373]  ? lock_release+0x6b0/0x6b0
[ 2432.090236]  ? ext4_es_lookup_extent+0x48d/0xc20
[ 2432.091265]  ? lock_downgrade+0x6d0/0x6d0
[ 2432.092185]  ? down_read+0x10f/0x430
[ 2432.092992]  ? down_write+0x160/0x160
[ 2432.093815]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2432.094853]  ? ext4_es_lookup_extent+0xc4/0xc20
[ 2432.095902]  ext4_map_blocks+0x9cc/0x1970
[ 2432.096814]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2432.097788]  ? xas_find_conflict+0xa70/0xa70
[ 2432.098756]  ? perf_trace_lock+0xac/0x490
[ 2432.099667]  ext4_mpage_readpages+0xa0f/0x16d0
01:48:17 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2432.100684]  ? SOFTIRQ_verbose+0x10/0x10
[ 2432.101700]  ? verity_work+0x90/0x90
[ 2432.102511]  ? mark_held_locks+0x9e/0xe0
[ 2432.103420]  ? find_held_lock+0x2c/0x110
[ 2432.104322]  ext4_readahead+0x102/0x140
[ 2432.105181]  ? __check_block_validity.constprop.0+0x2f0/0x2f0
[ 2432.106439]  read_pages+0x1ee/0xbc0
[ 2432.107250]  ? lru_cache_add+0x45c/0x800
[ 2432.108134]  ? read_cache_pages+0x5a0/0x5a0
[ 2432.109062]  ? add_to_page_cache_lru+0x1b6/0x2e0
[ 2432.110098]  ? __page_cache_alloc+0x10d/0x360
[ 2432.110924] FAULT_INJECTION: forcing a failure.
[ 2432.110924] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2432.111091]  page_cache_ra_unbounded+0x51c/0x6f0
[ 2432.113390]  ? read_pages+0xbc0/0xbc0
[ 2432.114213]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2432.115251]  ondemand_readahead+0x8e5/0x1150
[ 2432.116221]  page_cache_sync_ra+0x138/0x170
[ 2432.117157]  generic_file_buffered_read+0xc74/0x28f0
[ 2432.118288]  ? pagecache_get_page+0xc80/0xc80
[ 2432.119261]  ? kasan_save_stack+0x32/0x40
[ 2432.120163]  ? do_splice_direct+0x1c4/0x290
[ 2432.121094]  ? do_sendfile+0x553/0x1090
[ 2432.121953]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2432.122973]  ? do_syscall_64+0x33/0x40
[ 2432.123813]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2432.124957]  ? perf_trace_lock+0xac/0x490
[ 2432.125850]  ? lock_chain_count+0x20/0x20
[ 2432.126755]  generic_file_read_iter+0x33f/0x490
[ 2432.127779]  ext4_file_read_iter+0x184/0x4c0
[ 2432.128734]  generic_file_splice_read+0x455/0x6d0
[ 2432.129781]  ? pipe_to_user+0x170/0x170
[ 2432.130638]  ? _cond_resched+0x12/0x80
[ 2432.131506]  ? avc_policy_seqno+0x9/0x70
[ 2432.132381]  ? selinux_file_permission+0x92/0x520
[ 2432.133437]  ? lockdep_init_map_type+0x2c7/0x780
[ 2432.134471]  ? pipe_to_user+0x170/0x170
[ 2432.135343]  do_splice_to+0x10e/0x160
[ 2432.136177]  splice_direct_to_actor+0x2fe/0x980
[ 2432.137191]  ? pipe_to_sendpage+0x380/0x380
[ 2432.138135]  ? do_splice_to+0x160/0x160
[ 2432.139012]  ? security_file_permission+0x24e/0x570
[ 2432.140104]  do_splice_direct+0x1c4/0x290
[ 2432.141003]  ? splice_direct_to_actor+0x980/0x980
[ 2432.142040]  ? selinux_file_permission+0x92/0x520
[ 2432.143133]  ? security_file_permission+0x24e/0x570
[ 2432.144226]  do_sendfile+0x553/0x1090
[ 2432.145099]  ? do_pwritev+0x270/0x270
[ 2432.145915]  ? wait_for_completion_io+0x270/0x270
[ 2432.147000]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2432.148000]  ? vfs_write+0x354/0xa70
[ 2432.148825]  __x64_sys_sendfile64+0x1d1/0x210
[ 2432.149801]  ? __ia32_sys_sendfile+0x220/0x220
[ 2432.150810]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2432.151891]  do_syscall_64+0x33/0x40
[ 2432.152705]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2432.153808] RIP: 0033:0x7ff709825b19
[ 2432.154604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2432.158537] RSP: 002b:00007ff706d7a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2432.160194] RAX: ffffffffffffffda RBX: 00007ff709939020 RCX: 00007ff709825b19
[ 2432.161747] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2432.163289] RBP: 00007ff706d7a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2432.164855] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2432.166435] R13: 00007ffdbcd37b1f R14: 00007ff706d7a300 R15: 0000000000022000
[ 2432.168014] CPU: 1 PID: 15061 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2432.168790] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2432.169668] Call Trace:
[ 2432.169957]  dump_stack+0x107/0x167
[ 2432.170349]  should_fail.cold+0x5/0xa
[ 2432.170765]  __alloc_pages_nodemask+0x182/0x690
[ 2432.171269]  ? xa_load+0x12d/0x2c0
[ 2432.171650]  ? lock_downgrade+0x6d0/0x6d0
[ 2432.172093]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2432.172746]  alloc_pages_current+0x187/0x280
[ 2432.173219]  __page_cache_alloc+0x2d2/0x360
[ 2432.173688]  page_cache_ra_unbounded+0x207/0x6f0
[ 2432.174204]  ? read_pages+0xbc0/0xbc0
[ 2432.174608]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2432.175139]  ondemand_readahead+0x8e5/0x1150
[ 2432.175618]  page_cache_sync_ra+0x138/0x170
[ 2432.176084]  generic_file_buffered_read+0xc74/0x28f0
[ 2432.176639]  ? pagecache_get_page+0xc80/0xc80
[ 2432.177121]  ? kasan_save_stack+0x32/0x40
[ 2432.177561]  ? do_splice_direct+0x1c4/0x290
[ 2432.178019]  ? do_sendfile+0x553/0x1090
[ 2432.178440]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2432.178939]  ? do_syscall_64+0x33/0x40
[ 2432.179351]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2432.179919]  ? perf_trace_lock+0xac/0x490
[ 2432.180359]  ? lock_chain_count+0x20/0x20
[ 2432.180805]  generic_file_read_iter+0x33f/0x490
[ 2432.181303]  ext4_file_read_iter+0x184/0x4c0
[ 2432.181788]  generic_file_splice_read+0x455/0x6d0
[ 2432.182305]  ? pipe_to_user+0x170/0x170
[ 2432.182728]  ? _cond_resched+0x12/0x80
[ 2432.183152]  ? avc_policy_seqno+0x9/0x70
[ 2432.183588]  ? selinux_file_permission+0x92/0x520
[ 2432.184103]  ? lockdep_init_map_type+0x2c7/0x780
[ 2432.184608]  ? pipe_to_user+0x170/0x170
[ 2432.185036]  do_splice_to+0x10e/0x160
[ 2432.185441]  splice_direct_to_actor+0x2fe/0x980
[ 2432.185939]  ? pipe_to_sendpage+0x380/0x380
[ 2432.186400]  ? do_splice_to+0x160/0x160
[ 2432.186826]  ? security_file_permission+0x24e/0x570
[ 2432.187372]  do_splice_direct+0x1c4/0x290
[ 2432.187811]  ? splice_direct_to_actor+0x980/0x980
[ 2432.188319]  ? selinux_file_permission+0x92/0x520
[ 2432.188840]  ? security_file_permission+0x24e/0x570
[ 2432.189376]  do_sendfile+0x553/0x1090
[ 2432.189792]  ? do_pwritev+0x270/0x270
[ 2432.190201]  ? wait_for_completion_io+0x270/0x270
[ 2432.190715]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2432.191208]  ? vfs_write+0x354/0xa70
[ 2432.191612]  __x64_sys_sendfile64+0x1d1/0x210
[ 2432.192086]  ? __ia32_sys_sendfile+0x220/0x220
[ 2432.192581]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2432.193090]  do_syscall_64+0x33/0x40
[ 2432.193487]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2432.194023] RIP: 0033:0x7f23c5d5cb19
[ 2432.194419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2432.196396] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2432.197199] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2432.197962] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2432.198725] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2432.199480] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2432.200238] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2432.224424] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2432.319097] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
01:48:32 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:48:32 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:48:32 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 14)

01:48:32 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)

01:48:32 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x0)

01:48:32 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:48:32 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 12)

01:48:33 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x88a61d0000000000, 0x0)

[ 2447.535744] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2447.538479] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2447.574006] FAULT_INJECTION: forcing a failure.
[ 2447.574006] name failslab, interval 1, probability 0, space 0, times 0
[ 2447.576393] CPU: 0 PID: 15110 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2447.577801] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2447.579501] Call Trace:
[ 2447.580036]  dump_stack+0x107/0x167
[ 2447.580765]  should_fail.cold+0x5/0xa
[ 2447.581526]  ? create_object.isra.0+0x3a/0xa20
[ 2447.582436]  should_failslab+0x5/0x20
[ 2447.583202]  kmem_cache_alloc+0x5b/0x360
[ 2447.584038]  create_object.isra.0+0x3a/0xa20
[ 2447.584905]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2447.585939]  __kmalloc+0x16e/0x330
[ 2447.586657]  iter_file_splice_write+0x16d/0xc30
[ 2447.587595]  ? atime_needs_update+0x600/0x600
[ 2447.588525]  ? generic_splice_sendpage+0x140/0x140
[ 2447.589528]  ? pipe_to_user+0x170/0x170
[ 2447.590324]  ? _cond_resched+0x12/0x80
[ 2447.591142]  ? avc_policy_seqno+0x9/0x70
[ 2447.591969]  ? selinux_file_permission+0x92/0x520
[ 2447.592960]  ? lockdep_init_map_type+0x2c7/0x780
[ 2447.593926]  ? generic_splice_sendpage+0x140/0x140
[ 2447.594936]  direct_splice_actor+0x10f/0x170
[ 2447.595843]  splice_direct_to_actor+0x387/0x980
[ 2447.596795]  ? pipe_to_sendpage+0x380/0x380
[ 2447.597684]  ? do_splice_to+0x160/0x160
[ 2447.598498]  ? security_file_permission+0x24e/0x570
[ 2447.599540]  do_splice_direct+0x1c4/0x290
[ 2447.600386]  ? splice_direct_to_actor+0x980/0x980
[ 2447.601367]  ? selinux_file_permission+0x92/0x520
[ 2447.602327]  ? security_file_permission+0x24e/0x570
[ 2447.603389]  do_sendfile+0x553/0x1090
[ 2447.604161]  ? do_pwritev+0x270/0x270
[ 2447.604937]  ? wait_for_completion_io+0x270/0x270
[ 2447.605900]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2447.606836]  ? vfs_write+0x354/0xa70
[ 2447.607607]  __x64_sys_sendfile64+0x1d1/0x210
[ 2447.608530]  ? __ia32_sys_sendfile+0x220/0x220
[ 2447.609464]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2447.610447]  do_syscall_64+0x33/0x40
[ 2447.611252]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2447.612395] RIP: 0033:0x7ff709825b19
[ 2447.613159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2447.616887] RSP: 002b:00007ff706d9b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2447.617327] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2447.618429] RAX: ffffffffffffffda RBX: 00007ff709938f60 RCX: 00007ff709825b19
[ 2447.618441] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2447.618452] RBP: 00007ff706d9b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2447.618464] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2447.618475] R13: 00007ffdbcd37b1f R14: 00007ff706d9b300 R15: 0000000000022000
[ 2447.626876] FAULT_INJECTION: forcing a failure.
[ 2447.626876] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2447.630307] CPU: 0 PID: 15135 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2447.631711] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2447.633393] Call Trace:
[ 2447.633947]  dump_stack+0x107/0x167
[ 2447.634708]  should_fail.cold+0x5/0xa
[ 2447.635530]  __alloc_pages_nodemask+0x182/0x690
[ 2447.636468]  ? xa_load+0x12d/0x2c0
[ 2447.637310]  ? lock_downgrade+0x6d0/0x6d0
[ 2447.638170]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2447.639434]  alloc_pages_current+0x187/0x280
[ 2447.640333]  __page_cache_alloc+0x2d2/0x360
[ 2447.641222]  page_cache_ra_unbounded+0x207/0x6f0
[ 2447.642210]  ? read_pages+0xbc0/0xbc0
[ 2447.642983]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2447.643966]  ondemand_readahead+0x8e5/0x1150
[ 2447.644881]  page_cache_sync_ra+0x138/0x170
[ 2447.645771]  generic_file_buffered_read+0xc74/0x28f0
[ 2447.646836]  ? pagecache_get_page+0xc80/0xc80
[ 2447.647757]  ? kasan_save_stack+0x32/0x40
[ 2447.648601]  ? do_splice_direct+0x1c4/0x290
[ 2447.649485]  ? do_sendfile+0x553/0x1090
[ 2447.650295]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2447.651248]  ? do_syscall_64+0x33/0x40
[ 2447.652054]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2447.653137]  ? perf_trace_lock+0xac/0x490
[ 2447.653978]  ? lock_chain_count+0x20/0x20
[ 2447.654839]  generic_file_read_iter+0x33f/0x490
[ 2447.655816]  ext4_file_read_iter+0x184/0x4c0
[ 2447.656721]  generic_file_splice_read+0x455/0x6d0
[ 2447.657715]  ? pipe_to_user+0x170/0x170
[ 2447.658527]  ? _cond_resched+0x12/0x80
[ 2447.659335]  ? avc_policy_seqno+0x9/0x70
[ 2447.660165]  ? selinux_file_permission+0x92/0x520
[ 2447.661156]  ? lockdep_init_map_type+0x2c7/0x780
[ 2447.662127]  ? pipe_to_user+0x170/0x170
[ 2447.662942]  do_splice_to+0x10e/0x160
[ 2447.663741]  splice_direct_to_actor+0x2fe/0x980
[ 2447.664686]  ? pipe_to_sendpage+0x380/0x380
[ 2447.665575]  ? do_splice_to+0x160/0x160
[ 2447.666373]  ? security_file_permission+0x24e/0x570
[ 2447.667431]  do_splice_direct+0x1c4/0x290
[ 2447.668266]  ? splice_direct_to_actor+0x980/0x980
[ 2447.669237]  ? selinux_file_permission+0x92/0x520
[ 2447.670212]  ? security_file_permission+0x24e/0x570
[ 2447.671251]  do_sendfile+0x553/0x1090
[ 2447.672034]  ? do_pwritev+0x270/0x270
[ 2447.672812]  ? wait_for_completion_io+0x270/0x270
[ 2447.673781]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2447.674722]  ? vfs_write+0x354/0xa70
[ 2447.675492]  __x64_sys_sendfile64+0x1d1/0x210
[ 2447.676410]  ? __ia32_sys_sendfile+0x220/0x220
[ 2447.677334]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2447.678320]  do_syscall_64+0x33/0x40
[ 2447.679071]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2447.680125] RIP: 0033:0x7f23c5d5cb19
[ 2447.680879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2447.684596] RSP: 002b:00007f23c32b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2447.686138] RAX: ffffffffffffffda RBX: 00007f23c5e70020 RCX: 00007f23c5d5cb19
[ 2447.687599] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2447.689039] RBP: 00007f23c32b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 2447.690475] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2447.691922] R13: 00007ffda14b703f R14: 00007f23c32b1300 R15: 0000000000022000
[ 2447.765949] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2447.774163] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2447.778641] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2447.860029] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:48:33 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 13)

01:48:33 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 15)

01:48:33 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:48:33 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:48:33 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)

01:48:33 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2448.104002] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2448.136874] FAULT_INJECTION: forcing a failure.
[ 2448.136874] name failslab, interval 1, probability 0, space 0, times 0
[ 2448.139193] CPU: 1 PID: 15149 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2448.140590] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2448.142209] Call Trace:
[ 2448.142729]  dump_stack+0x107/0x167
[ 2448.143460]  should_fail.cold+0x5/0xa
[ 2448.144258]  ? ext4_find_extent+0xa3d/0xd30
[ 2448.145106]  should_failslab+0x5/0x20
[ 2448.145847]  __kmalloc+0x72/0x330
[ 2448.146550]  ext4_find_extent+0xa3d/0xd30
[ 2448.147422]  ext4_ext_map_blocks+0x1c8/0x5c20
[ 2448.148371]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2448.149390]  ? SOFTIRQ_verbose+0x10/0x10
[ 2448.150206]  ? perf_trace_lock+0xac/0x490
[ 2448.151014]  ? SOFTIRQ_verbose+0x10/0x10
[ 2448.151854]  ? ext4_ext_release+0x10/0x10
[ 2448.152708]  ? lock_release+0x6b0/0x6b0
[ 2448.153510]  ? ext4_es_lookup_extent+0x48d/0xc20
[ 2448.154431]  ? lock_downgrade+0x6d0/0x6d0
[ 2448.155311]  ? down_read+0x10f/0x430
[ 2448.156076]  ? down_write+0x160/0x160
[ 2448.156845]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2448.157783]  ? ext4_es_lookup_extent+0xc4/0xc20
[ 2448.158729]  ext4_map_blocks+0x9cc/0x1970
[ 2448.159566]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2448.160493]  ? xas_find_conflict+0xa70/0xa70
[ 2448.161384]  ext4_mpage_readpages+0xa0f/0x16d0
[ 2448.162327]  ? verity_work+0x90/0x90
[ 2448.163069]  ? release_pages+0x806/0xc20
[ 2448.163902]  ? find_held_lock+0x2c/0x110
[ 2448.164751]  ext4_readahead+0x102/0x140
[ 2448.165553]  ? __check_block_validity.constprop.0+0x2f0/0x2f0
[ 2448.166721]  read_pages+0x1ee/0xbc0
[ 2448.167464]  ? lru_cache_add+0x45c/0x800
[ 2448.168318]  ? read_cache_pages+0x5a0/0x5a0
[ 2448.169157]  ? add_to_page_cache_lru+0x1b6/0x2e0
[ 2448.170113]  ? __page_cache_alloc+0x10d/0x360
[ 2448.170997]  page_cache_ra_unbounded+0x51c/0x6f0
[ 2448.172001]  ? read_pages+0xbc0/0xbc0
[ 2448.172770]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2448.173858]  ondemand_readahead+0x8e5/0x1150
[ 2448.175002]  page_cache_sync_ra+0x138/0x170
[ 2448.176119]  generic_file_buffered_read+0xc74/0x28f0
[ 2448.177287]  ? pagecache_get_page+0xc80/0xc80
[ 2448.178167]  ? kasan_save_stack+0x32/0x40
[ 2448.179014]  ? do_splice_direct+0x1c4/0x290
[ 2448.179861]  ? do_sendfile+0x553/0x1090
[ 2448.180678]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2448.181597]  ? do_syscall_64+0x33/0x40
[ 2448.182382]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2448.183462]  ? perf_trace_lock+0xac/0x490
[ 2448.184304]  ? lock_chain_count+0x20/0x20
[ 2448.185145]  generic_file_read_iter+0x33f/0x490
[ 2448.186095]  ext4_file_read_iter+0x184/0x4c0
[ 2448.186983]  generic_file_splice_read+0x455/0x6d0
[ 2448.187953]  ? pipe_to_user+0x170/0x170
[ 2448.188757]  ? _cond_resched+0x12/0x80
[ 2448.189554]  ? avc_policy_seqno+0x9/0x70
[ 2448.190371]  ? selinux_file_permission+0x92/0x520
[ 2448.191369]  ? lockdep_init_map_type+0x2c7/0x780
[ 2448.192336]  ? pipe_to_user+0x170/0x170
[ 2448.193145]  do_splice_to+0x10e/0x160
[ 2448.193904]  splice_direct_to_actor+0x2fe/0x980
[ 2448.194843]  ? pipe_to_sendpage+0x380/0x380
[ 2448.195740]  ? do_splice_to+0x160/0x160
[ 2448.196559]  ? security_file_permission+0x24e/0x570
[ 2448.197629]  do_splice_direct+0x1c4/0x290
[ 2448.198469]  ? splice_direct_to_actor+0x980/0x980
[ 2448.199436]  ? selinux_file_permission+0x92/0x520
[ 2448.200429]  ? security_file_permission+0x24e/0x570
[ 2448.201456]  do_sendfile+0x553/0x1090
[ 2448.202243]  ? do_pwritev+0x270/0x270
[ 2448.203014]  ? wait_for_completion_io+0x270/0x270
[ 2448.203992]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2448.204928]  ? vfs_write+0x354/0xa70
[ 2448.205693]  __x64_sys_sendfile64+0x1d1/0x210
[ 2448.206580]  ? __ia32_sys_sendfile+0x220/0x220
[ 2448.207511]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2448.208477]  do_syscall_64+0x33/0x40
[ 2448.209242]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2448.210235] RIP: 0033:0x7f23c5d5cb19
[ 2448.210979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2448.214497] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2448.216038] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2448.217444] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2448.218855] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2448.220280] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2448.221693] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2448.232523] FAULT_INJECTION: forcing a failure.
[ 2448.232523] name failslab, interval 1, probability 0, space 0, times 0
[ 2448.235287] CPU: 1 PID: 15159 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2448.236623] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2448.238268] Call Trace:
[ 2448.238780]  dump_stack+0x107/0x167
[ 2448.239522]  should_fail.cold+0x5/0xa
[ 2448.240272]  ? __es_insert_extent+0x3a9/0x12f0
[ 2448.241196]  should_failslab+0x5/0x20
[ 2448.241937]  kmem_cache_alloc+0x5b/0x360
[ 2448.242753]  __es_insert_extent+0x3a9/0x12f0
[ 2448.243634]  ? do_raw_write_lock+0x11a/0x280
[ 2448.244506]  ? do_raw_read_unlock+0x70/0x70
[ 2448.245367]  ? __lockdep_reset_lock+0x180/0x180
[ 2448.246293]  ext4_es_insert_extent+0x2dc/0xbd0
[ 2448.247224]  ? ext4_es_scan_clu+0x2e0/0x2e0
[ 2448.248066]  ? lock_downgrade+0x6d0/0x6d0
[ 2448.248887]  ? __ext4_handle_dirty_super+0x100/0x100
[ 2448.249883]  ? __es_find_extent_range+0x197/0x4b0
[ 2448.250853]  ? __ext4_handle_dirty_super+0x100/0x100
[ 2448.251847]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2448.252811]  ext4_ext_map_blocks+0x1965/0x5c20
[ 2448.253735]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2448.254776]  ? SOFTIRQ_verbose+0x10/0x10
[ 2448.255605]  ? perf_trace_lock+0xac/0x490
[ 2448.256413]  ? SOFTIRQ_verbose+0x10/0x10
[ 2448.257240]  ? ext4_ext_release+0x10/0x10
[ 2448.258074]  ? lock_release+0x6b0/0x6b0
[ 2448.258857]  ? ext4_es_lookup_extent+0x48d/0xc20
[ 2448.259789]  ? lock_downgrade+0x6d0/0x6d0
[ 2448.260622]  ? down_read+0x10f/0x430
[ 2448.261352]  ? down_write+0x160/0x160
[ 2448.262098]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2448.263043]  ? ext4_es_lookup_extent+0xc4/0xc20
[ 2448.263966]  ext4_map_blocks+0x9cc/0x1970
[ 2448.264792]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2448.265682]  ? xas_find_conflict+0xa70/0xa70
[ 2448.266555]  ? perf_trace_lock+0xac/0x490
[ 2448.267394]  ext4_mpage_readpages+0xa0f/0x16d0
[ 2448.268305]  ? SOFTIRQ_verbose+0x10/0x10
[ 2448.269115]  ? verity_work+0x90/0x90
[ 2448.269829]  ? mark_held_locks+0x9e/0xe0
[ 2448.270637]  ? find_held_lock+0x2c/0x110
[ 2448.271458]  ext4_readahead+0x102/0x140
[ 2448.272240]  ? __check_block_validity.constprop.0+0x2f0/0x2f0
[ 2448.273387]  read_pages+0x1ee/0xbc0
[ 2448.274121]  ? lru_cache_add+0x45c/0x800
[ 2448.274907]  ? read_cache_pages+0x5a0/0x5a0
[ 2448.275813]  ? add_to_page_cache_lru+0x1b6/0x2e0
[ 2448.276975]  ? __page_cache_alloc+0x10d/0x360
[ 2448.278086]  page_cache_ra_unbounded+0x51c/0x6f0
[ 2448.279277]  ? read_pages+0xbc0/0xbc0
[ 2448.280191]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2448.281146]  ondemand_readahead+0x8e5/0x1150
[ 2448.282024]  page_cache_sync_ra+0x138/0x170
[ 2448.282869]  generic_file_buffered_read+0xc74/0x28f0
[ 2448.283894]  ? pagecache_get_page+0xc80/0xc80
[ 2448.284763]  ? kasan_save_stack+0x32/0x40
[ 2448.285584]  ? do_splice_direct+0x1c4/0x290
[ 2448.286417]  ? do_sendfile+0x553/0x1090
[ 2448.287195]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2448.288090]  ? do_syscall_64+0x33/0x40
[ 2448.288840]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2448.289871]  ? perf_trace_lock+0xac/0x490
[ 2448.290669]  ? lock_chain_count+0x20/0x20
[ 2448.291496]  generic_file_read_iter+0x33f/0x490
[ 2448.292409]  ext4_file_read_iter+0x184/0x4c0
[ 2448.293265]  generic_file_splice_read+0x455/0x6d0
[ 2448.294193]  ? pipe_to_user+0x170/0x170
[ 2448.294951]  ? _cond_resched+0x12/0x80
[ 2448.295727]  ? avc_policy_seqno+0x9/0x70
[ 2448.296509]  ? selinux_file_permission+0x92/0x520
[ 2448.297468]  ? lockdep_init_map_type+0x2c7/0x780
[ 2448.298404]  ? pipe_to_user+0x170/0x170
[ 2448.299241]  do_splice_to+0x10e/0x160
[ 2448.299982]  splice_direct_to_actor+0x2fe/0x980
[ 2448.300887]  ? pipe_to_sendpage+0x380/0x380
[ 2448.301721]  ? do_splice_to+0x160/0x160
[ 2448.302615]  ? security_file_permission+0x24e/0x570
[ 2448.303626]  do_splice_direct+0x1c4/0x290
[ 2448.304432]  ? splice_direct_to_actor+0x980/0x980
[ 2448.305346]  ? selinux_file_permission+0x92/0x520
[ 2448.306280]  ? security_file_permission+0x24e/0x570
[ 2448.307242]  do_sendfile+0x553/0x1090
[ 2448.307985]  ? do_pwritev+0x270/0x270
[ 2448.308726]  ? wait_for_completion_io+0x270/0x270
[ 2448.309653]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2448.310551]  ? vfs_write+0x354/0xa70
[ 2448.311301]  __x64_sys_sendfile64+0x1d1/0x210
[ 2448.312161]  ? __ia32_sys_sendfile+0x220/0x220
[ 2448.313030]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2448.313955]  do_syscall_64+0x33/0x40
[ 2448.314681]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2448.315706] RIP: 0033:0x7ff709825b19
[ 2448.316422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2448.319917] RSP: 002b:00007ff706d9b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2448.321334] RAX: ffffffffffffffda RBX: 00007ff709938f60 RCX: 00007ff709825b19
[ 2448.322680] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2448.324046] RBP: 00007ff706d9b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2448.325394] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2448.326721] R13: 00007ffdbcd37b1f R14: 00007ff706d9b300 R15: 0000000000022000
[ 2448.348297] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
01:48:33 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x8008)

[ 2448.378397] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2448.406530] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2448.446081] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:48:33 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 16)

01:48:33 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 14)

[ 2448.529315] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2448.566229] FAULT_INJECTION: forcing a failure.
[ 2448.566229] name failslab, interval 1, probability 0, space 0, times 0
[ 2448.568557] CPU: 1 PID: 15180 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2448.569706] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2448.571037] Call Trace:
[ 2448.571502]  dump_stack+0x107/0x167
[ 2448.572124]  should_fail.cold+0x5/0xa
[ 2448.572754]  ? create_object.isra.0+0x3a/0xa20
[ 2448.573527]  should_failslab+0x5/0x20
[ 2448.574169]  kmem_cache_alloc+0x5b/0x360
[ 2448.574853]  create_object.isra.0+0x3a/0xa20
[ 2448.575593]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2448.576481]  kmem_cache_alloc_trace+0x151/0x2c0
[ 2448.577302]  __iomap_dio_rw+0x1ee/0x11c0
[ 2448.578012]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2448.578854]  ? __mark_inode_dirty+0x12e/0xf90
[ 2448.579667]  ? security_inode_need_killpriv+0x79/0xa0
[ 2448.580563]  ? iomap_dio_bio_actor+0xef0/0xef0
[ 2448.581311]  ? generic_update_time+0x21c/0x370
[ 2448.582091]  ? inode_dio_wait+0xbf/0x270
[ 2448.582815]  ? __wait_on_freeing_inode+0x140/0x140
[ 2448.583834]  ? evict_inodes+0x420/0x420
[ 2448.584661]  ? down_write_killable+0x180/0x180
[ 2448.585590]  iomap_dio_rw+0x31/0x90
[ 2448.586312]  ext4_file_write_iter+0xb26/0x18e0
[ 2448.587261]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2448.588172]  ? kasan_save_stack+0x32/0x40
[ 2448.589013]  ? kasan_save_stack+0x1b/0x40
[ 2448.589825]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2448.590824]  ? iter_file_splice_write+0x16d/0xc30
[ 2448.591754]  ? direct_splice_actor+0x10f/0x170
[ 2448.592627]  ? splice_direct_to_actor+0x387/0x980
[ 2448.593543]  ? do_splice_direct+0x1c4/0x290
[ 2448.594383]  ? do_sendfile+0x553/0x1090
[ 2448.595147]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2448.596076]  do_iter_readv_writev+0x476/0x750
[ 2448.596935]  ? new_sync_write+0x660/0x660
[ 2448.597739]  ? selinux_file_permission+0x92/0x520
[ 2448.598691]  do_iter_write+0x191/0x670
[ 2448.599478]  vfs_iter_write+0x70/0xa0
[ 2448.600210]  iter_file_splice_write+0x762/0xc30
[ 2448.601124]  ? generic_splice_sendpage+0x140/0x140
[ 2448.602055]  ? avc_policy_seqno+0x9/0x70
[ 2448.602844]  ? selinux_file_permission+0x92/0x520
[ 2448.603770]  ? lockdep_init_map_type+0x2c7/0x780
[ 2448.604684]  ? generic_splice_sendpage+0x140/0x140
[ 2448.605606]  direct_splice_actor+0x10f/0x170
[ 2448.606469]  splice_direct_to_actor+0x387/0x980
[ 2448.607354]  ? pipe_to_sendpage+0x380/0x380
[ 2448.607751] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2448.608048]  ? do_splice_to+0x160/0x160
[ 2448.610338]  ? security_file_permission+0x24e/0x570
[ 2448.611153]  do_splice_direct+0x1c4/0x290
[ 2448.611844]  ? splice_direct_to_actor+0x980/0x980
[ 2448.612606]  ? selinux_file_permission+0x92/0x520
[ 2448.613394]  ? security_file_permission+0x24e/0x570
[ 2448.614206]  do_sendfile+0x553/0x1090
[ 2448.614823]  ? do_pwritev+0x270/0x270
[ 2448.615438]  ? wait_for_completion_io+0x270/0x270
[ 2448.616193]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2448.616930]  ? vfs_write+0x354/0xa70
[ 2448.617532]  __x64_sys_sendfile64+0x1d1/0x210
[ 2448.617942] FAULT_INJECTION: forcing a failure.
[ 2448.617942] name failslab, interval 1, probability 0, space 0, times 0
[ 2448.618249]  ? __ia32_sys_sendfile+0x220/0x220
[ 2448.621180]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2448.621945]  do_syscall_64+0x33/0x40
[ 2448.622527]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2448.623351] RIP: 0033:0x7ff709825b19
[ 2448.623924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2448.626797] RSP: 002b:00007ff706d9b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2448.627992] RAX: ffffffffffffffda RBX: 00007ff709938f60 RCX: 00007ff709825b19
[ 2448.629115] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2448.630234] RBP: 00007ff706d9b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2448.631369] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2448.632474] R13: 00007ffdbcd37b1f R14: 00007ff706d9b300 R15: 0000000000022000
[ 2448.633613] CPU: 0 PID: 15184 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2448.635023] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2448.636698] Call Trace:
[ 2448.637237]  dump_stack+0x107/0x167
[ 2448.637983]  should_fail.cold+0x5/0xa
[ 2448.638787]  ? create_object.isra.0+0x3a/0xa20
[ 2448.639737]  should_failslab+0x5/0x20
[ 2448.640515]  kmem_cache_alloc+0x5b/0x360
[ 2448.641352]  create_object.isra.0+0x3a/0xa20
[ 2448.642259]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2448.643299]  __kmalloc+0x16e/0x330
[ 2448.644042]  iter_file_splice_write+0x16d/0xc30
[ 2448.644979]  ? atime_needs_update+0x600/0x600
[ 2448.645941]  ? generic_splice_sendpage+0x140/0x140
[ 2448.646933]  ? pipe_to_user+0x170/0x170
[ 2448.647754]  ? _cond_resched+0x12/0x80
[ 2448.648555]  ? avc_policy_seqno+0x9/0x70
[ 2448.649376]  ? selinux_file_permission+0x92/0x520
[ 2448.650368]  ? lockdep_init_map_type+0x2c7/0x780
[ 2448.651353]  ? generic_splice_sendpage+0x140/0x140
[ 2448.652343]  direct_splice_actor+0x10f/0x170
[ 2448.653233]  splice_direct_to_actor+0x387/0x980
[ 2448.654182]  ? pipe_to_sendpage+0x380/0x380
[ 2448.655061]  ? do_splice_to+0x160/0x160
[ 2448.655880]  ? security_file_permission+0x24e/0x570
[ 2448.656896]  do_splice_direct+0x1c4/0x290
[ 2448.657732]  ? splice_direct_to_actor+0x980/0x980
[ 2448.658710]  ? selinux_file_permission+0x92/0x520
[ 2448.659686]  ? security_file_permission+0x24e/0x570
[ 2448.660722]  do_sendfile+0x553/0x1090
[ 2448.661519]  ? do_pwritev+0x270/0x270
[ 2448.662297]  ? wait_for_completion_io+0x270/0x270
[ 2448.663294]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2448.664240]  ? vfs_write+0x354/0xa70
[ 2448.665006]  __x64_sys_sendfile64+0x1d1/0x210
[ 2448.665923]  ? __ia32_sys_sendfile+0x220/0x220
[ 2448.666866]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2448.667876]  do_syscall_64+0x33/0x40
[ 2448.668641]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2448.669691] RIP: 0033:0x7f23c5d5cb19
[ 2448.670455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2448.674181] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2448.675741] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2448.677190] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2448.678635] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2448.680095] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2448.681539] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
01:48:50 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 17)

01:48:50 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 15)

01:48:50 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:48:50 executing program 2:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:48:50 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x1da688)

01:48:50 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:48:50 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(0x0, 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)

01:48:50 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

[ 2465.520959] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2465.558860] FAULT_INJECTION: forcing a failure.
[ 2465.558860] name failslab, interval 1, probability 0, space 0, times 0
[ 2465.561222] CPU: 0 PID: 15195 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2465.562629] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2465.564290] Call Trace:
[ 2465.564824]  dump_stack+0x107/0x167
[ 2465.565558]  should_fail.cold+0x5/0xa
[ 2465.566324]  ? __iomap_dio_rw+0x1ee/0x11c0
[ 2465.567174]  should_failslab+0x5/0x20
[ 2465.567957]  kmem_cache_alloc_trace+0x55/0x2c0
[ 2465.568881]  __iomap_dio_rw+0x1ee/0x11c0
[ 2465.569709]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2465.570670]  ? __mark_inode_dirty+0x12e/0xf90
[ 2465.571580]  ? security_inode_need_killpriv+0x79/0xa0
[ 2465.572620]  ? iomap_dio_bio_actor+0xef0/0xef0
[ 2465.573530]  ? generic_update_time+0x21c/0x370
[ 2465.574447]  ? inode_dio_wait+0xbf/0x270
[ 2465.575269]  ? __wait_on_freeing_inode+0x140/0x140
[ 2465.576277]  ? evict_inodes+0x420/0x420
[ 2465.577098]  ? down_write_killable+0x180/0x180
[ 2465.578029]  iomap_dio_rw+0x31/0x90
[ 2465.578766]  ext4_file_write_iter+0xb26/0x18e0
[ 2465.579722]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2465.580649]  ? kasan_save_stack+0x32/0x40
[ 2465.581468]  ? kasan_save_stack+0x1b/0x40
[ 2465.582306]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2465.583317]  ? iter_file_splice_write+0x16d/0xc30
[ 2465.584296]  ? direct_splice_actor+0x10f/0x170
[ 2465.585199]  ? splice_direct_to_actor+0x387/0x980
[ 2465.586162]  ? do_splice_direct+0x1c4/0x290
[ 2465.587024]  ? do_sendfile+0x553/0x1090
[ 2465.587831]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2465.588769]  do_iter_readv_writev+0x476/0x750
[ 2465.589676]  ? new_sync_write+0x660/0x660
[ 2465.590491]  ? selinux_file_permission+0x92/0x520
[ 2465.591505]  do_iter_write+0x191/0x670
[ 2465.592303]  vfs_iter_write+0x70/0xa0
[ 2465.593073]  iter_file_splice_write+0x762/0xc30
[ 2465.594029]  ? generic_splice_sendpage+0x140/0x140
[ 2465.595024]  ? avc_policy_seqno+0x9/0x70
[ 2465.595845]  ? selinux_file_permission+0x92/0x520
[ 2465.596817]  ? lockdep_init_map_type+0x2c7/0x780
[ 2465.597771]  ? generic_splice_sendpage+0x140/0x140
[ 2465.598745]  direct_splice_actor+0x10f/0x170
[ 2465.599647]  splice_direct_to_actor+0x387/0x980
[ 2465.600586]  ? pipe_to_sendpage+0x380/0x380
[ 2465.601457]  ? do_splice_to+0x160/0x160
[ 2465.602248]  ? security_file_permission+0x24e/0x570
[ 2465.603258]  do_splice_direct+0x1c4/0x290
[ 2465.604097]  ? splice_direct_to_actor+0x980/0x980
[ 2465.605074]  ? selinux_file_permission+0x92/0x520
[ 2465.606043]  ? security_file_permission+0x24e/0x570
[ 2465.607071]  do_sendfile+0x553/0x1090
[ 2465.607871]  ? do_pwritev+0x270/0x270
[ 2465.608641]  ? wait_for_completion_io+0x270/0x270
[ 2465.609601]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2465.610533]  ? vfs_write+0x354/0xa70
[ 2465.611300]  __x64_sys_sendfile64+0x1d1/0x210
[ 2465.612221]  ? __ia32_sys_sendfile+0x220/0x220
[ 2465.613149]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2465.614129]  do_syscall_64+0x33/0x40
[ 2465.614890]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2465.615927] RIP: 0033:0x7f23c5d5cb19
[ 2465.616682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2465.620379] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2465.621918] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2465.623362] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2465.624807] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2465.626238] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2465.627682] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2465.636967] FAULT_INJECTION: forcing a failure.
[ 2465.636967] name failslab, interval 1, probability 0, space 0, times 0
[ 2465.639684] CPU: 0 PID: 15229 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2465.641093] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2465.642776] Call Trace:
[ 2465.643310]  dump_stack+0x107/0x167
[ 2465.644076]  should_fail.cold+0x5/0xa
[ 2465.644855]  ? jbd2__journal_start+0x190/0x8a0
[ 2465.645785]  should_failslab+0x5/0x20
[ 2465.646552]  kmem_cache_alloc+0x5b/0x360
[ 2465.647395]  jbd2__journal_start+0x190/0x8a0
[ 2465.648301]  __ext4_journal_start_sb+0x214/0x450
[ 2465.649268]  ext4_dirty_inode+0xbc/0x130
[ 2465.650092]  ? ext4_setattr+0x22d0/0x22d0
[ 2465.650934]  __mark_inode_dirty+0x492/0xf90
[ 2465.651825]  touch_atime+0x5ea/0x6e0
[ 2465.652587]  ? atime_needs_update+0x600/0x600
[ 2465.653494]  ? pagecache_get_page+0x243/0xc80
[ 2465.654418]  generic_file_buffered_read+0x18f3/0x28f0
[ 2465.655503]  ? pagecache_get_page+0xc80/0xc80
[ 2465.656408]  ? kasan_save_stack+0x32/0x40
[ 2465.657247]  ? do_splice_direct+0x1c4/0x290
[ 2465.658118]  ? do_sendfile+0x553/0x1090
[ 2465.658917]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2465.659868]  ? do_syscall_64+0x33/0x40
[ 2465.660658]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2465.661728]  ? perf_trace_lock+0xac/0x490
[ 2465.662566]  ? lock_chain_count+0x20/0x20
[ 2465.663427]  generic_file_read_iter+0x33f/0x490
[ 2465.664379]  ext4_file_read_iter+0x184/0x4c0
[ 2465.665272]  generic_file_splice_read+0x455/0x6d0
[ 2465.666248]  ? pipe_to_user+0x170/0x170
[ 2465.667055]  ? _cond_resched+0x12/0x80
[ 2465.667851]  ? avc_policy_seqno+0x9/0x70
[ 2465.668674]  ? selinux_file_permission+0x92/0x520
[ 2465.669660]  ? lockdep_init_map_type+0x2c7/0x780
[ 2465.670619]  ? pipe_to_user+0x170/0x170
[ 2465.671460]  do_splice_to+0x10e/0x160
[ 2465.672248]  splice_direct_to_actor+0x2fe/0x980
[ 2465.673195]  ? pipe_to_sendpage+0x380/0x380
[ 2465.674077]  ? do_splice_to+0x160/0x160
[ 2465.674884]  ? security_file_permission+0x24e/0x570
[ 2465.675930]  do_splice_direct+0x1c4/0x290
[ 2465.676767]  ? splice_direct_to_actor+0x980/0x980
[ 2465.677741]  ? selinux_file_permission+0x92/0x520
[ 2465.678725]  ? security_file_permission+0x24e/0x570
[ 2465.679751]  do_sendfile+0x553/0x1090
[ 2465.680547]  ? do_pwritev+0x270/0x270
[ 2465.681324]  ? wait_for_completion_io+0x270/0x270
[ 2465.682300]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2465.683232]  ? vfs_write+0x354/0xa70
[ 2465.684010]  __x64_sys_sendfile64+0x1d1/0x210
[ 2465.684925]  ? __ia32_sys_sendfile+0x220/0x220
[ 2465.685863]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2465.686847]  do_syscall_64+0x33/0x40
[ 2465.687620]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2465.688654] RIP: 0033:0x7ff709825b19
[ 2465.689410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2465.693107] RSP: 002b:00007ff706d7a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2465.694632] RAX: ffffffffffffffda RBX: 00007ff709939020 RCX: 00007ff709825b19
[ 2465.696073] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2465.697501] RBP: 00007ff706d7a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2465.698935] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2465.700371] R13: 00007ffdbcd37b1f R14: 00007ff706d7a300 R15: 0000000000022000
[ 2465.716388] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2465.722377] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
01:48:51 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x8800000)

01:48:51 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2465.759812] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2465.760825] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2465.790090] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2465.794573] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
01:48:51 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(0x0, 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)

01:48:51 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:48:51 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 16)

01:48:51 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x88a61d00)

01:48:51 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1de)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:48:51 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 18)

01:48:51 executing program 2:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2466.038227] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2466.065798] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2466.082296] FAULT_INJECTION: forcing a failure.
[ 2466.082296] name failslab, interval 1, probability 0, space 0, times 0
[ 2466.084768] CPU: 1 PID: 15246 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2466.086158] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2466.087823] Call Trace:
[ 2466.088355]  dump_stack+0x107/0x167
[ 2466.089100]  should_fail.cold+0x5/0xa
[ 2466.089873]  ? create_object.isra.0+0x3a/0xa20
[ 2466.090799]  should_failslab+0x5/0x20
[ 2466.091569]  kmem_cache_alloc+0x5b/0x360
[ 2466.092391]  create_object.isra.0+0x3a/0xa20
[ 2466.093274]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2466.094295]  kmem_cache_alloc+0x159/0x360
[ 2466.095143]  __es_insert_extent+0x3a9/0x12f0
[ 2466.096045]  ? do_raw_write_lock+0x11a/0x280
[ 2466.096926]  ? do_raw_read_unlock+0x70/0x70
[ 2466.097789]  ? __lockdep_reset_lock+0x180/0x180
[ 2466.098732]  ext4_es_insert_extent+0x2dc/0xbd0
[ 2466.099660]  ? ext4_es_scan_clu+0x2e0/0x2e0
[ 2466.100525]  ? lock_downgrade+0x6d0/0x6d0
[ 2466.101371]  ? __ext4_handle_dirty_super+0x100/0x100
[ 2466.102380]  ? __es_find_extent_range+0x197/0x4b0
[ 2466.103353]  ? __ext4_handle_dirty_super+0x100/0x100
[ 2466.104419]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2466.105396]  ext4_ext_map_blocks+0x1965/0x5c20
[ 2466.106338]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2466.107390]  ? SOFTIRQ_verbose+0x10/0x10
[ 2466.108217]  ? perf_trace_lock+0xac/0x490
[ 2466.109044]  ? SOFTIRQ_verbose+0x10/0x10
[ 2466.109870]  ? ext4_ext_release+0x10/0x10
[ 2466.110713]  ? lock_release+0x6b0/0x6b0
[ 2466.111520]  ? ext4_es_lookup_extent+0x48d/0xc20
[ 2466.112467]  ? lock_downgrade+0x6d0/0x6d0
[ 2466.113316]  ? down_read+0x10f/0x430
[ 2466.114063]  ? down_write+0x160/0x160
[ 2466.114824]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2466.115799]  ? ext4_es_lookup_extent+0xc4/0xc20
[ 2466.116745]  ext4_map_blocks+0x9cc/0x1970
[ 2466.117592]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2466.118486]  ? xas_find_conflict+0xa70/0xa70
[ 2466.119401]  ext4_mpage_readpages+0xa0f/0x16d0
[ 2466.120347]  ? verity_work+0x90/0x90
[ 2466.121104]  ? release_pages+0x806/0xc20
[ 2466.121919]  ? find_held_lock+0x2c/0x110
[ 2466.122750]  ext4_readahead+0x102/0x140
[ 2466.123561]  ? __check_block_validity.constprop.0+0x2f0/0x2f0
[ 2466.124724]  read_pages+0x1ee/0xbc0
[ 2466.125474]  ? lru_cache_add+0x45c/0x800
[ 2466.126292]  ? read_cache_pages+0x5a0/0x5a0
[ 2466.127152]  ? add_to_page_cache_lru+0x1b6/0x2e0
[ 2466.128122]  ? __page_cache_alloc+0x10d/0x360
[ 2466.129031]  page_cache_ra_unbounded+0x51c/0x6f0
[ 2466.129996]  ? read_pages+0xbc0/0xbc0
[ 2466.130754]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2466.131723]  ondemand_readahead+0x8e5/0x1150
[ 2466.132624]  page_cache_sync_ra+0x138/0x170
[ 2466.133489]  generic_file_buffered_read+0xc74/0x28f0
[ 2466.134546]  ? pagecache_get_page+0xc80/0xc80
[ 2466.135452]  ? kasan_save_stack+0x32/0x40
[ 2466.136282]  ? do_splice_direct+0x1c4/0x290
[ 2466.137140]  ? do_sendfile+0x553/0x1090
[ 2466.137939]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2466.138866]  ? do_syscall_64+0x33/0x40
[ 2466.139659]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2466.140711]  ? perf_trace_lock+0xac/0x490
[ 2466.141535]  ? lock_chain_count+0x20/0x20
[ 2466.142371]  generic_file_read_iter+0x33f/0x490
[ 2466.143311]  ext4_file_read_iter+0x184/0x4c0
[ 2466.144218]  generic_file_splice_read+0x455/0x6d0
[ 2466.145183]  ? pipe_to_user+0x170/0x170
[ 2466.145972]  ? _cond_resched+0x12/0x80
[ 2466.146758]  ? avc_policy_seqno+0x9/0x70
[ 2466.147590]  ? selinux_file_permission+0x92/0x520
[ 2466.148576]  ? lockdep_init_map_type+0x2c7/0x780
[ 2466.149528]  ? pipe_to_user+0x170/0x170
[ 2466.150337]  do_splice_to+0x10e/0x160
[ 2466.151105]  splice_direct_to_actor+0x2fe/0x980
[ 2466.152264]  ? pipe_to_sendpage+0x380/0x380
[ 2466.153419]  ? do_splice_to+0x160/0x160
[ 2466.154474]  ? security_file_permission+0x24e/0x570
[ 2466.155832]  do_splice_direct+0x1c4/0x290
[ 2466.156934]  ? splice_direct_to_actor+0x980/0x980
[ 2466.158214]  ? selinux_file_permission+0x92/0x520
[ 2466.159530]  ? security_file_permission+0x24e/0x570
[ 2466.160902]  do_sendfile+0x553/0x1090
[ 2466.161975]  ? do_pwritev+0x270/0x270
[ 2466.163027]  ? wait_for_completion_io+0x270/0x270
[ 2466.164368]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2466.165623]  ? vfs_write+0x354/0xa70
[ 2466.166627]  __x64_sys_sendfile64+0x1d1/0x210
[ 2466.167735]  ? __ia32_sys_sendfile+0x220/0x220
[ 2466.168682]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2466.169665]  do_syscall_64+0x33/0x40
[ 2466.170429]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2466.171461] RIP: 0033:0x7f23c5d5cb19
[ 2466.172222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2466.175879] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2466.177426] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2466.178842] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2466.180262] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2466.181677] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2466.183093] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2466.212398] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2466.218754] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2466.219463] FAULT_INJECTION: forcing a failure.
[ 2466.219463] name failslab, interval 1, probability 0, space 0, times 0
[ 2466.222745] CPU: 0 PID: 15268 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2466.224150] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2466.225833] Call Trace:
[ 2466.226384]  dump_stack+0x107/0x167
[ 2466.227130]  should_fail.cold+0x5/0xa
[ 2466.227920]  ? create_object.isra.0+0x3a/0xa20
[ 2466.228855]  should_failslab+0x5/0x20
[ 2466.229625]  kmem_cache_alloc+0x5b/0x360
[ 2466.230462]  create_object.isra.0+0x3a/0xa20
[ 2466.231359]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2466.232409]  kmem_cache_alloc+0x159/0x360
[ 2466.233256]  jbd2__journal_start+0x190/0x8a0
[ 2466.234157]  __ext4_journal_start_sb+0x214/0x450
[ 2466.235116]  ext4_dirty_inode+0xbc/0x130
[ 2466.235944]  ? ext4_setattr+0x22d0/0x22d0
[ 2466.236781]  __mark_inode_dirty+0x492/0xf90
[ 2466.237661]  touch_atime+0x5ea/0x6e0
[ 2466.238412]  ? atime_needs_update+0x600/0x600
[ 2466.239328]  ? pagecache_get_page+0x243/0xc80
[ 2466.240261]  generic_file_buffered_read+0x18f3/0x28f0
[ 2466.241329]  ? pagecache_get_page+0xc80/0xc80
[ 2466.242227]  ? kasan_save_stack+0x32/0x40
[ 2466.243058]  ? do_splice_direct+0x1c4/0x290
[ 2466.243928]  ? do_sendfile+0x553/0x1090
[ 2466.244726]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2466.245649]  ? do_syscall_64+0x33/0x40
[ 2466.246446]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2466.247505]  ? perf_trace_lock+0xac/0x490
[ 2466.248338]  ? lock_chain_count+0x20/0x20
[ 2466.249174]  generic_file_read_iter+0x33f/0x490
[ 2466.250127]  ext4_file_read_iter+0x184/0x4c0
[ 2466.251011]  generic_file_splice_read+0x455/0x6d0
[ 2466.252008]  ? pipe_to_user+0x170/0x170
[ 2466.252803]  ? _cond_resched+0x12/0x80
[ 2466.253595]  ? avc_policy_seqno+0x9/0x70
[ 2466.254409]  ? selinux_file_permission+0x92/0x520
[ 2466.255407]  ? lockdep_init_map_type+0x2c7/0x780
[ 2466.256362]  ? pipe_to_user+0x170/0x170
[ 2466.257179]  do_splice_to+0x10e/0x160
[ 2466.257942]  splice_direct_to_actor+0x2fe/0x980
[ 2466.258897]  ? pipe_to_sendpage+0x380/0x380
[ 2466.259769]  ? do_splice_to+0x160/0x160
[ 2466.260574]  ? security_file_permission+0x24e/0x570
[ 2466.261583]  do_splice_direct+0x1c4/0x290
[ 2466.262416]  ? splice_direct_to_actor+0x980/0x980
[ 2466.263393]  ? selinux_file_permission+0x92/0x520
[ 2466.264375]  ? security_file_permission+0x24e/0x570
[ 2466.265394]  do_sendfile+0x553/0x1090
[ 2466.266177]  ? do_pwritev+0x270/0x270
[ 2466.266949]  ? wait_for_completion_io+0x270/0x270
[ 2466.267929]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2466.268853]  ? vfs_write+0x354/0xa70
[ 2466.269619]  __x64_sys_sendfile64+0x1d1/0x210
[ 2466.270518]  ? __ia32_sys_sendfile+0x220/0x220
[ 2466.271466]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2466.272439]  do_syscall_64+0x33/0x40
[ 2466.273200]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2466.274214] RIP: 0033:0x7ff709825b19
[ 2466.274974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2466.278628] RSP: 002b:00007ff706d7a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2466.280167] RAX: ffffffffffffffda RBX: 00007ff709939020 RCX: 00007ff709825b19
[ 2466.281608] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2466.283040] RBP: 00007ff706d7a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2466.284487] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2466.285921] R13: 00007ffdbcd37b1f R14: 00007ff706d7a300 R15: 0000000000022000
01:48:51 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0xffffffff000)

01:48:51 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(0x0, 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)

[ 2466.341362] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2466.366233] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
01:48:51 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:48:51 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:48:51 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2466.491991] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2466.544794] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2466.566278] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2466.589407] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
01:49:06 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:49:06 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 19)

01:49:06 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 17)

01:49:06 executing program 2:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:49:06 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x800800000000)

01:49:06 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x0)
sendfile(r0, r1, 0x0, 0x20d315)

01:49:06 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:49:06 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(0x0, 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2481.024441] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2481.039776] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2481.056670] EXT4-fs (loop2): VFS: Can't find ext4 filesystem
[ 2481.060455] FAULT_INJECTION: forcing a failure.
[ 2481.060455] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2481.061834] CPU: 1 PID: 15296 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2481.062563] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2481.063442] Call Trace:
[ 2481.063737]  dump_stack+0x107/0x167
[ 2481.064141]  should_fail.cold+0x5/0xa
[ 2481.064558]  __alloc_pages_nodemask+0x182/0x690
[ 2481.065058]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2481.065687]  ? 0xffffffffa0000000
[ 2481.066060]  ? find_get_entry+0x2c8/0x740
[ 2481.066500]  ? kernel_text_address+0xf2/0x120
[ 2481.066985]  alloc_pages_current+0x187/0x280
[ 2481.067459]  __page_cache_alloc+0x2d2/0x360
[ 2481.067886] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2481.067965]  ? __lock_acquire+0x1657/0x5b00
[ 2481.067983]  pagecache_get_page+0x2c7/0xc80
[ 2481.070704]  ? ext4_meta_trans_blocks+0x25c/0x310
[ 2481.071217]  grab_cache_page_write_begin+0x64/0xa0
[ 2481.071747]  ext4_write_begin+0x276/0x11a0
[ 2481.072200]  ? __lockdep_reset_lock+0x180/0x180
[ 2481.072703]  ? ext4_truncate+0x12f0/0x12f0
[ 2481.073158]  ? current_time+0x72/0x2c0
[ 2481.073579]  ext4_da_write_begin+0x623/0xe10
[ 2481.074045]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2481.074611]  ? ktime_get_coarse_real_ts64+0x15a/0x190
[ 2481.075163]  ? iov_iter_fault_in_readable+0x9a/0x410
[ 2481.075703]  ? ktime_get_coarse_real_ts64+0xfd/0x190
[ 2481.076239]  ? ext4_write_begin+0x11a0/0x11a0
[ 2481.076709]  ? copyout_mc+0x140/0x140
[ 2481.077110]  ? current_time+0x1e6/0x2c0
[ 2481.077533]  generic_perform_write+0x20a/0x4f0
[ 2481.078028]  ? page_cache_next_miss+0x310/0x310
[ 2481.078518]  ? down_write_killable+0x180/0x180
[ 2481.079012]  ext4_buffered_write_iter+0x244/0x4d0
[ 2481.079530]  ext4_file_write_iter+0xc11/0x18e0
[ 2481.080019] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2481.080884]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2481.081377]  ? kasan_save_stack+0x32/0x40
[ 2481.081817]  ? kasan_save_stack+0x1b/0x40
[ 2481.082257]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2481.082790]  ? iter_file_splice_write+0x16d/0xc30
[ 2481.083297]  ? direct_splice_actor+0x10f/0x170
[ 2481.083785]  ? splice_direct_to_actor+0x387/0x980
[ 2481.084287]  ? do_splice_direct+0x1c4/0x290
[ 2481.084744]  ? do_sendfile+0x553/0x1090
[ 2481.085166]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2481.085662]  do_iter_readv_writev+0x476/0x750
[ 2481.086139]  ? new_sync_write+0x660/0x660
[ 2481.086578]  ? selinux_file_permission+0x92/0x520
[ 2481.087103]  do_iter_write+0x191/0x670
[ 2481.087524]  vfs_iter_write+0x70/0xa0
[ 2481.087938]  iter_file_splice_write+0x762/0xc30
[ 2481.088442]  ? generic_splice_sendpage+0x140/0x140
[ 2481.088966]  ? avc_policy_seqno+0x9/0x70
[ 2481.089396]  ? selinux_file_permission+0x92/0x520
[ 2481.089913]  ? lockdep_init_map_type+0x2c7/0x780
[ 2481.090428]  ? generic_splice_sendpage+0x140/0x140
[ 2481.090951]  direct_splice_actor+0x10f/0x170
[ 2481.091418]  splice_direct_to_actor+0x387/0x980
[ 2481.091920]  ? pipe_to_sendpage+0x380/0x380
[ 2481.092378]  ? do_splice_to+0x160/0x160
[ 2481.092804]  ? security_file_permission+0x24e/0x570
[ 2481.093341]  do_splice_direct+0x1c4/0x290
[ 2481.093781]  ? splice_direct_to_actor+0x980/0x980
[ 2481.094288]  ? selinux_file_permission+0x92/0x520
[ 2481.094804]  ? security_file_permission+0x24e/0x570
[ 2481.095346]  do_sendfile+0x553/0x1090
[ 2481.095769]  ? do_pwritev+0x270/0x270
[ 2481.096174]  ? wait_for_completion_io+0x270/0x270
[ 2481.096684]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2481.097175]  ? vfs_write+0x354/0xa70
[ 2481.097577]  __x64_sys_sendfile64+0x1d1/0x210
[ 2481.098059]  ? __ia32_sys_sendfile+0x220/0x220
[ 2481.098545]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2481.099056]  do_syscall_64+0x33/0x40
[ 2481.099455]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2481.100015] RIP: 0033:0x7f23c5d5cb19
[ 2481.100413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2481.102369] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2481.103168] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2481.103927] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2481.104682] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2481.105429] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2481.106178] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2481.132151] FAULT_INJECTION: forcing a failure.
[ 2481.132151] name failslab, interval 1, probability 0, space 0, times 0
[ 2481.134705] CPU: 0 PID: 15333 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2481.136229] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
01:49:06 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0xf0ffffff0f0000)

[ 2481.138017] Call Trace:
[ 2481.138719]  dump_stack+0x107/0x167
[ 2481.139515]  should_fail.cold+0x5/0xa
[ 2481.140356]  ? iter_file_splice_write+0x16d/0xc30
[ 2481.141385]  should_failslab+0x5/0x20
[ 2481.142220]  __kmalloc+0x72/0x330
[ 2481.142298] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2481.142969]  iter_file_splice_write+0x16d/0xc30
[ 2481.142988]  ? atime_needs_update+0x600/0x600
[ 2481.143035]  ? generic_splice_sendpage+0x140/0x140
[ 2481.146815]  ? pipe_to_user+0x170/0x170
[ 2481.147671]  ? _cond_resched+0x12/0x80
[ 2481.148508]  ? avc_policy_seqno+0x9/0x70
[ 2481.149371]  ? selinux_file_permission+0x92/0x520
[ 2481.150412]  ? lockdep_init_map_type+0x2c7/0x780
[ 2481.151431]  ? generic_splice_sendpage+0x140/0x140
[ 2481.152534]  direct_splice_actor+0x10f/0x170
[ 2481.153494]  splice_direct_to_actor+0x387/0x980
[ 2481.154499]  ? pipe_to_sendpage+0x380/0x380
[ 2481.155431]  ? do_splice_to+0x160/0x160
[ 2481.156306]  ? security_file_permission+0x24e/0x570
[ 2481.157438]  do_splice_direct+0x1c4/0x290
[ 2481.158362]  ? splice_direct_to_actor+0x980/0x980
[ 2481.159438]  ? selinux_file_permission+0x92/0x520
[ 2481.160525]  ? security_file_permission+0x24e/0x570
[ 2481.161655]  do_sendfile+0x553/0x1090
[ 2481.162499]  ? do_pwritev+0x270/0x270
[ 2481.163328]  ? wait_for_completion_io+0x270/0x270
[ 2481.164386]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2481.165394]  ? vfs_write+0x354/0xa70
[ 2481.166211]  __x64_sys_sendfile64+0x1d1/0x210
[ 2481.167176]  ? __ia32_sys_sendfile+0x220/0x220
[ 2481.168174]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2481.169214]  do_syscall_64+0x33/0x40
[ 2481.170016]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2481.171119] RIP: 0033:0x7ff709825b19
[ 2481.171942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2481.175880] RSP: 002b:00007ff706d7a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2481.177521] RAX: ffffffffffffffda RBX: 00007ff709939020 RCX: 00007ff709825b19
[ 2481.179068] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2481.180625] RBP: 00007ff706d7a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2481.182160] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2481.183712] R13: 00007ffdbcd37b1f R14: 00007ff706d7a300 R15: 0000000000022000
[ 2481.218450] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
01:49:06 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x88a61d0000000000)

01:49:06 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 20)

01:49:06 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x0)
sendfile(r0, r1, 0x0, 0x20d315)

01:49:06 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 18)

01:49:06 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 1)

01:49:06 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2481.373744] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2481.403299] FAULT_INJECTION: forcing a failure.
[ 2481.403299] name failslab, interval 1, probability 0, space 0, times 0
[ 2481.404033] FAULT_INJECTION: forcing a failure.
[ 2481.404033] name failslab, interval 1, probability 0, space 0, times 0
[ 2481.405926] CPU: 0 PID: 15352 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2481.408546] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2481.410322] Call Trace:
[ 2481.410896]  dump_stack+0x107/0x167
[ 2481.411698]  should_fail.cold+0x5/0xa
[ 2481.412523]  ? create_object.isra.0+0x3a/0xa20
[ 2481.413524]  should_failslab+0x5/0x20
[ 2481.414361]  kmem_cache_alloc+0x5b/0x360
[ 2481.415262]  create_object.isra.0+0x3a/0xa20
[ 2481.416248]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2481.417365]  kmem_cache_alloc+0x159/0x360
[ 2481.418284]  alloc_buffer_head+0x20/0x110
[ 2481.419192]  alloc_page_buffers+0x14d/0x700
[ 2481.420155]  create_empty_buffers+0x2c/0x640
[ 2481.421116]  ? wait_for_stable_page+0x92/0xe0
[ 2481.422104]  ext4_write_begin+0xc59/0x11a0
[ 2481.423034]  ? __lockdep_reset_lock+0x180/0x180
[ 2481.424092]  ? ext4_truncate+0x12f0/0x12f0
[ 2481.425019]  ? current_time+0x72/0x2c0
[ 2481.425885]  ext4_da_write_begin+0x623/0xe10
[ 2481.426853]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2481.428001]  ? ktime_get_coarse_real_ts64+0x15a/0x190
[ 2481.429125]  ? iov_iter_fault_in_readable+0x9a/0x410
[ 2481.430234]  ? ktime_get_coarse_real_ts64+0xfd/0x190
[ 2481.431320]  ? ext4_write_begin+0x11a0/0x11a0
[ 2481.432292]  ? copyout_mc+0x140/0x140
[ 2481.433112]  ? current_time+0x1e6/0x2c0
[ 2481.433980]  generic_perform_write+0x20a/0x4f0
[ 2481.434977]  ? page_cache_next_miss+0x310/0x310
[ 2481.436010]  ? down_write_killable+0x180/0x180
[ 2481.437014]  ext4_buffered_write_iter+0x244/0x4d0
[ 2481.438062]  ext4_file_write_iter+0xc11/0x18e0
[ 2481.439090]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2481.440070]  ? kasan_save_stack+0x32/0x40
[ 2481.440977]  ? kasan_save_stack+0x1b/0x40
[ 2481.441884]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2481.442983]  ? iter_file_splice_write+0x16d/0xc30
[ 2481.444035]  ? direct_splice_actor+0x10f/0x170
[ 2481.445031]  ? splice_direct_to_actor+0x387/0x980
[ 2481.446075]  ? do_splice_direct+0x1c4/0x290
[ 2481.447019]  ? do_sendfile+0x553/0x1090
[ 2481.447909]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2481.448943]  do_iter_readv_writev+0x476/0x750
[ 2481.449929]  ? new_sync_write+0x660/0x660
[ 2481.450836]  ? selinux_file_permission+0x92/0x520
[ 2481.451923]  do_iter_write+0x191/0x670
[ 2481.452800]  vfs_iter_write+0x70/0xa0
[ 2481.453653]  iter_file_splice_write+0x762/0xc30
[ 2481.454677]  ? generic_splice_sendpage+0x140/0x140
[ 2481.455761]  ? avc_policy_seqno+0x9/0x70
[ 2481.456626]  ? selinux_file_permission+0x92/0x520
[ 2481.457676]  ? lockdep_init_map_type+0x2c7/0x780
[ 2481.458698]  ? generic_splice_sendpage+0x140/0x140
[ 2481.459764]  direct_splice_actor+0x10f/0x170
[ 2481.460714]  splice_direct_to_actor+0x387/0x980
[ 2481.461722]  ? pipe_to_sendpage+0x380/0x380
[ 2481.462654]  ? do_splice_to+0x160/0x160
[ 2481.463522]  ? security_file_permission+0x24e/0x570
[ 2481.464617]  do_splice_direct+0x1c4/0x290
[ 2481.465525]  ? splice_direct_to_actor+0x980/0x980
[ 2481.466552]  ? selinux_file_permission+0x92/0x520
[ 2481.467632]  ? security_file_permission+0x24e/0x570
[ 2481.468741]  do_sendfile+0x553/0x1090
[ 2481.469595]  ? do_pwritev+0x270/0x270
[ 2481.470442]  ? wait_for_completion_io+0x270/0x270
[ 2481.471501]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2481.472521]  ? vfs_write+0x354/0xa70
[ 2481.473349]  __x64_sys_sendfile64+0x1d1/0x210
[ 2481.474334]  ? __ia32_sys_sendfile+0x220/0x220
[ 2481.475340]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2481.476429]  do_syscall_64+0x33/0x40
[ 2481.477250]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2481.478352] RIP: 0033:0x7ff709825b19
[ 2481.479169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2481.483088] RSP: 002b:00007ff706d7a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2481.484760] RAX: ffffffffffffffda RBX: 00007ff709939020 RCX: 00007ff709825b19
[ 2481.486320] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[ 2481.487908] RBP: 00007ff706d7a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2481.489457] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2481.490992] R13: 00007ffdbcd37b1f R14: 00007ff706d7a300 R15: 0000000000022000
[ 2481.492581] CPU: 1 PID: 15357 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2481.493322] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2481.494205] Call Trace:
[ 2481.494490]  dump_stack+0x107/0x167
[ 2481.494882]  should_fail.cold+0x5/0xa
[ 2481.495923]  ? create_object.isra.0+0x3a/0xa20
[ 2481.497161]  should_failslab+0x5/0x20
[ 2481.498088]  kmem_cache_alloc+0x5b/0x360
[ 2481.499091]  create_object.isra.0+0x3a/0xa20
[ 2481.500172]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2481.501413]  kmem_cache_alloc+0x159/0x360
[ 2481.502438]  jbd2__journal_start+0x190/0x8a0
[ 2481.503524]  __ext4_journal_start_sb+0x214/0x450
[ 2481.504623]  ext4_dirty_inode+0xbc/0x130
[ 2481.505524]  ? ext4_setattr+0x22d0/0x22d0
[ 2481.506430]  __mark_inode_dirty+0x492/0xf90
[ 2481.507409]  touch_atime+0x5ea/0x6e0
[ 2481.508226]  ? atime_needs_update+0x600/0x600
[ 2481.509169]  ? pagecache_get_page+0x243/0xc80
[ 2481.510157]  generic_file_buffered_read+0x18f3/0x28f0
[ 2481.511316]  ? pagecache_get_page+0xc80/0xc80
[ 2481.512307]  ? kasan_save_stack+0x32/0x40
[ 2481.513212]  ? do_splice_direct+0x1c4/0x290
[ 2481.514146]  ? do_sendfile+0x553/0x1090
[ 2481.515009]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2481.515969]  ? do_syscall_64+0x33/0x40
[ 2481.516820]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2481.517974]  ? perf_trace_lock+0xac/0x490
[ 2481.518803]  ? lock_chain_count+0x20/0x20
[ 2481.519716]  generic_file_read_iter+0x33f/0x490
[ 2481.520738]  ext4_file_read_iter+0x184/0x4c0
[ 2481.521697]  generic_file_splice_read+0x455/0x6d0
[ 2481.522706]  ? pipe_to_user+0x170/0x170
[ 2481.523565]  ? _cond_resched+0x12/0x80
[ 2481.524446]  ? avc_policy_seqno+0x9/0x70
[ 2481.525334]  ? selinux_file_permission+0x92/0x520
[ 2481.526362]  ? lockdep_init_map_type+0x2c7/0x780
[ 2481.527359]  ? pipe_to_user+0x170/0x170
[ 2481.528243]  do_splice_to+0x10e/0x160
[ 2481.529082]  splice_direct_to_actor+0x2fe/0x980
[ 2481.530100]  ? pipe_to_sendpage+0x380/0x380
[ 2481.530984]  ? do_splice_to+0x160/0x160
[ 2481.531859]  ? security_file_permission+0x24e/0x570
[ 2481.532955]  do_splice_direct+0x1c4/0x290
[ 2481.533858]  ? splice_direct_to_actor+0x980/0x980
[ 2481.534830]  ? selinux_file_permission+0x92/0x520
[ 2481.535905]  ? security_file_permission+0x24e/0x570
[ 2481.537009]  do_sendfile+0x553/0x1090
[ 2481.537857]  ? do_pwritev+0x270/0x270
[ 2481.538638]  ? wait_for_completion_io+0x270/0x270
[ 2481.539679]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2481.540681]  ? vfs_write+0x354/0xa70
[ 2481.541502]  __x64_sys_sendfile64+0x1d1/0x210
[ 2481.542442]  ? __ia32_sys_sendfile+0x220/0x220
[ 2481.543414]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2481.544473]  do_syscall_64+0x33/0x40
[ 2481.545267]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2481.546327] RIP: 0033:0x7f23c5d5cb19
[ 2481.547136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2481.551055] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2481.552719] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2481.554253] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2481.555761] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2481.557282] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2481.558770] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2481.575679] FAULT_INJECTION: forcing a failure.
[ 2481.575679] name failslab, interval 1, probability 0, space 0, times 0
[ 2481.578233] CPU: 1 PID: 15365 Comm: syz-executor.2 Not tainted 5.10.175 #1
[ 2481.579778] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2481.581562] Call Trace:
[ 2481.582114]  dump_stack+0x107/0x167
[ 2481.582929]  should_fail.cold+0x5/0xa
[ 2481.583796]  ? alloc_pipe_info+0x10a/0x590
[ 2481.584743]  should_failslab+0x5/0x20
[ 2481.585582]  kmem_cache_alloc_trace+0x55/0x2c0
[ 2481.586556]  alloc_pipe_info+0x10a/0x590
[ 2481.587420]  splice_direct_to_actor+0x774/0x980
[ 2481.588454]  ? _cond_resched+0x12/0x80
[ 2481.589318]  ? inode_security+0x107/0x140
[ 2481.590213]  ? pipe_to_sendpage+0x380/0x380
[ 2481.591096]  ? selinux_file_permission+0x92/0x520
[ 2481.592171]  ? do_splice_to+0x160/0x160
[ 2481.593051]  ? security_file_permission+0x24e/0x570
[ 2481.594084]  do_splice_direct+0x1c4/0x290
[ 2481.594989]  ? splice_direct_to_actor+0x980/0x980
[ 2481.595801] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2481.596058]  ? selinux_file_permission+0x92/0x520
[ 2481.596092]  ? security_file_permission+0x24e/0x570
[ 2481.599942]  do_sendfile+0x553/0x1090
[ 2481.600803]  ? do_pwritev+0x270/0x270
[ 2481.601645]  ? wait_for_completion_io+0x270/0x270
[ 2481.602659]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2481.603678]  ? vfs_write+0x354/0xa70
[ 2481.604521]  __x64_sys_sendfile64+0x1d1/0x210
[ 2481.605483]  ? __ia32_sys_sendfile+0x220/0x220
[ 2481.606468]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2481.607553]  do_syscall_64+0x33/0x40
[ 2481.608367]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2481.609443] RIP: 0033:0x7f5209db9b19
[ 2481.610269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2481.614283] RSP: 002b:00007f520730e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2481.615909] RAX: ffffffffffffffda RBX: 00007f5209ecd020 RCX: 00007f5209db9b19
[ 2481.617461] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2481.618985] RBP: 00007f520730e1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2481.620579] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2481.622159] R13: 00007ffc43c8a52f R14: 00007f520730e300 R15: 0000000000022000
[ 2481.630193] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2481.647697] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:49:22 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 2)

01:49:22 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x0)
sendfile(r0, r1, 0x0, 0x20d315)

01:49:22 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:49:22 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(0x0, 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:49:22 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$rtc(&(0x7f0000000100), 0x2, 0x20a001)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000140)={0x8, 0x101, 0x3, 0x3cbd, 0x7f})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x109142, 0x0)
r2 = open(&(0x7f0000000040)='./file1\x00', 0x101000, 0x2)
openat(r2, &(0x7f00000000c0)='./file1\x00', 0x40, 0x80)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r3, 0x0, r1, 0x0, 0x0, 0x0)

01:49:22 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 21)

01:49:22 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 19)

01:49:22 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(0xffffffffffffffff, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:49:23 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = fork()
tkill(r2, 0x2c)
syz_open_procfs(r2, &(0x7f0000000040)='net/if_inet6\x00')
copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x0)
openat$incfs(r0, &(0x7f00000000c0)='.pending_reads\x00', 0x40000, 0x0)

[ 2497.569645] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2497.570049] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2497.579422] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2497.582556] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2497.584010] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2497.601951] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2497.604380] FAULT_INJECTION: forcing a failure.
[ 2497.604380] name failslab, interval 1, probability 0, space 0, times 0
[ 2497.606949] CPU: 0 PID: 15386 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2497.608451] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2497.610230] Call Trace:
[ 2497.610808]  dump_stack+0x107/0x167
[ 2497.611601]  should_fail.cold+0x5/0xa
[ 2497.612441]  ? create_object.isra.0+0x3a/0xa20
[ 2497.613422]  should_failslab+0x5/0x20
[ 2497.614250]  kmem_cache_alloc+0x5b/0x360
[ 2497.615136]  create_object.isra.0+0x3a/0xa20
[ 2497.616096]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2497.617201]  kmem_cache_alloc+0x159/0x360
[ 2497.618117]  alloc_buffer_head+0x20/0x110
[ 2497.619014]  alloc_page_buffers+0x14d/0x700
[ 2497.619982]  create_empty_buffers+0x2c/0x640
[ 2497.620934]  ? wait_for_stable_page+0x92/0xe0
[ 2497.621921]  ext4_write_begin+0xc59/0x11a0
[ 2497.622842]  ? __lockdep_reset_lock+0x180/0x180
[ 2497.623884]  ? ext4_truncate+0x12f0/0x12f0
[ 2497.624803]  ? current_time+0x72/0x2c0
[ 2497.625664]  ext4_da_write_begin+0x623/0xe10
[ 2497.626620]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2497.627763]  ? ktime_get_coarse_real_ts64+0x15a/0x190
[ 2497.628890]  ? iov_iter_fault_in_readable+0x9a/0x410
[ 2497.629988]  ? ktime_get_coarse_real_ts64+0xfd/0x190
01:49:23 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(0xffffffffffffffff, r0, 0x0, 0x20d315)

[ 2497.631092]  ? ext4_write_begin+0x11a0/0x11a0
[ 2497.632252]  ? copyout_mc+0x140/0x140
[ 2497.633081]  ? current_time+0x1e6/0x2c0
[ 2497.633966]  generic_perform_write+0x20a/0x4f0
[ 2497.634979]  ? page_cache_next_miss+0x310/0x310
[ 2497.636000]  ? down_write_killable+0x180/0x180
[ 2497.637018]  ext4_buffered_write_iter+0x244/0x4d0
[ 2497.638076]  ext4_file_write_iter+0xc11/0x18e0
[ 2497.639093]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2497.640098]  ? kasan_save_stack+0x32/0x40
[ 2497.640995]  ? kasan_save_stack+0x1b/0x40
[ 2497.641899]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2497.643013]  ? iter_file_splice_write+0x16d/0xc30
[ 2497.644061]  ? direct_splice_actor+0x10f/0x170
[ 2497.645053]  ? splice_direct_to_actor+0x387/0x980
[ 2497.646099]  ? do_splice_direct+0x1c4/0x290
[ 2497.647041]  ? do_sendfile+0x553/0x1090
[ 2497.647925]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2497.648952]  do_iter_readv_writev+0x476/0x750
[ 2497.649940]  ? new_sync_write+0x660/0x660
[ 2497.650857]  ? selinux_file_permission+0x92/0x520
[ 2497.651967]  do_iter_write+0x191/0x670
[ 2497.652844]  vfs_iter_write+0x70/0xa0
[ 2497.653686]  iter_file_splice_write+0x762/0xc30
[ 2497.654725]  ? generic_splice_sendpage+0x140/0x140
[ 2497.655837]  ? avc_policy_seqno+0x9/0x70
[ 2497.656729]  ? selinux_file_permission+0x92/0x520
[ 2497.657803]  ? lockdep_init_map_type+0x2c7/0x780
[ 2497.658848]  ? generic_splice_sendpage+0x140/0x140
[ 2497.659892]  direct_splice_actor+0x10f/0x170
[ 2497.660833]  splice_direct_to_actor+0x387/0x980
[ 2497.661851]  ? pipe_to_sendpage+0x380/0x380
[ 2497.662766]  ? do_splice_to+0x160/0x160
[ 2497.663591]  ? security_file_permission+0x24e/0x570
[ 2497.664704]  do_splice_direct+0x1c4/0x290
[ 2497.665602]  ? splice_direct_to_actor+0x980/0x980
[ 2497.666636]  ? selinux_file_permission+0x92/0x520
[ 2497.667690]  ? security_file_permission+0x24e/0x570
[ 2497.668808]  do_sendfile+0x553/0x1090
[ 2497.669671]  ? do_pwritev+0x270/0x270
[ 2497.670503]  ? wait_for_completion_io+0x270/0x270
[ 2497.671555]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2497.672527]  ? vfs_write+0x354/0xa70
[ 2497.673357]  __x64_sys_sendfile64+0x1d1/0x210
[ 2497.674344]  ? __ia32_sys_sendfile+0x220/0x220
[ 2497.675358]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2497.676460]  do_syscall_64+0x33/0x40
[ 2497.677284]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2497.678419] RIP: 0033:0x7f23c5d5cb19
[ 2497.679241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2497.683282] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2497.684978] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2497.686550] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2497.688156] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2497.689725] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2497.691302] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2497.708463] FAULT_INJECTION: forcing a failure.
[ 2497.708463] name failslab, interval 1, probability 0, space 0, times 0
[ 2497.711082] CPU: 0 PID: 15412 Comm: syz-executor.2 Not tainted 5.10.175 #1
01:49:23 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2497.712647] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2497.714649] Call Trace:
[ 2497.715241]  dump_stack+0x107/0x167
[ 2497.716075]  should_fail.cold+0x5/0xa
[ 2497.716929]  ? create_object.isra.0+0x3a/0xa20
[ 2497.717951]  should_failslab+0x5/0x20
[ 2497.718800]  kmem_cache_alloc+0x5b/0x360
[ 2497.719721]  create_object.isra.0+0x3a/0xa20
[ 2497.720714]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2497.721861]  kmem_cache_alloc_trace+0x151/0x2c0
[ 2497.722917]  alloc_pipe_info+0x10a/0x590
[ 2497.723855]  splice_direct_to_actor+0x774/0x980
[ 2497.724917]  ? _cond_resched+0x12/0x80
[ 2497.725789]  ? inode_security+0x107/0x140
[ 2497.726719]  ? pipe_to_sendpage+0x380/0x380
[ 2497.727686]  ? selinux_file_permission+0x92/0x520
[ 2497.728786]  ? do_splice_to+0x160/0x160
[ 2497.729678]  ? security_file_permission+0x24e/0x570
[ 2497.730812]  do_splice_direct+0x1c4/0x290
[ 2497.731712]  ? splice_direct_to_actor+0x980/0x980
[ 2497.732671]  ? selinux_file_permission+0x92/0x520
[ 2497.733637]  ? security_file_permission+0x24e/0x570
[ 2497.734647]  do_sendfile+0x553/0x1090
[ 2497.735420]  ? do_pwritev+0x270/0x270
[ 2497.736200]  ? wait_for_completion_io+0x270/0x270
[ 2497.737157]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2497.738088]  ? vfs_write+0x354/0xa70
[ 2497.738837]  __x64_sys_sendfile64+0x1d1/0x210
[ 2497.739731]  ? __ia32_sys_sendfile+0x220/0x220
[ 2497.740653]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2497.741616]  do_syscall_64+0x33/0x40
[ 2497.742357]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2497.743381] RIP: 0033:0x7f5209db9b19
[ 2497.744143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2497.747803] RSP: 002b:00007f520730e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2497.749323] RAX: ffffffffffffffda RBX: 00007f5209ecd020 RCX: 00007f5209db9b19
[ 2497.750750] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2497.752181] RBP: 00007f520730e1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2497.753616] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2497.755069] R13: 00007ffc43c8a52f R14: 00007f520730e300 R15: 0000000000022000
[ 2497.787937] FAULT_INJECTION: forcing a failure.
[ 2497.787937] name failslab, interval 1, probability 0, space 0, times 0
[ 2497.790343] CPU: 0 PID: 15387 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2497.790753] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2497.791815] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2497.791823] Call Trace:
[ 2497.791845]  dump_stack+0x107/0x167
[ 2497.791874]  should_fail.cold+0x5/0xa
[ 2497.797393]  ? create_object.isra.0+0x3a/0xa20
[ 2497.798369]  should_failslab+0x5/0x20
[ 2497.799182]  kmem_cache_alloc+0x5b/0x360
[ 2497.800083]  create_object.isra.0+0x3a/0xa20
[ 2497.801020]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2497.802110]  kmem_cache_alloc+0x159/0x360
[ 2497.803013]  alloc_buffer_head+0x20/0x110
[ 2497.803909]  alloc_page_buffers+0x14d/0x700
[ 2497.804847]  create_empty_buffers+0x2c/0x640
[ 2497.805791]  ? wait_for_stable_page+0x92/0xe0
[ 2497.806756]  ext4_write_begin+0xc59/0x11a0
[ 2497.807668]  ? __lockdep_reset_lock+0x180/0x180
[ 2497.808698]  ? ext4_truncate+0x12f0/0x12f0
[ 2497.809609]  ? current_time+0x72/0x2c0
[ 2497.810461]  ext4_da_write_begin+0x623/0xe10
[ 2497.811414]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2497.812558]  ? ktime_get_coarse_real_ts64+0x15a/0x190
[ 2497.813675]  ? iov_iter_fault_in_readable+0x9a/0x410
[ 2497.814759]  ? ktime_get_coarse_real_ts64+0xfd/0x190
[ 2497.815767]  ? ext4_write_begin+0x11a0/0x11a0
[ 2497.816667]  ? copyout_mc+0x140/0x140
[ 2497.817425]  ? current_time+0x1e6/0x2c0
[ 2497.818232]  generic_perform_write+0x20a/0x4f0
[ 2497.819157]  ? page_cache_next_miss+0x310/0x310
[ 2497.820106]  ? down_write_killable+0x180/0x180
[ 2497.821034]  ext4_buffered_write_iter+0x244/0x4d0
[ 2497.822001]  ext4_file_write_iter+0xc11/0x18e0
[ 2497.822933]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2497.823847]  ? kasan_save_stack+0x32/0x40
[ 2497.824672]  ? kasan_save_stack+0x1b/0x40
[ 2497.825497]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2497.826509]  ? iter_file_splice_write+0x16d/0xc30
[ 2497.827469]  ? direct_splice_actor+0x10f/0x170
[ 2497.828386]  ? splice_direct_to_actor+0x387/0x980
[ 2497.829341]  ? do_splice_direct+0x1c4/0x290
[ 2497.830196]  ? do_sendfile+0x553/0x1090
[ 2497.830987]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2497.831934]  do_iter_readv_writev+0x476/0x750
[ 2497.832830]  ? new_sync_write+0x660/0x660
[ 2497.833654]  ? selinux_file_permission+0x92/0x520
[ 2497.834643]  do_iter_write+0x191/0x670
[ 2497.835440]  vfs_iter_write+0x70/0xa0
[ 2497.836219]  iter_file_splice_write+0x762/0xc30
[ 2497.837170]  ? generic_splice_sendpage+0x140/0x140
[ 2497.838140]  ? mark_held_locks+0x9e/0xe0
[ 2497.838962]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2497.840047]  ? trace_hardirqs_on+0x5b/0x180
[ 2497.840917]  ? pipe_to_user+0x170/0x170
[ 2497.841717]  ? generic_splice_sendpage+0x140/0x140
[ 2497.842695]  direct_splice_actor+0x10f/0x170
[ 2497.843578]  splice_direct_to_actor+0x387/0x980
[ 2497.844850]  ? pipe_to_sendpage+0x380/0x380
[ 2497.845901]  ? do_splice_to+0x160/0x160
[ 2497.846853]  ? security_file_permission+0x24e/0x570
[ 2497.848103]  do_splice_direct+0x1c4/0x290
[ 2497.849097]  ? splice_direct_to_actor+0x980/0x980
[ 2497.850245]  ? selinux_file_permission+0x92/0x520
[ 2497.851412]  ? security_file_permission+0x24e/0x570
[ 2497.852634]  do_sendfile+0x553/0x1090
[ 2497.853567]  ? do_pwritev+0x270/0x270
[ 2497.854484]  ? wait_for_completion_io+0x270/0x270
[ 2497.855659]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2497.856767]  ? vfs_write+0x354/0xa70
[ 2497.857527]  __x64_sys_sendfile64+0x1d1/0x210
[ 2497.858431]  ? __ia32_sys_sendfile+0x220/0x220
[ 2497.859360]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2497.860349]  do_syscall_64+0x33/0x40
[ 2497.861107]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2497.862134] RIP: 0033:0x7ff709825b19
[ 2497.862891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2497.866582] RSP: 002b:00007ff706d9b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2497.868113] RAX: ffffffffffffffda RBX: 00007ff709938f60 RCX: 00007ff709825b19
[ 2497.869528] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2497.870947] RBP: 00007ff706d9b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2497.872551] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2497.873976] R13: 00007ffdbcd37b1f R14: 00007ff706d9b300 R15: 0000000000022000
01:49:23 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(0x0, 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:49:37 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 3)

01:49:37 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(0xffffffffffffffff, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:49:37 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:49:37 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x0)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:49:37 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 22)

01:49:37 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(0xffffffffffffffff, r0, 0x0, 0x20d315)

01:49:37 executing program 0:
r0 = fork()
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_config_ext, 0x0, 0x8000000000000}, r0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r2, 0x0, r1, 0x0, 0x0, 0x0)

01:49:37 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 20)

[ 2512.436860] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2512.440042] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2512.450354] FAULT_INJECTION: forcing a failure.
[ 2512.450354] name failslab, interval 1, probability 0, space 0, times 0
[ 2512.450806] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2512.451674] CPU: 1 PID: 15662 Comm: syz-executor.2 Not tainted 5.10.175 #1
[ 2512.454062] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2512.454938] Call Trace:
[ 2512.455235]  dump_stack+0x107/0x167
[ 2512.455626]  should_fail.cold+0x5/0xa
[ 2512.456043]  ? alloc_pipe_info+0x1e5/0x590
[ 2512.456493]  should_failslab+0x5/0x20
[ 2512.456899]  __kmalloc+0x72/0x330
[ 2512.457267]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2512.457805]  alloc_pipe_info+0x1e5/0x590
[ 2512.458248]  splice_direct_to_actor+0x774/0x980
[ 2512.458747]  ? _cond_resched+0x12/0x80
[ 2512.459174]  ? inode_security+0x107/0x140
[ 2512.459630]  ? pipe_to_sendpage+0x380/0x380
[ 2512.460110]  ? selinux_file_permission+0x92/0x520
[ 2512.460634]  ? do_splice_to+0x160/0x160
[ 2512.461070]  ? security_file_permission+0x24e/0x570
[ 2512.461616]  do_splice_direct+0x1c4/0x290
[ 2512.462076]  ? splice_direct_to_actor+0x980/0x980
[ 2512.462594]  ? selinux_file_permission+0x92/0x520
[ 2512.463116]  ? security_file_permission+0x24e/0x570
[ 2512.463670]  do_sendfile+0x553/0x1090
[ 2512.464101]  ? do_pwritev+0x270/0x270
[ 2512.464518]  ? wait_for_completion_io+0x270/0x270
[ 2512.465043]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2512.465540]  ? vfs_write+0x354/0xa70
[ 2512.465948]  __x64_sys_sendfile64+0x1d1/0x210
[ 2512.466430]  ? __ia32_sys_sendfile+0x220/0x220
[ 2512.466933]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2512.467466]  do_syscall_64+0x33/0x40
[ 2512.467871]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2512.468435] RIP: 0033:0x7f5209db9b19
[ 2512.468835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2512.470801] RSP: 002b:00007f520730e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2512.471618] RAX: ffffffffffffffda RBX: 00007f5209ecd020 RCX: 00007f5209db9b19
[ 2512.472409] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2512.473168] RBP: 00007f520730e1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2512.473937] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2512.474692] R13: 00007ffc43c8a52f R14: 00007f520730e300 R15: 0000000000022000
[ 2512.475827] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2512.478109] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2512.481203] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2512.485144] FAULT_INJECTION: forcing a failure.
[ 2512.485144] name failslab, interval 1, probability 0, space 0, times 0
[ 2512.486432] CPU: 1 PID: 15545 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2512.487187] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2512.488087] Call Trace:
[ 2512.488377]  dump_stack+0x107/0x167
[ 2512.488771]  should_fail.cold+0x5/0xa
[ 2512.489195]  ? create_object.isra.0+0x3a/0xa20
[ 2512.489692]  should_failslab+0x5/0x20
[ 2512.490105]  kmem_cache_alloc+0x5b/0x360
[ 2512.490557]  create_object.isra.0+0x3a/0xa20
[ 2512.491034]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2512.491595]  kmem_cache_alloc+0x159/0x360
[ 2512.492081]  alloc_buffer_head+0x20/0x110
[ 2512.492524]  alloc_page_buffers+0x14d/0x700
[ 2512.492990]  create_empty_buffers+0x2c/0x640
[ 2512.493475]  ? wait_for_stable_page+0x92/0xe0
[ 2512.493964]  ext4_write_begin+0xc59/0x11a0
[ 2512.494426]  ? __lockdep_reset_lock+0x180/0x180
[ 2512.494931]  ? ext4_truncate+0x12f0/0x12f0
[ 2512.495385]  ? current_time+0x72/0x2c0
[ 2512.495814]  ext4_da_write_begin+0x623/0xe10
[ 2512.496309]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2512.496872]  ? ktime_get_coarse_real_ts64+0x15a/0x190
[ 2512.497438]  ? iov_iter_fault_in_readable+0x9a/0x410
[ 2512.497988]  ? ktime_get_coarse_real_ts64+0xfd/0x190
[ 2512.498534]  ? ext4_write_begin+0x11a0/0x11a0
[ 2512.499011]  ? copyout_mc+0x140/0x140
[ 2512.499425]  ? current_time+0x1e6/0x2c0
[ 2512.499855]  generic_perform_write+0x20a/0x4f0
[ 2512.500366]  ? page_cache_next_miss+0x310/0x310
[ 2512.500862]  ? down_write_killable+0x180/0x180
[ 2512.501361]  ext4_buffered_write_iter+0x244/0x4d0
[ 2512.501889]  ext4_file_write_iter+0xc11/0x18e0
[ 2512.502388]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2512.502870]  ? kasan_save_stack+0x32/0x40
[ 2512.503310]  ? kasan_save_stack+0x1b/0x40
[ 2512.503754]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2512.504304]  ? iter_file_splice_write+0x16d/0xc30
[ 2512.504814]  ? direct_splice_actor+0x10f/0x170
[ 2512.505302]  ? splice_direct_to_actor+0x387/0x980
[ 2512.505816]  ? do_splice_direct+0x1c4/0x290
[ 2512.506271]  ? do_sendfile+0x553/0x1090
[ 2512.506698]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2512.507194]  do_iter_readv_writev+0x476/0x750
[ 2512.507675]  ? new_sync_write+0x660/0x660
[ 2512.508123]  ? selinux_file_permission+0x92/0x520
[ 2512.508663]  do_iter_write+0x191/0x670
[ 2512.509095]  vfs_iter_write+0x70/0xa0
[ 2512.509506]  iter_file_splice_write+0x762/0xc30
[ 2512.510013]  ? generic_splice_sendpage+0x140/0x140
[ 2512.510538]  ? avc_policy_seqno+0x9/0x70
[ 2512.510968]  ? selinux_file_permission+0x92/0x520
[ 2512.511481]  ? lockdep_init_map_type+0x2c7/0x780
[ 2512.511995]  ? generic_splice_sendpage+0x140/0x140
[ 2512.512518]  direct_splice_actor+0x10f/0x170
[ 2512.512989]  splice_direct_to_actor+0x387/0x980
[ 2512.513483]  ? pipe_to_sendpage+0x380/0x380
[ 2512.513944]  ? do_splice_to+0x160/0x160
[ 2512.514370]  ? security_file_permission+0x24e/0x570
[ 2512.514905]  do_splice_direct+0x1c4/0x290
[ 2512.515340]  ? splice_direct_to_actor+0x980/0x980
[ 2512.515849]  ? selinux_file_permission+0x92/0x520
[ 2512.516373]  ? security_file_permission+0x24e/0x570
[ 2512.516908]  do_sendfile+0x553/0x1090
[ 2512.517318]  ? do_pwritev+0x270/0x270
[ 2512.517726]  ? wait_for_completion_io+0x270/0x270
[ 2512.518238]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2512.518742]  ? vfs_write+0x354/0xa70
[ 2512.519144]  __x64_sys_sendfile64+0x1d1/0x210
[ 2512.519619]  ? __ia32_sys_sendfile+0x220/0x220
[ 2512.520114]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2512.520623]  do_syscall_64+0x33/0x40
[ 2512.521021]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2512.521562] RIP: 0033:0x7f23c5d5cb19
[ 2512.521960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2512.523873] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2512.524691] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2512.525440] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2512.526184] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2512.526931] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2512.527686] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2512.531628] FAULT_INJECTION: forcing a failure.
[ 2512.531628] name failslab, interval 1, probability 0, space 0, times 0
[ 2512.533148] CPU: 1 PID: 15540 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2512.533894] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2512.534774] Call Trace:
[ 2512.535056]  dump_stack+0x107/0x167
[ 2512.535456]  should_fail.cold+0x5/0xa
[ 2512.535866]  ? ext4_mb_new_blocks+0x64d/0x4920
[ 2512.536388]  should_failslab+0x5/0x20
[ 2512.536793]  kmem_cache_alloc+0x5b/0x360
[ 2512.537249]  ext4_mb_new_blocks+0x64d/0x4920
[ 2512.537739]  ? __lockdep_reset_lock+0x180/0x180
[ 2512.538265]  ? ext4_discard_preallocations+0xe30/0xe30
[ 2512.538825]  ? ext4_get_branch+0x541/0x6d0
[ 2512.539319]  ext4_ind_map_blocks+0x1950/0x2290
[ 2512.539809]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2512.540406]  ? ext4_free_branches+0x680/0x680
[ 2512.540913]  ? lock_acquire+0x197/0x4a0
[ 2512.541375]  ? lock_release+0x6b0/0x6b0
[ 2512.541829]  ? find_held_lock+0x2c/0x110
[ 2512.542271]  ? down_write+0xe0/0x160
[ 2512.542683]  ? down_write_killable+0x180/0x180
[ 2512.543179]  ext4_map_blocks+0x9ed/0x1970
[ 2512.543651]  ? __lock_acquire+0xbb1/0x5b00
[ 2512.544108]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2512.544619]  ? __lock_acquire+0x1657/0x5b00
[ 2512.545118]  _ext4_get_block+0x21e/0x570
[ 2512.545567]  ? ext4_map_blocks+0x1970/0x1970
[ 2512.546062]  ? perf_trace_lock+0xac/0x490
[ 2512.546532]  ? create_page_buffers+0x139/0x230
[ 2512.547050]  __block_write_begin_int+0x3d1/0x19c0
[ 2512.547588]  ? _ext4_get_block+0x570/0x570
[ 2512.548087]  ? remove_inode_buffers+0x300/0x300
[ 2512.548616]  ? ext4_journal_check_start+0x1b3/0x2a0
[ 2512.549186]  ext4_write_begin+0x68e/0x11a0
[ 2512.549660]  ? __lockdep_reset_lock+0x180/0x180
[ 2512.550195]  ? ext4_truncate+0x12f0/0x12f0
[ 2512.550675]  ? current_time+0x72/0x2c0
[ 2512.551126]  ext4_da_write_begin+0x623/0xe10
[ 2512.551624]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2512.552220]  ? ktime_get_coarse_real_ts64+0x15a/0x190
[ 2512.552804]  ? iov_iter_fault_in_readable+0x9a/0x410
[ 2512.553373]  ? ktime_get_coarse_real_ts64+0xfd/0x190
[ 2512.553939]  ? ext4_write_begin+0x11a0/0x11a0
[ 2512.554437]  ? copyout_mc+0x140/0x140
[ 2512.554862]  ? current_time+0x1e6/0x2c0
[ 2512.555312]  generic_perform_write+0x20a/0x4f0
[ 2512.555833]  ? page_cache_next_miss+0x310/0x310
[ 2512.556310]  ? down_write_killable+0x180/0x180
[ 2512.556829]  ext4_buffered_write_iter+0x244/0x4d0
[ 2512.557372]  ext4_file_write_iter+0xc11/0x18e0
[ 2512.557900]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2512.558407]  ? kasan_save_stack+0x32/0x40
[ 2512.558876]  ? kasan_save_stack+0x1b/0x40
[ 2512.559339]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2512.559901]  ? iter_file_splice_write+0x16d/0xc30
[ 2512.560446]  ? direct_splice_actor+0x10f/0x170
[ 2512.560956]  ? splice_direct_to_actor+0x387/0x980
[ 2512.561495]  ? do_splice_direct+0x1c4/0x290
[ 2512.561975]  ? do_sendfile+0x553/0x1090
[ 2512.562424]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2512.562957]  do_iter_readv_writev+0x476/0x750
[ 2512.563468]  ? new_sync_write+0x660/0x660
[ 2512.563938]  ? selinux_file_permission+0x92/0x520
[ 2512.564505]  do_iter_write+0x191/0x670
[ 2512.564953]  vfs_iter_write+0x70/0xa0
[ 2512.565378]  iter_file_splice_write+0x762/0xc30
[ 2512.565916]  ? generic_splice_sendpage+0x140/0x140
[ 2512.566467]  ? avc_policy_seqno+0x9/0x70
[ 2512.566911]  ? selinux_file_permission+0x92/0x520
[ 2512.567459]  ? lockdep_init_map_type+0x2c7/0x780
[ 2512.568013]  ? generic_splice_sendpage+0x140/0x140
[ 2512.568561]  direct_splice_actor+0x10f/0x170
[ 2512.569056]  splice_direct_to_actor+0x387/0x980
[ 2512.569584]  ? pipe_to_sendpage+0x380/0x380
[ 2512.570072]  ? do_splice_to+0x160/0x160
[ 2512.570512]  ? security_file_permission+0x24e/0x570
[ 2512.571079]  do_splice_direct+0x1c4/0x290
[ 2512.571539]  ? splice_direct_to_actor+0x980/0x980
[ 2512.572084]  ? selinux_file_permission+0x92/0x520
[ 2512.572621]  ? security_file_permission+0x24e/0x570
[ 2512.573187]  do_sendfile+0x553/0x1090
[ 2512.573619]  ? do_pwritev+0x270/0x270
[ 2512.574050]  ? wait_for_completion_io+0x270/0x270
[ 2512.574586]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2512.575105]  ? vfs_write+0x354/0xa70
[ 2512.575534]  __x64_sys_sendfile64+0x1d1/0x210
[ 2512.576050]  ? __ia32_sys_sendfile+0x220/0x220
[ 2512.576569]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2512.577108]  do_syscall_64+0x33/0x40
[ 2512.577522]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2512.578098] RIP: 0033:0x7ff709825b19
[ 2512.578514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2512.580594] RSP: 002b:00007ff706d9b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2512.581443] RAX: ffffffffffffffda RBX: 00007ff709938f60 RCX: 00007ff709825b19
[ 2512.582251] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2512.583044] RBP: 00007ff706d9b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2512.583842] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2512.584659] R13: 00007ffdbcd37b1f R14: 00007ff706d9b300 R15: 0000000000022000
01:49:38 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2512.644243] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2512.658048] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
01:49:38 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x0)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:49:38 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 21)

01:49:38 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 23)

01:49:38 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(0xffffffffffffffff, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:49:38 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(0xffffffffffffffff, r0, 0x0, 0x20d315)

01:49:38 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 4)

[ 2512.804002] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
01:49:38 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(0x0, 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2512.850381] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2512.858110] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2512.861429] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2512.865491] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2512.868541] FAULT_INJECTION: forcing a failure.
[ 2512.868541] name failslab, interval 1, probability 0, space 0, times 0
[ 2512.869953] CPU: 1 PID: 15684 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2512.870795] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2512.871811] Call Trace:
[ 2512.872154]  dump_stack+0x107/0x167
[ 2512.872610]  should_fail.cold+0x5/0xa
01:49:38 executing program 0:
r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x800000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r2, 0x0, r1, 0x0, 0x0, 0x0)
recvmsg$unix(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)=""/110, 0x6e}, {&(0x7f00000001c0)=""/142, 0x8e}, {&(0x7f0000000280)=""/19, 0x13}, {&(0x7f00000002c0)=""/27, 0x1b}], 0x4, &(0x7f0000000340)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, <r4=>0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r5=>0xffffffffffffffff, 0xffffffffffffffff, <r6=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xc8}, 0x41)
write$P9_RWALK(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="160000006f0100010008000000000500000000000000a7e86b6f8d6109f3fab6cb8ebed4ddf23f0a5ee8603805842aaeecd61d89ba796dfee18891aa2c8ed832d7670c8f318c3be2c8ff9614b2b84e9b4752a822576534ae405291ddf722162265118cc70141135ca4c2d7e7981543ab87e39ddfd03b1c351fb0b90683d6a27a26f8"], 0x16)
r7 = fork()
fsetxattr$security_capability(r4, &(0x7f0000000480), &(0x7f0000000640)=@v1={0x1000000, [{0x80000000, 0x1ff}]}, 0xc, 0x1)
tkill(r7, 0x2c)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x8, 0x1, 0x20, 0x80, 0x0, 0x95, 0x4008, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x35ec, 0x1, @perf_bp={&(0x7f0000000040)}, 0x91ad, 0x9, 0x3, 0x6, 0x81, 0x10000, 0x2, 0x0, 0x1, 0x0, 0x3f}, r7, 0x5, r0, 0x0)
ioctl$TIOCGPGRP(r6, 0x540f, &(0x7f0000000540)=<r8=>0x0)
perf_event_open(&(0x7f00000004c0)={0x0, 0x80, 0xc9, 0xdc, 0x8, 0x7, 0x0, 0x3, 0x8c01, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1000, 0x1, @perf_config_ext={0x9, 0xffffffffffff8000}, 0x20, 0x8, 0xcf, 0x5, 0x6, 0xfffffff9, 0x1, 0x0, 0x9, 0x0, 0x5}, r8, 0x5, r3, 0x1)

[ 2512.873081]  ? create_object.isra.0+0x3a/0xa20
[ 2512.873855]  should_failslab+0x5/0x20
[ 2512.874356]  kmem_cache_alloc+0x5b/0x360
[ 2512.874867]  create_object.isra.0+0x3a/0xa20
[ 2512.875404]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2512.876034]  kmem_cache_alloc+0x159/0x360
[ 2512.876551]  alloc_buffer_head+0x20/0x110
[ 2512.877050]  alloc_page_buffers+0x14d/0x700
[ 2512.877557]  create_empty_buffers+0x2c/0x640
[ 2512.878086]  ? wait_for_stable_page+0x92/0xe0
[ 2512.878634]  ext4_write_begin+0xc59/0x11a0
[ 2512.879149]  ? __lockdep_reset_lock+0x180/0x180
[ 2512.879723]  ? ext4_truncate+0x12f0/0x12f0
[ 2512.880249]  ? current_time+0x72/0x2c0
[ 2512.880710]  ext4_da_write_begin+0x623/0xe10
[ 2512.881243]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2512.881867]  ? ktime_get_coarse_real_ts64+0x15a/0x190
[ 2512.882499]  ? iov_iter_fault_in_readable+0x9a/0x410
[ 2512.883104]  ? ktime_get_coarse_real_ts64+0xfd/0x190
[ 2512.883703]  ? ext4_write_begin+0x11a0/0x11a0
[ 2512.884236]  ? copyout_mc+0x140/0x140
[ 2512.884696]  ? current_time+0x1e6/0x2c0
[ 2512.885182]  generic_perform_write+0x20a/0x4f0
[ 2512.885742]  ? page_cache_next_miss+0x310/0x310
[ 2512.886306]  ? down_write_killable+0x180/0x180
[ 2512.886859]  ext4_buffered_write_iter+0x244/0x4d0
[ 2512.887442]  ext4_file_write_iter+0xc11/0x18e0
[ 2512.888007]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2512.888541]  ? kasan_save_stack+0x32/0x40
[ 2512.889028]  ? kasan_save_stack+0x1b/0x40
[ 2512.889526]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2512.890138]  ? iter_file_splice_write+0x16d/0xc30
[ 2512.890719]  ? direct_splice_actor+0x10f/0x170
[ 2512.891256]  ? splice_direct_to_actor+0x387/0x980
[ 2512.891828]  ? do_splice_direct+0x1c4/0x290
[ 2512.892346]  ? do_sendfile+0x553/0x1090
[ 2512.892770]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2512.893330]  do_iter_readv_writev+0x476/0x750
[ 2512.893862]  ? new_sync_write+0x660/0x660
[ 2512.894349]  ? selinux_file_permission+0x92/0x520
[ 2512.894941]  do_iter_write+0x191/0x670
[ 2512.895419]  vfs_iter_write+0x70/0xa0
[ 2512.895877]  iter_file_splice_write+0x762/0xc30
[ 2512.896449]  ? generic_splice_sendpage+0x140/0x140
[ 2512.897034]  ? avc_policy_seqno+0x9/0x70
[ 2512.897528]  ? selinux_file_permission+0x92/0x520
[ 2512.898105]  ? lockdep_init_map_type+0x2c7/0x780
[ 2512.898675]  ? generic_splice_sendpage+0x140/0x140
[ 2512.899261]  direct_splice_actor+0x10f/0x170
[ 2512.899780]  splice_direct_to_actor+0x387/0x980
[ 2512.900354]  ? pipe_to_sendpage+0x380/0x380
[ 2512.900877]  ? do_splice_to+0x160/0x160
[ 2512.901356]  ? security_file_permission+0x24e/0x570
[ 2512.901888]  do_splice_direct+0x1c4/0x290
[ 2512.902355]  ? splice_direct_to_actor+0x980/0x980
[ 2512.902936]  ? selinux_file_permission+0x92/0x520
[ 2512.903512]  ? security_file_permission+0x24e/0x570
[ 2512.904120]  do_sendfile+0x553/0x1090
[ 2512.904581]  ? do_pwritev+0x270/0x270
[ 2512.905036]  ? wait_for_completion_io+0x270/0x270
[ 2512.905610]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2512.906165]  ? vfs_write+0x354/0xa70
[ 2512.906613]  __x64_sys_sendfile64+0x1d1/0x210
[ 2512.907090]  ? __ia32_sys_sendfile+0x220/0x220
[ 2512.907638]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2512.908159]  do_syscall_64+0x33/0x40
[ 2512.908597]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2512.909211] RIP: 0033:0x7f23c5d5cb19
[ 2512.909659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2512.911814] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2512.912736] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2512.913589] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2512.914416] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2512.915262] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2512.916116] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2512.931409] FAULT_INJECTION: forcing a failure.
[ 2512.931409] name failslab, interval 1, probability 0, space 0, times 0
[ 2512.934151] CPU: 0 PID: 15700 Comm: syz-executor.4 Not tainted 5.10.175 #1
[ 2512.935646] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2512.937454] Call Trace:
[ 2512.938034]  dump_stack+0x107/0x167
[ 2512.938835]  should_fail.cold+0x5/0xa
[ 2512.939663]  ? create_object.isra.0+0x3a/0xa20
[ 2512.940664]  should_failslab+0x5/0x20
[ 2512.941486]  kmem_cache_alloc+0x5b/0x360
[ 2512.942364]  ? ext4_journal_check_start+0x1b3/0x2a0
[ 2512.943450]  create_object.isra.0+0x3a/0xa20
[ 2512.944422]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2512.945528]  kmem_cache_alloc+0x159/0x360
[ 2512.946446]  ext4_mb_new_blocks+0x64d/0x4920
[ 2512.947427]  ? perf_trace_lock+0xac/0x490
[ 2512.948342]  ? lock_chain_count+0x20/0x20
[ 2512.949247]  ? __lockdep_reset_lock+0x180/0x180
[ 2512.950262]  ? ext4_discard_preallocations+0xe30/0xe30
[ 2512.951392]  ? perf_trace_lock+0xac/0x490
[ 2512.952306]  ? ext4_get_branch+0x541/0x6d0
[ 2512.953241]  ext4_ind_map_blocks+0x1950/0x2290
[ 2512.954239]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2512.955386]  ? ext4_free_branches+0x680/0x680
[ 2512.956392]  ? lock_acquire+0x197/0x4a0
[ 2512.957265]  ? lock_release+0x6b0/0x6b0
[ 2512.958134]  ? io_schedule_timeout+0x140/0x140
[ 2512.959148]  ? down_write+0xe0/0x160
[ 2512.959962]  ? down_write_killable+0x180/0x180
[ 2512.960983]  ext4_map_blocks+0x9ed/0x1970
[ 2512.961896]  ? __lock_acquire+0xbb1/0x5b00
[ 2512.962815]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2512.963795]  ? __lock_acquire+0x1657/0x5b00
[ 2512.964781]  _ext4_get_block+0x21e/0x570
[ 2512.965670]  ? ext4_map_blocks+0x1970/0x1970
[ 2512.966627]  ? perf_trace_lock+0xac/0x490
[ 2512.967538]  ? create_page_buffers+0x139/0x230
[ 2512.968546]  __block_write_begin_int+0x3d1/0x19c0
[ 2512.969596]  ? _ext4_get_block+0x570/0x570
[ 2512.970551]  ? remove_inode_buffers+0x300/0x300
[ 2512.971572]  ? ext4_journal_check_start+0x1b3/0x2a0
[ 2512.972690]  ext4_write_begin+0x68e/0x11a0
[ 2512.973602]  ? __lockdep_reset_lock+0x180/0x180
[ 2512.974635]  ? ext4_truncate+0x12f0/0x12f0
[ 2512.975553]  ? current_time+0x72/0x2c0
[ 2512.976414]  ext4_da_write_begin+0x623/0xe10
[ 2512.977362]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2512.978490]  ? ktime_get_coarse_real_ts64+0x15a/0x190
[ 2512.979605]  ? iov_iter_fault_in_readable+0x9a/0x410
[ 2512.980716]  ? ktime_get_coarse_real_ts64+0xfd/0x190
[ 2512.981816]  ? ext4_write_begin+0x11a0/0x11a0
[ 2512.982781]  ? copyout_mc+0x140/0x140
[ 2512.983617]  ? current_time+0x1e6/0x2c0
[ 2512.984510]  generic_perform_write+0x20a/0x4f0
[ 2512.985520]  ? page_cache_next_miss+0x310/0x310
[ 2512.986530]  ? down_write_killable+0x180/0x180
[ 2512.987536]  ext4_buffered_write_iter+0x244/0x4d0
[ 2512.988602]  ext4_file_write_iter+0xc11/0x18e0
[ 2512.989609]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2512.990607]  ? kasan_save_stack+0x32/0x40
[ 2512.991492]  ? kasan_save_stack+0x1b/0x40
[ 2512.992411]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2512.993502]  ? iter_file_splice_write+0x16d/0xc30
[ 2512.994545]  ? direct_splice_actor+0x10f/0x170
[ 2512.995528]  ? splice_direct_to_actor+0x387/0x980
[ 2512.996583]  ? do_splice_direct+0x1c4/0x290
[ 2512.997515]  ? do_sendfile+0x553/0x1090
[ 2512.998376]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2512.999396]  do_iter_readv_writev+0x476/0x750
[ 2513.000386]  ? new_sync_write+0x660/0x660
[ 2513.001278]  ? selinux_file_permission+0x92/0x520
[ 2513.002369]  do_iter_write+0x191/0x670
[ 2513.003238]  vfs_iter_write+0x70/0xa0
[ 2513.004101]  iter_file_splice_write+0x762/0xc30
[ 2513.005137]  ? generic_splice_sendpage+0x140/0x140
[ 2513.006233]  ? avc_policy_seqno+0x9/0x70
[ 2513.007104]  ? selinux_file_permission+0x92/0x520
[ 2513.008175]  ? lockdep_init_map_type+0x2c7/0x780
[ 2513.009199]  ? generic_splice_sendpage+0x140/0x140
[ 2513.010271]  direct_splice_actor+0x10f/0x170
[ 2513.011231]  splice_direct_to_actor+0x387/0x980
[ 2513.012282]  ? pipe_to_sendpage+0x380/0x380
[ 2513.013229]  ? do_splice_to+0x160/0x160
[ 2513.014093]  ? security_file_permission+0x24e/0x570
[ 2513.015198]  do_splice_direct+0x1c4/0x290
[ 2513.016120]  ? splice_direct_to_actor+0x980/0x980
[ 2513.017164]  ? selinux_file_permission+0x92/0x520
[ 2513.018229]  ? security_file_permission+0x24e/0x570
[ 2513.019334]  do_sendfile+0x553/0x1090
[ 2513.020205]  ? do_pwritev+0x270/0x270
[ 2513.021030]  ? wait_for_completion_io+0x270/0x270
[ 2513.022090]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2513.023101]  ? vfs_write+0x354/0xa70
[ 2513.023934]  __x64_sys_sendfile64+0x1d1/0x210
[ 2513.024920]  ? __ia32_sys_sendfile+0x220/0x220
[ 2513.025941]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2513.026988]  do_syscall_64+0x33/0x40
[ 2513.027787]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2513.028903] RIP: 0033:0x7ff709825b19
[ 2513.029723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2513.033599] RSP: 002b:00007ff706d7a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2513.035250] RAX: ffffffffffffffda RBX: 00007ff709939020 RCX: 00007ff709825b19
[ 2513.036790] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[ 2513.038338] RBP: 00007ff706d7a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2513.039869] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2513.041416] R13: 00007ffdbcd37b1f R14: 00007ff706d7a300 R15: 0000000000022000
01:49:38 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

[ 2513.059087] FAULT_INJECTION: forcing a failure.
[ 2513.059087] name failslab, interval 1, probability 0, space 0, times 0
[ 2513.061623] CPU: 0 PID: 15706 Comm: syz-executor.2 Not tainted 5.10.175 #1
[ 2513.063103] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2513.064906] Call Trace:
[ 2513.065479]  dump_stack+0x107/0x167
[ 2513.066277]  should_fail.cold+0x5/0xa
[ 2513.067102]  ? create_object.isra.0+0x3a/0xa20
[ 2513.068098]  should_failslab+0x5/0x20
[ 2513.068921]  kmem_cache_alloc+0x5b/0x360
[ 2513.069813]  create_object.isra.0+0x3a/0xa20
[ 2513.070763]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2513.071849]  __kmalloc+0x16e/0x330
[ 2513.072653]  alloc_pipe_info+0x1e5/0x590
[ 2513.073533]  splice_direct_to_actor+0x774/0x980
[ 2513.074529]  ? _cond_resched+0x12/0x80
[ 2513.075354]  ? inode_security+0x107/0x140
[ 2513.076252]  ? pipe_to_sendpage+0x380/0x380
[ 2513.077161]  ? selinux_file_permission+0x92/0x520
[ 2513.078187]  ? do_splice_to+0x160/0x160
[ 2513.079027]  ? security_file_permission+0x24e/0x570
[ 2513.080113]  do_splice_direct+0x1c4/0x290
[ 2513.080998]  ? splice_direct_to_actor+0x980/0x980
[ 2513.082008]  ? selinux_file_permission+0x92/0x520
[ 2513.083028]  ? security_file_permission+0x24e/0x570
[ 2513.084135]  do_sendfile+0x553/0x1090
[ 2513.084973]  ? do_pwritev+0x270/0x270
[ 2513.085793]  ? wait_for_completion_io+0x270/0x270
[ 2513.086825]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2513.087813]  ? vfs_write+0x354/0xa70
[ 2513.088631]  __x64_sys_sendfile64+0x1d1/0x210
[ 2513.089595]  ? __ia32_sys_sendfile+0x220/0x220
[ 2513.090579]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2513.091627]  do_syscall_64+0x33/0x40
[ 2513.092486]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2513.093587] RIP: 0033:0x7f5209db9b19
[ 2513.094389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2513.098291] RSP: 002b:00007f520730e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2513.099929] RAX: ffffffffffffffda RBX: 00007f5209ecd020 RCX: 00007f5209db9b19
[ 2513.101535] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2513.103063] RBP: 00007f520730e1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2513.104593] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2513.106114] R13: 00007ffc43c8a52f R14: 00007f520730e300 R15: 0000000000022000
01:49:38 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x0)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2513.185175] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2513.198090] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:49:38 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x20d315)

01:49:38 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 22)

[ 2513.275299] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2513.326493] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
01:49:38 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(0x0, 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2513.356928] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2513.366993] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2513.367261] FAULT_INJECTION: forcing a failure.
[ 2513.367261] name failslab, interval 1, probability 0, space 0, times 0
[ 2513.370891] CPU: 0 PID: 15823 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2513.372390] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2513.374164] Call Trace:
[ 2513.374738]  dump_stack+0x107/0x167
[ 2513.375536]  should_fail.cold+0x5/0xa
[ 2513.376378]  ? ext4_mb_new_blocks+0x64d/0x4920
[ 2513.377381]  should_failslab+0x5/0x20
[ 2513.378220]  kmem_cache_alloc+0x5b/0x360
[ 2513.379122]  ext4_mb_new_blocks+0x64d/0x4920
[ 2513.380133]  ? __lockdep_reset_lock+0x180/0x180
[ 2513.381180]  ? ext4_discard_preallocations+0xe30/0xe30
[ 2513.382329]  ? ext4_get_branch+0x541/0x6d0
[ 2513.383279]  ext4_ind_map_blocks+0x1950/0x2290
[ 2513.384318]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2513.385484]  ? ext4_free_branches+0x680/0x680
[ 2513.386480]  ? lock_acquire+0x197/0x4a0
[ 2513.387369]  ? lock_release+0x6b0/0x6b0
[ 2513.388252]  ? find_held_lock+0x2c/0x110
[ 2513.389171]  ? down_write+0xe0/0x160
[ 2513.389995]  ? down_write_killable+0x180/0x180
[ 2513.391025]  ext4_map_blocks+0x9ed/0x1970
[ 2513.391970]  ? __lock_acquire+0xbb1/0x5b00
[ 2513.392926]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2513.393915]  ? __lock_acquire+0x1657/0x5b00
01:49:38 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 5)

[ 2513.394887]  _ext4_get_block+0x21e/0x570
[ 2513.395939]  ? ext4_map_blocks+0x1970/0x1970
[ 2513.396925]  ? perf_trace_lock+0xac/0x490
[ 2513.397846]  ? create_page_buffers+0x139/0x230
[ 2513.398853]  __block_write_begin_int+0x3d1/0x19c0
[ 2513.399908]  ? _ext4_get_block+0x570/0x570
[ 2513.400873]  ? remove_inode_buffers+0x300/0x300
[ 2513.401890]  ? ext4_journal_check_start+0x1b3/0x2a0
[ 2513.403001]  ext4_write_begin+0x68e/0x11a0
[ 2513.403918]  ? __lockdep_reset_lock+0x180/0x180
[ 2513.404994]  ? ext4_truncate+0x12f0/0x12f0
[ 2513.405912]  ? current_time+0x72/0x2c0
[ 2513.406788]  ext4_da_write_begin+0x623/0xe10
[ 2513.407744]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2513.408901]  ? ktime_get_coarse_real_ts64+0x15a/0x190
[ 2513.410019]  ? iov_iter_fault_in_readable+0x9a/0x410
[ 2513.411130]  ? ktime_get_coarse_real_ts64+0xfd/0x190
[ 2513.412256]  ? ext4_write_begin+0x11a0/0x11a0
[ 2513.413234]  ? copyout_mc+0x140/0x140
[ 2513.414075]  ? current_time+0x1e6/0x2c0
[ 2513.414964]  generic_perform_write+0x20a/0x4f0
[ 2513.416010]  ? page_cache_next_miss+0x310/0x310
[ 2513.417049]  ? down_write_killable+0x180/0x180
[ 2513.418085]  ext4_buffered_write_iter+0x244/0x4d0
[ 2513.419161]  ext4_file_write_iter+0xc11/0x18e0
[ 2513.420200]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2513.421197]  ? kasan_save_stack+0x32/0x40
[ 2513.422098]  ? kasan_save_stack+0x1b/0x40
[ 2513.423001]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2513.424114]  ? iter_file_splice_write+0x16d/0xc30
[ 2513.424667] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2513.425162]  ? direct_splice_actor+0x10f/0x170
[ 2513.425180]  ? splice_direct_to_actor+0x387/0x980
[ 2513.425200]  ? do_splice_direct+0x1c4/0x290
[ 2513.429072]  ? do_sendfile+0x553/0x1090
[ 2513.429944]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2513.430985]  do_iter_readv_writev+0x476/0x750
[ 2513.431986]  ? new_sync_write+0x660/0x660
[ 2513.432898]  ? selinux_file_permission+0x92/0x520
[ 2513.433997]  do_iter_write+0x191/0x670
[ 2513.434882]  vfs_iter_write+0x70/0xa0
[ 2513.435732]  iter_file_splice_write+0x762/0xc30
[ 2513.436808]  ? generic_splice_sendpage+0x140/0x140
[ 2513.437905]  ? avc_policy_seqno+0x9/0x70
[ 2513.438794]  ? selinux_file_permission+0x92/0x520
[ 2513.439871]  ? lockdep_init_map_type+0x2c7/0x780
[ 2513.440936]  ? generic_splice_sendpage+0x140/0x140
[ 2513.442018]  direct_splice_actor+0x10f/0x170
[ 2513.442990]  splice_direct_to_actor+0x387/0x980
[ 2513.444037]  ? pipe_to_sendpage+0x380/0x380
[ 2513.445004]  ? do_splice_to+0x160/0x160
[ 2513.445883]  ? security_file_permission+0x24e/0x570
[ 2513.447026]  do_splice_direct+0x1c4/0x290
[ 2513.447944]  ? splice_direct_to_actor+0x980/0x980
[ 2513.449013]  ? selinux_file_permission+0x92/0x520
[ 2513.450090]  ? security_file_permission+0x24e/0x570
[ 2513.451202]  do_sendfile+0x553/0x1090
[ 2513.452072]  ? do_pwritev+0x270/0x270
[ 2513.452913]  ? wait_for_completion_io+0x270/0x270
[ 2513.453997]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2513.455019]  ? vfs_write+0x354/0xa70
[ 2513.455851]  __x64_sys_sendfile64+0x1d1/0x210
[ 2513.456832]  ? __ia32_sys_sendfile+0x220/0x220
[ 2513.457848]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2513.458898]  do_syscall_64+0x33/0x40
[ 2513.459727]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2513.460843] RIP: 0033:0x7f23c5d5cb19
[ 2513.461667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2513.465664] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2513.467340] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2513.468910] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2513.470474] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2513.472045] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2513.473607] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2513.489286] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2513.509631] FAULT_INJECTION: forcing a failure.
[ 2513.509631] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2513.510963] CPU: 1 PID: 15831 Comm: syz-executor.2 Not tainted 5.10.175 #1
[ 2513.511741] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2513.512638] Call Trace:
[ 2513.512937]  dump_stack+0x107/0x167
[ 2513.513335]  should_fail.cold+0x5/0xa
[ 2513.513769]  __alloc_pages_nodemask+0x182/0x690
[ 2513.514273]  ? xa_load+0x12d/0x2c0
[ 2513.514675]  ? lock_downgrade+0x6d0/0x6d0
[ 2513.515124]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2513.515803]  alloc_pages_current+0x187/0x280
[ 2513.516291]  __page_cache_alloc+0x2d2/0x360
[ 2513.516774]  page_cache_ra_unbounded+0x207/0x6f0
[ 2513.517291]  ? read_pages+0xbc0/0xbc0
[ 2513.517719]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2513.518234]  ondemand_readahead+0x8e5/0x1150
[ 2513.518725]  page_cache_sync_ra+0x138/0x170
[ 2513.519191]  generic_file_buffered_read+0xc74/0x28f0
[ 2513.519767]  ? pagecache_get_page+0xc80/0xc80
[ 2513.520260]  ? kasan_save_stack+0x32/0x40
[ 2513.520717]  ? do_splice_direct+0x1c4/0x290
[ 2513.521198]  ? do_sendfile+0x553/0x1090
[ 2513.521636]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2513.522147]  ? do_syscall_64+0x33/0x40
[ 2513.522579]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2513.523165]  ? perf_trace_lock+0xac/0x490
[ 2513.523620]  ? lock_chain_count+0x20/0x20
[ 2513.524088]  generic_file_read_iter+0x33f/0x490
[ 2513.524616]  ext4_file_read_iter+0x184/0x4c0
[ 2513.525102]  generic_file_splice_read+0x455/0x6d0
[ 2513.525631]  ? pipe_to_user+0x170/0x170
[ 2513.526069]  ? _cond_resched+0x12/0x80
[ 2513.526496]  ? avc_policy_seqno+0x9/0x70
[ 2513.526943]  ? selinux_file_permission+0x92/0x520
[ 2513.527490]  ? lockdep_init_map_type+0x2c7/0x780
[ 2513.528018]  ? pipe_to_user+0x170/0x170
[ 2513.528461]  do_splice_to+0x10e/0x160
[ 2513.528887]  splice_direct_to_actor+0x2fe/0x980
[ 2513.529407]  ? pipe_to_sendpage+0x380/0x380
[ 2513.529887]  ? do_splice_to+0x160/0x160
[ 2513.530329]  ? security_file_permission+0x24e/0x570
[ 2513.530887]  do_splice_direct+0x1c4/0x290
[ 2513.531352]  ? splice_direct_to_actor+0x980/0x980
[ 2513.531873]  ? selinux_file_permission+0x92/0x520
[ 2513.532418]  ? security_file_permission+0x24e/0x570
[ 2513.532978]  do_sendfile+0x553/0x1090
[ 2513.533412]  ? do_pwritev+0x270/0x270
[ 2513.533837]  ? wait_for_completion_io+0x270/0x270
[ 2513.534370]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2513.534885]  ? vfs_write+0x354/0xa70
[ 2513.535302]  __x64_sys_sendfile64+0x1d1/0x210
[ 2513.535803]  ? __ia32_sys_sendfile+0x220/0x220
[ 2513.536326]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2513.536866]  do_syscall_64+0x33/0x40
[ 2513.537281]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2513.537847] RIP: 0033:0x7f5209db9b19
[ 2513.538247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2513.540267] RSP: 002b:00007f520732f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2513.541110] RAX: ffffffffffffffda RBX: 00007f5209eccf60 RCX: 00007f5209db9b19
[ 2513.541902] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2513.542682] RBP: 00007f520732f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2513.543466] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2513.544267] R13: 00007ffc43c8a52f R14: 00007f520732f300 R15: 0000000000022000
01:49:54 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 24)

01:49:54 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 6)

01:49:54 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(0x0, 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:49:54 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:49:54 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(0xffffffffffffffff, r0, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:49:54 executing program 0:
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=<r0=>0x0)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x1, 0x0, 0x2, 0x0, 0x0, 0x10004, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xf72a, 0x2}, 0x10000, 0x4, 0x0, 0x3}, r0, 0x800000b, 0xffffffffffffffff, 0x0)
r1 = fork()
tkill(r1, 0x2c)
r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(r2, 0x0, 0x0, 0x8800000)
perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x80, 0x2, 0x2, 0x0, 0x0, 0x81, 0x80100, 0xc74fddfd3e429fa6, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f00000000c0), 0x7}, 0x480, 0x3, 0x9, 0x4, 0x1, 0xf0}, r1, 0x3, r2, 0x2)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r4, 0x0, r3, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f0000000240)=ANY=[@ANYBLOB="0100ec77f3232601adfa494c", @ANYRES32=r3, @ANYBLOB="00d884e21ebadbbc28ae16cbb7934f420f002e2f666c65310019741493f5e61220caf2c096fe026fff5219762c6764868990a3cf9f1e1b76aa2c465331680190e8f7c73d6d5283a34bc69cd026abfae1c28c343b0df4b226cd14f31c20fed153118a79c4"])

01:49:54 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 23)

01:49:54 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x20d315)

[ 2528.634660] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2528.643148] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2528.666951] FAULT_INJECTION: forcing a failure.
[ 2528.666951] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2528.669402] CPU: 0 PID: 15845 Comm: syz-executor.2 Not tainted 5.10.175 #1
[ 2528.670794] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2528.672482] Call Trace:
[ 2528.673016]  dump_stack+0x107/0x167
[ 2528.673760]  should_fail.cold+0x5/0xa
[ 2528.674546]  __alloc_pages_nodemask+0x182/0x690
[ 2528.675481]  ? xa_load+0x12d/0x2c0
[ 2528.676225]  ? lock_downgrade+0x6d0/0x6d0
[ 2528.677064]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2528.678309]  alloc_pages_current+0x187/0x280
[ 2528.679201]  __page_cache_alloc+0x2d2/0x360
[ 2528.680088]  page_cache_ra_unbounded+0x207/0x6f0
[ 2528.681066]  ? read_pages+0xbc0/0xbc0
[ 2528.681840]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2528.682795]  ondemand_readahead+0x8e5/0x1150
[ 2528.683698]  page_cache_sync_ra+0x138/0x170
[ 2528.684591]  generic_file_buffered_read+0xc74/0x28f0
[ 2528.685493] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2528.685644]  ? pagecache_get_page+0xc80/0xc80
[ 2528.685672]  ? kasan_save_stack+0x32/0x40
[ 2528.689015]  ? do_splice_direct+0x1c4/0x290
[ 2528.689884]  ? do_sendfile+0x553/0x1090
[ 2528.690686]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2528.691627]  ? do_syscall_64+0x33/0x40
[ 2528.692435]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2528.693504]  ? perf_trace_lock+0xac/0x490
[ 2528.694338]  ? lock_chain_count+0x20/0x20
[ 2528.695180]  generic_file_read_iter+0x33f/0x490
[ 2528.696130]  ext4_file_read_iter+0x184/0x4c0
[ 2528.697035]  generic_file_splice_read+0x455/0x6d0
[ 2528.698008]  ? pipe_to_user+0x170/0x170
[ 2528.698808]  ? _cond_resched+0x12/0x80
[ 2528.699600]  ? avc_policy_seqno+0x9/0x70
[ 2528.700423]  ? selinux_file_permission+0x92/0x520
[ 2528.701408]  ? lockdep_init_map_type+0x2c7/0x780
[ 2528.702370]  ? pipe_to_user+0x170/0x170
[ 2528.703182]  do_splice_to+0x10e/0x160
[ 2528.703963]  splice_direct_to_actor+0x2fe/0x980
[ 2528.704926]  ? pipe_to_sendpage+0x380/0x380
[ 2528.705805]  ? do_splice_to+0x160/0x160
[ 2528.706610]  ? security_file_permission+0x24e/0x570
[ 2528.707632]  do_splice_direct+0x1c4/0x290
[ 2528.708485]  ? splice_direct_to_actor+0x980/0x980
[ 2528.709477]  ? selinux_file_permission+0x92/0x520
[ 2528.710463]  ? security_file_permission+0x24e/0x570
[ 2528.711486]  do_sendfile+0x553/0x1090
[ 2528.712289]  ? do_pwritev+0x270/0x270
[ 2528.713069]  ? wait_for_completion_io+0x270/0x270
[ 2528.714050]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2528.714989]  ? vfs_write+0x354/0xa70
[ 2528.715756]  __x64_sys_sendfile64+0x1d1/0x210
[ 2528.716684]  ? __ia32_sys_sendfile+0x220/0x220
[ 2528.717624]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2528.718590]  do_syscall_64+0x33/0x40
[ 2528.719350]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2528.720393] RIP: 0033:0x7f5209db9b19
[ 2528.721156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2528.724880] RSP: 002b:00007f520732f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2528.726417] RAX: ffffffffffffffda RBX: 00007f5209eccf60 RCX: 00007f5209db9b19
[ 2528.727860] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2528.729312] RBP: 00007f520732f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2528.730752] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2528.732205] R13: 00007ffc43c8a52f R14: 00007f520732f300 R15: 0000000000022000
[ 2528.749529] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2528.758129] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2528.778570] FAULT_INJECTION: forcing a failure.
[ 2528.778570] name failslab, interval 1, probability 0, space 0, times 0
[ 2528.780994] CPU: 1 PID: 15880 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2528.782434] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2528.784145] Call Trace:
[ 2528.784747]  dump_stack+0x107/0x167
[ 2528.785520]  should_fail.cold+0x5/0xa
[ 2528.786325]  ? __iomap_dio_rw+0x1ee/0x11c0
[ 2528.787218]  should_failslab+0x5/0x20
[ 2528.788005]  kmem_cache_alloc_trace+0x55/0x2c0
[ 2528.788967]  __iomap_dio_rw+0x1ee/0x11c0
[ 2528.789819]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2528.790811]  ? __mark_inode_dirty+0x12e/0xf90
[ 2528.791737]  ? security_inode_need_killpriv+0x79/0xa0
[ 2528.792800]  ? iomap_dio_bio_actor+0xef0/0xef0
[ 2528.793731]  ? generic_update_time+0x21c/0x370
[ 2528.794669]  ? inode_dio_wait+0xbf/0x270
[ 2528.795499]  ? __wait_on_freeing_inode+0x140/0x140
[ 2528.796504]  ? evict_inodes+0x420/0x420
[ 2528.797311]  ? down_write_killable+0x180/0x180
[ 2528.798207]  iomap_dio_rw+0x31/0x90
[ 2528.798929]  ext4_file_write_iter+0xb26/0x18e0
[ 2528.799865]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2528.800802]  ? kasan_save_stack+0x32/0x40
[ 2528.801633]  ? kasan_save_stack+0x1b/0x40
[ 2528.802454]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2528.803453]  ? iter_file_splice_write+0x16d/0xc30
[ 2528.804428]  ? direct_splice_actor+0x10f/0x170
[ 2528.805325]  ? splice_direct_to_actor+0x387/0x980
[ 2528.806263]  ? do_splice_direct+0x1c4/0x290
[ 2528.807109]  ? do_sendfile+0x553/0x1090
[ 2528.807912]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2528.808875]  do_iter_readv_writev+0x476/0x750
[ 2528.809790]  ? new_sync_write+0x660/0x660
[ 2528.810632]  ? selinux_file_permission+0x92/0x520
[ 2528.811634]  do_iter_write+0x191/0x670
[ 2528.812467]  vfs_iter_write+0x70/0xa0
[ 2528.813248]  iter_file_splice_write+0x762/0xc30
[ 2528.814212]  ? generic_splice_sendpage+0x140/0x140
[ 2528.815214]  ? avc_policy_seqno+0x9/0x70
[ 2528.816031]  ? selinux_file_permission+0x92/0x520
[ 2528.817021]  ? lockdep_init_map_type+0x2c7/0x780
[ 2528.817988]  ? generic_splice_sendpage+0x140/0x140
[ 2528.818977]  direct_splice_actor+0x10f/0x170
[ 2528.819873]  splice_direct_to_actor+0x387/0x980
[ 2528.820835]  ? pipe_to_sendpage+0x380/0x380
[ 2528.821714]  ? do_splice_to+0x160/0x160
[ 2528.822516]  ? security_file_permission+0x24e/0x570
[ 2528.823539]  do_splice_direct+0x1c4/0x290
[ 2528.824386]  ? splice_direct_to_actor+0x980/0x980
[ 2528.825351]  ? selinux_file_permission+0x92/0x520
[ 2528.826333]  ? security_file_permission+0x24e/0x570
[ 2528.827356]  do_sendfile+0x553/0x1090
[ 2528.828146]  ? do_pwritev+0x270/0x270
[ 2528.828930]  ? wait_for_completion_io+0x270/0x270
[ 2528.829886]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2528.830808]  ? vfs_write+0x354/0xa70
[ 2528.831542]  __x64_sys_sendfile64+0x1d1/0x210
[ 2528.832458]  ? __ia32_sys_sendfile+0x220/0x220
[ 2528.833391]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2528.834361]  do_syscall_64+0x33/0x40
[ 2528.835098]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2528.836112] RIP: 0033:0x7f23c5d5cb19
[ 2528.836885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2528.840586] RSP: 002b:00007f23c32b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2528.842173] RAX: ffffffffffffffda RBX: 00007f23c5e70020 RCX: 00007f23c5d5cb19
[ 2528.843664] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2528.845148] RBP: 00007f23c32b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 2528.846596] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2528.848086] R13: 00007ffda14b703f R14: 00007f23c32b1300 R15: 0000000000022000
[ 2528.870120] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
01:49:54 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x20d315)

01:49:54 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:49:54 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 7)

[ 2529.065479] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2529.115883] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2529.171492] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2529.182998] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2529.193279] FAULT_INJECTION: forcing a failure.
[ 2529.193279] name failslab, interval 1, probability 0, space 0, times 0
[ 2529.195126] CPU: 1 PID: 15990 Comm: syz-executor.2 Not tainted 5.10.175 #1
[ 2529.196287] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2529.197639] Call Trace:
[ 2529.198089]  dump_stack+0x107/0x167
[ 2529.198706]  should_fail.cold+0x5/0xa
[ 2529.199347]  ? xas_alloc+0x336/0x440
[ 2529.199964]  should_failslab+0x5/0x20
[ 2529.200619]  kmem_cache_alloc+0x5b/0x360
[ 2529.201287]  ? SOFTIRQ_verbose+0x10/0x10
[ 2529.201967]  xas_alloc+0x336/0x440
[ 2529.202577]  xas_create+0x60f/0x10d0
[ 2529.203232]  xas_store+0x8c/0x1c40
[ 2529.203841]  ? xas_find_conflict+0x4b5/0xa70
[ 2529.204604]  __add_to_page_cache_locked+0x708/0xd10
[ 2529.205472]  ? file_write_and_wait_range+0x130/0x130
[ 2529.206359]  ? lock_downgrade+0x6d0/0x6d0
[ 2529.207087]  ? memcg_drain_all_list_lrus+0x720/0x720
[ 2529.207991]  add_to_page_cache_lru+0xe6/0x2e0
[ 2529.208816]  ? add_to_page_cache_locked+0x40/0x40
[ 2529.209661]  ? __page_cache_alloc+0x10d/0x360
[ 2529.210434]  page_cache_ra_unbounded+0x419/0x6f0
[ 2529.211272]  ? read_pages+0xbc0/0xbc0
[ 2529.211938]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2529.212778]  ondemand_readahead+0x8e5/0x1150
[ 2529.213562]  page_cache_sync_ra+0x138/0x170
[ 2529.214322]  generic_file_buffered_read+0xc74/0x28f0
[ 2529.215227]  ? pagecache_get_page+0xc80/0xc80
[ 2529.216003]  ? kasan_save_stack+0x32/0x40
[ 2529.216734]  ? do_splice_direct+0x1c4/0x290
[ 2529.217482]  ? do_sendfile+0x553/0x1090
[ 2529.218161]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2529.218956]  ? do_syscall_64+0x33/0x40
[ 2529.219624]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2529.220545]  ? perf_trace_lock+0xac/0x490
[ 2529.221261]  ? lock_chain_count+0x20/0x20
[ 2529.221990]  generic_file_read_iter+0x33f/0x490
[ 2529.222776]  ext4_file_read_iter+0x184/0x4c0
[ 2529.223521]  generic_file_splice_read+0x455/0x6d0
[ 2529.224340]  ? pipe_to_user+0x170/0x170
[ 2529.225017]  ? _cond_resched+0x12/0x80
[ 2529.225691]  ? avc_policy_seqno+0x9/0x70
[ 2529.226376]  ? selinux_file_permission+0x92/0x520
[ 2529.227195]  ? lockdep_init_map_type+0x2c7/0x780
[ 2529.227996]  ? pipe_to_user+0x170/0x170
[ 2529.228694]  do_splice_to+0x10e/0x160
[ 2529.229342]  splice_direct_to_actor+0x2fe/0x980
[ 2529.230138]  ? pipe_to_sendpage+0x380/0x380
[ 2529.230869]  ? do_splice_to+0x160/0x160
[ 2529.231539]  ? security_file_permission+0x24e/0x570
[ 2529.232409]  do_splice_direct+0x1c4/0x290
[ 2529.233114]  ? splice_direct_to_actor+0x980/0x980
[ 2529.233944]  ? selinux_file_permission+0x92/0x520
[ 2529.234780]  ? security_file_permission+0x24e/0x570
[ 2529.235642]  do_sendfile+0x553/0x1090
[ 2529.236331]  ? do_pwritev+0x270/0x270
[ 2529.236981]  ? wait_for_completion_io+0x270/0x270
[ 2529.237804]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2529.238592]  ? vfs_write+0x354/0xa70
[ 2529.239226]  __x64_sys_sendfile64+0x1d1/0x210
[ 2529.239978]  ? __ia32_sys_sendfile+0x220/0x220
[ 2529.240757]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2529.241600]  do_syscall_64+0x33/0x40
[ 2529.242229]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2529.243081] RIP: 0033:0x7f5209db9b19
[ 2529.243709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2529.246789] RSP: 002b:00007f520732f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2529.248053] RAX: ffffffffffffffda RBX: 00007f5209eccf60 RCX: 00007f5209db9b19
[ 2529.249253] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2529.250451] RBP: 00007f520732f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2529.251660] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2529.252878] R13: 00007ffc43c8a52f R14: 00007f520732f300 R15: 0000000000022000
01:50:10 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 8)

01:50:10 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(0xffffffffffffffff, r0, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:50:10 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 24)

01:50:10 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:50:10 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)

01:50:10 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(r2, 0x0, 0x0, 0x8800000)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x40042409, 0x1)
copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x0)

01:50:10 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:50:10 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x0)

[ 2545.149148] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2545.163526] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2545.180866] FAULT_INJECTION: forcing a failure.
[ 2545.180866] name failslab, interval 1, probability 0, space 0, times 0
[ 2545.182214] CPU: 1 PID: 16014 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2545.182965] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2545.183858] Call Trace:
[ 2545.184153]  dump_stack+0x107/0x167
[ 2545.184565]  should_fail.cold+0x5/0xa
[ 2545.184980]  ? ext4_mb_new_blocks+0x2155/0x4920
[ 2545.185480]  ? ext4_mb_new_blocks+0x2155/0x4920
[ 2545.185993]  should_failslab+0x5/0x20
[ 2545.186413]  kmem_cache_alloc+0x5b/0x360
[ 2545.186859]  ext4_mb_new_blocks+0x2155/0x4920
[ 2545.187357]  ? __lockdep_reset_lock+0x180/0x180
[ 2545.187872]  ? ext4_discard_preallocations+0xe30/0xe30
[ 2545.188449]  ? ext4_get_branch+0x541/0x6d0
[ 2545.188918]  ext4_ind_map_blocks+0x1950/0x2290
[ 2545.189426]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2545.189773] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2545.190006]  ? ext4_free_branches+0x680/0x680
[ 2545.190036]  ? lock_release+0x6b0/0x6b0
[ 2545.192878]  ? find_held_lock+0x2c/0x110
[ 2545.193324]  ? down_write+0xe0/0x160
[ 2545.193731]  ? down_write_killable+0x180/0x180
[ 2545.194235]  ext4_map_blocks+0x9ed/0x1970
[ 2545.194301] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2545.194687]  ? __lock_acquire+0xbb1/0x5b00
[ 2545.194699]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2545.194719]  ? __lock_acquire+0x1657/0x5b00
[ 2545.197984]  _ext4_get_block+0x21e/0x570
[ 2545.198435]  ? ext4_map_blocks+0x1970/0x1970
[ 2545.198917]  ? perf_trace_lock+0xac/0x490
[ 2545.199234] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2545.199385]  ? create_page_buffers+0x139/0x230
[ 2545.201752]  __block_write_begin_int+0x3d1/0x19c0
[ 2545.202034] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2545.202284]  ? _ext4_get_block+0x570/0x570
[ 2545.204627]  ? remove_inode_buffers+0x300/0x300
[ 2545.205125]  ? ext4_journal_check_start+0x1b3/0x2a0
[ 2545.205682]  ext4_write_begin+0x68e/0x11a0
[ 2545.206139]  ? __lockdep_reset_lock+0x180/0x180
[ 2545.206658]  ? ext4_truncate+0x12f0/0x12f0
[ 2545.207122]  ? current_time+0x72/0x2c0
[ 2545.207558]  ext4_da_write_begin+0x623/0xe10
[ 2545.208061]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2545.208632]  ? ktime_get_coarse_real_ts64+0x15a/0x190
[ 2545.209200]  ? iov_iter_fault_in_readable+0x9a/0x410
[ 2545.209752]  ? ktime_get_coarse_real_ts64+0xfd/0x190
[ 2545.210318]  ? ext4_write_begin+0x11a0/0x11a0
[ 2545.210803]  ? copyout_mc+0x140/0x140
[ 2545.211223]  ? current_time+0x1e6/0x2c0
[ 2545.211668]  generic_perform_write+0x20a/0x4f0
[ 2545.212160]  ? page_cache_next_miss+0x310/0x310
[ 2545.212688]  ? down_write_killable+0x180/0x180
[ 2545.213204]  ext4_buffered_write_iter+0x244/0x4d0
[ 2545.213732]  ext4_file_write_iter+0xc11/0x18e0
[ 2545.214249]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2545.214748]  ? kasan_save_stack+0x32/0x40
[ 2545.215206]  ? kasan_save_stack+0x1b/0x40
[ 2545.215659]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2545.216222]  ? iter_file_splice_write+0x16d/0xc30
[ 2545.216735]  ? direct_splice_actor+0x10f/0x170
[ 2545.217228]  ? splice_direct_to_actor+0x387/0x980
[ 2545.217751]  ? do_splice_direct+0x1c4/0x290
[ 2545.218224]  ? do_sendfile+0x553/0x1090
[ 2545.218661]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2545.219182]  do_iter_readv_writev+0x476/0x750
[ 2545.219495] FAULT_INJECTION: forcing a failure.
[ 2545.219495] name failslab, interval 1, probability 0, space 0, times 0
[ 2545.219684]  ? new_sync_write+0x660/0x660
[ 2545.222677]  ? selinux_file_permission+0x92/0x520
[ 2545.223225]  do_iter_write+0x191/0x670
[ 2545.223668]  vfs_iter_write+0x70/0xa0
[ 2545.224090]  iter_file_splice_write+0x762/0xc30
[ 2545.224624]  ? generic_splice_sendpage+0x140/0x140
[ 2545.225170]  ? avc_policy_seqno+0x9/0x70
[ 2545.225613]  ? selinux_file_permission+0x92/0x520
[ 2545.226135]  ? lockdep_init_map_type+0x2c7/0x780
[ 2545.226657]  ? generic_splice_sendpage+0x140/0x140
[ 2545.227196]  direct_splice_actor+0x10f/0x170
[ 2545.227689]  splice_direct_to_actor+0x387/0x980
[ 2545.228191]  ? pipe_to_sendpage+0x380/0x380
[ 2545.228683]  ? do_splice_to+0x160/0x160
[ 2545.229127]  ? security_file_permission+0x24e/0x570
[ 2545.229682]  do_splice_direct+0x1c4/0x290
[ 2545.230126]  ? splice_direct_to_actor+0x980/0x980
[ 2545.230651]  ? selinux_file_permission+0x92/0x520
[ 2545.231164]  ? security_file_permission+0x24e/0x570
[ 2545.231719]  do_sendfile+0x553/0x1090
[ 2545.232142]  ? do_pwritev+0x270/0x270
[ 2545.232571]  ? wait_for_completion_io+0x270/0x270
[ 2545.233083]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2545.233593]  ? vfs_write+0x354/0xa70
[ 2545.233993]  __x64_sys_sendfile64+0x1d1/0x210
[ 2545.234487]  ? __ia32_sys_sendfile+0x220/0x220
[ 2545.234980]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2545.235510]  do_syscall_64+0x33/0x40
[ 2545.235909]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2545.236482] RIP: 0033:0x7f23c5d5cb19
[ 2545.236881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2545.238871] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2545.239683] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2545.240476] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2545.241250] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2545.242030] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2545.242818] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2545.243643] CPU: 0 PID: 16004 Comm: syz-executor.2 Not tainted 5.10.175 #1
[ 2545.245254] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2545.247160] Call Trace:
[ 2545.247777]  dump_stack+0x107/0x167
[ 2545.248645]  should_fail.cold+0x5/0xa
[ 2545.249530]  ? __memcg_kmem_charge+0x68/0x140
[ 2545.250559]  ? create_object.isra.0+0x3a/0xa20
[ 2545.251624]  should_failslab+0x5/0x20
[ 2545.252514]  kmem_cache_alloc+0x5b/0x360
[ 2545.253462]  create_object.isra.0+0x3a/0xa20
[ 2545.254477]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2545.255660]  kmem_cache_alloc+0x159/0x360
[ 2545.256634]  xas_alloc+0x336/0x440
[ 2545.257467]  xas_create+0x60f/0x10d0
[ 2545.258372]  xas_store+0x8c/0x1c40
[ 2545.259201]  ? xas_find_conflict+0x4b5/0xa70
[ 2545.260232]  __add_to_page_cache_locked+0x708/0xd10
[ 2545.261415]  ? file_write_and_wait_range+0x130/0x130
[ 2545.262582]  ? lock_downgrade+0x6d0/0x6d0
[ 2545.263545]  ? memcg_drain_all_list_lrus+0x720/0x720
[ 2545.264741]  add_to_page_cache_lru+0xe6/0x2e0
[ 2545.265758]  ? add_to_page_cache_locked+0x40/0x40
[ 2545.266879]  ? __page_cache_alloc+0x10d/0x360
[ 2545.267907]  page_cache_ra_unbounded+0x419/0x6f0
[ 2545.269012]  ? read_pages+0xbc0/0xbc0
[ 2545.269875]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2545.270956]  ondemand_readahead+0x8e5/0x1150
[ 2545.271973]  page_cache_sync_ra+0x138/0x170
[ 2545.272976]  generic_file_buffered_read+0xc74/0x28f0
[ 2545.274158]  ? pagecache_get_page+0xc80/0xc80
[ 2545.275174]  ? kasan_save_stack+0x32/0x40
[ 2545.276138]  ? do_splice_direct+0x1c4/0x290
[ 2545.277122]  ? do_sendfile+0x553/0x1090
[ 2545.278020]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2545.279071]  ? do_syscall_64+0x33/0x40
[ 2545.279952]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2545.281161]  ? perf_trace_lock+0xac/0x490
[ 2545.282094]  ? lock_chain_count+0x20/0x20
[ 2545.283040]  generic_file_read_iter+0x33f/0x490
[ 2545.284101]  ext4_file_read_iter+0x184/0x4c0
[ 2545.285151]  generic_file_splice_read+0x455/0x6d0
[ 2545.286237]  ? pipe_to_user+0x170/0x170
[ 2545.287135]  ? _cond_resched+0x12/0x80
[ 2545.288020]  ? avc_policy_seqno+0x9/0x70
[ 2545.288999]  ? selinux_file_permission+0x92/0x520
[ 2545.290086]  ? lockdep_init_map_type+0x2c7/0x780
[ 2545.291152]  ? pipe_to_user+0x170/0x170
[ 2545.292041]  do_splice_to+0x10e/0x160
[ 2545.292918]  splice_direct_to_actor+0x2fe/0x980
[ 2545.293964]  ? pipe_to_sendpage+0x380/0x380
[ 2545.294940]  ? do_splice_to+0x160/0x160
[ 2545.295825]  ? security_file_permission+0x24e/0x570
[ 2545.296968]  do_splice_direct+0x1c4/0x290
[ 2545.297892]  ? splice_direct_to_actor+0x980/0x980
[ 2545.298963]  ? selinux_file_permission+0x92/0x520
[ 2545.300045]  ? security_file_permission+0x24e/0x570
[ 2545.301197]  do_sendfile+0x553/0x1090
[ 2545.302070]  ? do_pwritev+0x270/0x270
[ 2545.302934]  ? wait_for_completion_io+0x270/0x270
[ 2545.304015]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2545.305062]  ? vfs_write+0x354/0xa70
[ 2545.305907]  __x64_sys_sendfile64+0x1d1/0x210
[ 2545.306922]  ? __ia32_sys_sendfile+0x220/0x220
[ 2545.307952]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2545.309053]  do_syscall_64+0x33/0x40
[ 2545.309888]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2545.311051] RIP: 0033:0x7f5209db9b19
[ 2545.311877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2545.315947] RSP: 002b:00007f520732f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2545.317635] RAX: ffffffffffffffda RBX: 00007f5209eccf60 RCX: 00007f5209db9b19
[ 2545.319218] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000005
[ 2545.320817] RBP: 00007f520732f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2545.322398] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2545.323982] R13: 00007ffc43c8a52f R14: 00007f520732f300 R15: 0000000000022000
[ 2545.338194] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2545.467708] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2545.479664] FAULT_INJECTION: forcing a failure.
[ 2545.479664] name failslab, interval 1, probability 0, space 0, times 0
[ 2545.481965] CPU: 0 PID: 16143 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2545.483359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2545.485067] Call Trace:
[ 2545.485609]  dump_stack+0x107/0x167
[ 2545.486362]  should_fail.cold+0x5/0xa
[ 2545.487142]  ? create_object.isra.0+0x3a/0xa20
[ 2545.488072]  should_failslab+0x5/0x20
[ 2545.488840]  kmem_cache_alloc+0x5b/0x360
[ 2545.489662]  create_object.isra.0+0x3a/0xa20
[ 2545.490549]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2545.491581]  kmem_cache_alloc+0x159/0x360
[ 2545.492479]  ext4_mb_new_blocks+0x2155/0x4920
[ 2545.493441]  ? __lockdep_reset_lock+0x180/0x180
[ 2545.494406]  ? ext4_discard_preallocations+0xe30/0xe30
[ 2545.495467]  ? ext4_get_branch+0x541/0x6d0
[ 2545.496339]  ext4_ind_map_blocks+0x1950/0x2290
[ 2545.497300]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2545.498369]  ? ext4_free_branches+0x680/0x680
[ 2545.499298]  ? lock_release+0x6b0/0x6b0
[ 2545.500111]  ? find_held_lock+0x2c/0x110
[ 2545.500965]  ? down_write+0xe0/0x160
[ 2545.501722]  ? down_write_killable+0x180/0x180
[ 2545.502666]  ext4_map_blocks+0x9ed/0x1970
[ 2545.503510]  ? __lock_acquire+0xbb1/0x5b00
[ 2545.504366]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2545.505301]  ? __lock_acquire+0x1657/0x5b00
[ 2545.506202]  _ext4_get_block+0x21e/0x570
[ 2545.507032]  ? ext4_map_blocks+0x1970/0x1970
[ 2545.507928]  ? perf_trace_lock+0xac/0x490
[ 2545.508778]  ? create_page_buffers+0x139/0x230
[ 2545.509715]  __block_write_begin_int+0x3d1/0x19c0
[ 2545.510698]  ? _ext4_get_block+0x570/0x570
[ 2545.511568]  ? remove_inode_buffers+0x300/0x300
[ 2545.512524]  ? ext4_journal_check_start+0x1b3/0x2a0
[ 2545.513562]  ext4_write_begin+0x68e/0x11a0
[ 2545.514420]  ? __lockdep_reset_lock+0x180/0x180
[ 2545.515376]  ? ext4_truncate+0x12f0/0x12f0
[ 2545.516248]  ? current_time+0x72/0x2c0
[ 2545.517072]  ext4_da_write_begin+0x623/0xe10
[ 2545.517984]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2545.519042]  ? ktime_get_coarse_real_ts64+0x15a/0x190
[ 2545.520094]  ? iov_iter_fault_in_readable+0x9a/0x410
[ 2545.521128]  ? ktime_get_coarse_real_ts64+0xfd/0x190
[ 2545.522170]  ? ext4_write_begin+0x11a0/0x11a0
[ 2545.523076]  ? copyout_mc+0x140/0x140
[ 2545.523856]  ? current_time+0x1e6/0x2c0
[ 2545.524699]  generic_perform_write+0x20a/0x4f0
[ 2545.525648]  ? page_cache_next_miss+0x310/0x310
[ 2545.526596]  ? down_write_killable+0x180/0x180
[ 2545.527536]  ext4_buffered_write_iter+0x244/0x4d0
[ 2545.528545]  ext4_file_write_iter+0xc11/0x18e0
[ 2545.529492]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2545.530417]  ? kasan_save_stack+0x32/0x40
[ 2545.531249]  ? kasan_save_stack+0x1b/0x40
[ 2545.532088]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2545.533119]  ? iter_file_splice_write+0x16d/0xc30
[ 2545.534092]  ? direct_splice_actor+0x10f/0x170
[ 2545.535011]  ? splice_direct_to_actor+0x387/0x980
[ 2545.535983]  ? do_splice_direct+0x1c4/0x290
[ 2545.536869]  ? do_sendfile+0x553/0x1090
[ 2545.537673]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2545.538632]  do_iter_readv_writev+0x476/0x750
[ 2545.539548]  ? new_sync_write+0x660/0x660
[ 2545.540394]  ? selinux_file_permission+0x92/0x520
[ 2545.541401]  do_iter_write+0x191/0x670
[ 2545.542216]  vfs_iter_write+0x70/0xa0
[ 2545.542993]  iter_file_splice_write+0x762/0xc30
[ 2545.543958]  ? generic_splice_sendpage+0x140/0x140
[ 2545.544970]  ? avc_policy_seqno+0x9/0x70
[ 2545.545789]  ? selinux_file_permission+0x92/0x520
[ 2545.546769]  ? lockdep_init_map_type+0x2c7/0x780
[ 2545.547733]  ? generic_splice_sendpage+0x140/0x140
[ 2545.548740]  direct_splice_actor+0x10f/0x170
[ 2545.549635]  splice_direct_to_actor+0x387/0x980
[ 2545.550581]  ? pipe_to_sendpage+0x380/0x380
[ 2545.551458]  ? do_splice_to+0x160/0x160
[ 2545.552261]  ? security_file_permission+0x24e/0x570
[ 2545.553314]  do_splice_direct+0x1c4/0x290
[ 2545.554154]  ? splice_direct_to_actor+0x980/0x980
[ 2545.555129]  ? selinux_file_permission+0x92/0x520
[ 2545.556111]  ? security_file_permission+0x24e/0x570
[ 2545.557142]  do_sendfile+0x553/0x1090
[ 2545.557930]  ? do_pwritev+0x270/0x270
[ 2545.558702]  ? wait_for_completion_io+0x270/0x270
[ 2545.559676]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2545.560623]  ? vfs_write+0x354/0xa70
[ 2545.561390]  __x64_sys_sendfile64+0x1d1/0x210
[ 2545.562297]  ? __ia32_sys_sendfile+0x220/0x220
[ 2545.563225]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2545.564207]  do_syscall_64+0x33/0x40
[ 2545.564986]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2545.566029] RIP: 0033:0x7f23c5d5cb19
[ 2545.566788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2545.570486] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2545.572052] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2545.573487] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2545.574896] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2545.576304] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2545.577723] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2545.593701] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
01:50:10 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 25)

01:50:10 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(0xffffffffffffffff, r0, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:50:10 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x40)
r1 = fork()
tkill(r1, 0x2c)
r2 = openat2(r0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)={0x410202, 0x11, 0x4}, 0x18)
perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0xfa, 0xbe, 0xaf, 0x0, 0x0, 0x7f, 0x2008, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000080), 0x1}, 0x4100, 0x45, 0x6, 0x7, 0x80000001, 0xfffffffa, 0x8, 0x0, 0x3ff, 0x0, 0xffffffff}, r1, 0x1, r2, 0x1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r3, 0x0, r0, 0x0, 0x0, 0x0)

01:50:11 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:50:11 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x0)

01:50:11 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x5d19)

01:50:11 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 9)

[ 2545.744540] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2545.779825] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2545.895787] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2545.916458] FAULT_INJECTION: forcing a failure.
[ 2545.916458] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2545.918908] CPU: 0 PID: 16264 Comm: syz-executor.2 Not tainted 5.10.175 #1
[ 2545.920289] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2545.921966] Call Trace:
[ 2545.922502]  dump_stack+0x107/0x167
[ 2545.923242]  should_fail.cold+0x5/0xa
[ 2545.924029]  __alloc_pages_nodemask+0x182/0x690
[ 2545.924973]  ? xa_load+0x12d/0x2c0
[ 2545.925690]  ? lock_downgrade+0x6d0/0x6d0
[ 2545.926527]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2545.927758]  alloc_pages_current+0x187/0x280
[ 2545.928652]  __page_cache_alloc+0x2d2/0x360
[ 2545.929526]  page_cache_ra_unbounded+0x207/0x6f0
[ 2545.930491]  ? read_pages+0xbc0/0xbc0
[ 2545.931250]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2545.932197]  ondemand_readahead+0x8e5/0x1150
[ 2545.933114]  page_cache_sync_ra+0x138/0x170
[ 2545.933979]  generic_file_buffered_read+0xc74/0x28f0
[ 2545.935026]  ? pagecache_get_page+0xc80/0xc80
[ 2545.935922]  ? kasan_save_stack+0x32/0x40
[ 2545.936766]  ? do_splice_direct+0x1c4/0x290
[ 2545.937629]  ? do_sendfile+0x553/0x1090
[ 2545.938424]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2545.939353]  ? do_syscall_64+0x33/0x40
[ 2545.940135]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2545.941211]  ? perf_trace_lock+0xac/0x490
[ 2545.942043]  ? lock_chain_count+0x20/0x20
[ 2545.942882]  generic_file_read_iter+0x33f/0x490
[ 2545.943831]  ext4_file_read_iter+0x184/0x4c0
[ 2545.944739]  generic_file_splice_read+0x455/0x6d0
[ 2545.945704]  ? pipe_to_user+0x170/0x170
[ 2545.946495]  ? _cond_resched+0x12/0x80
[ 2545.947279]  ? avc_policy_seqno+0x9/0x70
[ 2545.948096]  ? selinux_file_permission+0x92/0x520
[ 2545.949079]  ? lockdep_init_map_type+0x2c7/0x780
[ 2545.950037]  ? pipe_to_user+0x170/0x170
[ 2545.950836]  do_splice_to+0x10e/0x160
[ 2545.951605]  splice_direct_to_actor+0x2fe/0x980
[ 2545.952554]  ? pipe_to_sendpage+0x380/0x380
[ 2545.953430]  ? do_splice_to+0x160/0x160
[ 2545.954226]  ? security_file_permission+0x24e/0x570
[ 2545.955239]  do_splice_direct+0x1c4/0x290
[ 2545.956072]  ? splice_direct_to_actor+0x980/0x980
[ 2545.957051]  ? selinux_file_permission+0x92/0x520
[ 2545.958022]  ? security_file_permission+0x24e/0x570
[ 2545.959036]  do_sendfile+0x553/0x1090
[ 2545.959815]  ? do_pwritev+0x270/0x270
[ 2545.960589]  ? wait_for_completion_io+0x270/0x270
[ 2545.961558]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2545.962484]  ? vfs_write+0x354/0xa70
[ 2545.963240]  __x64_sys_sendfile64+0x1d1/0x210
[ 2545.964139]  ? __ia32_sys_sendfile+0x220/0x220
[ 2545.965069]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2545.966045]  do_syscall_64+0x33/0x40
[ 2545.966793]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2545.967816] RIP: 0033:0x7f5209db9b19
[ 2545.968586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2545.972238] RSP: 002b:00007f520732f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2545.973777] RAX: ffffffffffffffda RBX: 00007f5209eccf60 RCX: 00007f5209db9b19
[ 2545.975199] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2545.976641] RBP: 00007f520732f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2545.978059] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2545.979478] R13: 00007ffc43c8a52f R14: 00007f520732f300 R15: 0000000000022000
01:50:34 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:50:34 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 10)

01:50:34 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:50:34 executing program 0:
r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
io_setup(0x7f, &(0x7f0000000040)=<r3=>0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000001240)=[{&(0x7f00000001c0)=""/4096, 0x1000}, {&(0x7f00000011c0)=""/83, 0x53}, {&(0x7f0000001e00)=""/4096, 0x1000}], 0x3, &(0x7f0000001280)=[@cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [<r4=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x80}, 0x40002000)
r5 = syz_open_dev$vcsa(&(0x7f0000001440), 0x7fff, 0x2000)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r2, 0xc018937c, &(0x7f00000016c0)={{0x1, 0x1, 0x18, <r6=>r1, {0x1}}, './file1\x00'})
io_submit(r3, 0x6, &(0x7f0000001840)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0xd, 0x5d, r1, &(0x7f00000000c0)="a79c7c29e99f3f51f7cf6f8916aeb4446171faa102d72844994aa206f696cbec3ddcb667da236a5c45e639f381336e7641703b19dab1ab5bc711e881610684a8a2aba2a63a438a575b7222d34c503e3ba154522a0b001beafc637fa6f4ed04995e1c510f2fc1380d50d484a2d99699a26a737734f8521c73f86be99798fb62cf581bdff7c3f7257e0f128960c0472cd263367ffd2e5cea4e35dcef9dba5b67b3b95dae5fa6b145b17ad8800e548f037e4c37c15015b2eb9f7c64eb", 0xbb, 0x8, 0x0, 0x0, r1}, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x5, 0x60, r4, &(0x7f0000001340)="a8e8d2dfdb4cdc096ca93d49ae66380ccb45243aa5ad130547aa75f83b99bc26eb1d54d1d462580ea196ac9bdd0388c29488f40e29cc314bcb04b6bf2c79f73b9b954e7e0edefbad715ce3166d4533fe6bbf28b70c826b782bf6bb63d674c419dba742dc02da91432393869c78da8442f847709f847dc1a878c7fb7bc349e08c07add26145781fb4c7b8fbe1999e5cb95397f89ea435f852bce03926ca125f466109a315a567a38d", 0xa8, 0x5, 0x0, 0x3, r2}, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x2, 0x4, r5, &(0x7f0000001480)="52ff1c81ab793dbbc1c63035ab6918e9734dfa02f4ba8ba61f11196bafaa9ea5e68b880ebe48a222dc62729d235581bcd1d19c1ebbfb1766af6e2c5a4c444ab9851233514f99024e0454ec419e6d61802e8e7da943efff544c2a8e1849cbfbb41960d897e39818e99734bbe7f28b3bd49d3e9901db9ae8e911574cd362489b7fd1128bb9268ad54844b32b1f2b8ec6997c3343c7c11eaeae4bc2efd9078eb1ba", 0xa0, 0x7, 0x0, 0x1}, &(0x7f00000015c0)={0x0, 0x0, 0x0, 0x3, 0x7ff, r2, &(0x7f0000001580)="c1529ff0d4b167a7c5eeadeeddf2a155795e4c8888", 0x15, 0x7, 0x0, 0x3}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x9, 0x4, 0xffffffffffffffff, &(0x7f0000001600)="84e9273e0351784e2b7bdcbbd1fcb9e813951ab8cd6591a1548a24fac8a9e989d22bc6843925cf07403ff45c370f1d949c32bf60a82df453a26724092082ccd2c8452ae12106642f9be9bdea8c21f074f06aa20c20e1813fcb6bf8c5e410c5549bc885830377a6cc20be228fbf6a511b0cbd94ba6bcfb1a544dea71ca70c39c0c13b627780bb055c4a12bdd818f33ba50c4471e7f5a66c5bb84cc1d48c0e9f4543a9c5a7a21b1bb3bd8dad4ab54ca7b8", 0xb0, 0x7, 0x0, 0x0, r6}, &(0x7f0000001800)={0x0, 0x0, 0x0, 0x2, 0x7, r0, &(0x7f0000001740)="deff196fa3ec6493fded0f8ebd29b0fc385b1d7abbddb26fbfe6ec27c1501fd1bedca00acf567faa0742220e9cbfd43adc161acfea405717a07f723925334fe5bade510fd37aa7044e315f3d84bf7c29d86d905e29ea39552e35ebb1b977db23fa1ebb4108ce04f8d09b1295502d952e9fc9e2ee475b3782341ad6589a561f2233a2e4866e90bb19b69565c643a6eebc1e4ba792e3fc09e8aba6214269f0f529fef4", 0xa2, 0x7, 0x0, 0x0, r1}])
copy_file_range(r2, 0x0, r1, 0x0, 0x0, 0x0)

01:50:34 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:50:34 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 26)

01:50:34 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d30b)

01:50:34 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x0)

[ 2569.114893] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2569.151239] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2569.154000] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2569.159032] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2569.163003] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2569.166121] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2569.173957] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2569.202543] FAULT_INJECTION: forcing a failure.
[ 2569.202543] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2569.205138] CPU: 0 PID: 16278 Comm: syz-executor.2 Not tainted 5.10.175 #1
[ 2569.206554] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2569.208232] Call Trace:
[ 2569.208832]  dump_stack+0x107/0x167
[ 2569.209596]  should_fail.cold+0x5/0xa
[ 2569.210398]  __alloc_pages_nodemask+0x182/0x690
[ 2569.211358]  ? xa_load+0x12d/0x2c0
[ 2569.212082]  ? lock_downgrade+0x6d0/0x6d0
[ 2569.212953]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2569.214188]  alloc_pages_current+0x187/0x280
[ 2569.215089]  __page_cache_alloc+0x2d2/0x360
[ 2569.215971]  page_cache_ra_unbounded+0x207/0x6f0
[ 2569.216982]  ? read_pages+0xbc0/0xbc0
[ 2569.217743]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2569.218729]  ondemand_readahead+0x8e5/0x1150
[ 2569.219676]  page_cache_sync_ra+0x138/0x170
[ 2569.220583]  generic_file_buffered_read+0xc74/0x28f0
[ 2569.221689]  ? pagecache_get_page+0xc80/0xc80
[ 2569.222627]  ? kasan_save_stack+0x32/0x40
[ 2569.223486]  ? do_splice_direct+0x1c4/0x290
01:50:34 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d314)

[ 2569.224360]  ? do_sendfile+0x553/0x1090
[ 2569.225367]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2569.226297]  ? do_syscall_64+0x33/0x40
[ 2569.227102]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2569.228188]  ? perf_trace_lock+0xac/0x490
[ 2569.229053]  ? lock_chain_count+0x20/0x20
[ 2569.229891]  generic_file_read_iter+0x33f/0x490
[ 2569.230864]  ext4_file_read_iter+0x184/0x4c0
[ 2569.231764]  generic_file_splice_read+0x455/0x6d0
[ 2569.232757]  ? pipe_to_user+0x170/0x170
[ 2569.233560]  ? _cond_resched+0x12/0x80
[ 2569.234360]  ? avc_policy_seqno+0x9/0x70
[ 2569.235182]  ? selinux_file_permission+0x92/0x520
[ 2569.236176]  ? lockdep_init_map_type+0x2c7/0x780
[ 2569.237155]  ? pipe_to_user+0x170/0x170
[ 2569.237961]  do_splice_to+0x10e/0x160
[ 2569.238739]  splice_direct_to_actor+0x2fe/0x980
[ 2569.239712]  ? pipe_to_sendpage+0x380/0x380
[ 2569.240593]  ? do_splice_to+0x160/0x160
[ 2569.241421]  ? security_file_permission+0x24e/0x570
[ 2569.242474]  do_splice_direct+0x1c4/0x290
[ 2569.243354]  ? splice_direct_to_actor+0x980/0x980
[ 2569.244314]  ? selinux_file_permission+0x92/0x520
[ 2569.245326]  ? security_file_permission+0x24e/0x570
[ 2569.246352]  do_sendfile+0x553/0x1090
[ 2569.247160]  ? do_pwritev+0x270/0x270
[ 2569.247949]  ? wait_for_completion_io+0x270/0x270
[ 2569.248951]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2569.249908]  ? vfs_write+0x354/0xa70
[ 2569.250686]  __x64_sys_sendfile64+0x1d1/0x210
[ 2569.251585]  ? __ia32_sys_sendfile+0x220/0x220
[ 2569.252536]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2569.253558]  do_syscall_64+0x33/0x40
[ 2569.254327]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2569.255388] RIP: 0033:0x7f5209db9b19
[ 2569.256131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2569.259886] RSP: 002b:00007f520732f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2569.261436] RAX: ffffffffffffffda RBX: 00007f5209eccf60 RCX: 00007f5209db9b19
[ 2569.262857] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2569.264294] RBP: 00007f520732f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2569.265756] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2569.267188] R13: 00007ffc43c8a52f R14: 00007f520732f300 R15: 0000000000022000
[ 2569.289358] FAULT_INJECTION: forcing a failure.
[ 2569.289358] name failslab, interval 1, probability 0, space 0, times 0
[ 2569.291969] CPU: 1 PID: 16282 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2569.293550] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2569.295391] Call Trace:
[ 2569.295989]  dump_stack+0x107/0x167
[ 2569.296825]  should_fail.cold+0x5/0xa
[ 2569.297672]  ? create_object.isra.0+0x3a/0xa20
[ 2569.298703]  should_failslab+0x5/0x20
[ 2569.299556]  kmem_cache_alloc+0x5b/0x360
[ 2569.300469]  create_object.isra.0+0x3a/0xa20
[ 2569.301467]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2569.302621]  kmem_cache_alloc+0x159/0x360
[ 2569.303565]  jbd2__journal_start+0x190/0x8a0
[ 2569.304576]  __ext4_journal_start_sb+0x214/0x450
[ 2569.305662]  ext4_iomap_begin+0x485/0x700
[ 2569.306605]  ? ext4_iomap_begin_report+0x5a0/0x5a0
[ 2569.307716]  ? truncate_exceptional_pvec_entries.part.0+0x510/0x510
[ 2569.309113]  ? splice_direct_to_actor+0x387/0x980
[ 2569.310206]  iomap_apply+0x164/0xa40
[ 2569.311034]  ? iomap_dio_rw+0x90/0x90
[ 2569.311878]  ? trace_event_raw_event_iomap_apply+0x430/0x430
[ 2569.313207]  ? filemap_check_errors+0xa5/0x150
[ 2569.314244]  __iomap_dio_rw+0x6cd/0x11c0
[ 2569.315143]  ? iomap_dio_rw+0x90/0x90
[ 2569.316021]  ? iomap_dio_bio_actor+0xef0/0xef0
[ 2569.317041]  ? generic_update_time+0x21c/0x370
[ 2569.318051]  ? inode_dio_wait+0xbf/0x270
[ 2569.318956]  ? evict_inodes+0x420/0x420
[ 2569.319846]  ? down_write_killable+0x180/0x180
[ 2569.320868]  iomap_dio_rw+0x31/0x90
[ 2569.321715]  ext4_file_write_iter+0xb26/0x18e0
[ 2569.322784]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2569.323792]  ? kasan_save_stack+0x32/0x40
[ 2569.324729]  ? kasan_save_stack+0x1b/0x40
[ 2569.325649]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2569.326796]  ? iter_file_splice_write+0x16d/0xc30
[ 2569.327869]  ? direct_splice_actor+0x10f/0x170
[ 2569.328875]  ? splice_direct_to_actor+0x387/0x980
[ 2569.329925]  ? do_splice_direct+0x1c4/0x290
[ 2569.330866]  ? do_sendfile+0x553/0x1090
[ 2569.331774]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2569.332811]  do_iter_readv_writev+0x476/0x750
[ 2569.333794]  ? new_sync_write+0x660/0x660
[ 2569.334690]  ? selinux_file_permission+0x92/0x520
[ 2569.335775]  do_iter_write+0x191/0x670
[ 2569.336646]  vfs_iter_write+0x70/0xa0
[ 2569.337494]  iter_file_splice_write+0x762/0xc30
[ 2569.338533]  ? generic_splice_sendpage+0x140/0x140
[ 2569.339627]  ? avc_policy_seqno+0x9/0x70
[ 2569.340520]  ? selinux_file_permission+0x92/0x520
[ 2569.341589]  ? lockdep_init_map_type+0x2c7/0x780
[ 2569.342633]  ? generic_splice_sendpage+0x140/0x140
[ 2569.343744]  direct_splice_actor+0x10f/0x170
[ 2569.344718]  splice_direct_to_actor+0x387/0x980
[ 2569.345760]  ? pipe_to_sendpage+0x380/0x380
[ 2569.346726]  ? do_splice_to+0x160/0x160
[ 2569.347604]  ? security_file_permission+0x24e/0x570
[ 2569.348731]  do_splice_direct+0x1c4/0x290
[ 2569.349667]  ? splice_direct_to_actor+0x980/0x980
[ 2569.350737]  ? selinux_file_permission+0x92/0x520
[ 2569.351808]  ? security_file_permission+0x24e/0x570
[ 2569.352913]  do_sendfile+0x553/0x1090
[ 2569.353756]  ? do_pwritev+0x270/0x270
[ 2569.354587]  ? wait_for_completion_io+0x270/0x270
[ 2569.355672]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2569.356705]  ? vfs_write+0x354/0xa70
[ 2569.357523]  __x64_sys_sendfile64+0x1d1/0x210
[ 2569.358488]  ? __ia32_sys_sendfile+0x220/0x220
[ 2569.359475]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2569.360521]  do_syscall_64+0x33/0x40
[ 2569.361341]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2569.362467] RIP: 0033:0x7f23c5d5cb19
[ 2569.363273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2569.367220] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2569.368913] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2569.370488] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000005
[ 2569.372049] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2569.373627] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2569.375184] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
01:50:34 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 11)

01:50:35 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:50:35 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:50:35 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2569.548957] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
01:50:35 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 27)

[ 2569.707072] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2569.733114] FAULT_INJECTION: forcing a failure.
[ 2569.733114] name failslab, interval 1, probability 0, space 0, times 0
[ 2569.735883] CPU: 0 PID: 16428 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2569.736449] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2569.737332] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2569.737384] Call Trace:
[ 2569.737411]  dump_stack+0x107/0x167
[ 2569.737444]  should_fail.cold+0x5/0xa
[ 2569.742964]  ? create_object.isra.0+0x3a/0xa20
[ 2569.743915]  should_failslab+0x5/0x20
[ 2569.744710]  kmem_cache_alloc+0x5b/0x360
[ 2569.745566]  create_object.isra.0+0x3a/0xa20
[ 2569.746466]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2569.747658]  kmem_cache_alloc+0x159/0x360
[ 2569.748527]  __es_insert_extent+0x3a9/0x12f0
[ 2569.749476]  ? do_raw_write_lock+0x11a/0x280
[ 2569.750402]  ? do_raw_read_unlock+0x70/0x70
[ 2569.751344]  ext4_es_insert_extent+0x2dc/0xbd0
[ 2569.752347]  ? ext4_es_scan_clu+0x2e0/0x2e0
[ 2569.753258]  ? down_write+0xe0/0x160
[ 2569.754016]  ? down_write_killable+0x180/0x180
[ 2569.754964]  ext4_map_blocks+0x8e1/0x1970
[ 2569.755830]  ? __lock_acquire+0xbb1/0x5b00
[ 2569.756724]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2569.757661]  ? __lock_acquire+0x1657/0x5b00
[ 2569.758584]  _ext4_get_block+0x21e/0x570
[ 2569.759424]  ? ext4_map_blocks+0x1970/0x1970
[ 2569.760329]  ? perf_trace_lock+0xac/0x490
[ 2569.761219]  ? create_page_buffers+0x139/0x230
[ 2569.762168]  __block_write_begin_int+0x3d1/0x19c0
[ 2569.763167]  ? _ext4_get_block+0x570/0x570
01:50:35 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d316)

[ 2569.764049]  ? remove_inode_buffers+0x300/0x300
[ 2569.765084]  ? ext4_journal_check_start+0x1b3/0x2a0
[ 2569.766117]  ext4_write_begin+0x68e/0x11a0
[ 2569.766988]  ? __lockdep_reset_lock+0x180/0x180
[ 2569.767943]  ? ext4_truncate+0x12f0/0x12f0
[ 2569.768823]  ? current_time+0x72/0x2c0
[ 2569.769627]  ext4_da_write_begin+0x623/0xe10
[ 2569.770527]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2569.771595]  ? ktime_get_coarse_real_ts64+0x15a/0x190
[ 2569.772644]  ? iov_iter_fault_in_readable+0x9a/0x410
[ 2569.773679]  ? ktime_get_coarse_real_ts64+0xfd/0x190
[ 2569.774705]  ? ext4_write_begin+0x11a0/0x11a0
[ 2569.775614]  ? copyout_mc+0x140/0x140
[ 2569.776394]  ? current_time+0x1e6/0x2c0
[ 2569.777232]  generic_perform_write+0x20a/0x4f0
[ 2569.778175]  ? page_cache_next_miss+0x310/0x310
[ 2569.779116]  ? down_write_killable+0x180/0x180
[ 2569.780060]  ext4_buffered_write_iter+0x244/0x4d0
[ 2569.781048]  ext4_file_write_iter+0xc11/0x18e0
[ 2569.782005]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2569.782958]  ? kasan_save_stack+0x32/0x40
[ 2569.783803]  ? kasan_save_stack+0x1b/0x40
[ 2569.784649]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2569.785401] FAULT_INJECTION: forcing a failure.
[ 2569.785401] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2569.785694]  ? iter_file_splice_write+0x16d/0xc30
[ 2569.785711]  ? direct_splice_actor+0x10f/0x170
[ 2569.785726]  ? splice_direct_to_actor+0x387/0x980
[ 2569.785751]  ? do_splice_direct+0x1c4/0x290
[ 2569.792000]  ? do_sendfile+0x553/0x1090
[ 2569.792813]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2569.793767]  do_iter_readv_writev+0x476/0x750
[ 2569.794685]  ? new_sync_write+0x660/0x660
[ 2569.795531]  ? selinux_file_permission+0x92/0x520
[ 2569.796539]  do_iter_write+0x191/0x670
[ 2569.797388]  vfs_iter_write+0x70/0xa0
[ 2569.798164]  iter_file_splice_write+0x762/0xc30
[ 2569.799138]  ? generic_splice_sendpage+0x140/0x140
[ 2569.800153]  ? avc_policy_seqno+0x9/0x70
[ 2569.800981]  ? selinux_file_permission+0x92/0x520
[ 2569.801979]  ? lockdep_init_map_type+0x2c7/0x780
[ 2569.802958]  ? generic_splice_sendpage+0x140/0x140
[ 2569.803961]  direct_splice_actor+0x10f/0x170
[ 2569.804880]  splice_direct_to_actor+0x387/0x980
[ 2569.805847]  ? pipe_to_sendpage+0x380/0x380
[ 2569.806725]  ? do_splice_to+0x160/0x160
[ 2569.807547]  ? security_file_permission+0x24e/0x570
[ 2569.808575]  do_splice_direct+0x1c4/0x290
[ 2569.809438]  ? splice_direct_to_actor+0x980/0x980
[ 2569.810421]  ? selinux_file_permission+0x92/0x520
[ 2569.811414]  ? security_file_permission+0x24e/0x570
[ 2569.812439]  do_sendfile+0x553/0x1090
[ 2569.813235]  ? do_pwritev+0x270/0x270
[ 2569.814011]  ? wait_for_completion_io+0x270/0x270
[ 2569.814998]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2569.815938]  ? vfs_write+0x354/0xa70
[ 2569.816709]  __x64_sys_sendfile64+0x1d1/0x210
[ 2569.817628]  ? __ia32_sys_sendfile+0x220/0x220
[ 2569.818559]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2569.819549]  do_syscall_64+0x33/0x40
[ 2569.820307]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2569.821388] RIP: 0033:0x7f23c5d5cb19
[ 2569.822162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2569.825854] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2569.827422] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2569.828894] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2569.830332] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2569.831755] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2569.833202] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2569.834696] CPU: 1 PID: 16437 Comm: syz-executor.2 Not tainted 5.10.175 #1
[ 2569.836247] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2569.838071] Call Trace:
[ 2569.838661]  dump_stack+0x107/0x167
[ 2569.839472]  should_fail.cold+0x5/0xa
[ 2569.840312]  __alloc_pages_nodemask+0x182/0x690
[ 2569.841348]  ? xa_load+0x12d/0x2c0
[ 2569.842141]  ? lock_downgrade+0x6d0/0x6d0
[ 2569.843127]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2569.844461]  alloc_pages_current+0x187/0x280
[ 2569.845441]  __page_cache_alloc+0x2d2/0x360
[ 2569.846390]  page_cache_ra_unbounded+0x207/0x6f0
[ 2569.847439]  ? read_pages+0xbc0/0xbc0
[ 2569.848269]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2569.849297]  ondemand_readahead+0x8e5/0x1150
[ 2569.850277]  page_cache_sync_ra+0x138/0x170
[ 2569.851228]  generic_file_buffered_read+0xc74/0x28f0
[ 2569.852381]  ? pagecache_get_page+0xc80/0xc80
[ 2569.853377]  ? kasan_save_stack+0x32/0x40
[ 2569.854271]  ? do_splice_direct+0x1c4/0x290
[ 2569.855206]  ? do_sendfile+0x553/0x1090
[ 2569.856082]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2569.857098]  ? do_syscall_64+0x33/0x40
[ 2569.857947]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2569.859115]  ? perf_trace_lock+0xac/0x490
[ 2569.860029]  ? lock_chain_count+0x20/0x20
[ 2569.860956]  generic_file_read_iter+0x33f/0x490
[ 2569.861979]  ext4_file_read_iter+0x184/0x4c0
[ 2569.862920]  generic_file_splice_read+0x455/0x6d0
[ 2569.863947]  ? pipe_to_user+0x170/0x170
[ 2569.864805]  ? _cond_resched+0x12/0x80
[ 2569.865642]  ? avc_policy_seqno+0x9/0x70
[ 2569.866496]  ? selinux_file_permission+0x92/0x520
[ 2569.867545]  ? lockdep_init_map_type+0x2c7/0x780
[ 2569.868558]  ? pipe_to_user+0x170/0x170
[ 2569.869433]  do_splice_to+0x10e/0x160
[ 2569.870263]  splice_direct_to_actor+0x2fe/0x980
[ 2569.871270]  ? pipe_to_sendpage+0x380/0x380
[ 2569.872229]  ? do_splice_to+0x160/0x160
[ 2569.873100]  ? security_file_permission+0x24e/0x570
[ 2569.874180]  do_splice_direct+0x1c4/0x290
[ 2569.875066]  ? splice_direct_to_actor+0x980/0x980
[ 2569.876091]  ? selinux_file_permission+0x92/0x520
[ 2569.877150]  ? security_file_permission+0x24e/0x570
[ 2569.878231]  do_sendfile+0x553/0x1090
[ 2569.879085]  ? do_pwritev+0x270/0x270
[ 2569.879942]  ? wait_for_completion_io+0x270/0x270
[ 2569.881006]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2569.882002]  ? vfs_write+0x354/0xa70
[ 2569.882820]  __x64_sys_sendfile64+0x1d1/0x210
[ 2569.883823]  ? __ia32_sys_sendfile+0x220/0x220
[ 2569.884854]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2569.885912]  do_syscall_64+0x33/0x40
[ 2569.886726]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2569.887842] RIP: 0033:0x7f5209db9b19
[ 2569.888648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2569.892672] RSP: 002b:00007f520730e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2569.894354] RAX: ffffffffffffffda RBX: 00007f5209ecd020 RCX: 00007f5209db9b19
[ 2569.895892] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2569.897430] RBP: 00007f520730e1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2569.898980] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2569.900500] R13: 00007ffc43c8a52f R14: 00007f520730e300 R15: 0000000000022000
[ 2569.917062] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
01:50:35 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:50:35 executing program 0:
r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(r2, 0x0, 0x0, 0x8800000)
ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0x6)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmmsg$inet(r3, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000280)="e869", 0x2}], 0x1, &(0x7f0000000400)=[@ip_tos_int={{0x14}}], 0xf}}], 0x1, 0x0)
r4 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0)
mq_timedsend(r4, 0x0, 0x0, 0x0, &(0x7f0000000040))
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000007640)={0x7, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r5=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r6=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r7=>0x0}], 0x4, "9755154351ac9a"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000009640)={0x0, ""/256, <r8=>0x0})
mq_timedsend(r4, &(0x7f0000001e00)="3cd52ed97c9e213909d730166b17123f3294a3353d43c2bda33f8b46124feb3e574cb78ff55dae93c1d80f8b1b571caa5d0f953fdc20af7c2907f40c853111e5a4a6405dfd6510e2573f0cd5a14f722a746315bf5955d6443a167b62e37e70e67059a451add17b0ba3a4967e37a184c25fd56c25f32d2c08713830771e190d3e72e360fbae6eb7f69da7ae1b7575584eb3aad405c2e0cecf7c57c725e35199b38412b21fb229249cb5214590ea9c200b689ed99433fbbb389404f04d726fe19ef657f8896380c769f15ede2ebc816773d5730db7acb1828fbcdffc4da713e0944bca7028c47238c1aace7879fca945a836e4ff365b155de4a6b5e69df15c57c8c84a27359b026401b2d2ebb22fc4727115b803cbed672e1c10421e53aecb9848432f39231a6fe45af05a49d7f66593d188b01763da10fbe076c0103b005492008157072857ecefae4dfd561229bd8ecf19e938d25a4315e343c5ffc67c1810af17fff3e930e390dc021b8a020e9ad5750cbdb6ac2406d580f35c6776feba23704f457eb3c9e481a38ae02519b5561493b3a5a22682f0622f55b91bf3fe3b6eeb0b411767b39cf41b6ea7f7606bbbf59f038ed99313e9185bafa0f1fb0d7f8f854025afe6eb498d49d00f869ed3d4abccfb90d70f1dd88a92a1f6c2a1f62238ff8733e3b25225fe919598664429606c6ba859544fe0de3a9f18ed8fdd5e9ce15ab80c870a454b550e5fe805396bf4ed72b627314fad05b74a500135c9bb1b297b170356d42c9983c3275dc8c95a5a198f3b896c712d4c44d66ee10f29d4d71df5484c473cdcd107d66ded8e5219a066b00f45faca7ccbde009031f583819cffcba547c3b5707c7c1eba73dc6ade8f584244ba35302df2a0341c8e629d52fad82cc1c34dac09d39a975902e883ce1b648080e5855ad37961abaa7eecab4ac63cb839f4039f8b93d2ba6e618ebc437166e24e210171bc8ae12f31e90adadfdba265f9a8df86648ff4bcff451f289c9142ef5bac4ba3131852ff820087a5b7e1131eb05c8c857dd4cf2839501138174f70eca95c39a59220f47be95cbe4996c214f17e5a790679057bf0c05e7d79797fa74af891a0bb050183e9124f3677a94c92e3caaeb095d0746fa8a82e30f14b228fffee24ba0385ae2940a223aa6fdd3bee655aabb131e4660eefa4e65a0cd2197f54d94783a2513ab6ae8c548b7fae70692ffa367a95cde0cd90d37be42547f30d1583a913b11c9f998d60d8c78a3677d79c717dde50a0124d918e66655902e6cb60ddd82727bc05b31057693ee9d7601be6d8870edc47c328afa800911568d99655a271c65de3a07616806e280bd453217ee2420b32544c67e34bbcec1874b450af23af54048d3a10e71967bc1ee3c0029235d95f158895bbdddfa81a3cfbcc74c7c352820f75e00324e154441074853b7c2dc1c3ed42873c6323e0bd29058b62187f57ee8def92612a91b1598af90904e770a8788c05934b54f998ed0a4b54198e74a1bdcd6e5a07109f6bd0271384211633d2d70c28843fbed80968d3cf49a697bfaffb92101e0626dc34c4b9a8b47438606152c9eea6481597918ef7739be21f562c86289b842b1d9208459f41716f2518da7d3f4ba062c0ea28a221e44f071325deef0c9ce5e8bb729e8f393020db13ad241503f9c4dc21fee5bc58893e112a2bd2528aa825c3b8e19d8312b268a43c9c662737da60bf318a5cd9069a2d96653818733825f5808371ad593f124ce11272705b5dd827d269ea01ea8a3948418278ba34338fea40665bcb5365033785adbbc7f20ea2489a728670108781da688a9d2f327f7723b76e4d2dba9c05a8f15bc05fdd521ce44e606fb0daf61c3cf96094bc4c8ca55892cd55803da5ec5f72c9ea01273ba23d834061b1a4e7778470cb726d78692d1d00291b9753fe96e43b24f239b575978b0fc6855aae3e384fff6dca011d58ca718f5a64ce083744057fadce07c1569c0a2dd34cc2f990c2d0705d4ad2dd03ed74e005e495987f5dd3b561bfd610d372abd48da2cdaa6253b074b55a30c7663daf7268768a656ac8f36d0c61a6671f6b75b69634c5c3cb06bf7d28e5b01743d673ed200a51e70f7d72c908e21769144a72870fead7075c25ddadbfeb9a9818638c3829d329eac2eb542f190986977bf6b79ae967ede1bc3e998d271f8225d5ae195e1be0ae7be5dba2584bcda86187ccde07022a3a462f505557140b14646b8d2ccb67c82bcfbeb71ece2f3af3d2d522613571766fbc39716026361c6d109d1ca6616495a5c1186cb2009e8d365abaf16a81230ad8c05889f9fcbb7ce0c6a507f9b5a078dfe5a7483d376f16428d23eb15c688f252d8548b5d94f34f8cd430b1a31bcc3e1ce90d14e3e7a33021df06882d32b90e4c6968c8046a7410bb6920f278d1b1c166875217c8e8d417adf9b50c85c509fa0581d906ab12c339e7ce03a49693489e7965043c75e5950363f062e43933d848ac73cb5f8585eee7d22305f9332df9ad7a11377c01f15ae3009d92dc3fae370f8f817400fd7f5aeb5b103fa1ba707b86ebff9324e2d52a8d46baff356e4be977bab515127107916440e1867c4d6279b08479597b3268c98566723c935f96b569b2b60807f8a046ea6e2761c062c7913dc9d4bf71f60ee2fd0e7bb3e5b718e8d4a62c43f2d53d9ecdbfb6d1dea8d8ce51c574c5007a55bd1a5933e3895659255153d501e3419ecb2c63cf337b7de31b0830f7c5b4fe267ef576c7776d34e47c7ee204609284af5a10a88b0d2488574d50614b004c04285cadc63001ac023f570b6fa4c0a21635b2d53405c4279ce02ad7033cc5df8559e1cafb3e6b0dd169df0a980a27d5acd32f68e166ddd6c43e186de12bd09f14e644c5f7a696b1cec0cfc757dc64e8f0b64c8bab66db414fa724c175fa49676d0ae100537b7cb55751a54149b60653a20bbbdaa58a9172228e553a5ec93387db79eaa9cd542cf8035d4c50b7e09e3728f153641e7fd5c9cb8969df5374a25d3611aacc81ea1d195a4b2f7e1f861259fe1d2d6422e32acd44d2f996508c07e54b200a472e4782b0e5aa030898f4c51b578f60d17fc5c01055be225120118c20b171d8bffe38f194b0ef598ac5696825da3442eb0513e31dcf997a213ffb711392223c906b637c77a5ac612611b9d4f949bfa43d746b38fa61a2b736f116edfeda864cf56357f0d9ed25d27cb057c8227379a86d9f2bf00f289ea8fcf4a61f0bbc50045047e7ef0b097e4c65d749f4d40a89f6ff2e17990e837f81364faaf32cd0c5cdf9846173610759a22a424e00f57a3143c8cf561f12489ff01fa64ef27c39370e1eca076ecaa6fbd701ad2a29b80cca60bdccd34e5f26fd0ac661ef5da02883d55401b05b15770399f960c8749fdc90fc06ddc18bd88ad6d21a7db3aaf52e28ab741f211898192d4ab34b659e79eddd844a28b5c3d0125f5b8781f270f7832114c744bc5820a60b28d408291884c0f85b47e660f8545c412c235e85da5e33bd315067b9f89a36b76e204e82ee465031f0fc463d42254f73fe269bd7ba4f4f06dafe7057f58f5387f40b0bf3fa2e9ca6b2afc496d26ebd092e0373750cc649f16e1e35179825f3a51d8b015539a4ba1661addc540c776257ceadb0d795f8fd6737bc302fc39b4dda8bf0db0f4d0a62839b02ff488810413131a566082d864e5bfc3e073a63f17b28aa8929cd239f50689fef85a8de3308be69b82d7eca3d9e5190586362841d1ff6c562a3c6d74e57750e80baddf2aabd9cc40ff3aa30e2a9be9150815977e3292f171cd184074d00e90251ffb0943b276e67a87d7eed7af3d886519f54aec72d5eb01268202999e8d78532461a8524aa0fea7c49aa864f956bc4dd31047a529f8bbf4ba971ded87c6121533491863d6d2f4dbeac566839675a781f43c9ed27d0527c961a60f212deafd75ac331674b4e76d9151c9813aca07565b1e8b52a835d1693f36cdb9be6fa8cdd7431183467be6dc75c867268cbc7f7a6cd1059ccb123c47de06785d1deb8a2a4ab286929253e05107d07c80d2790af78fe59f022763514ade2fd2f2aa0fff6c99c6af7498c9024259f2f49d8e0f054b9e7d774b4e7b1552340012153d4c79451be6ffc71079da12c140d97f3a813256e93e22e3ff9045fc6075df39fab13ed8661a6a06bc083194ebe6bc40040840f08cd586d7a3a36fe7015d3a636f94553955325eeb3d5c538251202c6c1521cbe2b87e3a22ffd2744094a44be4a63e09271a29fbddc042872a53dfe54670d0028d640754c2aa06ab7e299244bcf5517eca5a0d50799ff872bdafe888a587633f3771c161c520e56764ae13e351dd4a4fbbc4c12e00986c58a3af279473acfa42cdd442d2ab36a1f2c8e15df74b9b9fdb7f4ed0a527e1b2522ea18b822d420e493a114031ef87dad32101c7002f7aacd435e3c952c5edf7f6317215709f673926e15feb3021c3d31adaf27f468ed93f65201963ce3ec173f8003d417961a503bfe5181ed3397bfe1299107235aa1562baf276ddc6b3e802a35042d0f8a79ee06102c8e9b0a92e7e92da2788c8e6450a924fe8d7637a183f9a0b69e949ee3d54bd5abf9b6a90bd3cb8a9bc9d8d91418c72b3fe665d54dec99eb53fcf474a0f42171e2f3fb16a00633408f77c205a168f70379d5f10988510ed2605f1811c5c22d9e3e44f483cfc65e373e431eb224414db926be369c40fd1e40f2938cc484b33f69d8ee518c33a91284d6e3635720b731c68011d6b467219a6deb3b6c47ae211375d738b6f77a4f6ea2b80579aa34b3d0bced65466b6946f386482db484af971f33f546f2c0b0bcf6135784fcf3f0f1006fe34617e86adbabf80935995d34b48b9d1f12ef089510dbbd616a59e875d3f3e0aa7aea1758d6c5f2a699d031823205a4ad815efee17395d817015c392a79e4d0ac9686e596220b0ecdd2c1646e54a5630cd6022b1f52d81de0b7c0e772ab6a9c931bf527b0a874f79fa860cc82283d36be2114a4ce514b60f2b1ef941fb4e1a8d2899467d6231f82fefa3bc2462677ffd1d2436b44bf4f7fe734064f0a0b16c3f16332a85895ff84494009e00440ff7940096065996741278b3652d6286545b10c77ab2e905c1bb8c2d538ca6521df0707f55e0054d2d87d060f863c9cc50db915ac404ff6017a48a04190d12168a647d803819879c0bc3e688663d1585493dc800727fb4775473005d0cc37c3941dddb31071cb5389083a0ee8aa5317326c7f8a29646e24bb32c6d6198d2e095a6694f5ad98e3940608d60e169cc7dc507564e043aebdde61d7adf96f0a52adbde8f9ce5f99a323c8cfbb35c23baef865a6a6f949b9ee425ed2dbf1f74eda38aea9bb1e814f8de792d106ffc2030223aed765a49a8c5225f986508d023b698226c40e366e93264fbf51c2fa8a889f13ef4b768c480ae4ef3d5f061d7cd2ea2456e0c2bca80c3e7b23209a4d221a1df8cc6b3e5fa6dead523253952380abf2ca49d628a4078e4c34c49caa2f84dbd9325c2459dcf8ffe65163a438dc1f204cfeca634cfd0a2f0f165539b88bbff3b4136f21cd050ea0c2959701aed2f44be88498bd6ccad2935aa459f91e146928eceef45a9dee8ac5d9ecedf6f3757a3058742aa743b74020dfbd925deacc4fc4c1e1d91653f93b190229888c5103c29a4b5ffc836babd2035e79d5742e32f663fa44ad2ccb40e547037ecfc1d8f1cf1f70638302c6b8e8524ffe1e1b33464ae0c4ad2b8f53350998a864ac84789fd0f48534295285e6", 0x1000, 0x5, &(0x7f0000000000)={0x0, 0x3938700})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f000000aa40)={0x0, <r9=>0x0, "c009b39830e4109622d7a29d0bd42e6d365c8384f665a2104b6faaa5427626b93311e77f0de4211e1217bc355a5246327eb7ba126bf7e4adb45535a4d9757c77f555e42c9254e9f9089be590271f821f5f6b632da2dabf1d6e618629da57a34a33f5e913338e628f32d84f60dbb9f94b70f1828e7d652bb2443c02901738d15cd72d14288f0d47dfe96e49988d0402f96628f97be361723e018daf71ab695fa4726664c00ec9aa53b8c092760da4cd088f03fad6504eceb8949dc35abc6c9f51916777bc38aa3669fb220546dbd1024eb87da205b46ec35180a8fcb898160855b5044023da75f2b1f285c1462a8afa95492a14be3f42052ff535612d226506a0", "7374bf600a2dbb0a10a4446998c60bc654676f080ecee8672b9b990319e9f34b4c45be9b1cbb8fbe1f4541599e2a8deeedad6067575d671432b4ba4028542704ab850b2cd326bd5a16431e3e06cbefba068d34f999e863befaed31fe2f898bdfe4043148f4d1cc27af274cc202dd9cd92b1891ba85c4048baa5cf0aa7a3d5dbef19adb89a7123a5c5cf1f42650df4c63aa25c0c5f606a072b8c1910206999409a39439cacd824f129adb4177e14f533050e77cfd6b9e760c12899b047feb4c8e5b746e5570db48fc8fafeccf98bad6d99a585091b403666ded97ce43cdf6dd1791052bc149861ea2585dfb28b538cc9fe6ffc5e07182615951fd668085ed124af574a07e3495491f19b1aa2a3b69028ccacd78524d988b224ab17ed905da0b840b4a9939e2af6efdf4221126075a8964d904883db014031e0924681a4ef3795071b256b75002a7df298c87c565b1d8a331e7d0c1000e1d707100917dfe107f87ebea9dca1b708b01cacf1c9f348c0d0fd64aa64193637c7169264d06f613c41be60f39b0cc9d813ae5fca2222832f86f2ae87e883efd48df36d16e6c1ca5c378f6ff0fbace91eb3099d744b16171fcc1ab7d5456392f0878ecf27e8caad7386663de490c3044eed7e7cb83e675716eda0cc09f219aadddd814c88048a7c6cefe69a79f2f7a234cfffbf19ac7a9f6ef59faf2776ac3d636904ec1bda09b1c9d8caeafa918983215d866f5cb6f1088e7e99a43425913d258a3dc8550fcbca3e0bec47503e24d709dd1fd1bb3cd92837d10387a0eebb98aab27950a2a66dc0b9bad3e4ef6393036d64949931ffe6479073790b3b885ac8563d4018e9227d644864c17f048daefbb192d15b56a2a440ad6d4ef5af2ac9904d8b69c64d2368928d7595594e6c3fd23229cb6aa80ec308301b1c94777900d34b1b3eea03dca765036a3f5351551affb585f22541074380b60ca062bf8a8a2324fe61ecad5733aec51e0c5ddc648280556b8a038b5816947b1637ef598cfd134cf9833d875fd23d22f5f74e74a4634d50a3ac908eed128f4297924296d95361b9504c08df4a0603eff93ee34bd45ed12e8d06b8f399fefef4ced732aad15b70f3e276101fa4b5a5c17435d0999b3345ccfe853c955e8b7927c7a171506b8e5b4de8a68cb5e80c3709a0e15643b5772d82d04859133e09fa8ab81ac042e67bc918f2847af14a4eb77c3fcac3132ec1af5a57d85acb9ce91d9d15019904396737ade63df938e6f054f8ee21e8994d45b0801ccd8ae8bda90128cb05eddd297d800412bc01fc5cfdfa9d473641fffc793b513da3f7565a27c4ff3678ac6f71560cc6cc95fb4d20f85b7934cb4a4f614182d331ab53b6a09ff47fc272b6c1f5aaca477bfdfed3fac942d639773b7a5656c526eb595d6fa9d301c425947f37088447cb4400c37750b76eb6c1f7933e43b27224c2fdc053e55125d00ab11428af674f58bd5c3ea1ce4762856afccbd37dd59a5e726f2e5e770bcc8372304fc2a33611234e3b0d411fcae8691e621b64581dc32b3d97c02920877b2c995018dcfff2da8687bc64332cffc3d355931561dc799d169f61d121f242dd3605e3fef8a46bf73998202d6a87671719896c61d729006104bdb7e926020f28260c75c2c754e5f073097d7031567e62cbfcbff541702cdaf498bbfe01e2948e6e164271ca4ab4df68a1569d29d3ce7029c0b58d2a1e6d179fa817ec9df17195c8b83a7a7508f18f0e3d07e8871f331d7a151bc11301c7dce402e6a5fda6f3096df2ddfeb48b3991e055c55d2a071ed66bf378e5c451f849cdbd7951cacad16d6b5734b71db866e77086bfab1797942633ec688d78bb2fccaae2b0e796b852b278bd4a4648d0811293e1bfe68e30b42eb27ac0a4e435e086b4cfeeb9fa539f0d800b6108e4c7b9d7237746770a3f3477646b7c9bfd2bc111679d40bffe221be492ba984df6cd4d7d8f9cbf7185e79804416be68d8a2bfa28e5bec4b57bf5f08eeecafabccd55744e49bb4a7dd1324908d91762b9884e7268d0bb6290be3b51091ae6ccf2ebbd4945dd7913bd38509a00ce38d955909bfa1f3740fc123a12e15b853b59b9b691460afdcda150d39e566a83eaa0c3b7bac9819bdbc7e0a620206be87ff2f8ea8091dbffa014d2f2eb919040a434cdeb3db68adf845d2ba751dc0e1ce4afd8672a5ecf0653b8c672c3265aa236a174185f4b4a291bda664bb79c13f8b6932a831385773898d194d2500b38fbfff8c4acafa5a80dfd3f1f906132885446f9f7ad787dbbdab593661ab1c255df879eaf4ca739deaa11379a5c6b650472257fa54b646b29ceb3dbe27e3584914f9f766bbbcc67abeffebb0df881a42b8671bba930b04d1d7710cc15d546ee69ad40e66f04eb28af8bd17b739e68ad75a239303fb97b18f8f08d2f95bdae0f245ebdfc3ecf555a6fd53f5a35af8b2dd016b227d209fc8323a7576e66a9913a0ad4f19d30d2b6f25ac8b5b6c762e2c68c76f9bd7818adbb3c9b194c09471482ec6898754469076b8674ab9e26b5977a0fa693160f18a01d2f2c362186ff75c205cec261d9e6c431ee672e4056b7e458ef02dca1167d09de5977210461758ed506290477a63c5af0698a1f4edf3bc569692bc9febd5fd641860dd34a6926af47ae7bdd3cce59a5b24b6944075e30ec2f2dbd043ebc57a39eaa5559bc4f21f08198e0daa2e8506b21160c8f9b629ad0e80d5e99e5cf4c4ceefb8d9fe5493ebcb066a647269fef2146f1ed55dac66974446e650e49db26ceb24c16c24885a2d2d011d11ec52d5b7a9c8096314d1dc7c992a1dee70be2fc0cc2d9fc94b0d02d479f6f4bfd3fa20df42568e27c0cea6caa1028d5dfbe6a9657053c06132387f9abfbaf93d9b335b69b168bf7fdaa0a44981dadc3358b50f1b24d390f8858d6775fa838388ff8a69b02bf446028485ba9e0c15731288c186b3cdf2fbc088f13f50e5eecc9b3a058d1369b7a254f11aa81a5fabd862bfd5226ce26e0199ef241badd55ba0d6087e9eb1661111a6afef1caf2bd54832bb5a3e8b864c8af220a8a115746c1646e78471ba2edb7c63fcff7f6be047a5f740525fbe5e259beee146dc2a609d3fd576e826ee1e4fce8ccbf75aa713514bda04ed4086cdd11a770cbe5782bca23f5f3ad8682609d5c5d4e5ca4e117d7423740b41081c6945b446223bb435c6ae2314552b7bf53a8b2c8a7a2a961d17315e0f7a660624b119c89ae81d2214b03cd79bc3eb355bf06811d7186b1f0a7219dd8d4096cb0df940719279357b853bc7c5bcf645aa65c12227859ce0851953fcefa6051f2a31e3666abde9ef1ece3eba658de696edf5d87a7d562dfe1f6bb9ac5e6773bc9069c732683715868cf14825345fb60665982549b9bb7c5b7d934ed0c4d136fa089f8459d473bf1ee678cf88c26f4f5ac681aa6dbe6ef78c26e7a3649ae0574f550f9fc64e8caa14586cbc43d8ec72a3170fc4f6c78fdbd40332c1f35adfc04be68a067f2c03325d624e21fa0e1fa6ea879caa84665bedefcd19759872824a0053a110af2b6099d8ea572b0c81cea39147bb2dca0eaefd4be8c3b59b98c27049f04ae5f3652ade0e1561238296d17979581b93d0ee26464fb5675b968cbc397558207fb1d5365f73994c0c8f2bcae0164e74d602a4856355b214af58b6357b2505779260ec73929eb4fe1047bbc2a125ff6c88718d2b8b8fb9c0d1cb1760748ffc5e4998dbaf8fad99df26b2eaf99bce2541d287b243d7b9cf0ecb25588d14c6228a6cb5413f48e3d07817d258c45ca0ab3494ca5b59f87abdf38e439b4a31d60d9474a52e465f36dd0cd56f00d4e5e563bfc6421b40a7522eb71894a698c19510fa7dc690b6b3f782d88e61ca635d5efd4c9c1725dbf24e0c8e246a2dc979e4750de8347687038f0441858bdf5a06bcba827d8d1327601943ca9fd004c121034fa6e1c8b9eff5da764961f5700eab97380e99b37f302239b528b36f5c9bbebaff25edae48fbe59dd272099af5c695a19b62f64485ba01ae8416c02f04360be933b8ba8a49c6c1188a78c3d36d0c61f61b4002bfeb669e29bbcb306f573528a749b085500c7649aea469fca867da4ca9eaecc75a70f41baeb80bf803402a9066dc1e8243192b78533e0ad590e14fd2bf2ce3ac943ade1fcefd247406785ee387d18e9afe8845481748fbadf4d081e01ecce50ef1fc5b457fa296b833d77390764e2af12f7930c6334476dc4cf45d9f272e364336810c11318bd0a95233005d66fe81a5708ae5fad8c7db17e6d97d2340651f7aa7a36e132a77a7a6206b36a95ccb5a48cb19bd3bb886ff0e77bc76653912149ca85895c4f80c373cbbd4305a91213e8ec5b7b18d8587d723c18f02854556aaaa540935eab2b7470a7c1c40c7e843ac1221a51e92eb05af2342fea7c853a46182c8384612aadb40145b95de565140003468eaca74b38bdf4dc640d0af80c3dd81747652c5fe15ffff8965a150a4ca6a9d9c91d067b4fac49b23cd2041dfdab22126c97d812b67ed638cc65d75d836bf439807cd7cd3cd0e6b30c81983e3f45a00282a14d401d81ac7c5544510dc7d157eeaa18b09df5ec949a22d7342b5b720b2a47251e995410f9b35d90824c1b19beb8575c9efe2aaa2a2011790a1099a924c01ca835fb7cc561eb2310a5331d4d9c4a9ee03a5f1364c17a7f4511c0c1b929c630cc110696f9e94b4107d0b75338fda2c5e0b8d46d19b98071e328f57debd56b4a0a9009913ac41518a08e6fa533edf20db0dc5eff43cd3ead623fc826ac03925490537d6b6a47f27031faa17f9852a3cb72d2088f33d35846a40758e60dab4b3980d032adc3e4faa61ff8aaea6b08bc9705cf097701e9af550fa43ec06c0ae2257927eebcbbbf4a05ad8097597943d6aed8a950ba32bc0d19827539019397e2fffa5f7379ffd7ec266f0c1cd947aab0c9e73c2796bd4c32fa0a0effbc84570efdebd3ac1eb57cc89cdbed91ed43a64cccfeba427a017a07d84acc850a45e2f26639598ed061ea81b60fb1873983591d446129ba8b27a4aef3311292017e3cbc00533824888ef80ef1a85c86a370dc11694d2f455e04ceb8811afa53aac77c65b38703d18167aedcc077c988dd9832ee1999a82c8752b921bceae484c19cee6828eef373c979b5c3f208080c8dcb38c53e384bebed6c41c3b9d6958bd2b952d82d17b262dbf30f90ab5c5d197ccee9f6b6525928b0100ffdeace644e159500495ff5a0ea7df7b9ab63617e3879818e25341e97d839beefdf248222cadd61a5d76b1ff34704bb78656afef7994904da269f973598217edc3be93157185aa15ef225f6471d7786a5e28d0f145b96566e101bf46723486867b9aa90f9eb4d1f5612d4950160c1504a367daf984"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001300)={0x0, ""/256, 0x0, <r10=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000007d440)={0x9, [{}, {}, {0x0, r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}, {}, {}, {}, {r8}, {}, {}, {}, {}, {r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r10}], 0x0, "46dacd8396fe92"})
ioctl$BTRFS_IOC_INO_LOOKUP(r4, 0xd0009412, &(0x7f0000000100)={r8, 0x1000})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f00000000c0)={0x81, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r11=>0x0}], 0x8, "715705f264d5b9"})
ioctl$BTRFS_IOC_INO_LOOKUP(r3, 0xd0009412, &(0x7f0000001e00)={r11, 0x5})
r12 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r12, 0x0, r1, 0x0, 0x0, 0x0)

[ 2569.932302] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2569.968918] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2570.047080] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
01:50:54 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 12)

01:50:54 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmmsg$inet(r1, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000280)="e869", 0x2}], 0x1, &(0x7f0000000400)=[@ip_tos_int={{0x14}}], 0xf}}], 0x1, 0x0)
readv(r1, &(0x7f0000000380)=[{&(0x7f00000000c0)=""/163, 0xa3}, {&(0x7f0000000180)=""/142, 0x8e}, {&(0x7f0000000240)=""/150, 0x96}, {&(0x7f0000000040)=""/23, 0x17}, {&(0x7f0000000300)=""/107, 0x6b}], 0x5)

01:50:54 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:50:54 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:50:54 executing program 1:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:50:54 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 28)

01:50:54 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d318)

01:50:54 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x20d315)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2588.766465] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2588.778566] FAULT_INJECTION: forcing a failure.
[ 2588.778566] name failslab, interval 1, probability 0, space 0, times 0
[ 2588.780554] CPU: 1 PID: 16563 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2588.781742] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2588.783167] Call Trace:
[ 2588.783634]  dump_stack+0x107/0x167
[ 2588.784272]  should_fail.cold+0x5/0xa
[ 2588.784945]  ? ext4_mb_new_blocks+0x64d/0x4920
[ 2588.785740]  should_failslab+0x5/0x20
[ 2588.786425]  kmem_cache_alloc+0x5b/0x360
[ 2588.787136]  ext4_mb_new_blocks+0x64d/0x4920
[ 2588.787914]  ? perf_trace_lock+0xac/0x490
[ 2588.788643]  ? SOFTIRQ_verbose+0x10/0x10
[ 2588.789172] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2588.789387]  ? __lockdep_reset_lock+0x180/0x180
[ 2588.792365] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2588.793757]  ? ext4_discard_preallocations+0xe30/0xe30
[ 2588.794662]  ? ext4_get_branch+0x541/0x6d0
[ 2588.795404]  ext4_ind_map_blocks+0x1950/0x2290
[ 2588.796208]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2588.797140]  ? ext4_free_branches+0x680/0x680
[ 2588.797926]  ? lock_acquire+0x197/0x4a0
[ 2588.798639]  ? lock_release+0x6b0/0x6b0
[ 2588.799350]  ? find_held_lock+0x2c/0x110
[ 2588.800070]  ? down_write+0xe0/0x160
[ 2588.800712]  ? down_write_killable+0x180/0x180
[ 2588.801534]  ext4_map_blocks+0x9ed/0x1970
[ 2588.802267]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2588.803036]  ? find_held_lock+0x2c/0x110
[ 2588.803755]  ? __wait_on_buffer+0x90/0x90
[ 2588.804480]  _ext4_get_block+0x21e/0x570
[ 2588.805201]  ? ext4_map_blocks+0x1970/0x1970
[ 2588.805950]  ? trace_hardirqs_on+0x5b/0x180
[ 2588.806697]  ? _raw_spin_unlock_irq+0x1f/0x30
[ 2588.807460]  ? finish_task_switch+0x126/0x5d0
[ 2588.808219]  ? finish_task_switch+0xef/0x5d0
[ 2588.808984]  ? create_page_buffers+0x139/0x230
[ 2588.809766]  __block_write_begin_int+0x3d1/0x19c0
[ 2588.810591]  ? _ext4_get_block+0x570/0x570
[ 2588.811336]  ? remove_inode_buffers+0x300/0x300
[ 2588.812140]  ? ext4_journal_check_start+0x1b3/0x2a0
[ 2588.813047]  ext4_write_begin+0x68e/0x11a0
[ 2588.813772]  ? __lockdep_reset_lock+0x180/0x180
[ 2588.814607]  ? ext4_truncate+0x12f0/0x12f0
[ 2588.815341]  ? current_time+0x72/0x2c0
[ 2588.816022]  ext4_da_write_begin+0x623/0xe10
[ 2588.816785]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2588.817715]  ? ktime_get_coarse_real_ts64+0x15a/0x190
[ 2588.818613]  ? iov_iter_fault_in_readable+0x9a/0x410
[ 2588.819490]  ? ktime_get_coarse_real_ts64+0xfd/0x190
[ 2588.820362]  ? ext4_write_begin+0x11a0/0x11a0
[ 2588.821127]  ? copyout_mc+0x140/0x140
[ 2588.821791]  ? current_time+0x1e6/0x2c0
[ 2588.822492]  generic_perform_write+0x20a/0x4f0
[ 2588.823306]  ? page_cache_next_miss+0x310/0x310
[ 2588.824115]  ? down_write_killable+0x180/0x180
[ 2588.824936]  ext4_buffered_write_iter+0x244/0x4d0
[ 2588.825764]  ext4_file_write_iter+0xc11/0x18e0
[ 2588.826575]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2588.827352]  ? kasan_save_stack+0x32/0x40
[ 2588.828062]  ? kasan_save_stack+0x1b/0x40
[ 2588.828754]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2588.829630]  ? iter_file_splice_write+0x16d/0xc30
[ 2588.830421]  ? direct_splice_actor+0x10f/0x170
[ 2588.831204]  ? splice_direct_to_actor+0x387/0x980
[ 2588.832012]  ? do_splice_direct+0x1c4/0x290
[ 2588.832759]  ? do_sendfile+0x553/0x1090
[ 2588.833434]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2588.834248]  do_iter_readv_writev+0x476/0x750
[ 2588.835000]  ? new_sync_write+0x660/0x660
[ 2588.835694]  ? selinux_file_permission+0x92/0x520
[ 2588.836536]  do_iter_write+0x191/0x670
[ 2588.837255]  vfs_iter_write+0x70/0xa0
[ 2588.837895]  iter_file_splice_write+0x762/0xc30
[ 2588.838707]  ? generic_splice_sendpage+0x140/0x140
[ 2588.839529]  ? avc_policy_seqno+0x9/0x70
[ 2588.840206]  ? selinux_file_permission+0x92/0x520
[ 2588.841057]  ? lockdep_init_map_type+0x2c7/0x780
[ 2588.841878]  ? generic_splice_sendpage+0x140/0x140
[ 2588.842707]  direct_splice_actor+0x10f/0x170
[ 2588.843467]  splice_direct_to_actor+0x387/0x980
[ 2588.844261]  ? pipe_to_sendpage+0x380/0x380
[ 2588.845004]  ? do_splice_to+0x160/0x160
[ 2588.845685]  ? security_file_permission+0x24e/0x570
[ 2588.846548]  do_splice_direct+0x1c4/0x290
[ 2588.847262]  ? splice_direct_to_actor+0x980/0x980
[ 2588.848069]  ? selinux_file_permission+0x92/0x520
[ 2588.848897]  ? security_file_permission+0x24e/0x570
[ 2588.849763]  do_sendfile+0x553/0x1090
[ 2588.850422]  ? do_pwritev+0x270/0x270
[ 2588.851075]  ? wait_for_completion_io+0x270/0x270
[ 2588.851908]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2588.852714]  ? vfs_write+0x354/0xa70
[ 2588.853361]  __x64_sys_sendfile64+0x1d1/0x210
[ 2588.854122]  ? __ia32_sys_sendfile+0x220/0x220
[ 2588.854902]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2588.855720]  do_syscall_64+0x33/0x40
[ 2588.856358]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2588.857260] RIP: 0033:0x7f23c5d5cb19
[ 2588.857915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2588.861071] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2588.862378] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2588.863582] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2588.864810] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2588.866026] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2588.867224] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2588.887198] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2588.917384] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2588.921641] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2588.926501] FAULT_INJECTION: forcing a failure.
[ 2588.926501] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2588.929037] CPU: 0 PID: 16559 Comm: syz-executor.2 Not tainted 5.10.175 #1
[ 2588.930802] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2588.932778] Call Trace:
[ 2588.933466]  dump_stack+0x107/0x167
[ 2588.934353]  should_fail.cold+0x5/0xa
[ 2588.935283]  __alloc_pages_nodemask+0x182/0x690
[ 2588.936405]  ? xa_load+0x12d/0x2c0
[ 2588.937278]  ? lock_downgrade+0x6d0/0x6d0
[ 2588.938287]  ? __alloc_pages_slowpath.constprop.0+0x2230/0x2230
[ 2588.939758]  alloc_pages_current+0x187/0x280
[ 2588.940830]  __page_cache_alloc+0x2d2/0x360
[ 2588.941890]  page_cache_ra_unbounded+0x207/0x6f0
[ 2588.943058]  ? read_pages+0xbc0/0xbc0
[ 2588.943975]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2588.945144]  ondemand_readahead+0x8e5/0x1150
[ 2588.946151]  page_cache_sync_ra+0x138/0x170
[ 2588.947089]  generic_file_buffered_read+0xc74/0x28f0
[ 2588.948228]  ? pagecache_get_page+0xc80/0xc80
[ 2588.949210]  ? kasan_save_stack+0x32/0x40
[ 2588.950115]  ? do_splice_direct+0x1c4/0x290
[ 2588.951056]  ? do_sendfile+0x553/0x1090
[ 2588.951918]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2588.952947]  ? do_syscall_64+0x33/0x40
[ 2588.953811]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2588.954975]  ? perf_trace_lock+0xac/0x490
[ 2588.955874]  ? lock_chain_count+0x20/0x20
[ 2588.956791]  generic_file_read_iter+0x33f/0x490
[ 2588.957811]  ext4_file_read_iter+0x184/0x4c0
[ 2588.958777]  generic_file_splice_read+0x455/0x6d0
[ 2588.959831]  ? pipe_to_user+0x170/0x170
[ 2588.960690]  ? _cond_resched+0x12/0x80
[ 2588.961555]  ? avc_policy_seqno+0x9/0x70
[ 2588.962439]  ? selinux_file_permission+0x92/0x520
[ 2588.963505]  ? lockdep_init_map_type+0x2c7/0x780
[ 2588.964539]  ? pipe_to_user+0x170/0x170
[ 2588.965419]  do_splice_to+0x10e/0x160
[ 2588.966261]  splice_direct_to_actor+0x2fe/0x980
[ 2588.967292]  ? pipe_to_sendpage+0x380/0x380
[ 2588.968242]  ? do_splice_to+0x160/0x160
[ 2588.969118]  ? security_file_permission+0x24e/0x570
[ 2588.970225]  do_splice_direct+0x1c4/0x290
[ 2588.971133]  ? splice_direct_to_actor+0x980/0x980
[ 2588.972176]  ? selinux_file_permission+0x92/0x520
[ 2588.973278]  ? security_file_permission+0x24e/0x570
[ 2588.974390]  do_sendfile+0x553/0x1090
[ 2588.975222]  ? do_pwritev+0x270/0x270
[ 2588.976059]  ? wait_for_completion_io+0x270/0x270
[ 2588.977106]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2588.978094]  ? vfs_write+0x354/0xa70
[ 2588.978904]  __x64_sys_sendfile64+0x1d1/0x210
[ 2588.979863]  ? __ia32_sys_sendfile+0x220/0x220
[ 2588.980845]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2588.981893]  do_syscall_64+0x33/0x40
[ 2588.982692]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2588.983785] RIP: 0033:0x7f5209db9b19
[ 2588.984587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2588.988485] RSP: 002b:00007f520732f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2588.990120] RAX: ffffffffffffffda RBX: 00007f5209eccf60 RCX: 00007f5209db9b19
[ 2588.991631] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2588.993151] RBP: 00007f520732f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2588.994663] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2588.996172] R13: 00007ffc43c8a52f R14: 00007f520732f300 R15: 0000000000022000
[ 2589.014353] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2589.053952] perf: interrupt took too long (4071 > 4040), lowering kernel.perf_event_max_sample_rate to 49000
01:50:54 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:50:54 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 29)

01:50:54 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:50:54 executing program 1:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:50:54 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d3c1)

01:50:54 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2589.198569] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
01:50:54 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 13)

[ 2589.229477] FAULT_INJECTION: forcing a failure.
[ 2589.229477] name failslab, interval 1, probability 0, space 0, times 0
[ 2589.232021] CPU: 0 PID: 16600 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2589.233520] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2589.235284] Call Trace:
[ 2589.235864]  dump_stack+0x107/0x167
[ 2589.236655]  should_fail.cold+0x5/0xa
[ 2589.237502]  ? create_object.isra.0+0x3a/0xa20
[ 2589.238487]  should_failslab+0x5/0x20
[ 2589.239321]  kmem_cache_alloc+0x5b/0x360
[ 2589.240221]  create_object.isra.0+0x3a/0xa20
[ 2589.241204]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2589.242292]  kmem_cache_alloc+0x159/0x360
[ 2589.243210]  ext4_mb_new_blocks+0x64d/0x4920
[ 2589.244171]  ? perf_trace_lock+0xac/0x490
[ 2589.245086]  ? SOFTIRQ_verbose+0x10/0x10
[ 2589.245962]  ? __lockdep_reset_lock+0x180/0x180
[ 2589.246985]  ? ext4_discard_preallocations+0xe30/0xe30
[ 2589.248109]  ? ext4_get_branch+0x541/0x6d0
[ 2589.249061]  ext4_ind_map_blocks+0x1950/0x2290
[ 2589.250057]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2589.251213]  ? ext4_free_branches+0x680/0x680
[ 2589.252203]  ? lock_acquire+0x197/0x4a0
[ 2589.253087]  ? lock_release+0x6b0/0x6b0
[ 2589.253968]  ? find_held_lock+0x2c/0x110
[ 2589.254886]  ? down_write+0xe0/0x160
[ 2589.255703]  ? down_write_killable+0x180/0x180
[ 2589.256728]  ext4_map_blocks+0x9ed/0x1970
[ 2589.257674]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2589.258662]  ? __wait_on_buffer+0x90/0x90
[ 2589.259558]  _ext4_get_block+0x21e/0x570
[ 2589.260416]  ? ext4_map_blocks+0x1970/0x1970
[ 2589.261424]  ? perf_trace_lock+0xac/0x490
[ 2589.262299]  ? create_page_buffers+0x139/0x230
[ 2589.263339]  __block_write_begin_int+0x3d1/0x19c0
[ 2589.264363]  ? _ext4_get_block+0x570/0x570
[ 2589.265362]  ? remove_inode_buffers+0x300/0x300
[ 2589.266386]  ? ext4_journal_check_start+0x1b3/0x2a0
[ 2589.267535]  ext4_write_begin+0x68e/0x11a0
[ 2589.268487]  ? ext4_truncate+0x12f0/0x12f0
[ 2589.269452]  ? ext4_expand_extra_isize+0x5a0/0x5a0
[ 2589.270527]  ? current_time+0x72/0x2c0
[ 2589.271415]  ext4_da_write_begin+0x623/0xe10
[ 2589.272364]  ? ext4_journal_check_start+0x1b3/0x2a0
[ 2589.273494]  ? iov_iter_fault_in_readable+0x9a/0x410
[ 2589.274613]  ? ext4_write_begin+0x11a0/0x11a0
[ 2589.275597]  ? copyout_mc+0x140/0x140
[ 2589.276437]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2589.277534]  ? __mark_inode_dirty+0x12e/0xf90
[ 2589.278507]  generic_perform_write+0x20a/0x4f0
[ 2589.279551]  ? page_cache_next_miss+0x310/0x310
[ 2589.280555]  ? down_write_killable+0x180/0x180
[ 2589.281619]  ext4_buffered_write_iter+0x244/0x4d0
[ 2589.282668]  ext4_file_write_iter+0xc11/0x18e0
[ 2589.283732]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2589.284711]  ? kasan_save_stack+0x32/0x40
[ 2589.285624]  ? kasan_save_stack+0x1b/0x40
[ 2589.286518]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2589.287598]  ? iter_file_splice_write+0x16d/0xc30
[ 2589.288649]  ? direct_splice_actor+0x10f/0x170
[ 2589.289652]  ? splice_direct_to_actor+0x387/0x980
[ 2589.290703]  ? do_splice_direct+0x1c4/0x290
[ 2589.291648]  ? do_sendfile+0x553/0x1090
[ 2589.292522]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2589.293564]  do_iter_readv_writev+0x476/0x750
[ 2589.294556]  ? new_sync_write+0x660/0x660
[ 2589.295465]  ? selinux_file_permission+0x92/0x520
[ 2589.296559]  do_iter_write+0x191/0x670
[ 2589.297460]  vfs_iter_write+0x70/0xa0
[ 2589.298301]  iter_file_splice_write+0x762/0xc30
[ 2589.299352]  ? generic_splice_sendpage+0x140/0x140
[ 2589.300437]  ? avc_policy_seqno+0x9/0x70
[ 2589.301331]  ? selinux_file_permission+0x92/0x520
[ 2589.302392]  ? lockdep_init_map_type+0x2c7/0x780
[ 2589.303436]  ? generic_splice_sendpage+0x140/0x140
[ 2589.304514]  direct_splice_actor+0x10f/0x170
[ 2589.305500]  splice_direct_to_actor+0x387/0x980
[ 2589.306536]  ? pipe_to_sendpage+0x380/0x380
[ 2589.307495]  ? do_splice_to+0x160/0x160
[ 2589.308366]  ? security_file_permission+0x24e/0x570
[ 2589.309488]  do_splice_direct+0x1c4/0x290
[ 2589.310407]  ? splice_direct_to_actor+0x980/0x980
[ 2589.311458]  ? selinux_file_permission+0x92/0x520
[ 2589.312532]  ? security_file_permission+0x24e/0x570
[ 2589.313670]  do_sendfile+0x553/0x1090
[ 2589.314529]  ? do_pwritev+0x270/0x270
[ 2589.315352]  ? wait_for_completion_io+0x270/0x270
[ 2589.316460]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2589.317455]  ? vfs_write+0x354/0xa70
[ 2589.318316]  __x64_sys_sendfile64+0x1d1/0x210
[ 2589.319275]  ? __ia32_sys_sendfile+0x220/0x220
[ 2589.320321]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2589.321369]  do_syscall_64+0x33/0x40
[ 2589.322205]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2589.323323] RIP: 0033:0x7f23c5d5cb19
[ 2589.324193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2589.328168] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2589.329895] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2589.331517] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2589.333143] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2589.334766] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2589.336404] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2589.360270] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
01:50:54 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2589.422587] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2589.471210] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2589.483192] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2589.560189] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:50:55 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

[ 2589.586734] FAULT_INJECTION: forcing a failure.
[ 2589.586734] name failslab, interval 1, probability 0, space 0, times 0
[ 2589.588032] CPU: 1 PID: 16629 Comm: syz-executor.2 Not tainted 5.10.175 #1
[ 2589.588853] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2589.589803] Call Trace:
[ 2589.590094]  dump_stack+0x107/0x167
[ 2589.590502]  should_fail.cold+0x5/0xa
[ 2589.590936]  ? iter_file_splice_write+0x16d/0xc30
[ 2589.591470]  should_failslab+0x5/0x20
[ 2589.591897]  __kmalloc+0x72/0x330
[ 2589.592284]  iter_file_splice_write+0x16d/0xc30
[ 2589.592799]  ? atime_needs_update+0x600/0x600
[ 2589.593310]  ? generic_splice_sendpage+0x140/0x140
[ 2589.593863]  ? pipe_to_user+0x170/0x170
[ 2589.594302]  ? _cond_resched+0x12/0x80
[ 2589.594734]  ? avc_policy_seqno+0x9/0x70
[ 2589.595187]  ? selinux_file_permission+0x92/0x520
[ 2589.595726]  ? lockdep_init_map_type+0x2c7/0x780
[ 2589.596238]  ? generic_splice_sendpage+0x140/0x140
[ 2589.596762]  direct_splice_actor+0x10f/0x170
[ 2589.597239]  splice_direct_to_actor+0x387/0x980
[ 2589.597741]  ? pipe_to_sendpage+0x380/0x380
[ 2589.598217]  ? do_splice_to+0x160/0x160
[ 2589.598637]  ? security_file_permission+0x24e/0x570
[ 2589.599181]  do_splice_direct+0x1c4/0x290
[ 2589.599624]  ? splice_direct_to_actor+0x980/0x980
[ 2589.600137]  ? selinux_file_permission+0x92/0x520
[ 2589.600655]  ? security_file_permission+0x24e/0x570
[ 2589.601220]  do_sendfile+0x553/0x1090
[ 2589.601640]  ? do_pwritev+0x270/0x270
[ 2589.602044]  ? wait_for_completion_io+0x270/0x270
[ 2589.602574]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2589.603068]  ? vfs_write+0x354/0xa70
[ 2589.603489]  __x64_sys_sendfile64+0x1d1/0x210
[ 2589.603971]  ? __ia32_sys_sendfile+0x220/0x220
[ 2589.604468]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2589.605002]  do_syscall_64+0x33/0x40
[ 2589.605400]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2589.605951] RIP: 0033:0x7f5209db9b19
[ 2589.606360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2589.608313] RSP: 002b:00007f520732f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2589.609129] RAX: ffffffffffffffda RBX: 00007f5209eccf60 RCX: 00007f5209db9b19
[ 2589.609895] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2589.610648] RBP: 00007f520732f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2589.611401] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2589.612164] R13: 00007ffc43c8a52f R14: 00007f520732f300 R15: 0000000000022000
[ 2589.637503] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
01:51:09 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 14)

01:51:09 executing program 1:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:51:09 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 30)

01:51:09 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:51:09 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d3c2)

01:51:09 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:51:09 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmmsg$inet(r2, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000280)="e869", 0x2}], 0x1, &(0x7f0000000400)=[@ip_tos_int={{0x14}}], 0xf}}], 0x1, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@dev, @in6=@ipv4={""/10, ""/2, @private}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@dev}, 0x0, @in6=@ipv4={""/10, ""/2, @remote}}}, &(0x7f00000002c0)=0xe8)
openat$zero(0xffffffffffffff9c, &(0x7f0000000300), 0xc000, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000003c0)=@v3={0x3000000, [{0x2, 0x9}, {0x5, 0x7}], r3}, 0x18, 0x1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x10, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cachetag={'cachetag', 0x3d, '\x98{'}}, {}, {@cachetag={'cachetag', 0x3d, '(+'}}, {@access_uid={'access', 0x3d, r3}}], [{@func={'func', 0x3d, 'CREDS_CHECK'}}, {@obj_user={'obj_user', 0x3d, ']+'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '.\xf1'}}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@appraise}]}})
copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x0)

01:51:09 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

[ 2603.612303] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2603.644894] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2603.646263] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2603.654484] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2603.660050] FAULT_INJECTION: forcing a failure.
[ 2603.660050] name failslab, interval 1, probability 0, space 0, times 0
[ 2603.661229] CPU: 1 PID: 16751 Comm: syz-executor.2 Not tainted 5.10.175 #1
[ 2603.661915] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2603.662736] Call Trace:
[ 2603.663005]  dump_stack+0x107/0x167
[ 2603.663378]  should_fail.cold+0x5/0xa
[ 2603.663771]  ? create_object.isra.0+0x3a/0xa20
[ 2603.664250]  should_failslab+0x5/0x20
[ 2603.664649]  kmem_cache_alloc+0x5b/0x360
[ 2603.665071]  ? igrab+0xc0/0xc0
[ 2603.665431]  create_object.isra.0+0x3a/0xa20
[ 2603.665885]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2603.666411]  __kmalloc+0x16e/0x330
[ 2603.666791]  iter_file_splice_write+0x16d/0xc30
[ 2603.667249]  ? atime_needs_update+0x600/0x600
[ 2603.667727]  ? generic_splice_sendpage+0x140/0x140
[ 2603.668236]  ? pipe_to_user+0x170/0x170
[ 2603.668643]  ? _cond_resched+0x12/0x80
[ 2603.669052]  ? avc_policy_seqno+0x9/0x70
[ 2603.669483]  ? selinux_file_permission+0x92/0x520
[ 2603.669992]  ? lockdep_init_map_type+0x2c7/0x780
[ 2603.670488]  ? generic_splice_sendpage+0x140/0x140
[ 2603.670992]  direct_splice_actor+0x10f/0x170
[ 2603.671457]  splice_direct_to_actor+0x387/0x980
[ 2603.671922]  ? pipe_to_sendpage+0x380/0x380
[ 2603.672375]  ? do_splice_to+0x160/0x160
[ 2603.672789]  ? security_file_permission+0x24e/0x570
[ 2603.673309]  do_splice_direct+0x1c4/0x290
[ 2603.673741]  ? splice_direct_to_actor+0x980/0x980
[ 2603.674234]  ? selinux_file_permission+0x92/0x520
[ 2603.674739]  ? security_file_permission+0x24e/0x570
[ 2603.675249]  do_sendfile+0x553/0x1090
[ 2603.675653]  ? do_pwritev+0x270/0x270
[ 2603.676051]  ? wait_for_completion_io+0x270/0x270
[ 2603.676554]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2603.677029]  ? vfs_write+0x354/0xa70
[ 2603.677410]  __x64_sys_sendfile64+0x1d1/0x210
[ 2603.677883]  ? __ia32_sys_sendfile+0x220/0x220
[ 2603.678341]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2603.678848]  do_syscall_64+0x33/0x40
[ 2603.679220]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2603.679756] RIP: 0033:0x7f5209db9b19
[ 2603.680129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2603.682037] RSP: 002b:00007f520732f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2603.682820] RAX: ffffffffffffffda RBX: 00007f5209eccf60 RCX: 00007f5209db9b19
[ 2603.683558] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2603.684297] RBP: 00007f520732f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2603.685032] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2603.685782] R13: 00007ffc43c8a52f R14: 00007f520732f300 R15: 0000000000022000
[ 2603.704055] FAULT_INJECTION: forcing a failure.
[ 2603.704055] name failslab, interval 1, probability 0, space 0, times 0
[ 2603.705400] CPU: 1 PID: 16860 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2603.706080] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2603.706896] Call Trace:
[ 2603.707165]  dump_stack+0x107/0x167
[ 2603.707530]  should_fail.cold+0x5/0xa
[ 2603.707906]  ? create_object.isra.0+0x3a/0xa20
[ 2603.708360]  should_failslab+0x5/0x20
[ 2603.708737]  kmem_cache_alloc+0x5b/0x360
[ 2603.709153]  create_object.isra.0+0x3a/0xa20
[ 2603.709587]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2603.710095]  kmem_cache_alloc+0x159/0x360
[ 2603.710522]  ext4_mb_new_blocks+0x64d/0x4920
[ 2603.710984]  ? kasan_unpoison_shadow+0x33/0x50
[ 2603.711451]  ? ext4_cache_extents+0x68/0x2d0
[ 2603.711906]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2603.712424]  ? ext4_discard_preallocations+0xe30/0xe30
[ 2603.712964]  ? ext4_ext_search_right+0x2e3/0xbd0
[ 2603.713439]  ? ext4_inode_to_goal_block+0x320/0x430
[ 2603.713965]  ext4_ext_map_blocks+0x1efc/0x5c20
[ 2603.714430]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2603.714968]  ? SOFTIRQ_verbose+0x10/0x10
[ 2603.715373]  ? perf_trace_lock+0xac/0x490
[ 2603.715794]  ? SOFTIRQ_verbose+0x10/0x10
[ 2603.716200]  ? __lockdep_reset_lock+0x180/0x180
[ 2603.716684]  ? ext4_ext_release+0x10/0x10
[ 2603.717114]  ? ext4_map_blocks+0x5e0/0x1970
[ 2603.717562]  ? lock_release+0x6b0/0x6b0
[ 2603.717957]  ? ext4_es_lookup_extent+0x48d/0xc20
[ 2603.718438]  ? lock_downgrade+0x6d0/0x6d0
[ 2603.718864]  ? down_write_killable+0x180/0x180
[ 2603.719343]  ext4_map_blocks+0x652/0x1970
[ 2603.719765]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2603.720223]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2603.720700]  ? jbd2__journal_start+0xf3/0x8a0
[ 2603.721175]  ? __ext4_journal_start_sb+0x214/0x450
[ 2603.721685]  ? __ext4_journal_start_sb+0x1db/0x450
[ 2603.722196]  ext4_iomap_begin+0x3ad/0x700
[ 2603.722646]  ? ext4_iomap_begin_report+0x5a0/0x5a0
[ 2603.723161]  ? truncate_exceptional_pvec_entries.part.0+0x510/0x510
[ 2603.723808]  ? splice_direct_to_actor+0x387/0x980
[ 2603.724320]  iomap_apply+0x164/0xa40
[ 2603.724704]  ? iomap_dio_rw+0x90/0x90
[ 2603.725085]  ? trace_event_raw_event_iomap_apply+0x430/0x430
[ 2603.725718]  ? filemap_check_errors+0xa5/0x150
[ 2603.726198]  __iomap_dio_rw+0x6cd/0x11c0
[ 2603.726613]  ? iomap_dio_rw+0x90/0x90
[ 2603.727027]  ? iomap_dio_bio_actor+0xef0/0xef0
[ 2603.727500]  ? generic_update_time+0x21c/0x370
[ 2603.727977]  ? inode_dio_wait+0xbf/0x270
[ 2603.728401]  ? evict_inodes+0x420/0x420
[ 2603.728819]  ? down_write_killable+0x180/0x180
[ 2603.729285]  iomap_dio_rw+0x31/0x90
[ 2603.729669]  ext4_file_write_iter+0xb26/0x18e0
[ 2603.730141]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2603.730612]  ? kasan_save_stack+0x32/0x40
[ 2603.731022]  ? kasan_save_stack+0x1b/0x40
[ 2603.731461]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2603.731963]  ? iter_file_splice_write+0x16d/0xc30
[ 2603.732455]  ? direct_splice_actor+0x10f/0x170
[ 2603.732908]  ? splice_direct_to_actor+0x387/0x980
[ 2603.733413]  ? do_splice_direct+0x1c4/0x290
[ 2603.733839]  ? do_sendfile+0x553/0x1090
[ 2603.734251]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2603.734720]  do_iter_readv_writev+0x476/0x750
[ 2603.735186]  ? new_sync_write+0x660/0x660
[ 2603.735595]  ? selinux_file_permission+0x92/0x520
[ 2603.736112]  do_iter_write+0x191/0x670
[ 2603.736513]  vfs_iter_write+0x70/0xa0
[ 2603.736909]  iter_file_splice_write+0x762/0xc30
[ 2603.737398]  ? generic_splice_sendpage+0x140/0x140
[ 2603.737911]  ? avc_policy_seqno+0x9/0x70
[ 2603.738336]  ? selinux_file_permission+0x92/0x520
[ 2603.738839]  ? lockdep_init_map_type+0x2c7/0x780
[ 2603.739335]  ? generic_splice_sendpage+0x140/0x140
[ 2603.739847]  direct_splice_actor+0x10f/0x170
[ 2603.740301]  splice_direct_to_actor+0x387/0x980
[ 2603.740785]  ? pipe_to_sendpage+0x380/0x380
[ 2603.741243]  ? do_splice_to+0x160/0x160
[ 2603.741647]  ? security_file_permission+0x24e/0x570
[ 2603.742169]  do_splice_direct+0x1c4/0x290
[ 2603.742595]  ? splice_direct_to_actor+0x980/0x980
[ 2603.743096]  ? selinux_file_permission+0x92/0x520
[ 2603.743602]  ? security_file_permission+0x24e/0x570
[ 2603.744129]  do_sendfile+0x553/0x1090
[ 2603.744527]  ? do_pwritev+0x270/0x270
[ 2603.744918]  ? wait_for_completion_io+0x270/0x270
[ 2603.745434]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2603.745910]  ? vfs_write+0x354/0xa70
[ 2603.746304]  __x64_sys_sendfile64+0x1d1/0x210
[ 2603.746772]  ? __ia32_sys_sendfile+0x220/0x220
[ 2603.747251]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2603.747762]  do_syscall_64+0x33/0x40
[ 2603.748148]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2603.748676] RIP: 0033:0x7f23c5d5cb19
[ 2603.749056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2603.750956] RSP: 002b:00007f23c32b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2603.751724] RAX: ffffffffffffffda RBX: 00007f23c5e70020 RCX: 00007f23c5d5cb19
[ 2603.752467] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2603.753213] RBP: 00007f23c32b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 2603.753947] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2603.754675] R13: 00007ffda14b703f R14: 00007f23c32b1300 R15: 0000000000022000
01:51:09 executing program 0:
r0 = clone3(&(0x7f0000001280)={0xc0002080, &(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000100), {0x28}, &(0x7f0000000140)=""/247, 0xf7, &(0x7f0000000240)=""/4096, &(0x7f0000001240)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x3}, 0x58)
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r2, 0x0, r1, 0x0, 0x0, 0x0)

[ 2603.792587] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2603.795503] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
01:51:09 executing program 1:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

[ 2603.814273] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
01:51:09 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315)
write(0xffffffffffffffff, 0x0, 0x0)

01:51:09 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:51:09 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 31)

01:51:09 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 15)

01:51:09 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(0x0, 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:51:09 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d3c3)

[ 2604.046009] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2604.053721] FAULT_INJECTION: forcing a failure.
[ 2604.053721] name failslab, interval 1, probability 0, space 0, times 0
[ 2604.054866] CPU: 1 PID: 16920 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2604.055551] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2604.056367] Call Trace:
[ 2604.056641]  dump_stack+0x107/0x167
[ 2604.057013]  should_fail.cold+0x5/0xa
[ 2604.057405]  ? create_object.isra.0+0x3a/0xa20
[ 2604.057863]  should_failslab+0x5/0x20
[ 2604.058248]  kmem_cache_alloc+0x5b/0x360
[ 2604.058653]  ? ext4_journal_check_start+0x1b3/0x2a0
[ 2604.059153]  create_object.isra.0+0x3a/0xa20
[ 2604.059589]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2604.060098]  kmem_cache_alloc+0x159/0x360
[ 2604.060516]  ext4_mb_new_blocks+0x64d/0x4920
[ 2604.060965]  ? is_dynamic_key+0x1e0/0x1e0
[ 2604.061387]  ? __lock_acquire+0x1657/0x5b00
[ 2604.061825]  ? ext4_discard_preallocations+0xe30/0xe30
[ 2604.062343]  ? ext4_get_branch+0x541/0x6d0
[ 2604.062779]  ext4_ind_map_blocks+0x1950/0x2290
[ 2604.063238]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2604.063761]  ? ext4_free_branches+0x680/0x680
[ 2604.064218]  ? lock_acquire+0x197/0x4a0
[ 2604.064637]  ? lock_release+0x6b0/0x6b0
[ 2604.065036]  ? find_held_lock+0x2c/0x110
[ 2604.065473]  ? down_write+0xe0/0x160
[ 2604.065864]  ? down_write_killable+0x180/0x180
[ 2604.066347]  ext4_map_blocks+0x9ed/0x1970
[ 2604.066787]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2604.067262]  ? __wait_on_buffer+0x90/0x90
[ 2604.067703]  _ext4_get_block+0x21e/0x570
[ 2604.068132]  ? ext4_map_blocks+0x1970/0x1970
[ 2604.068589]  ? perf_trace_lock+0xac/0x490
[ 2604.069019]  ? create_page_buffers+0x139/0x230
[ 2604.069484]  __block_write_begin_int+0x3d1/0x19c0
[ 2604.069985]  ? _ext4_get_block+0x570/0x570
[ 2604.070438]  ? remove_inode_buffers+0x300/0x300
[ 2604.070922]  ? ext4_journal_check_start+0x1b3/0x2a0
[ 2604.071445]  ext4_write_begin+0x68e/0x11a0
[ 2604.071889]  ? __lockdep_reset_lock+0x180/0x180
[ 2604.072382]  ? ext4_truncate+0x12f0/0x12f0
[ 2604.072817]  ? current_time+0x72/0x2c0
[ 2604.073232]  ext4_da_write_begin+0x623/0xe10
[ 2604.073692]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2604.074215]  ? ktime_get_coarse_real_ts64+0x15a/0x190
[ 2604.074752]  ? iov_iter_fault_in_readable+0x9a/0x410
[ 2604.075254]  ? ktime_get_coarse_real_ts64+0xfd/0x190
[ 2604.075777]  ? ext4_write_begin+0x11a0/0x11a0
[ 2604.076220]  ? copyout_mc+0x140/0x140
[ 2604.076618]  ? current_time+0x1e6/0x2c0
[ 2604.077021]  generic_perform_write+0x20a/0x4f0
[ 2604.077510]  ? page_cache_next_miss+0x310/0x310
[ 2604.077991]  ? down_write_killable+0x180/0x180
[ 2604.078473]  ext4_buffered_write_iter+0x244/0x4d0
[ 2604.078980]  ext4_file_write_iter+0xc11/0x18e0
[ 2604.079460]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2604.079928]  ? kasan_save_stack+0x32/0x40
[ 2604.080358]  ? kasan_save_stack+0x1b/0x40
[ 2604.080786]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2604.081292]  ? iter_file_splice_write+0x16d/0xc30
[ 2604.081790]  ? direct_splice_actor+0x10f/0x170
[ 2604.082257]  ? splice_direct_to_actor+0x387/0x980
[ 2604.082750]  ? do_splice_direct+0x1c4/0x290
[ 2604.083206]  ? do_sendfile+0x553/0x1090
[ 2604.083614]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2604.084102]  do_iter_readv_writev+0x476/0x750
[ 2604.084569]  ? new_sync_write+0x660/0x660
[ 2604.084980]  ? selinux_file_permission+0x92/0x520
[ 2604.085508]  do_iter_write+0x191/0x670
[ 2604.085908]  vfs_iter_write+0x70/0xa0
[ 2604.086309]  iter_file_splice_write+0x762/0xc30
[ 2604.086785]  ? generic_splice_sendpage+0x140/0x140
[ 2604.087303]  ? avc_policy_seqno+0x9/0x70
[ 2604.087705]  ? selinux_file_permission+0x92/0x520
[ 2604.088208]  ? lockdep_init_map_type+0x2c7/0x780
[ 2604.088680]  ? generic_splice_sendpage+0x140/0x140
[ 2604.089203]  direct_splice_actor+0x10f/0x170
[ 2604.089641]  splice_direct_to_actor+0x387/0x980
[ 2604.090120]  ? pipe_to_sendpage+0x380/0x380
[ 2604.090551]  ? do_splice_to+0x160/0x160
[ 2604.090961]  ? security_file_permission+0x24e/0x570
[ 2604.091464]  do_splice_direct+0x1c4/0x290
[ 2604.091892]  ? splice_direct_to_actor+0x980/0x980
[ 2604.092368]  ? selinux_file_permission+0x92/0x520
[ 2604.092874]  ? security_file_permission+0x24e/0x570
[ 2604.093395]  do_sendfile+0x553/0x1090
[ 2604.093800]  ? do_pwritev+0x270/0x270
[ 2604.094182]  ? wait_for_completion_io+0x270/0x270
[ 2604.094689]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2604.095150]  ? vfs_write+0x354/0xa70
[ 2604.095547]  __x64_sys_sendfile64+0x1d1/0x210
[ 2604.095994]  ? __ia32_sys_sendfile+0x220/0x220
[ 2604.096479]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2604.096971]  do_syscall_64+0x33/0x40
[ 2604.097359]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2604.097866] RIP: 0033:0x7f23c5d5cb19
[ 2604.098260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2604.100110] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2604.100898] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2604.101640] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2604.102380] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2604.103116] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2604.103847] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2604.115705] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2604.122247] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2604.140285] FAULT_INJECTION: forcing a failure.
[ 2604.140285] name failslab, interval 1, probability 0, space 0, times 0
[ 2604.142636] CPU: 0 PID: 16923 Comm: syz-executor.2 Not tainted 5.10.175 #1
[ 2604.144037] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2604.145718] Call Trace:
[ 2604.146278]  dump_stack+0x107/0x167
[ 2604.147034]  should_fail.cold+0x5/0xa
[ 2604.147829]  ? __es_insert_extent+0x3a9/0x12f0
[ 2604.148768]  should_failslab+0x5/0x20
[ 2604.149574]  kmem_cache_alloc+0x5b/0x360
[ 2604.150429]  __es_insert_extent+0x3a9/0x12f0
[ 2604.151343]  ? do_raw_write_lock+0x11a/0x280
[ 2604.152262]  ? do_raw_read_unlock+0x70/0x70
[ 2604.153159]  ? __lockdep_reset_lock+0x180/0x180
[ 2604.154129]  ext4_es_insert_extent+0x2dc/0xbd0
[ 2604.155080]  ? ext4_es_scan_clu+0x2e0/0x2e0
[ 2604.155966]  ? lock_downgrade+0x6d0/0x6d0
[ 2604.156832]  ? __ext4_handle_dirty_super+0x100/0x100
[ 2604.157876]  ? __es_find_extent_range+0x197/0x4b0
[ 2604.158878]  ? __ext4_handle_dirty_super+0x100/0x100
[ 2604.159919]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2604.160922]  ext4_ext_map_blocks+0x1965/0x5c20
[ 2604.161907]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2604.162984]  ? SOFTIRQ_verbose+0x10/0x10
[ 2604.163824]  ? perf_trace_lock+0xac/0x490
[ 2604.164675]  ? SOFTIRQ_verbose+0x10/0x10
[ 2604.165543]  ? ext4_ext_release+0x10/0x10
[ 2604.166413]  ? lock_release+0x6b0/0x6b0
[ 2604.167239]  ? ext4_es_lookup_extent+0x48d/0xc20
[ 2604.168220]  ? lock_downgrade+0x6d0/0x6d0
[ 2604.169101]  ? down_read+0x10f/0x430
[ 2604.169885]  ? down_write+0x160/0x160
[ 2604.170671]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2604.171660]  ? ext4_es_lookup_extent+0xc4/0xc20
[ 2604.172638]  ext4_map_blocks+0x9cc/0x1970
[ 2604.173533]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2604.174461]  ? xas_find_conflict+0xa70/0xa70
[ 2604.175367]  ? perf_trace_lock+0xac/0x490
[ 2604.176236]  ext4_mpage_readpages+0xa0f/0x16d0
[ 2604.177199]  ? SOFTIRQ_verbose+0x10/0x10
[ 2604.178022]  ? verity_work+0x90/0x90
[ 2604.178780]  ? mark_held_locks+0x9e/0xe0
[ 2604.179612]  ? find_held_lock+0x2c/0x110
[ 2604.180459]  ext4_readahead+0x102/0x140
[ 2604.181267]  ? __check_block_validity.constprop.0+0x2f0/0x2f0
[ 2604.182446]  read_pages+0x1ee/0xbc0
[ 2604.183195]  ? lru_cache_add+0x45c/0x800
[ 2604.184028]  ? read_cache_pages+0x5a0/0x5a0
[ 2604.184900]  ? add_to_page_cache_lru+0x1b6/0x2e0
[ 2604.185890]  ? __page_cache_alloc+0x10d/0x360
[ 2604.186806]  page_cache_ra_unbounded+0x51c/0x6f0
[ 2604.187784]  ? read_pages+0xbc0/0xbc0
[ 2604.188554]  ? __lock_page_or_retry+0x4e0/0x4e0
[ 2604.189530]  ondemand_readahead+0x8e5/0x1150
[ 2604.190437]  page_cache_sync_ra+0x138/0x170
[ 2604.191314]  generic_file_buffered_read+0xc74/0x28f0
[ 2604.192368]  ? pagecache_get_page+0xc80/0xc80
[ 2604.193289]  ? kasan_save_stack+0x32/0x40
[ 2604.194134]  ? do_splice_direct+0x1c4/0x290
[ 2604.195003]  ? do_sendfile+0x553/0x1090
[ 2604.195806]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2604.196750]  ? do_syscall_64+0x33/0x40
[ 2604.197554]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2604.198626]  ? perf_trace_lock+0xac/0x490
[ 2604.199462]  ? lock_chain_count+0x20/0x20
[ 2604.200319]  generic_file_read_iter+0x33f/0x490
[ 2604.201273]  ext4_file_read_iter+0x184/0x4c0
[ 2604.202172]  generic_file_splice_read+0x455/0x6d0
[ 2604.203148]  ? pipe_to_user+0x170/0x170
[ 2604.203951]  ? _cond_resched+0x12/0x80
[ 2604.204742]  ? avc_policy_seqno+0x9/0x70
[ 2604.205578]  ? selinux_file_permission+0x92/0x520
[ 2604.206557]  ? lockdep_init_map_type+0x2c7/0x780
[ 2604.207537]  ? pipe_to_user+0x170/0x170
[ 2604.208344]  do_splice_to+0x10e/0x160
[ 2604.209137]  splice_direct_to_actor+0x2fe/0x980
[ 2604.210094]  ? pipe_to_sendpage+0x380/0x380
[ 2604.210977]  ? do_splice_to+0x160/0x160
[ 2604.211784]  ? security_file_permission+0x24e/0x570
[ 2604.212812]  do_splice_direct+0x1c4/0x290
[ 2604.213658]  ? splice_direct_to_actor+0x980/0x980
[ 2604.214626]  ? selinux_file_permission+0x92/0x520
[ 2604.215611]  ? security_file_permission+0x24e/0x570
[ 2604.216643]  do_sendfile+0x553/0x1090
[ 2604.217450]  ? do_pwritev+0x270/0x270
[ 2604.218246]  ? wait_for_completion_io+0x270/0x270
[ 2604.219221]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2604.220150]  ? vfs_write+0x354/0xa70
[ 2604.220913]  __x64_sys_sendfile64+0x1d1/0x210
[ 2604.221835]  ? __ia32_sys_sendfile+0x220/0x220
[ 2604.222766]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2604.223742]  do_syscall_64+0x33/0x40
[ 2604.224495]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2604.225539] RIP: 0033:0x7f5209db9b19
[ 2604.226298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2604.229989] RSP: 002b:00007f520732f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2604.231518] RAX: ffffffffffffffda RBX: 00007f5209eccf60 RCX: 00007f5209db9b19
[ 2604.232950] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000005
[ 2604.234402] RBP: 00007f520732f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2604.235841] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2604.237288] R13: 00007ffc43c8a52f R14: 00007f520732f300 R15: 0000000000022000
[ 2604.245368] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
01:51:09 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:51:09 executing program 1:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:51:09 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(0x0, 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

[ 2604.346198] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2604.401501] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:51:23 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 16)

01:51:23 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 32)

01:51:23 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:51:23 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d3c4)

01:51:23 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 1)
write(0xffffffffffffffff, 0x0, 0x0)

01:51:23 executing program 5:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(0x0, 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:51:23 executing program 1:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

01:51:23 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
lsetxattr(&(0x7f0000000040)='./file1\x00', &(0x7f00000000c0)=@known='com.apple.system.Security\x00', &(0x7f0000000100)='[\\,!,\x00', 0x6, 0x3)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x0, 0x0)

[ 2618.491468] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2618.507819] FAULT_INJECTION: forcing a failure.
[ 2618.507819] name failslab, interval 1, probability 0, space 0, times 0
[ 2618.509107] CPU: 1 PID: 17030 Comm: syz-executor.2 Not tainted 5.10.175 #1
[ 2618.509477] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[ 2618.509869] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2618.509874] Call Trace:
[ 2618.509889]  dump_stack+0x107/0x167
[ 2618.509906]  should_fail.cold+0x5/0xa
[ 2618.509927]  ? create_object.isra.0+0x3a/0xa20
[ 2618.513986]  should_failslab+0x5/0x20
[ 2618.514401]  kmem_cache_alloc+0x5b/0x360
[ 2618.514839]  create_object.isra.0+0x3a/0xa20
[ 2618.515318]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2618.515866]  kmem_cache_alloc_trace+0x151/0x2c0
[ 2618.516373]  __iomap_dio_rw+0x1ee/0x11c0
[ 2618.516817]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2618.517357]  ? __mark_inode_dirty+0x12e/0xf90
[ 2618.517841]  ? security_inode_need_killpriv+0x79/0xa0
[ 2618.518357]  ? iomap_dio_bio_actor+0xef0/0xef0
[ 2618.518856]  ? generic_update_time+0x21c/0x370
[ 2618.519346]  ? inode_dio_wait+0xbf/0x270
[ 2618.519793]  ? __wait_on_freeing_inode+0x140/0x140
[ 2618.520324]  ? evict_inodes+0x420/0x420
[ 2618.520752]  ? down_write_killable+0x180/0x180
[ 2618.521241]  iomap_dio_rw+0x31/0x90
[ 2618.521654]  ext4_file_write_iter+0xb26/0x18e0
[ 2618.522152]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2618.522638]  ? kasan_save_stack+0x32/0x40
[ 2618.523080]  ? kasan_save_stack+0x1b/0x40
[ 2618.523497]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2618.524041]  ? iter_file_splice_write+0x16d/0xc30
[ 2618.524560]  ? direct_splice_actor+0x10f/0x170
[ 2618.525043]  ? splice_direct_to_actor+0x387/0x980
[ 2618.525563]  ? do_splice_direct+0x1c4/0x290
[ 2618.526021]  ? do_sendfile+0x553/0x1090
[ 2618.526445]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2618.526951]  do_iter_readv_writev+0x476/0x750
[ 2618.527458]  ? new_sync_write+0x660/0x660
[ 2618.527904]  ? selinux_file_permission+0x92/0x520
[ 2618.528402]  do_iter_write+0x191/0x670
[ 2618.528830]  vfs_iter_write+0x70/0xa0
[ 2618.529249]  iter_file_splice_write+0x762/0xc30
[ 2618.529745]  ? generic_splice_sendpage+0x140/0x140
[ 2618.530282]  ? avc_policy_seqno+0x9/0x70
[ 2618.530712]  ? selinux_file_permission+0x92/0x520
[ 2618.531235]  ? lockdep_init_map_type+0x2c7/0x780
[ 2618.531752]  ? generic_splice_sendpage+0x140/0x140
[ 2618.532279]  direct_splice_actor+0x10f/0x170
[ 2618.532755]  splice_direct_to_actor+0x387/0x980
[ 2618.533266]  ? pipe_to_sendpage+0x380/0x380
[ 2618.533709]  ? do_splice_to+0x160/0x160
[ 2618.534130]  ? security_file_permission+0x24e/0x570
[ 2618.534682]  do_splice_direct+0x1c4/0x290
[ 2618.535123]  ? splice_direct_to_actor+0x980/0x980
[ 2618.535642]  ? selinux_file_permission+0x92/0x520
[ 2618.536160]  ? security_file_permission+0x24e/0x570
[ 2618.536700]  do_sendfile+0x553/0x1090
[ 2618.537120]  ? do_pwritev+0x270/0x270
[ 2618.537544]  ? wait_for_completion_io+0x270/0x270
[ 2618.538077]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2618.538573]  ? vfs_write+0x354/0xa70
[ 2618.538955]  __x64_sys_sendfile64+0x1d1/0x210
[ 2618.539432]  ? __ia32_sys_sendfile+0x220/0x220
[ 2618.539933]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2618.540455]  do_syscall_64+0x33/0x40
[ 2618.540855]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2618.541405] RIP: 0033:0x7f5209db9b19
[ 2618.541813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2618.543758] RSP: 002b:00007f520732f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2618.544579] RAX: ffffffffffffffda RBX: 00007f5209eccf60 RCX: 00007f5209db9b19
[ 2618.545345] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2618.546130] RBP: 00007f520732f1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2618.546922] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2618.547637] R13: 00007ffc43c8a52f R14: 00007f520732f300 R15: 0000000000022000
[ 2618.561907] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2618.563256] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[ 2618.564795] FAULT_INJECTION: forcing a failure.
[ 2618.564795] name failslab, interval 1, probability 0, space 0, times 0
[ 2618.567201] CPU: 0 PID: 17160 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2618.567661] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2618.568630] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2618.568638] Call Trace:
[ 2618.568664]  dump_stack+0x107/0x167
[ 2618.568692]  should_fail.cold+0x5/0xa
[ 2618.573231]  ? create_object.isra.0+0x3a/0xa20
[ 2618.574181]  should_failslab+0x5/0x20
[ 2618.574956]  kmem_cache_alloc+0x5b/0x360
[ 2618.575783]  create_object.isra.0+0x3a/0xa20
[ 2618.576666]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2618.577704]  kmem_cache_alloc+0x159/0x360
[ 2618.578555]  jbd2__journal_start+0x190/0x8a0
[ 2618.579448]  __ext4_journal_start_sb+0x214/0x450
[ 2618.580415]  ext4_dirty_inode+0xbc/0x130
[ 2618.581252]  ? ext4_setattr+0x22d0/0x22d0
[ 2618.582099]  __mark_inode_dirty+0x492/0xf90
[ 2618.582975]  touch_atime+0x5ea/0x6e0
[ 2618.583730]  ? atime_needs_update+0x600/0x600
[ 2618.584649]  splice_direct_to_actor+0x75d/0x980
[ 2618.585606]  ? pipe_to_sendpage+0x380/0x380
[ 2618.586479]  ? do_splice_to+0x160/0x160
[ 2618.587278]  ? security_file_permission+0x24e/0x570
[ 2618.588291]  do_splice_direct+0x1c4/0x290
[ 2618.589122]  ? splice_direct_to_actor+0x980/0x980
[ 2618.590115]  ? selinux_file_permission+0x92/0x520
[ 2618.591091]  ? security_file_permission+0x24e/0x570
[ 2618.592124]  do_sendfile+0x553/0x1090
[ 2618.592926]  ? do_pwritev+0x270/0x270
[ 2618.593721]  ? wait_for_completion_io+0x270/0x270
[ 2618.594693]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2618.595639]  ? vfs_write+0x354/0xa70
[ 2618.596402]  __x64_sys_sendfile64+0x1d1/0x210
[ 2618.597323]  ? __ia32_sys_sendfile+0x220/0x220
[ 2618.598246]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2618.599219]  do_syscall_64+0x33/0x40
[ 2618.599984]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2618.601013] RIP: 0033:0x7f23c5d5cb19
[ 2618.601781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2618.605481] RSP: 002b:00007f23c32b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2618.607023] RAX: ffffffffffffffda RBX: 00007f23c5e70020 RCX: 00007f23c5d5cb19
[ 2618.608452] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2618.609909] RBP: 00007f23c32b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 2618.611334] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2618.612826] R13: 00007ffda14b703f R14: 00007f23c32b1300 R15: 0000000000022000
[ 2618.626451] FAULT_INJECTION: forcing a failure.
[ 2618.626451] name failslab, interval 1, probability 0, space 0, times 0
[ 2618.627752] CPU: 1 PID: 17039 Comm: syz-executor.7 Not tainted 5.10.175 #1
[ 2618.628501] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2618.629417] Call Trace:
[ 2618.629703]  dump_stack+0x107/0x167
[ 2618.630098]  should_fail.cold+0x5/0xa
[ 2618.630528]  ? alloc_pipe_info+0x10a/0x590
[ 2618.630624] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2618.630992]  should_failslab+0x5/0x20
[ 2618.631005]  kmem_cache_alloc_trace+0x55/0x2c0
[ 2618.631025]  alloc_pipe_info+0x10a/0x590
[ 2618.634040]  splice_direct_to_actor+0x774/0x980
[ 2618.634562]  ? _cond_resched+0x12/0x80
[ 2618.634973]  ? inode_security+0x107/0x140
[ 2618.635448]  ? pipe_to_sendpage+0x380/0x380
[ 2618.635929]  ? selinux_file_permission+0x92/0x520
[ 2618.636437]  ? do_splice_to+0x160/0x160
[ 2618.636887]  ? security_file_permission+0x24e/0x570
[ 2618.637434]  do_splice_direct+0x1c4/0x290
[ 2618.637851]  ? splice_direct_to_actor+0x980/0x980
[ 2618.638370]  ? selinux_file_permission+0x92/0x520
[ 2618.638859]  ? security_file_permission+0x24e/0x570
[ 2618.639427]  do_sendfile+0x553/0x1090
[ 2618.639820]  ? do_pwritev+0x270/0x270
[ 2618.640252]  ? wait_for_completion_io+0x270/0x270
[ 2618.640737]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2618.641282]  ? vfs_write+0x354/0xa70
[ 2618.641698]  __x64_sys_sendfile64+0x1d1/0x210
[ 2618.642198]  ? __ia32_sys_sendfile+0x220/0x220
[ 2618.642659]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2618.643208]  do_syscall_64+0x33/0x40
[ 2618.643582]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2618.644155] RIP: 0033:0x7faed54e4b19
[ 2618.644567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2618.646615] RSP: 002b:00007faed2a5a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2618.647464] RAX: ffffffffffffffda RBX: 00007faed55f7f60 RCX: 00007faed54e4b19
[ 2618.648238] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2618.648987] RBP: 00007faed2a5a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2618.649769] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2618.650521] R13: 00007ffc32bf11cf R14: 00007faed2a5a300 R15: 0000000000022000
[ 2618.688109] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
01:51:24 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000", 0x5c, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 17)

01:51:24 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 2)
write(0xffffffffffffffff, 0x0, 0x0)

01:51:24 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x547b43, 0x0)
r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
creat(&(0x7f0000000080)='./file0\x00', 0x71)
fallocate(r1, 0x14, 0x0, 0x8800001)
r2 = openat(r1, &(0x7f0000000040)='./file0\x00', 0x2, 0x41)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(r3, 0x0, 0x0, 0x8800000)
ioctl$AUTOFS_DEV_IOCTL_READY(r2, 0xc0189376, &(0x7f0000000100)={{0x1, 0x1, 0xffffffffffffff6d, <r4=>r0, {0x2}}, './file1\x00'})
renameat2(r3, &(0x7f00000000c0)='./file1\x00', r4, &(0x7f0000000140)='./file0\x00', 0x4)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
copy_file_range(r5, 0x0, r0, 0x0, 0x0, 0x0)

01:51:24 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d3c5)

01:51:24 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b000000000200", 0x5b, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1de)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
umount2(&(0x7f0000000400)='./file1\x00', 0x6)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x404200, 0x0)
write(r3, &(0x7f0000000380)="da800b0b3ce2b0a2c2b264139d91ce90bbe90dae9bdcc6c011dc9f65a4b5e7ae0492e8f6106906f6dfd3079c8b3e6b3d56d3414043aeb3b179989029d7b019cb3bc416c6", 0x44)

01:51:24 executing program 0:
perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_config_ext, 0x240, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = fork()
tkill(r1, 0x2c)
syz_open_procfs(r1, &(0x7f0000000040)='smaps_rollup\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fchmod(r2, 0xb2)
copy_file_range(r2, 0x0, r0, 0x0, 0x0, 0x0)

01:51:24 executing program 1:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b00000000020000280200000284", 0x62, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
fstatfs(r1, &(0x7f0000000440)=""/246)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f0000000300)='./file1\x00', 0xfff)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000180)='./file1\x00', 0x80, 0x20)
sendfile(r0, r2, &(0x7f00000002c0)=0x4, 0x5)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0, 0x30)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r1, r2, 0x0, 0x20d315)

[ 2618.875086] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2618.934953] FAULT_INJECTION: forcing a failure.
[ 2618.934953] name failslab, interval 1, probability 0, space 0, times 0
[ 2618.936204] CPU: 1 PID: 17284 Comm: syz-executor.2 Not tainted 5.10.175 #1
[ 2618.936892] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2618.937802] Call Trace:
[ 2618.938085]  dump_stack+0x107/0x167
[ 2618.938459]  should_fail.cold+0x5/0xa
[ 2618.938845]  ? jbd2__journal_start+0x190/0x8a0
[ 2618.939302]  should_failslab+0x5/0x20
[ 2618.939682]  kmem_cache_alloc+0x5b/0x360
[ 2618.940092]  jbd2__journal_start+0x190/0x8a0
[ 2618.940536]  __ext4_journal_start_sb+0x214/0x450
[ 2618.941063]  ext4_dirty_inode+0xbc/0x130
[ 2618.941480]  ? ext4_setattr+0x22d0/0x22d0
[ 2618.941900]  __mark_inode_dirty+0x492/0xf90
[ 2618.942337]  touch_atime+0x5ea/0x6e0
[ 2618.942716]  ? atime_needs_update+0x600/0x600
[ 2618.943167]  ? pagecache_get_page+0x243/0xc80
[ 2618.943617]  generic_file_buffered_read+0x18f3/0x28f0
[ 2618.944206]  ? pagecache_get_page+0xc80/0xc80
[ 2618.944673]  ? kasan_save_stack+0x32/0x40
[ 2618.945126]  ? do_splice_direct+0x1c4/0x290
[ 2618.945599]  ? do_sendfile+0x553/0x1090
[ 2618.945741] FAULT_INJECTION: forcing a failure.
[ 2618.945741] name failslab, interval 1, probability 0, space 0, times 0
[ 2618.946016]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2618.946038]  ? do_syscall_64+0x33/0x40
[ 2618.949142]  ? entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2618.949702]  ? perf_trace_lock+0xac/0x490
[ 2618.950134]  ? lock_chain_count+0x20/0x20
[ 2618.950571]  generic_file_read_iter+0x33f/0x490
[ 2618.951061]  ext4_file_read_iter+0x184/0x4c0
[ 2618.951517]  generic_file_splice_read+0x455/0x6d0
[ 2618.952000]  ? pipe_to_user+0x170/0x170
[ 2618.952414]  ? _cond_resched+0x12/0x80
[ 2618.952820]  ? avc_policy_seqno+0x9/0x70
[ 2618.953245]  ? selinux_file_permission+0x92/0x520
[ 2618.953778]  ? lockdep_init_map_type+0x2c7/0x780
[ 2618.954272]  ? pipe_to_user+0x170/0x170
[ 2618.954688]  do_splice_to+0x10e/0x160
[ 2618.955086]  splice_direct_to_actor+0x2fe/0x980
[ 2618.955576]  ? pipe_to_sendpage+0x380/0x380
[ 2618.956028]  ? do_splice_to+0x160/0x160
[ 2618.956437]  ? security_file_permission+0x24e/0x570
[ 2618.956957]  do_splice_direct+0x1c4/0x290
[ 2618.957391]  ? splice_direct_to_actor+0x980/0x980
[ 2618.957883]  ? selinux_file_permission+0x92/0x520
[ 2618.958391]  ? security_file_permission+0x24e/0x570
[ 2618.958914]  do_sendfile+0x553/0x1090
[ 2618.959318]  ? do_pwritev+0x270/0x270
[ 2618.959721]  ? wait_for_completion_io+0x270/0x270
[ 2618.960219]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2618.960707]  ? vfs_write+0x354/0xa70
[ 2618.961104]  __x64_sys_sendfile64+0x1d1/0x210
[ 2618.961584]  ? __ia32_sys_sendfile+0x220/0x220
[ 2618.962063]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2618.962564]  do_syscall_64+0x33/0x40
[ 2618.962952]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2618.963481] RIP: 0033:0x7f5209db9b19
[ 2618.963867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2618.965752] RSP: 002b:00007f520730e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2618.966527] RAX: ffffffffffffffda RBX: 00007f5209ecd020 RCX: 00007f5209db9b19
[ 2618.967270] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2618.968007] RBP: 00007f520730e1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2618.968743] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2618.969492] R13: 00007ffc43c8a52f R14: 00007f520730e300 R15: 0000000000022000
[ 2618.970259] CPU: 0 PID: 17285 Comm: syz-executor.7 Not tainted 5.10.175 #1
[ 2618.971671] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2618.973358] Call Trace:
[ 2618.973900]  dump_stack+0x107/0x167
[ 2618.974642]  should_fail.cold+0x5/0xa
[ 2618.975416]  ? create_object.isra.0+0x3a/0xa20
01:51:24 executing program 6:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 33)

[ 2618.976352]  should_failslab+0x5/0x20
[ 2618.977315]  kmem_cache_alloc+0x5b/0x360
[ 2618.978160]  create_object.isra.0+0x3a/0xa20
[ 2618.979043]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2618.980069]  kmem_cache_alloc_trace+0x151/0x2c0
[ 2618.981033]  alloc_pipe_info+0x10a/0x590
[ 2618.981870]  splice_direct_to_actor+0x774/0x980
[ 2618.982807]  ? _cond_resched+0x12/0x80
[ 2618.983591]  ? inode_security+0x107/0x140
[ 2618.984420]  ? pipe_to_sendpage+0x380/0x380
[ 2618.985283]  ? selinux_file_permission+0x92/0x520
[ 2618.986286]  ? do_splice_to+0x160/0x160
[ 2618.987079]  ? security_file_permission+0x24e/0x570
[ 2618.988084]  do_splice_direct+0x1c4/0x290
[ 2618.988913]  ? splice_direct_to_actor+0x980/0x980
[ 2618.989895]  ? selinux_file_permission+0x92/0x520
[ 2618.990863]  ? security_file_permission+0x24e/0x570
[ 2618.991872]  do_sendfile+0x553/0x1090
[ 2618.992647]  ? do_pwritev+0x270/0x270
[ 2618.993418]  ? wait_for_completion_io+0x270/0x270
[ 2618.994381]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2618.995302]  ? vfs_write+0x354/0xa70
[ 2618.996055]  __x64_sys_sendfile64+0x1d1/0x210
[ 2618.996949]  ? __ia32_sys_sendfile+0x220/0x220
[ 2618.997916]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2618.998879]  do_syscall_64+0x33/0x40
[ 2618.999622]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2619.000633] RIP: 0033:0x7faed54e4b19
[ 2619.001390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2619.005008] RSP: 002b:00007faed2a39188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2619.006533] RAX: ffffffffffffffda RBX: 00007faed55f8020 RCX: 00007faed54e4b19
[ 2619.007951] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 2619.009383] RBP: 00007faed2a391d0 R08: 0000000000000000 R09: 0000000000000000
[ 2619.010795] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2619.012206] R13: 00007ffc32bf11cf R14: 00007faed2a39300 R15: 0000000000022000
[ 2619.022912] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
01:51:24 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d3c6)

[ 2619.078401] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[ 2619.133585] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[ 2619.135218] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
01:51:24 executing program 7:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="030000000400000005000000d4000f", 0xf, 0x800}, {&(0x7f0000000980)="ffffffffff070000000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x402, 0xc00}, {&(0x7f0000010e00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x1600}], 0x0, &(0x7f0000012900)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
truncate(&(0x7f00000001c0)='./file1\x00', 0x5d19)
sendfile(r0, r1, 0x0, 0x20d315) (fail_nth: 3)
write(0xffffffffffffffff, 0x0, 0x0)

[ 2619.159523] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[ 2619.171382] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue
[ 2619.201707] FAULT_INJECTION: forcing a failure.
[ 2619.201707] name failslab, interval 1, probability 0, space 0, times 0
[ 2619.203116] CPU: 1 PID: 17352 Comm: syz-executor.6 Not tainted 5.10.175 #1
[ 2619.203899] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2619.204814] Call Trace:
[ 2619.205092]  dump_stack+0x107/0x167
[ 2619.205512]  should_fail.cold+0x5/0xa
[ 2619.205939]  ? create_object.isra.0+0x3a/0xa20
[ 2619.206452]  should_failslab+0x5/0x20
[ 2619.206889]  kmem_cache_alloc+0x5b/0x360
[ 2619.207340]  ? ext4_journal_check_start+0x1b3/0x2a0
[ 2619.207896]  create_object.isra.0+0x3a/0xa20
[ 2619.208394]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2619.208979]  kmem_cache_alloc+0x159/0x360
[ 2619.209422]  ext4_mb_new_blocks+0x64d/0x4920
[ 2619.209926]  ? __lock_acquire+0x1657/0x5b00
[ 2619.210411]  ? ext4_discard_preallocations+0xe30/0xe30
[ 2619.210996]  ? ext4_get_branch+0x541/0x6d0
[ 2619.211475]  ext4_ind_map_blocks+0x1950/0x2290
[ 2619.212001]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2619.212600]  ? ext4_free_branches+0x680/0x680
[ 2619.213108]  ? lock_acquire+0x197/0x4a0
[ 2619.213570]  ? lock_release+0x6b0/0x6b0
[ 2619.214013]  ? find_held_lock+0x2c/0x110
[ 2619.214476]  ? down_write+0xe0/0x160
[ 2619.214849]  ? down_write_killable+0x180/0x180
[ 2619.215381]  ext4_map_blocks+0x9ed/0x1970
[ 2619.215865]  ? ext4_issue_zeroout+0x1c0/0x1c0
[ 2619.216374]  ? __wait_on_buffer+0x90/0x90
[ 2619.216846]  _ext4_get_block+0x21e/0x570
[ 2619.217314]  ? ext4_map_blocks+0x1970/0x1970
[ 2619.217812]  ? perf_trace_lock+0xac/0x490
[ 2619.218289]  ? create_page_buffers+0x139/0x230
[ 2619.218807]  __block_write_begin_int+0x3d1/0x19c0
[ 2619.219345]  ? _ext4_get_block+0x570/0x570
[ 2619.219832]  ? remove_inode_buffers+0x300/0x300
[ 2619.220364]  ? ext4_journal_check_start+0x1b3/0x2a0
[ 2619.220878]  ext4_write_begin+0x68e/0x11a0
[ 2619.221366]  ? __lockdep_reset_lock+0x180/0x180
[ 2619.221891]  ? ext4_truncate+0x12f0/0x12f0
[ 2619.222369]  ? current_time+0x72/0x2c0
[ 2619.222825]  ext4_da_write_begin+0x623/0xe10
[ 2619.223313]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2619.223879]  ? ktime_get_coarse_real_ts64+0x15a/0x190
[ 2619.224436]  ? iov_iter_fault_in_readable+0x9a/0x410
[ 2619.224990]  ? ktime_get_coarse_real_ts64+0xfd/0x190
[ 2619.225552]  ? ext4_write_begin+0x11a0/0x11a0
[ 2619.226029]  ? copyout_mc+0x140/0x140
[ 2619.226414]  ? current_time+0x1e6/0x2c0
[ 2619.226854]  generic_perform_write+0x20a/0x4f0
[ 2619.227360]  ? page_cache_next_miss+0x310/0x310
[ 2619.227866]  ? down_write_killable+0x180/0x180
[ 2619.228374]  ext4_buffered_write_iter+0x244/0x4d0
[ 2619.228896]  ext4_file_write_iter+0xc11/0x18e0
[ 2619.229415]  ? ext4_file_read_iter+0x4c0/0x4c0
[ 2619.229904]  ? kasan_save_stack+0x32/0x40
[ 2619.230325]  ? kasan_save_stack+0x1b/0x40
[ 2619.230778]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2619.231329]  ? iter_file_splice_write+0x16d/0xc30
[ 2619.231845]  ? direct_splice_actor+0x10f/0x170
[ 2619.232335]  ? splice_direct_to_actor+0x387/0x980
[ 2619.232859]  ? do_splice_direct+0x1c4/0x290
[ 2619.233336]  ? do_sendfile+0x553/0x1090
[ 2619.233736]  ? __x64_sys_sendfile64+0x1d1/0x210
[ 2619.234245]  do_iter_readv_writev+0x476/0x750
[ 2619.234728]  ? new_sync_write+0x660/0x660
[ 2619.235178]  ? selinux_file_permission+0x92/0x520
[ 2619.235753]  do_iter_write+0x191/0x670
[ 2619.236210]  vfs_iter_write+0x70/0xa0
[ 2619.236636]  iter_file_splice_write+0x762/0xc30
[ 2619.237169]  ? generic_splice_sendpage+0x140/0x140
[ 2619.237741]  ? avc_policy_seqno+0x9/0x70
[ 2619.238203]  ? selinux_file_permission+0x92/0x520
[ 2619.238758]  ? lockdep_init_map_type+0x2c7/0x780
[ 2619.239286]  ? generic_splice_sendpage+0x140/0x140
[ 2619.239845]  direct_splice_actor+0x10f/0x170
[ 2619.240348]  splice_direct_to_actor+0x387/0x980
[ 2619.240882]  ? pipe_to_sendpage+0x380/0x380
[ 2619.241384]  ? do_splice_to+0x160/0x160
[ 2619.241838]  ? security_file_permission+0x24e/0x570
[ 2619.242413]  do_splice_direct+0x1c4/0x290
[ 2619.242885]  ? splice_direct_to_actor+0x980/0x980
[ 2619.243430]  ? selinux_file_permission+0x92/0x520
[ 2619.243994]  ? security_file_permission+0x24e/0x570
[ 2619.244575]  do_sendfile+0x553/0x1090
[ 2619.245033]  ? do_pwritev+0x270/0x270
[ 2619.245473]  ? wait_for_completion_io+0x270/0x270
[ 2619.246037]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2619.246566]  ? vfs_write+0x354/0xa70
[ 2619.246998]  __x64_sys_sendfile64+0x1d1/0x210
[ 2619.247513]  ? __ia32_sys_sendfile+0x220/0x220
[ 2619.248047]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2619.248613]  do_syscall_64+0x33/0x40
[ 2619.249044]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2619.249634] RIP: 0033:0x7f23c5d5cb19
[ 2619.250065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2619.252198] RSP: 002b:00007f23c32d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2619.253086] RAX: ffffffffffffffda RBX: 00007f23c5e6ff60 RCX: 00007f23c5d5cb19
[ 2619.253935] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2619.254755] RBP: 00007f23c32d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 2619.255587] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000002
[ 2619.256413] R13: 00007ffda14b703f R14: 00007f23c32d2300 R15: 0000000000022000
[ 2619.350874] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue
[ 2619.355950] FAULT_INJECTION: forcing a failure.
[ 2619.355950] name failslab, interval 1, probability 0, space 0, times 0
[ 2619.357350] CPU: 1 PID: 17408 Comm: syz-executor.7 Not tainted 5.10.175 #1
[ 2619.358140] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2619.359074] Call Trace:
[ 2619.359346]  dump_stack+0x107/0x167
[ 2619.359777]  should_fail.cold+0x5/0xa
[ 2619.360219]  ? alloc_pipe_info+0x1e5/0x590
[ 2619.360704]  should_failslab+0x5/0x20
[ 2619.361135]  __kmalloc+0x72/0x330
[ 2619.361535]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2619.362113]  alloc_pipe_info+0x1e5/0x590
[ 2619.362579]  splice_direct_to_actor+0x774/0x980
[ 2619.363116]  ? _cond_resched+0x12/0x80
[ 2619.363550]  ? inode_security+0x107/0x140
[ 2619.364010]  ? pipe_to_sendpage+0x380/0x380
[ 2619.364496]  ? selinux_file_permission+0x92/0x520
[ 2619.365045]  ? do_splice_to+0x160/0x160
[ 2619.365506]  ? security_file_permission+0x24e/0x570
[ 2619.366070]  do_splice_direct+0x1c4/0x290
[ 2619.366536]  ? splice_direct_to_actor+0x980/0x980
[ 2619.367070]  ? selinux_file_permission+0x92/0x520
[ 2619.367613]  ? security_file_permission+0x24e/0x570
[ 2619.368186]  do_sendfile+0x553/0x1090
[ 2619.368628]  ? do_pwritev+0x270/0x270
[ 2619.369059]  ? wait_for_completion_io+0x270/0x270
[ 2619.369622]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2619.370144]  ? vfs_write+0x354/0xa70
[ 2619.370566]  __x64_sys_sendfile64+0x1d1/0x210
[ 2619.371073]  ? __ia32_sys_sendfile+0x220/0x220
[ 2619.371588]  ? rcu_read_lock_sched_held+0x3e/0x80
[ 2619.372132]  do_syscall_64+0x33/0x40
[ 2619.372554]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 2619.373125] RIP: 0033:0x7faed54e4b19
[ 2619.373563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2619.375633] RSP: 002b:00007faed2a5a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 2619.376490] RAX: ffffffffffffffda RBX: 00007faed55f7f60 RCX: 00007faed54e4b19
[ 2619.377318] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 2619.378129] RBP: 00007faed2a5a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2619.378836] R10: 000000000020d315 R11: 0000000000000246 R12: 0000000000000001
[ 2619.379635] R13: 00007ffc32bf11cf R14: 00007faed2a5a300 R15: 0000000000022000
BUG: leak checking failed

VM DIAGNOSIS:
01:51:25  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=dffffc0000000000 RCX=ffffffff814cbe11 RDX=0000000000000009
RSI=ffff888017070000 RDI=0000000000000006 RBP=ffff8880185dfcd0 RSP=ffff8880185dfc00
R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000005 R11=0000000000000001
R12=0000000000000009 R13=ffffed10030bbf9c R14=0000000000000005 R15=ffffc900006b1088
RIP=ffffffff81408590 RFL=00000297 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f3b7d8fa8c0 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffc32befbd8 CR3=000000000e938000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f
XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=00000000000000006c6175747269762f
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=000055dc45ece7d0000055dc45f09570
XMM06=000055dc45ef1ca0ffffffff00000000 XMM07=00000000000000000000000000000000
XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=ffffffff83e75630 RBX=ffff888008970000 RCX=ffffffff83e5d42c RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff83e759f3 RBP=ffffed100112e000 RSP=ffff88800897fe78
R8 =0000000000000001 R9 =ffff88806cf3c12b R10=ffffed100d9e7825 R11=0000000000000001
R12=0000000000000001 R13=ffffffff85672888 R14=0000000000000000 R15=dffffc0000000000
RIP=ffffffff83e7563e RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007feed5fb7940 CR3=0000000045e4e000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=000000c005f9a0a8000000c005f9a070
XMM02=000000c005f9a118000000c005f9a0e0 XMM03=000000c005f9a188000000c005f9a150
XMM04=ae0de9bb90ce919d1364b2c2a2b0e23c XMM05=f6e89204aee7b5a4659fdc11c0c6dc9b
XMM06=4041d3563d6b3e8b9c07d3dff6066910 XMM07=c616c43bcb19b0d729909879b1b3ae43
XMM08=ffffffffffffffffffffffffffffffff XMM09=ffffffffffffffffffffffffffffffff
XMM10=ffffffffffffffffffffffffffffffff XMM11=ffffffffffffffffffffffffffffffff
XMM12=ffffffffffffffffffffffffffffffff XMM13=30303030303030303030303030663535
XMM14=30303030303030303030303130303030 XMM15=22323030303030303030306230303030